Pullup ticket #5838 - requested by nia

net/chrony: security update

Revisions pulled up:
- net/chrony/Makefile                                           1.36
- net/chrony/PLIST                                              1.7
- net/chrony/distinfo                                           1.12
- net/chrony/patches/patch-Makefile.in                          1.2
- net/chrony/patches/patch-conf.c                               deleted
- net/chrony/patches/patch-doc_Makefile.in                      1.1
- net/chrony/patches/patch-examples_chrony.conf.example3        1.1
- net/chrony/patches/patch-examples_chrony.keys.example         deleted
- net/chrony/patches/patch-ntp__io.c                            deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Oct  1 15:53:58 UTC 2018

   Modified Files:
   	pkgsrc/net/chrony: Makefile PLIST distinfo
   	pkgsrc/net/chrony/patches: patch-Makefile.in
   Added Files:
   	pkgsrc/net/chrony/patches: patch-doc_Makefile.in
   	    patch-examples_chrony.conf.example3
   Removed Files:
   	pkgsrc/net/chrony/patches: patch-conf.c
   	    patch-examples_chrony.keys.example patch-ntp__io.c

   Log Message:
   net/chrony: update to version 3.4.

   Changes:

   19 Sep 2018: chrony-3.4 released
   Enhancements

       Add filter option to server/pool/peer directive

       Add minsamples and maxsamples options to hwtimestamp directive

       Add support for faster frequency adjustments in Linux 4.19

       Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit

       Disable sub-second polling intervals for distant NTP sources

       Extend range of supported sub-second polling intervals

       Get/set IPv4 destination/source address of NTP packets on FreeBSD

       Make burst options and command useful with short polling intervals

       Modify auto_offline option to activate when sending request failed

       Respond from interface that received NTP request if possible

       Add onoffline command to switch between online and offline state according to current system network configuration

