![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / ntp4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.109 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:28 2023 UTC (5 weeks, 6 days ago) by wiz
Branch: MAIN
CVS Tags: HEAD
Changes since 1.108: +2 -2
lines
Diff to previous 1.108 (colored)
*: bump for openssl 3
Revision 1.108 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:04 2022 UTC (17 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.107: +2 -2
lines
Diff to previous 1.107 (colored)
*: recursive bump for perl 5.36
Revision 1.107 / (download) - annotate - [select for diffs], Mon May 24 19:53:22 2021 UTC (2 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.106: +2 -2
lines
Diff to previous 1.106 (colored)
*: recursive bump for perl 5.34
Revision 1.106 / (download) - annotate - [select for diffs], Mon Aug 31 18:10:37 2020 UTC (3 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.105: +2 -1
lines
Diff to previous 1.105 (colored)
*: bump PKGREVISION for perl-5.32.
Revision 1.105 / (download) - annotate - [select for diffs], Sat Aug 15 02:09:25 2020 UTC (3 years, 3 months ago) by tnn
Branch: MAIN
Changes since 1.104: +2 -2
lines
Diff to previous 1.104 (colored)
net/ntp4: update to ntp-4.2.8p15 Fixes Sec 3661: Memory leak with CMAC keys + additional 13 bugfixes.
Revision 1.104 / (download) - annotate - [select for diffs], Sun Jun 21 15:10:47 2020 UTC (3 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.103: +3 -5
lines
Diff to previous 1.103 (colored)
net/ntp4: update to 4.2.8p14 Updaet ntp4 to 4.2.8p14. pkgsrc changes: * Incorporate several changes from NetBSD base. * few pkglint fixes. Quote from release announce: NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03) Focus: Security, Bug fixes, enhancements. Severity: MEDIUM This release fixes three vulnerabilities: a bug that causes causes an ntpd instance that is explicitly configured to override the default and allow ntpdc (mode 7) connections to be made to a server to read some uninitialized memory; fixes the case where an unmonitored ntpd using an unauthenticated association to its servers may be susceptible to a forged packet DoS attack; and fixes an attack against a client instance that uses a single unauthenticated time source. It also fixes 46 other bugs and addresses 4 other issues.
Revision 1.103 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:21 2020 UTC (3 years, 10 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.102: +2 -2
lines
Diff to previous 1.102 (colored)
*: Recursive revision bump for openssl 1.1.1.
Revision 1.102 / (download) - annotate - [select for diffs], Sun Nov 3 11:45:45 2019 UTC (4 years, 1 month ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.101: +4 -4
lines
Diff to previous 1.101 (colored)
net: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.101 / (download) - annotate - [select for diffs], Sun Aug 11 13:22:13 2019 UTC (4 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.100: +2 -1
lines
Diff to previous 1.100 (colored)
Bump PKGREVISIONs for perl 5.30.0
Revision 1.100 / (download) - annotate - [select for diffs], Mon Mar 25 17:19:59 2019 UTC (4 years, 8 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.99: +2 -3
lines
Diff to previous 1.99 (colored)
ntp4: update to ntp-4.2.8p13 NTP 4.2.8p13 2019-03-07 This release fixes a bug that allows an attacker with access to an explicitly trusted source to send a crafted malicious mode 6 (ntpq) packet that can trigger a NULL pointer dereference, crashing ntpd. It also provides 17 other bugfixes and 1 other improvement. NTP 4.2.8p12 2018-04-09 This release fixes a "hole" in the noepeer capability introduced to ntpd in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements. NTP 4.2.8p11 2018-02-27 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and provides 65 other non-security fixes and improvements.
Revision 1.99 / (download) - annotate - [select for diffs], Wed Aug 22 09:45:56 2018 UTC (5 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.98: +2 -1
lines
Diff to previous 1.98 (colored)
Recursive bump for perl5-5.28.0
Revision 1.98 / (download) - annotate - [select for diffs], Fri Mar 24 03:41:08 2017 UTC (6 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.97: +2 -2
lines
Diff to previous 1.97 (colored)
Update ntp4 to 4.2.8p10 including security fixes. NTF's NTP Project is releasing ntp-4.2.8p10, which addresses: * 6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL) * 5 LOW severity vulnerabilities (2 are in the Windows Installer) * 4 Informational-level vulnerabilities * 15 other non-security fixes and improvements All of the security issues in this release are listed in VU#633849. ntp-4.2.8p10 was released on 21 March 2017. * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017) - Reported by Cure53. * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017) - Reported by Cure53. * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) - Reported by Cure53. * Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) - Reported by Cure53. * Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017) - Reported by Cure53. * Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017) - Reported by Cure53. * Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017) - Reported by Cure53. * Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017) - Reported by Cure53. * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017) - Reported by Cure53. * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) - Reported by Cure53. * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017) - Reported by Cure53. * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) - Reported by Cure53. * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) - Reported by Cure53. * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017) - Reported by Cure53. * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin - Reported by Matthew Van Gundy of Cisco ASIG.
Revision 1.97 / (download) - annotate - [select for diffs], Mon Dec 5 15:49:59 2016 UTC (7 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.96: +2 -3
lines
Diff to previous 1.96 (colored)
Update ntp4 to 4.2.8p9. Here is quote from NEWS file and please refer it in detail. --- NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21) Focus: Security, Bug fixes, enhancements. Severity: HIGH In addition to bug fixes and enhancements, this release fixes the following 1 high- (Windows only), 2 medium-, 2 medium-/low, and 5 low-severity vulnerabilities, and provides 28 other non-security fixes and improvements:
Revision 1.96 / (download) - annotate - [select for diffs], Sat Jul 9 06:38:44 2016 UTC (7 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.95: +2 -1
lines
Diff to previous 1.95 (colored)
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Revision 1.91.2.3 / (download) - annotate - [select for diffs], Mon Jun 6 18:34:31 2016 UTC (7 years, 5 months ago) by spz
Branch: pkgsrc-2016Q1
Changes since 1.91.2.2: +5 -2
lines
Diff to previous 1.91.2.2 (colored) to branchpoint 1.91 (colored) next main 1.92 (colored)
Pullup ticket #5040 - requested by taca net/ntp4: package build fixes Revisions pulled up: - net/ntp4/Makefile 1.93-1.94 - net/ntp4/PLIST 1.22 - net/ntp4/options.mk 1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bsiegert Date: Fri May 13 15:50:13 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile PLIST Log Message: Fix package installation for Darwin, which installs tickadj and ntpsnmpd. Not sure what the snmp thing is about; is it picking up a dependency from the base system? Why does no other OS build it? To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/ntp4/PLIST ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bsiegert Date: Sat May 14 08:13:49 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile options.mk Log Message: Do SNMP support properly, as a package option, default disabled. To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/ntp4/options.mk
Revision 1.91.2.2 / (download) - annotate - [select for diffs], Mon Jun 6 18:29:05 2016 UTC (7 years, 5 months ago) by spz
Branch: pkgsrc-2016Q1
Changes since 1.91.2.1: +2 -2
lines
Diff to previous 1.91.2.1 (colored) to branchpoint 1.91 (colored)
Pullup ticket #5037 - requested by bsiegert
net/ntp4: security update
Revisions pulled up:
- net/ntp4/Makefile 1.95
- net/ntp4/distinfo 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 3 09:45:09 UTC 2016
Modified Files:
pkgsrc/net/ntp4: Makefile distinfo
Log Message:
Update ntp4 package to 4.2.8p8, security fix.
(4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3042] Broadcast Interleave. HStenn.
* [Sec 3043] Autokey association reset. perlinger@ntp.org, =
stenn@ntp.org
- validate origin timestamps on bad MACs, too. stenn@ntp.org
* [Sec 3044] Spoofed server packets are partially processed. HStenn.
* [Sec 3045] Bad authentication demobilizes ephemeral associations. =
JPerlinger.
* [Sec 3046] CRYPTO_NAK crash. stenn@ntp.org
* [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
- provide build environment
- 'wint_t' and 'struct timespec' defined by VS2015
- fixed print()/scanf() format issues
* [Bug 3052] Add a .gitignore file. Edmund Wong.
* [Bug 3054] miscopt.html documents the allan intercept in seconds. =
SWhite.
* [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian =
Utterback,
JPerlinger, HStenn.
* Update the NEWS file for 4.2.8p8. HStenn.
* Fix typo in ntp-wait and plot_summary. HStenn.
* Make sure we have an "author" file for git imports. HStenn.
* Update the sntp problem tests for MacOS. HStenn.
