summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/ntpd
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of ntp. [SA-17:03]delphij2017-04-1241-815/+832
| | | | | | Xen migration enhancements. [EN-17:05] Approved by: so
* Fix multiple vulnerabilities of ntp.delphij2016-12-2237-3029/+3527
| | | | Approved by: so
* Fix multiple ntp vulnerabilities.delphij2016-06-0431-2763/+2819
| | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so
* Fix ntp multiple vulnerabilities.delphij2016-04-2927-442/+1082
| | | | Approved by: so
* MFC r294554: MFV r294491: ntp 4.2.8p6.delphij2016-01-2240-2645/+3843
| | | | | | | | Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975 Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978 Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139 Security: CVE-2015-8140, CVE-2015-8158 With hat: so
* Merge r293423, r293469:glebius2016-01-1138-438/+464
| | | | | | ntp 4.2.8p5 Relnotes: yes
* Upgrade NTP to 4.2.8p4.glebius2015-10-2648-1940/+2045
| | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
* MFC r280849,280915-280916,281015-281016,282097,282408,282415,283542,delphij2015-07-15117-28821/+79193
| | | | | | | | | 284864,285169-285170,285435: ntp 4.2.8p3. Relnotes: yes Approved by: re (?)
* Improve patch for SA-15:04.igmp to solve a potential buffer overflow.delphij2015-04-072-53/+97
| | | | | | | | Fix multiple vulnerabilities of ntp. [SA-15:07] Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
* MFC r277202hiren2015-02-031-6/+13
| | | | | ntpd tries to bind to IPv6 interfaces in 'tentative' state and fails as IPv6 is actually disabled. Fix it by making ntpd ignore such interfaces.
* Correct comparison of IPv6 wildcard address.ume2015-01-111-1/+1
| | | | MFH: r276814
* MFC r276071:delphij2014-12-224-7/+35
| | | | | | | | | Fix multiple ntp vulnerabilities. Reviewed by: roberto (earlier revision), philip Security: CVE-2014-9293, CVE-2014-9294 Security: CVE-2014-9295, CVE-2014-9296 Security: FreeBSD-SA-14:31.ntp
* MFC r265465:delphij2014-05-201-2/+0
| | | | Don't reply monlist request when it's not enabled.
* MFC r260637:delphij2014-01-141-0/+2
| | | | | | | Disable 'monitor' feature in ntpd by default. Security: FreeBSD-SA-14:02.ntpd Approved by: so
* Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS ineadler2012-12-061-1/+1
| | | | | | | | | | | | share/mk/sys.mk instead. This is part of a medium term project to permit deterministic builds of FreeBSD. Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
* Remove extraneous log messageemaste2012-03-121-6/+0
| | | | | | | | | | | | When ntp switched between PLL and FLL mode it produced a log message "kernel time sync status change %04x". This issue is reported in ntp bug 452[1] which claims that this behaviour is normal and the log message isn't necessary. I'm not sure exactly when it was removed, but it's gone in the latest ntp release (4.2.6p5). [1] http://bugs.ntp.org/show_bug.cgi?id=452 Approved by: roberto
* In case ntp cannot resolve a hostname on startup it will queue the entrybz2011-06-292-20/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for resolving by a child process that, upon success, will add the entry to the config of the running running parent process. Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes: 1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there). 2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6. 3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags. 4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days
* Compare port numbers correctly. They are stored by SRCPORT()bz2011-06-281-3/+3
| | | | | | | | | | | | | | in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well. This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once. The change is no longer applicable to any latest upstream versions. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week
* The argument to setsockopt for IP_MULTICAST_LOOP depends on operatingbz2011-05-291-2/+7
| | | | | | | | | | | | | | | | | | | | | | system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char. For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101 While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP. Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org
