Update openntpd to 5.9p1, from Paul B. Henson in PR pkg/51092.

Changes since OpenNTPD 5.7p4
============================
* When a single "constraint" is specified, try all returned addresses
  until one succeeds, rather than the first returned address.
* Relaxed the constraint error margin to be proportional to the number
  of NTP peers, avoid constant reconnections when there is a bad NTP
  peer.
* Removed disabled hotplug sensor support.
* Added support for detecting crashes in constraint subprocesses.
* Moved the execution of constraints from the ntp process to the
  parent process, allowing for better privilege separation since the
  ntp process can be further restricted.
* Added pledge(2) support.
* Updated to require LibreSSL 2.3.2 or greater.
* Fixed high CPU usage when the network is down.
* Fixed various memory leaks.
* Switched to RMS for jitter calculations.
* Unified logging functions with other OpenBSD base programs.

OpenNTPD portable-specific changes:

* Added support for syncing time with the Realtime Clock (RTC) on OSes
  that require it.
* CFLAGS is no longer overridden by the build system.
* FreeBSD RTABLE support is disabled
* FreeBSD is no longer linked with -lmd to avoid hash function
  collisions, causing failures in constraint certificate loading.
* Fixed crashes due to __progname being used before initialized.
* Added Solaris 10 compatibility.
* Added --disable-https-constraint build option for explicitly
  disabling constraint support.
* Synced build system files with LibreSSL

Note that HTTPS TLS constraints are currently disabled in pkgsrc pending
evaluation of how best to deal with libressl.

7 files changed, 131 insertions, 77 deletions

diff --git a/net/openntpd/Makefile b/net/openntpd/Makefile
index 228b8994517..525c8ec789a 100644
--- a/net/openntpd/Makefile
+++ b/net/openntpd/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.42 2015/07/03 12:31:12 wiz Exp $
+# $NetBSD: Makefile,v 1.43 2016/05/14 14:55:34 bsiegert Exp $
 
-DISTNAME=		openntpd-5.7p4
+DISTNAME=		openntpd-5.9p1
 CATEGORIES=		net
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenNTPD/}
 
@@ -14,12 +14,16 @@ CONFLICTS+=		ntp-[0-9]*
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
-
-SUBST_CLASSES+=		ntpd_m
-SUBST_STAGE.ntpd_m=	pre-build
-SUBST_FILES.ntpd_m=	src/ntpd.8 src/ntpctl.8
-SUBST_SED.ntpd_m+=	-e 's,/var/db/,${VARBASE}/db/openntpd/,g'
-SUBST_SED.ntpd_m+=	-e 's,/var/run/,${VARBASE}/run/,g'
+CONFIGURE_ARGS+=	--disable-https-constraint
+
+SUBST_CLASSES+=		ntpd_m1
+SUBST_CLASSES+=		ntpd_m2
+SUBST_STAGE.ntpd_m1=	pre-build
+SUBST_STAGE.ntpd_m2=	pre-build
+SUBST_FILES.ntpd_m1=	src/ntpd.8
+SUBST_FILES.ntpd_m2=	src/ntpd.8 src/ntpctl.8
+SUBST_SED.ntpd_m1+=	-e 's,/var/db/,${VARBASE}/db/openntpd/,g'
+SUBST_SED.ntpd_m2+=	-e 's,/var/run/,${VARBASE}/run/,g'
 
 SUBST_CLASSES+=		ntpd_h
 SUBST_STAGE.ntpd_h=	pre-build
diff --git a/net/openntpd/distinfo b/net/openntpd/distinfo
index 9aadcd2e01e..0ec52feed02 100644
--- a/net/openntpd/distinfo
+++ b/net/openntpd/distinfo
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 00:35:17 agc Exp $
+$NetBSD: distinfo,v 1.12 2016/05/14 14:55:34 bsiegert Exp $
 