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/net/ntp4/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/ntp4/distinfo
Revision 1.95 / (download) - annotate - [select for diffs], Fri Jun 3 09:45:08 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.94: +2 -3
lines
Diff to previous 1.94 (colored)
Update ntp4 package to 4.2.8p8, security fix. (4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org> * [Sec 3042] Broadcast Interleave. HStenn. * [Sec 3043] Autokey association reset. perlinger@ntp.org, stenn@ntp.org - validate origin timestamps on bad MACs, too. stenn@ntp.org * [Sec 3044] Spoofed server packets are partially processed. HStenn. * [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger. * [Sec 3046] CRYPTO_NAK crash. stenn@ntp.org * [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org - provide build environment - 'wint_t' and 'struct timespec' defined by VS2015 - fixed print()/scanf() format issues * [Bug 3052] Add a .gitignore file. Edmund Wong. * [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite. * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn. * Update the NEWS file for 4.2.8p8. HStenn. * Fix typo in ntp-wait and plot_summary. HStenn. * Make sure we have an "author" file for git imports. HStenn. * Update the sntp problem tests for MacOS. HStenn.
Revision 1.94 / (download) - annotate - [select for diffs], Sat May 14 08:13:49 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: MAIN
Changes since 1.93: +2 -2
lines
Diff to previous 1.93 (colored)
Do SNMP support properly, as a package option, default disabled.
Revision 1.93 / (download) - annotate - [select for diffs], Fri May 13 15:50:13 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: MAIN
Changes since 1.92: +5 -2
lines
Diff to previous 1.92 (colored)
Fix package installation for Darwin, which installs tickadj and ntpsnmpd. Not sure what the snmp thing is about; is it picking up a dependency from the base system? Why does no other OS build it?
Revision 1.91.2.1 / (download) - annotate - [select for diffs], Fri May 13 12:33:51 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.91: +2 -3
lines
Diff to previous 1.91 (colored)
Pullup ticket #5010 - requested by taca
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.92
- net/ntp4/PLIST 1.21
- net/ntp4/distinfo 1.26
---
Module Name: pkgsrc
Committed By: wen
Date: Wed Apr 27 15:59:19 UTC 2016
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Log Message:
Update to 4.2.8p7
Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
Revision 1.92 / (download) - annotate - [select for diffs], Wed Apr 27 15:59:19 2016 UTC (7 years, 7 months ago) by wen
Branch: MAIN
Changes since 1.91: +2 -3
lines
Diff to previous 1.91 (colored)
Update to 4.2.8p7
Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
Revision 1.91 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:09 2016 UTC (7 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.90: +2 -1
lines
Diff to previous 1.90 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.89.2.1 / (download) - annotate - [select for diffs], Mon Jan 18 20:38:25 2016 UTC (7 years, 10 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.89: +2 -3
lines
Diff to previous 1.89 (colored) next main 1.90 (colored)
Pullup ticket #4895 - requested by taca
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.90
- net/ntp4/distinfo 1.25
- net/ntp4/patches/patch-ntpd-ntpd.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 9 15:49:27 UTC 2016
Modified Files:
pkgsrc/net/ntp4: Makefile distinfo
Removed Files:
pkgsrc/net/ntp4/patches: patch-ntpd-ntpd.c
Log Message:
Update ntp4 to 4.2.8p5.
NTP 4.2.8p5
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerability:
* Small-step/big-step. Close the panic gate earlier.
References: Sec 2956, CVE-2015-5300
Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
4.3.0 up to, but not including 4.3.78
CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
Summary: If ntpd is always started with the -g option, which is
common and against long-standing recommendation, and if at the
moment ntpd is restarted an attacker can immediately respond to
enough requests from enough sources trusted by the target, which
is difficult and not common, there is a window of opportunity
where the attacker can cause ntpd to set the time to an
arbitrary value. Similarly, if an attacker is able to respond
to enough requests from enough sources trusted by the target,
the attacker can cause ntpd to abort and restart, at which
point it can tell the target to set the time to an arbitrary
value if and only if ntpd was re-started against long-standing
recommendation with the -g flag, or if ntpd was not given the
-g flag, the attacker can move the target system's time by at
most 900 seconds' time per attack.
Mitigation:
Configure ntpd to get time from multiple sources.
Upgrade to 4.2.8p5, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
As we've long documented, only use the -g option to ntpd in
cold-start situations.
Monitor your ntpd instances.
Credit: This weakness was discovered by Aanchal Malhotra,
Isaac E. Cohen, and Sharon Goldberg at Boston University.
NOTE WELL: The -g flag disables the limit check on the panic_gate
in ntpd, which is 900 seconds by default. The bug identified by
the researchers at Boston University is that the panic_gate
check was only re-enabled after the first change to the system
clock that was greater than 128 milliseconds, by default. The
correct behavior is that the panic_gate check should be
re-enabled after any initial time correction.
If an attacker is able to inject consistent but erroneous time
responses to your systems via the network or "over the air",
perhaps by spoofing radio, cellphone, or navigation satellite
transmissions, they are in a great position to affect your
system's clock. There comes a point where your very best
defenses include:
Configure ntpd to get time from multiple sources.
Monitor your ntpd instances.
Other fixes:
* Coverity submission process updated from Coverity 5 to Coverity 7.
The NTP codebase has been undergoing regular Coverity scans on an
ongoing basis since 2006. As part of our recent upgrade from
Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
the newly-written Unity test programs. These were fixed.
* [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org
* [Bug 2887] stratum -1 config results as showing value 99
- fudge stratum should only accept values [0..16]. perlinger@ntp.org
* [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn.
* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
- applied patch by Christos Zoulas. perlinger@ntp.org
* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
- fixed data race conditions in threaded DNS worker. perlinger@ntp.org
- limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
- accept key file only if there are no parsing errors
- fixed size_t/u_int format clash
- fixed wrong use of 'strlcpy'
* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
- fixed several other warnings (cast-alignment, missing const, missing prototypes)
- promote use of 'size_t' for values that express a size
- use ptr-to-const for read-only arguments
- make sure SOCKET values are not truncated (win32-specific)
- format string fixes
* [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki.
* [Bug 2967] ntpdate command suffers an assertion failure
- fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
* [Bug 2969] Seg fault from ntpq/mrulist when looking at server with
lots of clients. perlinger@ntp.org
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
* Unity cleanup for FreeBSD-6.4. Harlan Stenn.
* Unity test cleanup. Harlan Stenn.
* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
* Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn.
* Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn.
* Quiet a warning from clang. Harlan Stenn.
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jan 9 15:49:26 2016 UTC (7 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.89: +2 -3
lines
Diff to previous 1.89 (colored)
Update ntp4 to 4.2.8p5.
NTP 4.2.8p5
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerability:
* Small-step/big-step. Close the panic gate earlier.
References: Sec 2956, CVE-2015-5300
Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
4.3.0 up to, but not including 4.3.78
CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
Summary: If ntpd is always started with the -g option, which is
common and against long-standing recommendation, and if at the
moment ntpd is restarted an attacker can immediately respond to
enough requests from enough sources trusted by the target, which
is difficult and not common, there is a window of opportunity
where the attacker can cause ntpd to set the time to an
arbitrary value. Similarly, if an attacker is able to respond
to enough requests from enough sources trusted by the target,
the attacker can cause ntpd to abort and restart, at which
point it can tell the target to set the time to an arbitrary
value if and only if ntpd was re-started against long-standing
recommendation with the -g flag, or if ntpd was not given the
-g flag, the attacker can move the target system's time by at
most 900 seconds' time per attack.
Mitigation:
Configure ntpd to get time from multiple sources.
Upgrade to 4.2.8p5, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
As we've long documented, only use the -g option to ntpd in
cold-start situations.
Monitor your ntpd instances.
Credit: This weakness was discovered by Aanchal Malhotra,
Isaac E. Cohen, and Sharon Goldberg at Boston University.
NOTE WELL: The -g flag disables the limit check on the panic_gate
in ntpd, which is 900 seconds by default. The bug identified by
the researchers at Boston University is that the panic_gate
check was only re-enabled after the first change to the system
clock that was greater than 128 milliseconds, by default. The
correct behavior is that the panic_gate check should be
re-enabled after any initial time correction.
If an attacker is able to inject consistent but erroneous time
responses to your systems via the network or "over the air",
perhaps by spoofing radio, cellphone, or navigation satellite
transmissions, they are in a great position to affect your
system's clock. There comes a point where your very best
defenses include:
Configure ntpd to get time from multiple sources.
Monitor your ntpd instances.
Other fixes:
* Coverity submission process updated from Coverity 5 to Coverity 7.
The NTP codebase has been undergoing regular Coverity scans on an
ongoing basis since 2006. As part of our recent upgrade from
Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
the newly-written Unity test programs. These were fixed.
* [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org
* [Bug 2887] stratum -1 config results as showing value 99
- fudge stratum should only accept values [0..16]. perlinger@ntp.org
* [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn.
* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
- applied patch by Christos Zoulas. perlinger@ntp.org
* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
- fixed data race conditions in threaded DNS worker. perlinger@ntp.org
- limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
- accept key file only if there are no parsing errors
- fixed size_t/u_int format clash
- fixed wrong use of 'strlcpy'
* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
- fixed several other warnings (cast-alignment, missing const, missing prototypes)
- promote use of 'size_t' for values that express a size
- use ptr-to-const for read-only arguments
- make sure SOCKET values are not truncated (win32-specific)
- format string fixes
* [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki.
* [Bug 2967] ntpdate command suffers an assertion failure
- fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
* [Bug 2969] Seg fault from ntpq/mrulist when looking at server with
lots of clients. perlinger@ntp.org
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
* Unity cleanup for FreeBSD-6.4. Harlan Stenn.
* Unity test cleanup. Harlan Stenn.
* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
* Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn.
* Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn.
* Quiet a warning from clang. Harlan Stenn.
Revision 1.87.2.2 / (download) - annotate - [select for diffs], Tue Nov 24 18:25:38 2015 UTC (8 years ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.87.2.1: +2 -1
lines
Diff to previous 1.87.2.1 (colored) to branchpoint 1.87 (colored) next main 1.88 (colored)
Pullup ticket #4861 - requested by taca net/ntp4: build fix Revisions pulled up: - net/ntp4/Makefile 1.89 - net/ntp4/distinfo 1.24 - net/ntp4/patches/patch-aa deleted - net/ntp4/patches/patch-include-ntp__syscall.h 1.1 - net/ntp4/patches/patch-ntpd-ntpd.c 1.1 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:23:47 UTC 2015 Added Files: pkgsrc/net/ntp4/patches: patch-include-ntp__syscall.h patch-ntpd-ntpd.c Removed Files: pkgsrc/net/ntp4/patches: patch-aa Log Message: - rename patch-aa to follow not so new anymore convention - apply the "warmup" patch only on linux. should fix the build on netbsd-6 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:28:44 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: update checksum and bump revision
Revision 1.89 / (download) - annotate - [select for diffs], Thu Oct 29 11:28:44 2015 UTC (8 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.88: +2 -1
lines
Diff to previous 1.88 (colored)
update checksum and bump revision
Revision 1.87.2.1 / (download) - annotate - [select for diffs], Tue Oct 27 19:07:02 2015 UTC (8 years, 1 month ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.87: +10 -9
lines
Diff to previous 1.87 (colored)
Pullup ticket #4846 - requested by taca
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.88
- net/ntp4/PLIST 1.20
- net/ntp4/distinfo 1.23
- net/ntp4/patches/patch-configure deleted
- net/ntp4/patches/patch-sntp_configure deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 23 03:43:31 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ntp4/patches: patch-configure patch-sntp_configure
Log Message:
Update ntp4 to 4.2.8p4.
pkgsrc change:
* Remove duplicated HTML documents.
* Install some addtional documents.
Changes are too many to write here, please refer NEWS files and this
release fixes security problems.
October 2015 NTP Security Vulnerability Announcement (Medium)
NTF's NTP Project has been notified of the following 13 low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on
Wednesday, 21 October 2015:
* Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association
authentication bypass via crypto-NAK (Cisco ASIG)
* Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (IDA)
* Bug 2921 CVE-2015-7854 Password Length Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock
driver could cause a buffer overflow. (Cisco TALOS)
* Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
Vulnerability. (OpenVMS) (Cisco TALOS)
* Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
* Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
* Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
* Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
* Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile"
should only be allowed locally. (RedHat)
* Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field. (Boston University)
* Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks. (Tenable)
The only generally-exploitable bug in the above list is the crypto-NAK bug,
which has a CVSS2 score of 6.4.
Additionally, three bugs that have already been fixed in ntp-4.2.8 but were
not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all
below 1.8 CVSS score, so we're reporting them here:
* Bug 2382 : Peer precision < -31 gives division by zero
* Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
* Bug 1593 : ntpd abort in free() with logconfig syntax error
Revision 1.88 / (download) - annotate - [select for diffs], Fri Oct 23 03:43:31 2015 UTC (8 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.87: +10 -9
lines
Diff to previous 1.87 (colored)
Update ntp4 to 4.2.8p4. pkgsrc change: * Remove duplicated HTML documents. * Install some addtional documents. Changes are too many to write here, please refer NEWS files and this release fixes security problems. October 2015 NTP Security Vulnerability Announcement (Medium) NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: * Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG) * Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA) * Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS) * Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS) * Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS) * Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS) * Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS) * Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable) * Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat) * Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University) * Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable) The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4. Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here: * Bug 2382 : Peer precision < -31 gives division by zero * Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL * Bug 1593 : ntpd abort in free() with logconfig syntax error
Revision 1.86.2.1 / (download) - annotate - [select for diffs], Sun Jul 12 08:58:43 2015 UTC (8 years, 4 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.86: +2 -3
lines
Diff to previous 1.86 (colored) next main 1.87 (colored)
Pullup ticket #4764 - requested by taca
net/ntp4: security update
Revisions pulled up:
- net/ntp4/Makefile 1.87
- net/ntp4/PLIST 1.19
- net/ntp4/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jun 30 16:08:21 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Log Message:
Update ntp4 to 4.2.8p3.
Please refer NEWS and ChangeLog for full changes.
NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)
Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
Severity: MEDIUM
Security Fix:
* [Sec 2853] Crafted remote config packet can crash some versions of
ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.
Under specific circumstances an attacker can send a crafted packet to
cause a vulnerable ntpd instance to crash. This requires each of the
following to be true:
1) ntpd set up to allow remote configuration (not allowed by default), and
2) knowledge of the configuration password, and
3) access to a computer entrusted to perform remote configuration.
This vulnerability is considered low-risk.
New features in this release:
Optional (disabled by default) support to have ntpd provide smeared
leap second time. A specially built and configured ntpd will only
offer smeared time in response to client packets. These response
packets will also contain a "refid" of 254.a.b.c, where the 24 bits
of a, b, and c encode the amount of smear in a 2:22 integer:fraction
format. See README.leapsmear and http://bugs.ntp.org/2855 for more
information.
*IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME*
*BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*
We've imported the Unity test framework, and have begun converting
the existing google-test items to this new framework. If you want
to write new tests or change old ones, you'll need to have ruby
installed. You don't need ruby to run the test suite.
Revision 1.87 / (download) - annotate - [select for diffs], Tue Jun 30 16:08:21 2015 UTC (8 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Changes since 1.86: +2 -3
lines
Diff to previous 1.86 (colored)
Update ntp4 to 4.2.8p3. Please refer NEWS and ChangeLog for full changes. NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29) Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements. Severity: MEDIUM Security Fix: * [Sec 2853] Crafted remote config packet can crash some versions of ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn. Under specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: 1) ntpd set up to allow remote configuration (not allowed by default), and 2) knowledge of the configuration password, and 3) access to a computer entrusted to perform remote configuration. This vulnerability is considered low-risk. New features in this release: Optional (disabled by default) support to have ntpd provide smeared leap second time. A specially built and configured ntpd will only offer smeared time in response to client packets. These response packets will also contain a "refid" of 254.a.b.c, where the 24 bits of a, b, and c encode the amount of smear in a 2:22 integer:fraction format. See README.leapsmear and http://bugs.ntp.org/2855 for more information. *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME* *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.* We've imported the Unity test framework, and have begun converting the existing google-test items to this new framework. If you want to write new tests or change old ones, you'll need to have ruby installed. You don't need ruby to run the test suite.
Revision 1.86 / (download) - annotate - [select for diffs], Fri Jun 12 10:50:43 2015 UTC (8 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.85: +2 -1
lines
Diff to previous 1.85 (colored)
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Revision 1.84.2.1 / (download) - annotate - [select for diffs], Tue Apr 21 21:44:22 2015 UTC (8 years, 7 months ago) by tron
Branch: pkgsrc-2015Q1
Changes since 1.84: +2 -2
lines
Diff to previous 1.84 (colored) next main 1.85 (colored)
Pullup ticket #4678 - requested by taca
net/ntp4: security update
Revisions pulled up:
- net/ntp4/Makefile 1.85
- net/ntp4/PLIST 1.18
- net/ntp4/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 8 03:31:34 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Log Message:
Update ntp4 package to 4.2.8p2.
NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/xx)
Focus: Security and Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerabilities involving private key
authentication:
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
References: Sec 2779 / CVE-2015-1798 / VU#374268
Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
including ntp-4.2.8p2 where the installation uses symmetric keys
to authenticate remote associations.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: When ntpd is configured to use a symmetric key to authenticate
a remote NTP server/peer, it checks if the NTP message
authentication code (MAC) in received packets is valid, but not if
there actually is any MAC included. Packets without a MAC are
accepted as if they had a valid MAC. This allows a MITM attacker to
send false packets that are accepted by the client/peer without
having to know the symmetric key. The attacker needs to know the
transmit timestamp of the client to match it in the forged reply
and the false reply needs to reach the client before the genuine
reply from the server. The attacker doesn't necessarily need to be
relaying the packets between the client and the server.
