Fix multiple vulnerabilities of ntp.releng/10.1

Approved by:	so

1 files changed, 19 insertions, 0 deletions

diff --git a/contrib/ntp/ntpd/ntp.conf.def b/contrib/ntp/ntpd/ntp.conf.def
index a62e976..5ae8c38 100644
--- a/contrib/ntp/ntpd/ntp.conf.def
+++ b/contrib/ntp/ntpd/ntp.conf.def
@@ -1997,6 +1997,25 @@ At the same time, the manycast
 scheme starts all over from the beginning and
 the expanding ring shrinks to the minimum and increments
 from there while collecting all servers in scope.
+.Ss Broadcast Options
+.Bl -tag -width indent
+.It Xo Ic tos
+.Oo
+.Cm bcpollbstep Ar gate
+.Oc
+.Xc
+This command provides a way to delay,
+by the specified number of broadcast poll intervals,
+believing backward time steps from a broadcast server.
+Broadcast time networks are expected to be trusted.
+In the event a broadcast server's time is stepped backwards,
+there is clear benefit to having the clients notice this change
+as soon as possible.
+Attacks such as replay attacks can happen, however,
+and even though there are a number of protections built in to
+broadcast mode, attempts to perform  a replay attack are possible.
+This value defaults to 0, but can be changed
+to any number of poll intervals between 0 and 4.
 .Ss Manycast Options
 .Bl -tag -width indent
 .It Xo Ic tos