       Improve example NetworkManager dispatcher script

   Bug fixes

       Avoid waiting in Linux getrandom system call

       Fix PPS support on FreeBSD and NetBSD

   4 Apr 2018: chrony-3.3 released
   Enhancements

       Add burst option to server/pool directive

       Add stratum and tai options to refclock directive

       Add support for Nettle crypto library

       Add workaround for missing kernel receive timestamps on Linux

       Wait for late hardware transmit timestamps

       Improve source selection with unreachable sources

       Improve protection against replay attacks on symmetric mode

       Allow PHC refclock to use socket in /var/run/chrony

       Add shutdown command to stop chronyd

       Simplify format of response to manual list command

       Improve handling of unknown responses in chronyc

   Bug fixes

       Respond to NTPv1 client requests with zero mode

       Fix -x option to not require CAP_SYS_TIME under non-root user

       Fix acquisitionport directive to work with privilege separation

       Fix handling of socket errors on Linux to avoid high CPU usage

       Fix chronyc to not get stuck in infinite loop after clock step

   15 Sep 2017: chrony-3.2 released
   Enhancements

       Improve stability with NTP sources and reference clocks

       Improve stability with hardware timestamping

       Improve support for NTP interleaved modes

       Control frequency of system clock on macOS 10.13 and later

       Set TAI-UTC offset of system clock with leapsectz directive

       Minimise data in client requests to improve privacy

       Allow transmit-only hardware timestamping

       Add support for new timestamping options introduced in Linux 4.13

       Add root delay, root dispersion and maximum error to tracking log

       Add mindelay and asymmetry options to server/peer/pool directive

       Add extpps option to PHC refclock to timestamp external PPS signal

       Add pps option to refclock directive to treat any refclock as PPS

       Add width option to refclock directive to filter wrong pulse edges

       Add rxfilter option to hwtimestamp directive

       Add -x option to disable control of system clock

       Add -l option to log to specified file instead of syslog

       Allow multiple command-line options to be specified together

       Allow starting without root privileges with -Q option

       Update seccomp filter for new glibc versions

       Dump history on exit by default with dumpdir directive

       Use hardening compiler options by default

   Bug fixes

       Don’t drop PHC samples with low-resolution system clock

       Ignore outliers in PHC tracking, RTC tracking, manual input

       Increase polling interval when peer is not responding

       Exit with error message when include directive fails

       Don’t allow slash after hostname in allow/deny directive/command

       Try to connect to all addresses in chronyc before giving up

   31 Jan 2017: chrony-3.1 released
   Enhancements

       Add support for precise cross timestamping of PHC on Linux

       Add minpoll, precision, nocrossts options to hwtimestamp directive

       Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources

       Allow sub-second polling interval with NTP sources

   Bug fixes

       Fix time smoothing in interleaved mode

   16 Jan 2017: chrony-3.0 released
   Enhancements

       Add support for software and hardware timestamping on Linux

       Add support for client/server and symmetric interleaved modes

       Add support for MS-SNTP authentication in Samba

       Add support for truncated MACs in NTPv4 packets

       Estimate and correct for asymmetric network jitter

       Increase default minsamples and polltarget to improve stability with very low jitter

       Add maxjitter directive to limit source selection by jitter

       Add offset option to server/pool/peer directive

       Add maxlockage option to refclock directive

       Add -t option to chronyd to exit after specified time

       Add partial protection against replay attacks on symmetric mode

       Don’t reset polling interval when switching sources to online state

       Allow rate limiting with very short intervals

       Improve maximum server throughput on Linux and NetBSD

       Remove dump files after start

       Add tab-completion to chronyc with libedit/readline

       Add ntpdata command to print details about NTP measurements

       Allow all source options to be set in add server/peer command

       Indicate truncated addresses/hostnames in chronyc output

       Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses

   Bug fixes

       Fix crash with disabled asynchronous name resolving

   21 Nov 2016: chrony-2.4.1 released
   Bug fixes

       Fix processing of kernel timestamps on non-Linux systems

       Fix crash with smoothtime directive

       Fix validation of refclock sample times

       Fix parsing of refclock directive

   7 Jun 2016: chrony-2.4 released
   Enhancements

       Add orphan option to local directive for orphan mode compatible with ntpd

       Add distance option to local directive to set activation threshold (1 second by default)

       Add maxdrift directive to set maximum allowed drift of system clock

       Try to replace NTP sources exceeding maximum distance

       Randomise source replacement to avoid getting stuck with bad sources

       Randomise selection of sources from pools on start

       Ignore reference timestamp as ntpd doesn’t always set it correctly

       Modify tracking report to use same values as seen by NTP clients

       Add -c option to chronyc to write reports in CSV format

       Provide detailed manual pages

   Bug fixes

       Fix SOCK refclock to work correctly when not specified as last refclock

       Fix initstepslew and -q/-Q options to accept time from own NTP clients

       Fix authentication with keys using 512-bit hash functions

       Fix crash on exit when multiple signals are received

       Fix conversion of very small floating-point numbers in command packets

   Removed features

       Drop documentation in Texinfo format

   16 Feb 2016: chrony-2.3 released
   Enhancements

       Add support for NTP and command response rate limiting

       Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris

       Add require and trust options for source selection

       Enable logchange by default (1 second threshold)

       Set RTC on Mac OS X with rtcsync directive

       Allow binding to NTP port after dropping root privileges on NetBSD

       Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled

       Resolve names in separate process when seccomp filter is enabled

       Replace old records in client log when memory limit is reached

       Don’t reveal local time and synchronisation state in client packets

       Don’t keep client sockets open for longer than necessary

       Ignore poll in KoD RATE packets as ntpd doesn’t always set it correctly

       Warn when using keys shorter than 80 bits

       Add keygen command to generate random keys easily

       Add serverstats command to report NTP and command packet statistics

   Bug fixes

       Fix clock correction after making step on Mac OS X

       Fix building on Solaris

   20 Jan 2016: chrony-2.2.1 and chrony-1.31.2 released
   Security fixes

       Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)

   CVE-2016-1567: Impersonation between authenticated peers

   When a server/peer was specified with a key number to enable authentication with a symmetric key, packets received from the server/peer were accepted if they were authenticated with any of the keys contained in the key file and not just the specified key.

   This allowed an attacker who knew one key of a client/peer to modify packets from its servers/peers that were authenticated with other keys in a man-in-the-middle (MITM) attack. For example, in a network where each NTP association had a separate key and all hosts had only keys they needed, a client of a server could not attack other clients of the server, but it could attack the server and also attack its own clients (i.e. modify packets from other servers).