Authentication using autokey doesn't have this problem as there is
a check that requires the key ID to be larger than NTP_MAXKEY,
which fails for packets without a MAC.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Configure ntpd with enough time sources and monitor it properly.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
References: Sec 2781 / CVE-2015-1799 / VU#374268
Affects: All NTP releases starting with at least xntp3.3wy up to but
not including ntp-4.2.8p2 where the installation uses symmetric
key authentication.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Note: the CVSS base Score for this issue could be 4.3 or lower, and
it could be higher than 5.4.
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: An attacker knowing that NTP hosts A and B are peering with
each other (symmetric association) can send a packet to host A
with source address of B which will set the NTP state variables
on A to the values sent by the attacker. Host A will then send
on its next poll to B a packet with originate timestamp that
doesn't match the transmit timestamp of B and the packet will
be dropped. If the attacker does this periodically for both
hosts, they won't be able to synchronize to each other. This is
a known denial-of-service attack, described at
https://www.eecis.udel.edu/~mills/onwire.html .
According to the document the NTP authentication is supposed to
protect symmetric associations against this attack, but that
doesn't seem to be the case. The state variables are updated even
when authentication fails and the peers are sending packets with
originate timestamps that don't match the transmit timestamps on
the receiving side.
This seems to be a very old problem, dating back to at least
xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)
specifications, so other NTP implementations with support for
symmetric associations and authentication may be vulnerable too.
An update to the NTP RFC to correct this error is in-process.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Note that for users of autokey, this specific style of MITM attack
is simply a long-known potential problem.
Configure ntpd with appropriate time sources and monitor ntpd.
Alert your staff if problems are detected.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* New script: update-leap
The update-leap script will verify and if necessary, update the
leap-second definition file.
It requires the following commands in order to work:
wget logger tr sed shasum
Some may choose to run this from cron. It needs more portability testing.
Revision 1.85 / (download) - annotate - [select for diffs], Wed Apr 8 03:31:33 2015 UTC (8 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.84: +2 -2
lines
Diff to previous 1.84 (colored)
Update ntp4 package to 4.2.8p2.
NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/xx)
Focus: Security and Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerabilities involving private key
authentication:
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
References: Sec 2779 / CVE-2015-1798 / VU#374268
Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
including ntp-4.2.8p2 where the installation uses symmetric keys
to authenticate remote associations.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: When ntpd is configured to use a symmetric key to authenticate
a remote NTP server/peer, it checks if the NTP message
authentication code (MAC) in received packets is valid, but not if
there actually is any MAC included. Packets without a MAC are
accepted as if they had a valid MAC. This allows a MITM attacker to
send false packets that are accepted by the client/peer without
having to know the symmetric key. The attacker needs to know the
transmit timestamp of the client to match it in the forged reply
and the false reply needs to reach the client before the genuine
reply from the server. The attacker doesn't necessarily need to be
relaying the packets between the client and the server.
Authentication using autokey doesn't have this problem as there is
a check that requires the key ID to be larger than NTP_MAXKEY,
which fails for packets without a MAC.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Configure ntpd with enough time sources and monitor it properly.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
References: Sec 2781 / CVE-2015-1799 / VU#374268
Affects: All NTP releases starting with at least xntp3.3wy up to but
not including ntp-4.2.8p2 where the installation uses symmetric
key authentication.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Note: the CVSS base Score for this issue could be 4.3 or lower, and
it could be higher than 5.4.
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: An attacker knowing that NTP hosts A and B are peering with
each other (symmetric association) can send a packet to host A
with source address of B which will set the NTP state variables
on A to the values sent by the attacker. Host A will then send
on its next poll to B a packet with originate timestamp that
doesn't match the transmit timestamp of B and the packet will
be dropped. If the attacker does this periodically for both
hosts, they won't be able to synchronize to each other. This is
a known denial-of-service attack, described at
https://www.eecis.udel.edu/~mills/onwire.html .
According to the document the NTP authentication is supposed to
protect symmetric associations against this attack, but that
doesn't seem to be the case. The state variables are updated even
when authentication fails and the peers are sending packets with
originate timestamps that don't match the transmit timestamps on
the receiving side.
This seems to be a very old problem, dating back to at least
xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)
specifications, so other NTP implementations with support for
symmetric associations and authentication may be vulnerable too.
An update to the NTP RFC to correct this error is in-process.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Note that for users of autokey, this specific style of MITM attack
is simply a long-known potential problem.
Configure ntpd with appropriate time sources and monitor ntpd.
Alert your staff if problems are detected.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* New script: update-leap
The update-leap script will verify and if necessary, update the
leap-second definition file.
It requires the following commands in order to work:
wget logger tr sed shasum
Some may choose to run this from cron. It needs more portability testing.
Revision 1.82.2.1 / (download) - annotate - [select for diffs], Wed Apr 1 18:11:56 2015 UTC (8 years, 8 months ago) by hiramatsu
Branch: pkgsrc-2014Q4
Changes since 1.82: +5 -4
lines
Diff to previous 1.82 (colored) next main 1.83 (colored)
Pullup ticket #4649 - requested by bsiegert
net/ntp4: security update
Revisions pulled up:
- net/ntp4/Makefile 1.84
- net/ntp4/PLIST 1.17
- net/ntp4/distinfo 1.20
- net/ntp4/patches/patch-ntpd_ntp__io.c deleted
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Mar 21 20:49:28 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ntp4/patches: patch-ntpd_ntp__io.c
Log Message:
SECURITY: Update ntpd to 4.2.8p1.
* [Sec 2671] vallen in extension fields are not validated.
* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
Revision 1.84 / (download) - annotate - [select for diffs], Sat Mar 21 20:49:28 2015 UTC (8 years, 8 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base
Branch point for: pkgsrc-2015Q1
Changes since 1.83: +3 -4
lines
Diff to previous 1.83 (colored)
SECURITY: Update ntpd to 4.2.8p1. * [Sec 2671] vallen in extension fields are not validated. * [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
Revision 1.83 / (download) - annotate - [select for diffs], Sat Feb 28 23:44:56 2015 UTC (8 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.82: +3 -1
lines
Diff to previous 1.82 (colored)
Look deeper for config.guess/config.sub.
Revision 1.82 / (download) - annotate - [select for diffs], Sat Dec 27 02:48:27 2014 UTC (8 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.81: +2 -1
lines
Diff to previous 1.81 (colored)
Create minimum services files on chroot environment as recent NetBSD current. Bump PKGREVISION.
Revision 1.81 / (download) - annotate - [select for diffs], Sat Dec 20 09:45:46 2014 UTC (8 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.80: +3 -4
lines
Diff to previous 1.80 (colored)
Update ntpd4 pacakge to 4.2.8, here is summary for security related fixes.
NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18)
Focus: Security and Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following high-severity vulnerabilities:
* Weak default key in config_auth().
References: [Sec 2665] / CVE-2014-9293 / VU#852879
CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
Vulnerable Versions: all releases prior to 4.2.7p11
Date Resolved: 28 Jan 2010
Summary: If no 'auth' key is set in the configuration file, ntpd
would generate a random key on the fly. There were two
problems with this: 1) the generated key was 31 bits in size,
and 2) it used the (now weak) ntp_random() function, which was
seeded with a 32-bit value and could only provide 32 bits of
entropy. This was sufficient back in the late 1990s when the
code was written. Not today.
Mitigation: Upgrade to 4.2.7p11 or later.
Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
of the Google Security Team.
* Non-cryptographic random number generator with weak seed used by
ntp-keygen to generate symmetric keys.
References: [Sec 2666] / CVE-2014-9294 / VU#852879
CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
Vulnerable Versions: All NTP4 releases before 4.2.7p230
Date Resolved: Dev (4.2.7p230) 01 Nov 2011
Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
prepare a random number generator that was of good quality back
in the late 1990s. The random numbers produced was then used to
generate symmetric keys. In ntp-4.2.8 we use a current-technology
cryptographic random number generator, either RAND_bytes from
OpenSSL, or arc4random().
Mitigation: Upgrade to 4.2.7p230 or later.
Credit: This vulnerability was discovered in ntp-4.2.6 by
Stephen Roettger of the Google Security Team.
* Buffer overflow in crypto_recv()
References: Sec 2667 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: When Autokey Authentication is enabled (i.e. the ntp.conf
file contains a 'crypto pw ...' directive) a remote attacker
can send a carefully crafted packet that can overflow a stack
buffer and potentially allow malicious code to be executed
with the privilege level of the ntpd process.
Mitigation: Upgrade to 4.2.8, or later, or
Disable Autokey Authentication by removing, or commenting out,
all configuration directives beginning with the crypto keyword
in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* Buffer overflow in ctl_putdata()
References: Sec 2668 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: A remote attacker can send a carefully crafted packet that
can overflow a stack buffer and potentially allow malicious
code to be executed with the privilege level of the ntpd process.