-SHA1 (openntpd-5.7p4.tar.gz) = ba885dc7cf599161b351cd90af2af175071e3a9d
-RMD160 (openntpd-5.7p4.tar.gz) = d99d0058ce67272e5dff3cd945f0beaaf564591c
-SHA512 (openntpd-5.7p4.tar.gz) = 2a185139c915482086069fa19dd3070884a415137d1688059559d2da892928afbbe2fa0a8ade70d474809710265dcc05906abaf261892d7894e70272e2e516ef
-Size (openntpd-5.7p4.tar.gz) = 427900 bytes
-SHA1 (patch-src_config.c) = baffc96d29a1d4c8482add8a2f89e7c42bbacf96
-SHA1 (patch-src_ntp.c) = 12fa52fae73f97ed6f49794ef964519ac70ddc5c
-SHA1 (patch-src_ntpd.conf.5) = c5ca38a046ad68f1997c0d8b5aaa6cee171b17b1
+SHA1 (openntpd-5.9p1.tar.gz) = ad190fea59fab655ce79b263849d552e46accaac
+RMD160 (openntpd-5.9p1.tar.gz) = b3fb3371b3f2612c7fe2a4d36dd25bc96e1c772e
+SHA512 (openntpd-5.9p1.tar.gz) = 227a4d42f43f4abfaa97fb85cf121d3b9a6646259faeda785dbeb3e4a27285a7f95daf96e72135871a31f772895f3b66c10bd628c87e453507ce69102f5e1213
+Size (openntpd-5.9p1.tar.gz) = 432844 bytes
+SHA1 (patch-configure) = 9a6b639f7a88d2047fa2b61727b0824406ab660f
diff --git a/net/openntpd/files/smf/manifest.xml b/net/openntpd/files/smf/manifest.xml
index 11a0f82bf08..4ded611eb6a 100644
--- a/net/openntpd/files/smf/manifest.xml
+++ b/net/openntpd/files/smf/manifest.xml
@@ -19,7 +19,7 @@
     <dependency name='config-file' grouping='require_all' restart_on='refresh' type='path'>
       <service_fmri value='file://@PKG_SYSCONFDIR@/ntpd.conf' />
     </dependency>
-    <exec_method name='start' type='method' exec='@PREFIX@/sbin/ntpd -f @PKG_SYSCONFDIR@/ntpd.conf $(%{startup_set} == true &amp;&amp; echo -s)' timeout_seconds='60' />
+    <exec_method name='start' type='method' exec='@PREFIX@/sbin/ntpd -f @PKG_SYSCONFDIR@/ntpd.conf `%{startup_set} == true &amp;&amp; echo -s`' timeout_seconds='60' />
     <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60' />
     <property_group name='startd' type='framework'>
       <propval name='ignore_error' type='astring' value='signal' />
diff --git a/net/openntpd/patches/patch-configure b/net/openntpd/patches/patch-configure
new file mode 100644
index 00000000000..bf88aba1d0e
--- /dev/null
+++ b/net/openntpd/patches/patch-configure
@@ -0,0 +1,112 @@
+$NetBSD: patch-configure,v 1.1 2016/05/14 14:55:34 bsiegert Exp $
+
+Fix library function search, upstream commit:
+
+https://github.com/openntpd-portable/openntpd-portable/commit/9d8544481180
+99fb7cd725020cc100352b9b2905
+
+--- configure.orig	2016-04-25 03:32:46.254706741 +0000
++++ configure
+@@ -12340,11 +12340,7 @@ if test "x$ac_cv_func_getauxval" = xyes;
+ 
+ fi
+ 
+-ac_fn_c_check_func "$LINENO" "clock_gettime" "ac_cv_func_clock_gettime"
+-if test "x$ac_cv_func_clock_gettime" = xyes; then :
+-
+-else
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
+ $as_echo_n "checking for library containing clock_gettime... " >&6; }
+ if ${ac_cv_search_clock_gettime+:} false; then :
+   $as_echo_n "(cached) " >&6
+@@ -12400,13 +12396,12 @@ if test "$ac_res" != no; then :
+ 
+ fi
+ 
+-fi
++ac_fn_c_check_func "$LINENO" "clock_gettime" "ac_cv_func_clock_gettime"
++if test "x$ac_cv_func_clock_gettime" = xyes; then :
+ 
+-ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr"
+-if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then :
++fi
+ 
+-else
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dl_iterate_phdr" >&5
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dl_iterate_phdr" >&5
+ $as_echo_n "checking for library containing dl_iterate_phdr... " >&6; }
+ if ${ac_cv_search_dl_iterate_phdr+:} false; then :
+   $as_echo_n "(cached) " >&6
+@@ -12462,6 +12457,9 @@ if test "$ac_res" != no; then :
+ 
+ fi
+ 
++ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr"
++if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then :
++
+ fi
+ 
+ 
+@@ -12643,30 +12641,6 @@ done
+ 
+ 
+ # time-specific system functions
+-for ac_func in adjfreq ntp_adjtime adjtimex
+-do :