   To not allow the server/peer to be authenticated with other keys, the authentication test was extended to check if the key ID in the received packet is equal to the configured key number. As a consequence, it’s no longer possible to authenticate two peers to each other with two different keys, both peers have to be configured to use the same key.

   This issue was discovered by Matt Street of Cisco ASIG.
   19 Oct 2015: chrony-2.2 released
   Enhancements

       Add support for configuration and monitoring over Unix domain socket (accessible by root or chrony user when root privileges are dropped)

       Add support for system call filtering with seccomp on Linux (experimental)

       Add support for dropping root privileges on NetBSD

       Control frequency of system clock on FreeBSD, NetBSD, Solaris

       Add system leap second handling mode on FreeBSD, NetBSD, Solaris

       Add dynamic drift removal on Mac OS X

       Add support for setting real-time priority on Mac OS X

       Add maxdistance directive to limit source selection by root distance (3 seconds by default)

       Add refresh command to get new addresses of NTP sources

       Allow wildcard patterns in include directive

       Restore time from driftfile with -s option if later than RTC time

       Add configure option to set default hwclockfile

       Add -d option to chronyc to enable debug messages

       Allow multiple addresses to be specified for chronyc with -h option and reconnect when no valid reply is received

       Make check interval in waitsync command configurable

   Bug fixes

       Fix building on NetBSD, Solaris

       Restore time from driftfile with -s option if reading RTC failed

   Removed features

       Drop support for authentication with command key (run-time configuration is now allowed only for local users that can access the Unix domain socket)

   23 Jun 2015: chrony-2.1.1 released
   Bug fixes

       Fix clock stepping by integer number of seconds on Linux

   22 Jun 2015: chrony-2.1 released
   Enhancements

       Add support for Mac OS X

       Try to replace unreachable and falseticker servers/peers specified by name like pool sources

       Add leaponly option to smoothtime directive to allow synchronised leap smear between multiple servers

       Use specific reference ID when smoothing served time

       Add smoothing command to report time smoothing status

       Add smoothtime command to activate or reset time smoothing

   Bug fixes

       Fix crash in source selection with preferred sources

       Fix resetting of time smoothing

       Include packet precision in peer dispersion

       Fix crash in chronyc on invalid command syntax

   27 Apr 2015: chrony-2.0 released
   Enhancements

       Update to NTP version 4 (RFC 5905)

       Add pool directive to specify pool of NTP servers

       Add leapsecmode directive to select how to correct clock for leap second

       Add smoothtime directive to smooth served time and enable leap smear

       Add minsources directive to set required number of selectable sources

       Add minsamples and maxsamples options for all sources

       Add tempcomp configuration with list of points

       Allow unlimited number of NTP sources, refclocks and keys

       Allow unreachable sources to remain selected

       Improve source selection

       Handle offline sources as unreachable

       Open NTP server port only when necessary (client access is allowed by allow directive/command or peer/broadcast is configured)

       Change default bindcmdaddress to loopback address

       Change default maxdelay to 3 seconds

       Change default stratumweight to 0.001

       Update adjtimex synchronisation status

       Use system headers for adjtimex

       Check for memory allocation errors

       Reduce memory usage

       Add configure options to compile without NTP, cmdmon, refclock support

       Extend makestep command to set automatic clock stepping

   Bug fixes

       Add sanity checks for time and frequency offset

       Don’t report synchronised status during leap second

       Don’t combine reference clocks with close NTP sources

       Fix accepting requests from configured sources

       Fix initial fallback drift setting


   To generate a diff of this commit:
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/chrony/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/chrony/PLIST
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/chrony/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/chrony/patches/patch-Makefile.in
   cvs rdiff -u -r1.1 -r0 pkgsrc/net/chrony/patches/patch-conf.c \
       pkgsrc/net/chrony/patches/patch-examples_chrony.keys.example
   cvs rdiff -u -r0 -r1.1 pkgsrc/net/chrony/patches/patch-doc_Makefile.in \
       pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3
   cvs rdiff -u -r1.2 -r0 pkgsrc/net/chrony/patches/patch-ntp__io.c