Mitigation: Upgrade to 4.2.8, or later.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* Buffer overflow in configure()
References: Sec 2669 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: A remote attacker can send a carefully crafted packet that
can overflow a stack buffer and potentially allow malicious
code to be executed with the privilege level of the ntpd process.
Mitigation: Upgrade to 4.2.8, or later.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* receive(): missing return on error
References: Sec 2670 / CVE-2014-9296 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: Code in ntp_proto.c:receive() was missing a 'return;' in
the code path where an error was detected, which meant
processing did not stop when a specific rare error occurred.
We haven't found a way for this bug to affect system integrity.
If there is no way to affect system integrity the base CVSS
score for this bug is 0. If there is one avenue through which
system integrity can be partially affected, the base score
becomes a 5. If system integrity can be partially affected
via all three integrity metrics, the CVSS base score become 7.5.
Mitigation:
Upgrade to 4.2.8, or later,
or Remove or comment out all configuration directives
beginning with the crypto keyword in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
See http://support.ntp.org/security for more information.
Revision 1.80 / (download) - annotate - [select for diffs], Thu Oct 9 14:06:45 2014 UTC (9 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.79: +1 -3
lines
Diff to previous 1.79 (colored)
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
Revision 1.79 / (download) - annotate - [select for diffs], Thu May 29 23:37:05 2014 UTC (9 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.78: +2 -2
lines
Diff to previous 1.78 (colored)
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Revision 1.78 / (download) - annotate - [select for diffs], Thu Mar 20 19:01:45 2014 UTC (9 years, 8 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.77: +2 -2
lines
Diff to previous 1.77 (colored)
More files observed on FreeBSD.
Revision 1.77 / (download) - annotate - [select for diffs], Wed Mar 5 12:35:09 2014 UTC (9 years, 9 months ago) by obache
Branch: MAIN
Changes since 1.76: +2 -1
lines
Diff to previous 1.76 (colored)
Fixes PKGNAME, '-dev-' should not be there.
Revision 1.76 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:24 2014 UTC (9 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.75: +2 -1
lines
Diff to previous 1.75 (colored)
Recursive PKGREVISION bump for OpenSSL API version bump.
Revision 1.75 / (download) - annotate - [select for diffs], Sun Jan 12 17:01:02 2014 UTC (9 years, 10 months ago) by spz
Branch: MAIN
Changes since 1.74: +5 -7
lines
Diff to previous 1.74 (colored)
update to ntp latest dev version to deal with CVE-2013-5211 (amplification attacks using monlist queries) tickadj for Solaris is a guess (and probably version dependent) the bulk builds will tell :)
Revision 1.74 / (download) - annotate - [select for diffs], Mon Jul 15 02:02:27 2013 UTC (10 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored)
* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes are replaced with .include "../../devel/readline/buildlink3.mk", and USE_GNU_READLINE are removed, * .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE are replaced with .include "../../mk/readline.buildlink3.mk".
Revision 1.73 / (download) - annotate - [select for diffs], Fri May 31 12:41:35 2013 UTC (10 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored)
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Revision 1.72 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:20 2013 UTC (10 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored)
PKGREVISION bumps for the security/openssl 1.0.1d update.
Revision 1.71 / (download) - annotate - [select for diffs], Tue Oct 23 17:18:43 2012 UTC (11 years, 1 month ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.70: +1 -2
lines
Diff to previous 1.70 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Oct 3 21:56:57 2012 UTC (11 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored)
Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them.
Revision 1.69 / (download) - annotate - [select for diffs], Sun Apr 8 16:58:05 2012 UTC (11 years, 7 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.68: +3 -1
lines
Diff to previous 1.68 (colored)
POSIX says that the target directory for "pax -rw" must exist. The pax
implementation in MirBSD enforces this.
Use ${MKDIR} to create the target directory before running pax.
This does not actually fix the build on MirBSD (it needs some more
work in the configure), it is at least a start.
Revision 1.68 / (download) - annotate - [select for diffs], Wed Nov 16 08:23:49 2011 UTC (12 years ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.67: +3 -2
lines
Diff to previous 1.67 (colored)
Add missing devel/readline buildlinks. Bump PKGREVISIONs
Revision 1.67 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:34 2010 UTC (13 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.66: +2 -1
lines
Diff to previous 1.66 (colored)
Recursive PKGREVISION bump for jpeg update to 8.
Revision 1.64.2.1 / (download) - annotate - [select for diffs], Tue Dec 15 21:37:54 2009 UTC (13 years, 11 months ago) by spz
Branch: pkgsrc-2009Q3
Changes since 1.64: +2 -3
lines
Diff to previous 1.64 (colored) next main 1.65 (colored)
Pullup ticket 2949 - requested by tnn
security update
Revisions pulled up:
- pkgsrc/net/ntp4/Makefile 1.66
- pkgsrc/net/ntp4/distinfo 1.14
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Tue Dec 15 10:53:21 UTC 2009
Modified Files:
pkgsrc/net/ntp4: Makefile distinfo
Log Message:
Update to ntp-4.2.4p8. Security fix for CVE-2009-3563 DoS vulnerability.
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/ntp4/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/ntp4/distinfo
Revision 1.66 / (download) - annotate - [select for diffs], Tue Dec 15 10:53:20 2009 UTC (13 years, 11 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.65: +2 -3
lines
Diff to previous 1.65 (colored)
Update to ntp-4.2.4p8. Security fix for CVE-2009-3563 DoS vulnerability.
Revision 1.65 / (download) - annotate - [select for diffs], Sun Oct 11 16:35:27 2009 UTC (14 years, 1 month ago) by zafer
Branch: MAIN
Changes since 1.64: +2 -3
lines
Diff to previous 1.64 (colored)
update master_sites. ftp.udel.edu has been suspended.
Revision 1.64 / (download) - annotate - [select for diffs], Tue Sep 8 11:34:02 2009 UTC (14 years, 2 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.63: +3 -1
lines
Diff to previous 1.63 (colored)
needs -D_GNU_SOURCE on Linux for struct in6_pktinfo
Revision 1.63 / (download) - annotate - [select for diffs], Tue Sep 8 10:06:50 2009 UTC (14 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.62: +11 -2
lines
Diff to previous 1.62 (colored)
Build with chroot jail support on platforms that support it.
Revision 1.62 / (download) - annotate - [select for diffs], Tue Sep 8 08:40:26 2009 UTC (14 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.61: +3 -1
lines
Diff to previous 1.61 (colored)
make net/ntp4 properly IPv6 aware
Revision 1.61 / (download) - annotate - [select for diffs], Sun Sep 6 11:13:50 2009 UTC (14 years, 3 months ago) by tnn
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored)
fix PLIST breakage on Linux
Revision 1.60 / (download) - annotate - [select for diffs], Sun Sep 6 10:20:21 2009 UTC (14 years, 3 months ago) by tnn
Branch: MAIN
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored)
NTP 4.2.4p7, 2009/05/04 Focus: Security and Bug Fixes Severity: HIGH This release fixes the following high-severity vulnerability: * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 See http://support.ntp.org/security for more information. If autokey is enabled (if ntp.conf contains a "crypto pw whatever" line) then a carefully crafted packet sent to the machine will cause a buffer overflow and possible execution of injected code, running with the privileges of the ntpd process (often root). Credit for finding this vulnerability goes to Chris Ries of CMU. This release fixes the following low-severity vulnerabilities: * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 Credit for finding this vulnerability goes to Geoff Keating of Apple. * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows Credit for finding this issue goes to Dave Hart. This release fixes a number of bugs and adds some improvements: * Improved logging * Fix many compiler warnings * Many fixes and improvements for Windows * Adds support for AIX 6.1 * Resolves some issues under MacOS X and Solaris
Revision 1.58.10.1 / (download) - annotate - [select for diffs], Tue Jan 27 13:29:18 2009 UTC (14 years, 10 months ago) by tron
Branch: pkgsrc-2008Q4
Changes since 1.58: +2 -3
lines
Diff to previous 1.58 (colored) next main 1.59 (colored)
Pullup ticket #2657 - requested by ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.59 - net/ntp4/distinfo 1.12 --- Module Name: pkgsrc Committed By: kefren Date: Mon Jan 26 20:06:15 UTC 2009 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: Update to 4.2.4p6. Highlights from 4.2.4p4: * fix CVE-2009-0021 * fix build against latest OpenSSL versions * obsolete "dynamic" keyword * fix memory leak when fetching system messages * several fixes in ntpdate
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jan 26 20:06:15 2009 UTC (14 years, 10 months ago) by kefren
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.58: +2 -3
lines
Diff to previous 1.58 (colored)
Update to 4.2.4p6. Highlights from 4.2.4p4: * fix CVE-2009-0021 * fix build against latest OpenSSL versions * obsolete "dynamic" keyword * fix memory leak when fetching system messages * several fixes in ntpdate
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jun 24 13:57:09 2008 UTC (15 years, 5 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Branch point for: pkgsrc-2008Q4
Changes since 1.57: +5 -2
lines
Diff to previous 1.57 (colored)
Fixed PLIST for Solaris, installs ntptime but not tickadj. Noticed by John Heasley in PR 39033.