+-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+-  cat >>confdefs.h <<_ACEOF
+-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+-_ACEOF
+-
+-fi
+-done
+-
+-for ac_func in clock_gettime clock_getres
+-do :
+-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+-  cat >>confdefs.h <<_ACEOF
+-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+-_ACEOF
+-
+-fi
+-done
+-
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_getres" >&5
+ $as_echo_n "checking for library containing clock_getres... " >&6; }
+ if ${ac_cv_search_clock_getres+:} false; then :
+@@ -12779,6 +12753,30 @@ if test "$ac_res" != no; then :
+ 
+ fi
+ 
++for ac_func in adjfreq ntp_adjtime adjtimex
++do :
++  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
++  cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++done
++
++for ac_func in clock_gettime clock_getres
++do :
++  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
++  cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++done
++
+  if test "x$ac_cv_func_adjfreq" = xyes; then
+   HAVE_ADJFREQ_TRUE=
+   HAVE_ADJFREQ_FALSE='#'
diff --git a/net/openntpd/patches/patch-src_config.c b/net/openntpd/patches/patch-src_config.c
deleted file mode 100644
index c76fc123ab3..00000000000
--- a/net/openntpd/patches/patch-src_config.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-src_config.c,v 1.1 2015/07/03 12:31:12 wiz Exp $
-
-Abort if configuration specifies tls constraints and ntpd not compiled with
-tls support; accepted upstream.
-
---- src/config.c.orig	2015-03-25 01:18:56.000000000 +0000
-+++ src/config.c
-@@ -218,6 +218,9 @@ new_constraint(void)
- 		fatal("new_constraint calloc");
- 	p->id = ++constraint_maxid;
- 
-+#ifndef HAVE_LIBTLS
-+	fatal("constraint configured without libtls support");
-+#endif
- 	return (p);
- }
- 
diff --git a/net/openntpd/patches/patch-src_ntp.c b/net/openntpd/patches/patch-src_ntp.c
deleted file mode 100644
index 808cd2ef272..00000000000
--- a/net/openntpd/patches/patch-src_ntp.c
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-src_ntp.c,v 1.1 2015/07/03 12:31:12 wiz Exp $
-
-Abort if configuration specifies tls constraints and ntpd not compiled with
-tls support; accepted upstream.
-
---- src/ntp.c.orig	2015-03-12 02:15:36.000000000 +0000
-+++ src/ntp.c
-@@ -110,12 +110,14 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
- 		return (pid);
- 	}
- 
-+#ifdef HAVE_LIBTLS
- 	tls_init();
- 
- 	/* Verification will be turned off if CA is not found */
- 	if ((conf->ca = tls_load_file(CONSTRAINT_CA,
- 	    &conf->ca_len, NULL)) == NULL)
- 		log_warnx("constraint certificate verification turned off");
-+#endif
- 
- 	/* in this case the parent didn't init logging and didn't daemonize */
- 	if (nconf->settime && !nconf->debug) {
diff --git a/net/openntpd/patches/patch-src_ntpd.conf.5 b/net/openntpd/patches/patch-src_ntpd.conf.5
deleted file mode 100644
index d34c8618a4f..00000000000
--- a/net/openntpd/patches/patch-src_ntpd.conf.5
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-src_ntpd.conf.5,v 1.1 2015/07/03 12:31:12 wiz Exp $
-
-Abort if configuration specifies tls constraints and ntpd not compiled with
-tls support; accepted upstream.
-
---- src/ntpd.conf.5.orig	2015-03-25 01:18:56.000000000 +0000
-+++ src/ntpd.conf.5
-@@ -192,8 +192,11 @@ thereby reducing the impact of unauthent
- .Sq Man-In-The-Middle
- attacks.
- Received NTP packets with time information falling outside of a range
--near the constraint will be discarded and such NTP servers
--will be marked as invalid.
-+near the constraint will be discarded and such NTP servers will be marked as
-+invalid. Contraints are only available if
-+.Xr ntpd 8
-+has been compiled with libtls support. Configuring a constraint without libtls
-+support will result in a fatal error.
- .Bl -tag -width Ds
- .It Ic constraint from Ar url
- Specify the URL, IP address or the hostname of an HTTPS server to