9 files changed, 115 insertions, 110 deletions

diff --git a/net/chrony/Makefile b/net/chrony/Makefile
index bd9a9720a9c..470b0f337c5 100644
--- a/net/chrony/Makefile
+++ b/net/chrony/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.35 2018/07/04 13:40:27 jperkin Exp $
+# $NetBSD: Makefile,v 1.35.2.1 2018/10/06 12:08:32 spz Exp $
 
-DISTNAME=	chrony-1.31.1
-PKGREVISION=	4
+DISTNAME=	chrony-3.4
 CATEGORIES=	net
 MASTER_SITES=	http://download.tuxfamily.org/chrony/
 
@@ -17,12 +16,13 @@ CONFIGURE_ARGS+=	--prefix=${PREFIX}
 CONFIGURE_ARGS+=	--mandir=${PREFIX}/${PKGMANDIR}
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
+CONFIGURE_ARGS+=	--with-pidfile=${VARBASE}/run/chronyd.pid
 AUTO_MKDIRS=		yes
 
 OWN_DIRS=		${VARBASE}/lib/chrony
 
 EGDIR=			${PREFIX}/share/examples/chrony
-EGFILES=		chrony.conf.example chrony.keys.example
+EGFILES=		chrony.conf.example3 chrony.keys.example
 RCD_SCRIPTS=		chronyd
 
 SUBST_CLASSES+=		paths
@@ -32,10 +32,10 @@ SUBST_SED.paths+=	-e 's,@VARBASE@,${VARBASE},g'
 SUBST_STAGE.paths=	pre-configure
 
 post-install:
-	set -e; for file in ${EGFILES}; do			\
-		${INSTALL_DATA} "${WRKSRC}/examples/$${file}"	\
-			"${DESTDIR}${EGDIR}/$${file}";		\
-	done
+	${INSTALL_DATA} "${WRKSRC}/examples/chrony.conf.example3" \
+	    "${DESTDIR}${EGDIR}/chrony.conf.example";
+	${INSTALL_DATA} "${WRKSRC}/examples/chrony.keys.example" \
+	    "${DESTDIR}${EGDIR}/chrony.keys.example";
 
 .include "../../mk/readline.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/net/chrony/PLIST b/net/chrony/PLIST
index da9e58d9bba..33d6575df7a 100644
--- a/net/chrony/PLIST
+++ b/net/chrony/PLIST
@@ -1,12 +1,8 @@
-@comment $NetBSD: PLIST,v 1.6 2014/03/11 14:05:07 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.6.40.1 2018/10/06 12:08:32 spz Exp $
 bin/chronyc
-man/man1/chrony.1
 man/man1/chronyc.1
 man/man5/chrony.conf.5
 man/man8/chronyd.8
 sbin/chronyd
-share/doc/chrony/COPYING
-share/doc/chrony/README
-share/doc/chrony/chrony.txt
 share/examples/chrony/chrony.conf.example
 share/examples/chrony/chrony.keys.example
diff --git a/net/chrony/distinfo b/net/chrony/distinfo
index c6af04d8c66..1081750210a 100644
--- a/net/chrony/distinfo
+++ b/net/chrony/distinfo
@@ -1,11 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 00:34:55 agc Exp $
+$NetBSD: distinfo,v 1.11.26.1 2018/10/06 12:08:32 spz Exp $
 