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jun 24 11:47:13 2008 UTC (15 years, 5 months ago) by obache
Branch: MAIN
Changes since 1.56: +5 -3
lines
Diff to previous 1.56 (colored)
Fixes some problems noticed by Hasso Tepper in PR 39032. * Fix perl path in scripts, add runtime dependency on perl. * Fix unwanted PLIST subst. * DragonFly also support ntptime. Bump PKGREVISION.
Revision 1.56 / (download) - annotate - [select for diffs], Sun Jun 8 04:53:27 2008 UTC (15 years, 6 months ago) by obache
Branch: MAIN
Changes since 1.55: +11 -26
lines
Diff to previous 1.55 (colored)
Update ntp to 4.2.4p4.
---
(4.2.4p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 902] Fix problems with the -6 flag.
* Updated include/copyright.def (owner and year).
* [Bug 878] Avoid ntpdc use of refid value as unterminated string.
* [Bug 881] Corrected display of pll offset on 64bit systems.
* [Bug 886] Corrected sign handling on 64bit in ntpdc loopinfo command.
* [Bug 889] avoid malloc() interrupted by SIGIO risk
* ntpd/refclock_parse.c: cleanup shutdown while the file descriptor is still open.
* [Bug 885] use emalloc() to get a message at the end of the memory
unsigned types cannot be less than 0
default_ai_family is a short
lose trailing , from enum list
clarify ntp_restrict.c for easier automated analysis
* [Bug 884] don't access recv buffers after having them passed to the free list.
* [Bug 882] allow loopback interfaces to share addresses with other interfaces.
---
(4.2.4p3) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 863] unable to stop ntpd on Windows as the handle reference for events
changed
---
(4.2.4p2) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 854] Broadcast address was not correctly set for interface addresses
* [Bug 829] reduce syslog noise, while there fix Enabled/Disable logging
to reflect the actual configuration.
* [Bug 795] Moved declaration of variable to top of function.
* [Bug 789] Fix multicast client crypto authentication and make sure arriving
multicast packets do not disturb the autokey dance.
* [Bug 785] improve handling of multicast interfaces
(multicast routers still need to run a multicast routing
software/daemon)
* [Bug 527] Don't write from source address length to wrong location
* Upgraded autogen and libopts.
* [Bug 811] ntpd should not read a .ntprc file.
---
(4.2.4p1) (skipped)
---
(4.2.4p0) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 793] Update Hans Lambermont's email address in ntpsweep.
* [Bug 776] Remove unimplemented "rate" flag from ntpdate.
* [Bug 586] Avoid lookups if AI_NUMERICHOST is set.
* [Bug 770] Fix numeric parameters to ntp-keygen (Alain Guibert).
* [Bug 768] Fix io_setbclient() error message.
* [Bug 765] Use net_bind_service capability on linux.
* [Bug 760] The background resolver must be aware of the 'dynamic' keyword.
* [Bug 753] make union timestamp anonymous (Philip Prindeville).
* confopt.html: move description for "dynamic" keyword into the right section.
* pick the right type for the recv*() length argument.
---
(4.2.4) Released by Harlan Stenn <stenn@ntp.org>
* monopt.html fixes from Dave Mills.
* [Bug 452] Do not report kernel PLL/FLL flips.
* [Bug 746] Expert mouseCLOCK USB v2.0 support added.'
* driver8.html updates.
* [Bug 747] Drop <NOBR> tags from ntpdc.html.
* sntp now uses the returned precision to control decimal places.
* sntp -u will use an unprivileged port for its queries.
* [Bug 741] "burst" doesn't work with !unfit peers.
* [Bug 735] Fix a make/gmake VPATH issue on Solaris.
* [Bug 739] ntpd -x should not take an argument.
* [Bug 737] Some systems need help providing struct iovec.
* [Bug 717] Fix libopts compile problem.
* [Bug 728] parse documentation fixes.
* [Bug 734] setsockopt(..., IP_MULTICAST_IF, ...) fails on 64-bit platforms.
* [Bug 732] C-DEX JST2000 patch from Hideo Kuramatsu.
* [Bug 721] check for __ss_family and __ss_len separately.
* [Bug 666] ntpq opeers displays jitter rather than dispersion.
* [Bug 718] Use the recommended type for the saddrlen arg to getsockname().
* [Bug 715] Fix a multicast issue under Linux.
* [Bug 690] Fix a Windows DNS lookup buffer overflow.
* [Bug 670] Resolved a Windows issue with the dynamic interface rescan code.
* K&R C support is being deprecated.
* [Bug 714] ntpq -p should conflict with -i, not -c.
* WWV refclock improvements from Dave Mills.
* [Bug 708] Use thread affinity only for the clock interpolation thread.
* [Bug 706] ntpd can be running several times in parallel.
* [Bug 704] Documentation typos.
* [Bug 701] coverity: NULL dereference in ntp_peer.c
* [Bug 695] libopts does not protect against macro collisions.
* [Bug 693] __adjtimex is independent of ntp_{adj,get}time.
* [Bug 692] sys_limitrejected was not being incremented.
* [Bug 691] restrictions() assumption not always valid.
* [Bug 689] Deprecate HEATH GC-1001 II; the driver never worked.
* [Bug 688] Fix documentation typos.
* [Bug 686] Handle leap seconds better under Windows.
* [Bug 685] Use the Windows multimedia timer.
* [Bug 684] Only allow debug options if debugging is enabled.
* [Bug 683] Use the right version string.
* [Bug 680] Fix the generated version string on Windows.
* [Bug 678] Use the correct size for control messages.
* [Bug 677] Do not check uint_t in configure.ac.
* [Bug 676] Use the right value for msg_namelen.
* [Bug 675] Make sure ntpd builds without debugging.
* [Bug 672] Fix cross-platform structure padding/size differences.
* [Bug 660] New TIMESTAMP code fails tp build on Solaris Express.
* [Bug 659] libopts does not build under Windows.
* [Bug 658] HP-UX with cc needs -Wp,-H8166 in CFLAGS.
* [Bug 656] ntpdate doesn't work with multicast address.
* [Bug 638] STREAMS_TLI is deprecated - remove it.
* [Bug 635] Fix tOptions definition.
* [Bug 628] Fallback to ntp discipline not working for large offsets.
* [Bug 622] Dynamic interface tracking for ntpd.
* [Bug 603] Don't link with libelf if it's not needed.
* [Bug 523] ntpd service under Windows does't shut down properly.
* [Bug 500] sntp should always be built.
* [Bug 479] Fix the -P option.
* [Bug 421] Support the bc637PCI-U card.
* [Bug 342] Deprecate broken TRAK refclock driver.
* [Bug 340] Deprecate broken MSF EES refclock driver.
* [Bug 153] Don't do DNS lookups on address masks.
* [Bug 143] Fix interrupted system call on HP-UX.
* [Bug 42] Distribution tarballs should be signed.
* Support separate PPS devices for PARSE refclocks.
* [Bug 637, 51?] Dynamic interface scanning can now be done.
* Options processing now uses GNU AutoGen.
---
(4.2.2p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 710] compat getnameinfo() has off-by-one error
* [Bug 690] Buffer overflow in Windows when doing DNS Lookups
---
(4.2.2p3) Released by Harlan Stenn <stenn@ntp.org>
* Make the ChangeLog file cleaner and easier to read
* [Bug 601] ntpq's decodeint uses an extra level of indirection
* [Bug 657] Different OSes need different sized args for IP_MULTICAST_LOOP
* release engineering/build changes
* Documentation fixes
* Get sntp working under AIX-5
---
(4.2.2p2) (broken)
* Get sntp working under AIX-5
---
(4.2.2p1)
* [Bug 661] Use environment variable to specify the base path to openssl.
* Resolve an ambiguity in the copyright notice
* Added some new documentation files
* URL cleanup in the documentation
* [Bug 657]: IP_MULTICAST_LOOP uses a u_char value/size
* quiet gcc4 complaints
* more Coverity fixes
* [Bug 614] manage file descriptors better
* [Bug 632] update kernel PPS offsets when PPS offset is re-configured
* [Bug 637] Ignore UP in*addr_any interfaces
* [Bug 633] Avoid writing files in srcdir
* release engineering/build changes
---
(4.2.2)
* SNTP
* Many bugfixes
* Implements the current "goal state" of NTPv4
* Autokey improvements
* Much better IPv6 support
* [Bug 360] ntpd loses handles with LAN connection disabled.
