Pullup ticket #5010 - requested by taca

net/ntp4: security fix

Revisions pulled up:
- net/ntp4/Makefile                                             1.92
- net/ntp4/PLIST                                                1.21
- net/ntp4/distinfo                                             1.26

---
   Module Name:	pkgsrc
   Committed By:	wen
   Date:		Wed Apr 27 15:59:19 UTC 2016

   Modified Files:
   	pkgsrc/net/ntp4: Makefile PLIST distinfo

   Log Message:
   Update to 4.2.8p7

   Upstream changes:
   (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

   * [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
   * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
    time. Include passive servers in this check. HStenn.
   * [Sec 2945] Additional KoD packet checks.  HStenn.
   * [Sec 2978] Interleave can be partially triggered.  HStenn.
   * [Sec 3007] Validate crypto-NAKs.  Danny Mayer.
   * [Sec 3008] Always check the return value of ctl_getitem().
    - initial work by HStenn
    - Additional cleanup of ctl_getitem by perlinger@ntp.org
   * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
     - added more stringent checks on packet content
   * [Sec 3010] remote configuration trustedkey/requestkey values
    are not properly validated. perlinger@ntp.org
    - sidekick: Ignore keys that have an unsupported MAC algorithm
      but are otherwise well-formed
   * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
    - graciously accept the same IP multiple times. perlinger@ntp.org
   * [Sec 3020] Refclock impersonation.  HStenn.
   * [Bug 2831]  Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
    - fixed yet another race condition in the threaded resolver code.
   * [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
   * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
    - integrated patches by Loganaden Velvidron <logan@ntp.org>
      with some modifications & unit tests
   * [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
   * [Bug 2960] async name resolution fixes for chroot() environments.
    Reinhard Max.
   * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
   * [Bug 2995] Fixes to compile on Windows
   * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
   * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
    - Patch provided by Ch. Weisgerber
   * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
    - A change related to [Bug 2853] forbids trailing white space in
      remote config commands. perlinger@ntp.org
   * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
    - report and patch from Aleksandr Kostikov.
    - Overhaul of Windows IO completion port handling. perlinger@ntp.org
   * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
    - fixed memory leak in access list (auth[read]keys.c)
    - refactored handling of key access lists (auth[read]keys.c)
    - reduced number of error branches (authreadkeys.c)
   * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
   * [Bug 3030] ntpq needs a general way to specify refid output format.  HStenn.
   * [Bug 3031] ntp broadcastclient unable to synchronize to an server
               when the time of server changed. perlinger@ntp.org
    - Check the initial delay calculation and reject/unpeer the broadcast
      server if the delay exceeds 50ms. Retry again after the next
      broadcast packet.
   * [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
   * Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.
   * Update html/xleave.html documentation.  Harlan Stenn.
   * Update ntp.conf documentation.  Harlan Stenn.
   * Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
   * Fix typo in html/monopt.html.  Harlan Stenn.
   * Add README.pullrequests.  Harlan Stenn.
   * Cleanup to include/ntp.h.  Harlan Stenn.

   ---
   (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

   * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
   * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
   * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
   * [Sec 2938] ntpq saveconfig command allows dangerous characters
    in filenames. perlinger@ntp.org
   * [Sec 2939] reslist NULL pointer dereference.  perlinger@ntp.org
   * [Sec 2940] Stack exhaustion in recursive traversal of restriction
    list. perlinger@ntp.org
   * [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
   * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
   * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
   * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
   * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
    - applied patch by shenpeng11@huawei.com with minor adjustments
   * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
   * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
   * [Bug 2892] Several test cases assume IPv6 capabilities even when
               IPv6 is disabled in the build. perlinger@ntp.org
    - Found this already fixed, but validation led to cleanup actions.
   * [Bug 2905] DNS lookups broken. perlinger@ntp.org
    - added limits to stack consumption, fixed some return code handling
   * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
    - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
    - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
   * [Bug 2980] reduce number of warnings. perlinger@ntp.org
    - integrated several patches from Havard Eidnes (he@uninett.no)
   * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
    - implement 'auth_log2()' using integer bithack instead of float calculation
   * Make leapsec_query debug messages less verbose.  Harlan Stenn.
   * Disable incomplete t-ntp_signd.c test.  Harlan Stenn.

3 files changed, 9 insertions, 9 deletions

diff --git a/net/ntp4/Makefile b/net/ntp4/Makefile
index 8dfc105bcb9..54415dc93cb 100644
--- a/net/ntp4/Makefile
+++ b/net/ntp4/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.91 2016/03/05 11:29:09 jperkin Exp $
+# $NetBSD: Makefile,v 1.91.2.1 2016/05/13 12:33:51 bsiegert Exp $
 #
 
-DISTNAME=	ntp-4.2.8p5
+DISTNAME=	ntp-4.2.8p7
 PKGNAME=	${DISTNAME:S/-dev-/-/}
-PKGREVISION=	1
 CATEGORIES=	net time
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/
 
diff --git a/net/ntp4/PLIST b/net/ntp4/PLIST
index e8d8ea04261..c644ade133b 100644
--- a/net/ntp4/PLIST
+++ b/net/ntp4/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.20 2015/10/23 03:43:31 taca Exp $
+@comment $NetBSD: PLIST,v 1.20.4.1 2016/05/13 12:33:51 bsiegert Exp $
 bin/sntp
 man/man1/sntp.1
 man/man5/ntp.conf.5
@@ -29,6 +29,7 @@ share/doc/ntp/README.bk
 share/doc/ntp/README.hackers
 share/doc/ntp/README.leapsmear
 share/doc/ntp/README.patches
+share/doc/ntp/README.pullrequests
 share/doc/ntp/README.refclocks
 share/doc/ntp/README.versions
 share/doc/ntp/TODO
diff --git a/net/ntp4/distinfo b/net/ntp4/distinfo
index b4379161875..7aefbd87811 100644
--- a/net/ntp4/distinfo
+++ b/net/ntp4/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.25 2016/01/09 15:49:26 taca Exp $
+$NetBSD: distinfo,v 1.25.2.1 2016/05/13 12:33:51 bsiegert Exp $
 
-SHA1 (ntp-4.2.8p5.tar.gz) = 95152c9bca8b5229a4db05943f181365bf738ab2
-RMD160 (ntp-4.2.8p5.tar.gz) = a5991d126722fb80bac6a0552feb14403b8d0a0d
-SHA512 (ntp-4.2.8p5.tar.gz) = 8df3e51027f6bfc5e77b81317b67e75263cb429dc532d21bb5924852f77ea39314a06b94944804991185f93155063cee7c1f28024698ec893c353a4d5561750e
-Size (ntp-4.2.8p5.tar.gz) = 7138233 bytes
+SHA1 (ntp-4.2.8p7.tar.gz) = a1f6300132cf1fc6884990353aca7340daf0be0d
+RMD160 (ntp-4.2.8p7.tar.gz) = d138a8a36cb0e20ae5a9cda2e0e9771fae4e1380
+SHA512 (ntp-4.2.8p7.tar.gz) = 7b80192f0e3c4a05cc05f167ab85593acca685d514dcd46fb8f42b4cd2a5525e76ba5e15fd7ff13220e4155de6aab5661554e0ded60bfb1d27a969c589958f55
+Size (ntp-4.2.8p7.tar.gz) = 7175313 bytes
 SHA1 (patch-include-ntp__syscall.h) = b247569339d09a88f2e143e355033ce7635ffe92
 SHA1 (patch-sntp_loc_pkgsrc) = 6e46ffc0cc2afcfdc1d01297cbe04cb80d103575