-SHA1 (chrony-1.31.1.tar.gz) = 8e92871e164dad89b315a5dda99d94ff7b31770a
-RMD160 (chrony-1.31.1.tar.gz) = 7dd53fb95c1ecf30099bb580adeccd1a808c4dff
-SHA512 (chrony-1.31.1.tar.gz) = c64b0bfc52f091994774927900a12075afce876a1df66c0fc4ea8ad2b72cee189e044f886594e61b8aafb7d3ecf161a290aeff37bfd7da9d416f21b3213de2a4
-Size (chrony-1.31.1.tar.gz) = 395797 bytes
-SHA1 (patch-Makefile.in) = 28abbbf1cfd037f018a92c3827642e749fd8768a
-SHA1 (patch-conf.c) = df47df974995f9f947b731a4812fb7633fd874a4
-SHA1 (patch-examples_chrony.conf.example) = ed17d749b1e4ad1c168da7a0393ef35a5e68aac0
-SHA1 (patch-examples_chrony.keys.example) = 5be7672dc40a1a1cb4451db05a4318185ef4f4d2
-SHA1 (patch-ntp__io.c) = edd1b5cf49fc24d3bfed128cd686b17633335a4d
+SHA1 (chrony-3.4.tar.gz) = fa41e595e7041a9deda76a69e970a023091474f6
+RMD160 (chrony-3.4.tar.gz) = 6accfb0b4ff50675f1f2a12d2d3560077b82aeab
+SHA512 (chrony-3.4.tar.gz) = 4fbb0311c8d363a87edd6f5d1be3d8554da169f260ba23c1ad9e8c567808258c6fd7513ba630d6fa27453ecfd81f0ece0e26d5ee2f98ca47fbc9887181a36918
+Size (chrony-3.4.tar.gz) = 453056 bytes
+SHA1 (patch-Makefile.in) = 42ebfcdbce472a173890571625efc4fef583d5b6
+SHA1 (patch-doc_Makefile.in) = 8e9902690ff431fd47429d53346faf2ac8f1b923
+SHA1 (patch-examples_chrony.conf.example3) = 9566820e1db21435580f134cefc0bcb94d619dda
diff --git a/net/chrony/patches/patch-Makefile.in b/net/chrony/patches/patch-Makefile.in
index cc6d03713e2..5f739f827c1 100644
--- a/net/chrony/patches/patch-Makefile.in
+++ b/net/chrony/patches/patch-Makefile.in
@@ -1,21 +1,16 @@
-$NetBSD: patch-Makefile.in,v 1.1 2015/04/13 10:03:21 hannken Exp $
+$NetBSD: patch-Makefile.in,v 1.1.32.1 2018/10/06 12:08:32 spz Exp $
 
 Adapt install target for pkgsrc.
 
---- Makefile.in.orig	2015-04-07 14:35:16.000000000 +0000
+--- Makefile.in.orig	2018-09-19 14:38:15.000000000 +0000
 +++ Makefile.in
-@@ -96,35 +96,15 @@ getdate :
+@@ -86,16 +86,8 @@ getdate :
  # seem to vary between systems.
  
- install: chronyd chronyc chrony.txt
+ install: chronyd chronyc
 -	[ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR)
 -	[ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR)
 -	[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
--	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
--	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
--	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
--	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
--	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
 -	[ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR)
 -	if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi
 -	if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi
@@ -23,29 +18,8 @@ Adapt install target for pkgsrc.
 -	chmod 755 $(DESTDIR)$(SBINDIR)/chronyd
 -	cp chronyc $(DESTDIR)$(BINDIR)/chronyc
 -	chmod 755 $(DESTDIR)$(BINDIR)/chronyc
--	cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt
--	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt
--	cp COPYING $(DESTDIR)$(DOCDIR)/COPYING
--	chmod 644 $(DESTDIR)$(DOCDIR)/COPYING
--	cp README $(DESTDIR)$(DOCDIR)/README
--	chmod 644 $(DESTDIR)$(DOCDIR)/README
--	cp chrony.1 $(DESTDIR)$(MANDIR)/man1
--	chmod 644 $(DESTDIR)$(MANDIR)/man1/chrony.1
--	cp chronyc.1 $(DESTDIR)$(MANDIR)/man1
--	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
--	cp chronyd.8 $(DESTDIR)$(MANDIR)/man8
--	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
--	cp chrony.conf.5 $(DESTDIR)$(MANDIR)/man5
--	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
-+	$(BSD_INSTALL_PROGRAM) chronyd $(DESTDIR)$(SBINDIR)
-+	$(BSD_INSTALL_PROGRAM) chronyc $(DESTDIR)$(BINDIR)
-+	$(BSD_INSTALL_DATA) chrony.txt $(DESTDIR)$(DOCDIR)
-+	$(BSD_INSTALL_DATA) COPYING $(DESTDIR)$(DOCDIR)
-+	$(BSD_INSTALL_DATA) README $(DESTDIR)$(DOCDIR)
-+	$(BSD_INSTALL_MAN) chrony.1 $(DESTDIR)$(MANDIR)/man1
-+	$(BSD_INSTALL_MAN) chronyc.1 $(DESTDIR)$(MANDIR)/man1
-+	$(BSD_INSTALL_MAN) chronyd.8 $(DESTDIR)$(MANDIR)/man8/chronyd.8
-+	$(BSD_INSTALL_MAN) chrony.conf.5 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
++	$(BSD_INSTALL_PROGRAM) chronyd $(DESTDIR)$(SBINDIR)/chronyd
++	$(BSD_INSTALL_PROGRAM) chronyc $(DESTDIR)$(BINDIR)/chronyc
+ 	$(MAKE) -C doc install
  