* [Bug 239] Fix intermittent autokey failure with multicast clients.
* Rewrite of the multicast code
* New version numbering scheme
Revision 1.55 / (download) - annotate - [select for diffs], Mon May 26 02:13:22 2008 UTC (15 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.54: +4 -4
lines
Diff to previous 1.54 (colored)
Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
Revision 1.54 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:08 2008 UTC (15 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.53: +4 -9
lines
Diff to previous 1.53 (colored)
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
Revision 1.53 / (download) - annotate - [select for diffs], Thu Jan 24 11:55:42 2008 UTC (15 years, 10 months ago) by is
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1
Changes since 1.52: +3 -1
lines
Diff to previous 1.52 (colored)
Correct PLIST on Solaris (From PR 33259 by spz@).
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jan 18 05:08:47 2008 UTC (15 years, 10 months ago) by tnn
Branch: MAIN
Changes since 1.51: +2 -2
lines
Diff to previous 1.51 (colored)
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Dec 12 20:42:32 2007 UTC (15 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored)
Reset maintainer on his request.
Revision 1.50 / (download) - annotate - [select for diffs], Wed Nov 22 23:07:39 2006 UTC (17 years ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored)
Fix path to docs in MESSAGE. This is PR #35096. It was changed in Makefile revision 1.49 in July 2006. Bump PKGREVISION.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Jul 12 17:41:54 2006 UTC (17 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.48: +10 -11
lines
Diff to previous 1.48 (colored)
Moved documentation to share/doc/ntp4. Bumped PKGREVISION.
Revision 1.48 / (download) - annotate - [select for diffs], Thu Dec 29 06:22:00 2005 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.47: +1 -2
lines
Diff to previous 1.47 (colored)
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Revision 1.47 / (download) - annotate - [select for diffs], Thu Dec 8 09:52:16 2005 UTC (18 years ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored)
Bumped the PKGREVISION of the packages that have been broken by the recent "pkglint --autofix" change.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Dec 8 09:19:22 2005 UTC (18 years ago) by rillig
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored)
Fixed PLIST quoting issue introduced by the recent "pkglint --autofix" change.
Revision 1.45 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:14 2005 UTC (18 years ago) by rillig
Branch: MAIN
Changes since 1.44: +2 -2
lines
Diff to previous 1.44 (colored)
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Revision 1.44 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:47 2005 UTC (18 years ago) by rillig
Branch: MAIN
Changes since 1.43: +3 -3
lines
Diff to previous 1.43 (colored)
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Revision 1.43 / (download) - annotate - [select for diffs], Sat Sep 10 10:43:42 2005 UTC (18 years, 2 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored)
Update nb6->nb7 for security fix: http://secunia.com/advisories/16602/
Revision 1.42 / (download) - annotate - [select for diffs], Sat Jul 16 01:19:16 2005 UTC (18 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored)
Get rid of USE_PERL5. The new way to express needing the Perl executable around at either build-time or at run-time is: USE_TOOLS+= perl # build-time USE_TOOLS+= perl:run # run-time Also remove some places where perl5/buildlink3.mk was being included by a package Makefile, but all that the package wanted was the Perl executable.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jun 1 19:07:34 2005 UTC (18 years, 6 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.40: +1 -4
lines
Diff to previous 1.40 (colored)
We can always specify where the OpenSSL libraries & headers are, regardless of whether we use the built-in or pkgsrc version of openssl.
Revision 1.40 / (download) - annotate - [select for diffs], Mon Apr 11 21:46:52 2005 UTC (18 years, 7 months ago) by tv
Branch: MAIN
Changes since 1.39: +1 -2
lines
Diff to previous 1.39 (colored)
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Revision 1.39 / (download) - annotate - [select for diffs], Sat Mar 19 03:03:56 2005 UTC (18 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.38: +2 -2
lines
Diff to previous 1.38 (colored)
Add time to categories.
Revision 1.38 / (download) - annotate - [select for diffs], Tue Dec 28 02:47:47 2004 UTC (18 years, 11 months ago) by reed
Branch: MAIN
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored)
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Revision 1.37 / (download) - annotate - [select for diffs], Sun Oct 3 00:17:56 2004 UTC (19 years, 2 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.36: +2 -2
lines
Diff to previous 1.36 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.36 / (download) - annotate - [select for diffs], Fri Jul 23 19:59:41 2004 UTC (19 years, 4 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.35: +6 -2
lines
Diff to previous 1.35 (colored)
* Enable pkgviews installation. * Conflicts with openntpd. Bump PKGREVISION.
Revision 1.35 / (download) - annotate - [select for diffs], Thu Jun 10 20:03:11 2004 UTC (19 years, 5 months ago) by jschauma
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.34: +23 -7
lines
Diff to previous 1.34 (colored)
Address PR pkg/24607 by Georg Schwarz to make this build and install under IRIX: - add flexibility to PLIST - add configure arguments to point to openssl if not builtin - don't use '-print0' to find(1). IRIX' find does not have this capability, and since we know for a fact that it will not be needed, we can leave it out in this case.
Revision 1.34 / (download) - annotate - [select for diffs], Sat May 8 07:37:40 2004 UTC (19 years, 7 months ago) by snj
Branch: MAIN
Changes since 1.33: +3 -3
lines
Diff to previous 1.33 (colored)
Convert to buildlink3.
Revision 1.33 / (download) - annotate - [select for diffs], Sun Mar 28 06:35:03 2004 UTC (19 years, 8 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.32: +2 -2
lines
Diff to previous 1.32 (colored)
Fix ntpd PATH in ntpd rc.d script, reported by Mirko Thiesen in PR pkg/24947; bump PKGREVISION.
Revision 1.32 / (download) - annotate - [select for diffs], Thu Mar 11 20:39:40 2004 UTC (19 years, 8 months ago) by reed
Branch: MAIN
Changes since 1.31: +6 -1
lines
Diff to previous 1.31 (colored)
This adds rc.d scripts. The ntp.conf is example from official NetBSD.
The rc.d scripts are based on official NetBSD scripts.
This also adds:
CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR}
This was discussed and okayed with maintainer, fredb, in February,
Currently, the ntpd.sh rc.d script has a note about the
ntpd_chrootdir is only for NetBSD at this time. (Because I haven't
tested under other operating systems.)
Revision 1.31 / (download) - annotate - [select for diffs], Tue Feb 3 23:04:41 2004 UTC (19 years, 10 months ago) by reed
Branch: MAIN
Changes since 1.30: +3 -3
lines
Diff to previous 1.30 (colored)
Use more portable find -print0 (instead of -printx). Okay'd by maintainer, fredb.
Revision 1.30 / (download) - annotate - [select for diffs], Fri Nov 21 01:02:24 2003 UTC (20 years ago) by fredb
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.29: +7 -6
lines
Diff to previous 1.29 (colored)
Don't change the permissions of files in the work directory, so that "make clean" after just-in-time "su" works. Closes PR pkg/23477 by Adrian Portelli.
Revision 1.29 / (download) - annotate - [select for diffs], Thu Nov 20 12:09:09 2003 UTC (20 years ago) by fredb
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Disable detection of <sys/soundcard.h>, to let this build on very current systems (NetBSD 1.6ZF).
Revision 1.28 / (download) - annotate - [select for diffs], Wed Nov 12 03:39:41 2003 UTC (20 years ago) by jschauma
Branch: MAIN
Changes since 1.27: +2 -1
lines
Diff to previous 1.27 (colored)
PKGREVISION++ after openssl update.
Revision 1.27 / (download) - annotate - [select for diffs], Thu Nov 6 20:32:57 2003 UTC (20 years, 1 month ago) by fredb
Branch: MAIN
Changes since 1.26: +7 -10
lines
Diff to previous 1.26 (colored)
Update post-install target and MESSAGE for churn in the documentation, and especially fix permissions on the new directories. Should close PR pkg/23378, by Wolfgang S. Rupprecht.
Revision 1.26 / (download) - annotate - [select for diffs], Sat Nov 1 00:52:50 2003 UTC (20 years, 1 month ago) by kristerw
Branch: MAIN
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
Add USE_PERL5=build.