* Merge 4.2.4p8 into contrib (r200452 & r200454).roberto2009-12-1521-477/+906
|\ | | | | | | | | | | | | Subversion is being difficult here so take a hammer and get it in. MFC after: 2 weeks Security: CVE-2009-3563
* | Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn'tume2009-12-011-0/+41
| | | | | | | | | | | | | | | | allow bind to an anycast addeess. It does away with an annoying message. Reviewed by: bz, roberto MFC after: 2 weeks
* | Prevent integer overflow in direct pipe write code from circumventingcperciva2009-06-101-17/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd
* | Correct ntpd(8) cryptographic signature bypass [SA-09:04].simon2009-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon)
* | Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commitroberto2008-08-2270-9879/+17921
|\ \ | |/ | | | | | | | | will update usr.sbin/ntp to match this. MFC after: 2 weeks
| * Flatten the dist and various 4.n.n trees in preparation of future ntp imports.roberto2008-08-1767-70079/+0
| |
* | Remove an extra '}'.roberto2004-07-201-1/+0
| |
* | Merge conflicts (see also previous commit).roberto2004-07-201-148/+170
| | | | | | | | | | | | | | | | Reinsert our local changes to ntp_control.c: 1.4: Do not log every potential exploit attempt since a denial-of-service may result 1.5: int -> unsigned char fixes
* | Revert this file to the vendor version, we don't need to have our ownroberto2004-07-201-1072/+1489
| | | | | | | | version of it. Will help further upgrades.
* | This commit was generated by cvs2svn to compensate for changes in r132451,roberto2004-07-2060-8275/+13866
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Virgin import of ntpd 4.2.0roberto2004-07-2062-9493/+15524
| |
* | Merge conflicts.roberto2002-11-041-0/+2
| | | | | | | | MFC after: 1 month
* | This commit was generated by cvs2svn to compensate for changes in r106424,roberto2002-11-049-11/+5772
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Virgin import of ntpd 4.1.1broberto2002-11-0410-11/+5774
| |
| * Remove files not present in 4.1.1a import.roberto2002-10-291-987/+0
| |
* | Merge conflicts.roberto2002-10-293-993/+6
| | | | | | | | MFC after: 1 month
* | This commit was generated by cvs2svn to compensate for changes in r106163,roberto2002-10-2920-403/+1897
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Virgin import of ntpd 4.1.1aroberto2002-10-2922-409/+1903
| |
* | Merge after 4.1.0 import.roberto2001-08-291-986/+1573
| |
* | Redo the int -> unsigned changes jedgar did. It should have been submittedroberto2001-08-291-615/+852
| | | | | | | | back but it was off the vendor branch anyway so...
* | This commit was generated by cvs2svn to compensate for changes in r82498,roberto2001-08-2955-3876/+9376
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Virgin import of ntpd 4.1.0roberto2001-08-2957-5477/+11811
| |
* | Do not log every potential exploit attempt since a denial-of-servicejedgar2001-04-061-10/+1
| | | | | | | | may result.
* | - Correct off-by-one error and buffer underflow from previous fixjedgar2001-04-061-5/+5
| | | | | | | | | | | | - int -> unsigned char fixes Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)
* | Fix a potential ROOT-exploit in NTPD.phk2001-04-041-1/+18
| | | | | | | | | | PR: 26358 Reviewed by: dima
* | This commit was generated by cvs2svn to compensate for changes in r57738,roberto2000-03-031-1/+1
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Fix potential alignement problems on Alpha + IPv6.roberto2000-03-031-1/+1
| | | | | | | | | | | | | | This is done on the vendor branch to avoid spamming the tree. It has been sent to the NTP maintainers already. Submitted by: shin
* | Merge conflicts with the import of 4.0.99b.roberto2000-01-281-229/+269
| |
* | This commit was generated by cvs2svn to compensate for changes in r56746,roberto2000-01-2826-1437/+4680
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Virgin import of ntpd 4.0.99broberto2000-01-2827-1667/+4950
| |
* | Commit a fix several warnings on alpha for sysctlbyname arguments. It couldroberto1999-12-091-1/+3
|/ | | | | | | have resulted in stack corruption. A patch has been sent to the ntp author for inclusion in next version. Obtained from: peter
OpenPOWER on IntegriCloud