- %.o : %.c
- 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+ docs :
diff --git a/net/chrony/patches/patch-conf.c b/net/chrony/patches/patch-conf.c
deleted file mode 100644
index 3f69b4daaf6..00000000000
--- a/net/chrony/patches/patch-conf.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-conf.c,v 1.1 2015/04/13 10:03:21 hannken Exp $
-
-Prepare for SUBST, not processed by configure.
-
---- conf.c.orig	2013-08-08 13:58:07.000000000 +0000
-+++ conf.c
-@@ -197,7 +197,7 @@ static IPAddr bind_cmd_address4, bind_cm
- 
- /* Filename to use for storing pid of running chronyd, to prevent multiple
-  * chronyds being started. */
--static char *pidfile = "/var/run/chronyd.pid";
-+static char *pidfile = "@VARBASE@/run/chronyd.pid";
- 
- /* Temperature sensor, update interval and compensation coefficients */
- static char *tempcomp_file = NULL;
diff --git a/net/chrony/patches/patch-doc_Makefile.in b/net/chrony/patches/patch-doc_Makefile.in
new file mode 100644
index 00000000000..185f111a85e
--- /dev/null
+++ b/net/chrony/patches/patch-doc_Makefile.in
@@ -0,0 +1,25 @@
+$NetBSD: patch-doc_Makefile.in,v 1.1.2.2 2018/10/06 12:08:32 spz Exp $
+
+Adapt install target for pkgsrc.
+
+--- doc/Makefile.in.orig	2018-09-19 14:38:15.000000000 +0000
++++ doc/Makefile.in
+@@ -50,15 +50,9 @@ docs: man html
+ 	$(HTML_TO_TXT) < $< > $@
+ 
+ install: $(MAN_FILES)
+-	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
+-	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+-	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+-	cp chronyc.man $(DESTDIR)$(MANDIR)/man1/chronyc.1
+-	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
+-	cp chronyd.man $(DESTDIR)$(MANDIR)/man8/chronyd.8
+-	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
+-	cp chrony.conf.man $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+-	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
++	$(BSD_INSTALL_MAN) chronyc.man $(DESTDIR)$(MANDIR)/man1/chronyc.1
++	$(BSD_INSTALL_MAN) chronyd.man $(DESTDIR)$(MANDIR)/man8/chronyd.8
++	$(BSD_INSTALL_MAN) chrony.conf.man $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+ 
+ install-docs: $(HTML_FILES)
+ 	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
diff --git a/net/chrony/patches/patch-examples_chrony.conf.example3 b/net/chrony/patches/patch-examples_chrony.conf.example3
new file mode 100644
index 00000000000..a967126313b
--- /dev/null
+++ b/net/chrony/patches/patch-examples_chrony.conf.example3
@@ -0,0 +1,65 @@
+$NetBSD: patch-examples_chrony.conf.example3,v 1.1.2.2 2018/10/06 12:08:32 spz Exp $
+
+Prepare for SUBST, not processed by configure.
+
+--- examples/chrony.conf.example3.orig	2018-09-19 14:38:15.000000000 +0000
++++ examples/chrony.conf.example3
+@@ -1,7 +1,7 @@
+ #######################################################################
+ #
+ # This is an example chrony configuration file.  You should copy it to
+-# /etc/chrony.conf after uncommenting and editing the options that you
++# @PKG_SYSCONFDIR@/chrony.conf after uncommenting and editing the options that you
+ # want to enable.  The more obscure options are not included.  Refer
+ # to the documentation for these.
+ #
+@@ -65,12 +65,12 @@
+ # immediately so that it doesn't gain or lose any more time.  You
+ # generally want this, so it is uncommented.
+ 
+-driftfile /var/lib/chrony/drift
++driftfile @VARBASE@/lib/chrony/drift
+ 
+ # If you want to enable NTP authentication with symmetric keys, you will need
+ # to uncomment the following line and edit the file to set up the keys.
+ 
+-! keyfile /etc/chrony.keys
++! keyfile @PKG_SYSCONFDIR@/chrony.keys
+ 