Revision 1.25 / (download) - annotate - [select for diffs], Fri Oct 24 04:52:26 2003 UTC (20 years, 1 month ago) by fredb
Branch: MAIN
Changes since 1.24: +22 -9
lines
Diff to previous 1.24 (colored)
Update to ntp 4.2.0. All platforms: Autokey, using OpenSSL. IPv6 support. Bugfixes in loopfilter and refclocks. NetBSD: Support for editline command line editing in "ntpq" and "ntpdc". NetBSD-current: Use nanosecond resolution POSIX timers.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Oct 24 04:35:16 2003 UTC (20 years, 1 month ago) by fredb
Branch: MAIN
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored)
Whitespace cleanup.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Jul 17 22:51:30 2003 UTC (20 years, 4 months ago) by grant
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
s/netbsd.org/NetBSD.org/
Revision 1.22 / (download) - annotate - [select for diffs], Thu Apr 10 01:28:22 2003 UTC (20 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.21: +3 -3
lines
Diff to previous 1.21 (colored)
make ${PAX} usage consistent:
- group 'zrw' and 'p' args, -s last
- use the && operator consistently
- strip unneeded parens
- some whitespace cleanup
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jul 16 14:57:08 2002 UTC (21 years, 4 months ago) by fredb
Branch: MAIN
CVS Tags: pkgviews-base,
pkgviews,
netbsd-1-6-RELEASE-base,
netbsd-1-6-1-base,
netbsd-1-6-1,
netbsd-1-6
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
Update to 4.1.1a. Add drivers for TrueTime 560 IRIG-B decoder and Zyfer GPStarplus, minor documentation updates.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Feb 28 13:51:23 2002 UTC (21 years, 9 months ago) by fredb
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003,
buildlink2-base,
buildlink2
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Update to ntp-4.1.1. From the "NEWS" file:
* Lose the source port check on incoming packets
* (x)ntpdc compatibility patch
* Virtual IP improvements
* ntp_loopfilter fixes and improvements
* ntpdc improvements
* GOES refclock fix
* JJY driver
* bsdi port fixes
* HP MPE/iX port
* Win/NT port upgrade
* Dynix PTX port fixes
* Document conversion from CVS to BK
* readline support for ntpq
Revision 1.19 / (download) - annotate - [select for diffs], Tue Aug 14 06:10:41 2001 UTC (22 years, 3 months ago) by fredb
Branch: MAIN
Changes since 1.18: +3 -4
lines
Diff to previous 1.18 (colored)
Finally! NTP 4.1.0 is released. Very few changes from 4.0.99m-rc3 (excerpts from the "ChangeLog" file below). Also, this NetBSD package now installs the HTML docs into "/usr/pkg/share/doc/html". * ntpd/refclock_oncore.c (oncore_start): Set pps_enable=1, just like the atom driver does. From: reg@dwf.com * ntpd/refclock_nmea.c (nmea_ppsapi): Set pps_enable=1, just like the atom driver does. From: Scott Allendorf <sca@newton.physics.uiowa.edu> * ntpd/ntp_config.c (getconfig): CONF_CLOCK_PANIC was using the wrong config flag. From: <justin_forrester@hp.com>
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jul 12 17:38:18 2001 UTC (22 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored)
Don't try to build against -lreadline on NetBSD-1.4.x, either.
Revision 1.17 / (download) - annotate - [select for diffs], Thu Jul 12 16:24:58 2001 UTC (22 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.16: +16 -9
lines
Diff to previous 1.16 (colored)
Update to latest release candidate, ntp-4.0.99m-rc3. Continued refinements since 4.0.99k, a new feature -- an experimental "huff-n-puff" filter (optionally enabled in /etc/ntp.conf) -- which discards samples with the highest delays, and new drivers for: Forum Graphic GPS, WWV/H, Heath GC-100 II, HOPF serial and PCI, ONCORE, ulink331. Drop the packages's requirement for GNU readline. It turns out that command line editing in "ntpq" is not all that useful, as you can alway let your shell recall "ntpq -c <command>".
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jun 12 20:33:06 2001 UTC (22 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if GNU_CONFIGURE is defined, so simply set LIBS to the appropriate value.
Revision 1.15 / (download) - annotate - [select for diffs], Sat Feb 17 18:19:19 2001 UTC (22 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 29 11:34:37 2001 UTC (22 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.13: +1 -5
lines
Diff to previous 1.13 (colored)
Add automatic ${VARIABLE} handling for MESSAGE files.
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @VARIABLE@, nor @@VARIABLE@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Aug 18 19:39:53 2000 UTC (23 years, 3 months ago) by fredb
Branch: MAIN
CVS Tags: netbsd-1-5-RELEASE,
netbsd-1-4-PATCH003
Changes since 1.12: +8 -3
lines
Diff to previous 1.12 (colored)
Update to version 4.0.99k. Continuing algorithmic improvements, bug fixes; adds readline support to "ntpq" and "ntpdc".
Revision 1.12 / (download) - annotate - [select for diffs], Tue Feb 8 12:18:15 2000 UTC (23 years, 10 months ago) by fredb
Branch: MAIN
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.11: +4 -7
lines
Diff to previous 1.11 (colored)
Update to ntp-4.0.99d. From the NEWS file: * algorithmic improvements, bugfixes * Solaris dosynctodr info update * html/pic/* is *lots* smaller * New drivers: Forum Graphic GPS, WWV/H * Rewrite of the audio drivers * Driver updates: CHU, DCF, GPS/VME, Oncore, PCF, Ulink, WWVB, burst If you use the ONCORE driver with a HARDPPS kernel module, you *must* have a properly specified: pps <filename> [assert/clear] [hardpps] line in the /etc/ntp.conf file. * PARSE cleanup * PPS cleanup * ntpd, ntpq, ntpdate cleanup and fixes * NT port improvements * AIX, BSDI, DEC OSF, FreeBSD, NetBSD, Reliant, SCO, Solaris port improvements (4.0.98) * Solaris kernel FLL bug is fixed in 106541-07 * Bug/lint cleanup * PPS cleanup * ReliantUNIX patches * NetInfo support * Ultralink driver * Trimble OEM Ace-II support * DCF77 power choices * Oncore improvements
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 10 00:57:16 2000 UTC (23 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
replaced a whole lot more commands with ${COMMAND}
Revision 1.10 / (download) - annotate - [select for diffs], Sun Nov 14 05:23:26 1999 UTC (24 years ago) by fredb
Branch: MAIN
Changes since 1.9: +5 -28
lines
Diff to previous 1.9 (colored)
Update ntp4 to 4.0.98f. Extensive clean ups, bug fixes in reference clock
drivers and in burst mode operation. Clean ups to and additional documentation.
- - Package builds cleanly (including ntptime) for NetBSD-1.4.1, now that
HAVE_PPSAPI depends on finding PPS_API_VERS_1 in sys/timepps.h, rather
than simply checking for the presence of sys/timpepps.h.
- - Remove dependencies on gmake and autoconf.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Aug 30 11:15:13 1999 UTC (24 years, 3 months ago) by fredb
Branch: MAIN
CVS Tags: comdex-fall-1999
Changes since 1.8: +7 -3
lines
Diff to previous 1.8 (colored)
Update ntp4 to 4.0.97d. Highlights since 4.0.97: - -Adds listen_to_virtual_ips support (-L flag) - -Adds support for Trimble OEM Ace-II receiver - -Patch to run Oncore on systems w/o hardpps() - -Permit RTS to power a DCF77 - -Assorted lint clean-ups
Revision 1.8 / (download) - annotate - [select for diffs], Thu Aug 19 08:52:57 1999 UTC (24 years, 3 months ago) by fredb
Branch: MAIN
Changes since 1.7: +5 -3
lines
Diff to previous 1.7 (colored)
Update to ntp-4.0.97 Portability fixes, plus new utility "ntptimeset"
Revision 1.7 / (download) - annotate - [select for diffs], Fri Aug 13 08:54:28 1999 UTC (24 years, 3 months ago) by fredb
Branch: MAIN
Changes since 1.6: +19 -5
lines
Diff to previous 1.6 (colored)
Update ntp4 to 4.0.96p1 Highlights: - - Y2K patches from AT&T: readme, test results, in source directory - - various portability and configuration patches for Linux, WinNT This version of the package now requires "gmake", "autoconf", and "automake" as a consequence of its use of distribution patches. This requirement is expected to go away with the pending release.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jul 29 19:06:05 1999 UTC (24 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.5: +5 -1
lines
Diff to previous 1.5 (colored)
Eliminate absolute paths in MESSAGE file.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 28 08:55:12 1999 UTC (24 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Update ntp4 to version 4.0.95
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jul 27 17:45:15 1999 UTC (24 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.3: +5 -4
lines
Diff to previous 1.3 (colored)
Update package to ntp-4.0.94b.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 24 21:23:52 1999 UTC (24 years, 4 months ago) by tron
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Fix typo in home page URL.
Revision 1.2 / (download) - annotate - [select for diffs], Sat Jul 24 19:02:40 1999 UTC (24 years, 4 months ago) by fredb
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Fix category for "ntp4" package
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Jul 24 18:29:34 1999 UTC (24 years, 4 months ago) by fredb
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import new "ntp4" package: Network Time Protocol Version 4
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 24 18:29:34 1999 UTC (24 years, 4 months ago) by fredb
Branch: MAIN
Initial revision