+ # chronyd can save the measurement history for the servers to files when
+ # it it exits.  This is useful in 2 situations:
+@@ -88,14 +88,14 @@ driftfile /var/lib/chrony/drift
+ # Enable these two options to use this.
+ 
+ ! dumponexit
+-! dumpdir /var/lib/chrony
++! dumpdir @VARBASE@/lib/chrony
+ 
+ # chronyd writes its process ID to a file.  If you try to start a second
+ # copy of chronyd, it will detect that the process named in the file is
+ # still running and bail out.  If you want to change the path to the PID
+ # file, uncomment this line and edit it.  The default path is shown.
+ 
+-! pidfile /var/run/chrony/chronyd.pid
++! pidfile @VARBASE@/run/chrony/chronyd.pid
+ 
+ # If the system timezone database is kept up to date and includes the
+ # right/UTC timezone, chronyd can use it to determine the current
+@@ -124,7 +124,7 @@ driftfile /var/lib/chrony/drift
+ # produce some graphs of your system's timekeeping performance, or you
+ # need help in debugging a problem.
+ 
+-! logdir /var/log/chrony
++! logdir @VARBASE@/log/chrony
+ ! log measurements statistics tracking
+ 
+ # If you have real time clock support enabled (see below), you might want
+@@ -259,7 +259,7 @@ driftfile /var/lib/chrony/drift
+ # You need to have 'enhanced RTC support' compiled into your Linux
+ # kernel.  (Note, these options apply only to Linux.)
+ 
+-! rtcfile /var/lib/chrony/rtc
++! rtcfile @VARBASE@/lib/chrony/rtc
+ 
+ # Your RTC can be set to keep Universal Coordinated Time (UTC) or local
+ # time.  (Local time means UTC +/- the effect of your timezone.)  If you
diff --git a/net/chrony/patches/patch-examples_chrony.keys.example b/net/chrony/patches/patch-examples_chrony.keys.example
deleted file mode 100644
index 27ff10aec3c..00000000000
--- a/net/chrony/patches/patch-examples_chrony.keys.example
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-examples_chrony.keys.example,v 1.1 2015/04/13 10:03:21 hannken Exp $
-
-Prepare for SUBST, not processed by configure.
-
---- examples/chrony.keys.example.orig	2015-04-07 14:35:16.000000000 +0000
-+++ examples/chrony.keys.example
-@@ -1,6 +1,6 @@
- #######################################################################
- #
--# This is an example chrony keys file.  You should copy it to /etc/chrony.keys
-+# This is an example chrony keys file.  You should copy it to @PKG_SYSCONFDIR@/chrony.keys
- # after editing it to set up the key(s) you want to use.  It should be readable
- # only by root or the user chronyd drops the root privileges to.  In most
- # situations, you will require a single key (the 'commandkey') so that you can
diff --git a/net/chrony/patches/patch-ntp__io.c b/net/chrony/patches/patch-ntp__io.c
deleted file mode 100644
index 0f33ef74c43..00000000000
--- a/net/chrony/patches/patch-ntp__io.c
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-ntp__io.c,v 1.2 2015/04/13 10:03:21 hannken Exp $
-
-Don't use IP_PKTINFO on NetBSD.
-
---- ntp_io.c.orig	2015-04-07 14:35:16.000000000 +0000
-+++ ntp_io.c
-@@ -506,7 +506,7 @@ read_from_socket(void *anything)
-     local_addr.sock_fd = sock_fd;
- 
-     for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
--#ifdef IP_PKTINFO
-+#if defined(IP_PKTINFO) && !defined(__NetBSD__)
-       if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) {
-         struct in_pktinfo ipi;
- 
-@@ -623,7 +623,7 @@ send_packet(void *packet, int packetlen,
-   msg.msg_flags = 0;
-   cmsglen = 0;
- 
--#ifdef IP_PKTINFO
-+#if defined(IP_PKTINFO) && !defined(__NetBSD__)
-   if (local_addr->ip_addr.family == IPADDR_INET4) {
-     struct cmsghdr *cmsg;
-     struct in_pktinfo *ipi;