| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Focus: Security and Bug Fixes
Severity: HIGH
This release fixes the following high-severity vulnerability:
* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
See http://support.ntp.org/security for more information.
If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
line) then a carefully crafted packet sent to the machine will cause
a buffer overflow and possible execution of injected code, running
with the privileges of the ntpd process (often root).
Credit for finding this vulnerability goes to Chris Ries of CMU.
This release fixes the following low-severity vulnerabilities:
* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.
* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.
This release fixes a number of bugs and adds some improvements:
* Improved logging
* Fix many compiler warnings
* Many fixes and improvements for Windows
* Adds support for AIX 6.1
* Resolves some issues under MacOS X and Solaris
|
|
* fix CVE-2009-0021
* fix build against latest OpenSSL versions
* obsolete "dynamic" keyword
* fix memory leak when fetching system messages
* several fixes in ntpdate
|
|
Noticed by John Heasley in PR 39033.
|
|
* Fix perl path in scripts, add runtime dependency on perl.
* Fix unwanted PLIST subst.
* DragonFly also support ntptime.
Bump PKGREVISION.
|
|
---
(4.2.4p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 902] Fix problems with the -6 flag.
* Updated include/copyright.def (owner and year).
* [Bug 878] Avoid ntpdc use of refid value as unterminated string.
* [Bug 881] Corrected display of pll offset on 64bit systems.
* [Bug 886] Corrected sign handling on 64bit in ntpdc loopinfo command.
* [Bug 889] avoid malloc() interrupted by SIGIO risk
* ntpd/refclock_parse.c: cleanup shutdown while the file descriptor is still open.
* [Bug 885] use emalloc() to get a message at the end of the memory
unsigned types cannot be less than 0
default_ai_family is a short
lose trailing , from enum list
clarify ntp_restrict.c for easier automated analysis
* [Bug 884] don't access recv buffers after having them passed to the free list.
* [Bug 882] allow loopback interfaces to share addresses with other interfaces.
---
(4.2.4p3) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 863] unable to stop ntpd on Windows as the handle reference for events
changed
---
(4.2.4p2) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 854] Broadcast address was not correctly set for interface addresses
* [Bug 829] reduce syslog noise, while there fix Enabled/Disable logging
to reflect the actual configuration.
* [Bug 795] Moved declaration of variable to top of function.
* [Bug 789] Fix multicast client crypto authentication and make sure arriving
multicast packets do not disturb the autokey dance.
* [Bug 785] improve handling of multicast interfaces
(multicast routers still need to run a multicast routing
software/daemon)
* [Bug 527] Don't write from source address length to wrong location
* Upgraded autogen and libopts.
* [Bug 811] ntpd should not read a .ntprc file.
---
(4.2.4p1) (skipped)
---
(4.2.4p0) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 793] Update Hans Lambermont's email address in ntpsweep.
* [Bug 776] Remove unimplemented "rate" flag from ntpdate.
* [Bug 586] Avoid lookups if AI_NUMERICHOST is set.
* [Bug 770] Fix numeric parameters to ntp-keygen (Alain Guibert).
* [Bug 768] Fix io_setbclient() error message.
* [Bug 765] Use net_bind_service capability on linux.
* [Bug 760] The background resolver must be aware of the 'dynamic' keyword.
* [Bug 753] make union timestamp anonymous (Philip Prindeville).
* confopt.html: move description for "dynamic" keyword into the right section.
* pick the right type for the recv*() length argument.
---
(4.2.4) Released by Harlan Stenn <stenn@ntp.org>
* monopt.html fixes from Dave Mills.
* [Bug 452] Do not report kernel PLL/FLL flips.
* [Bug 746] Expert mouseCLOCK USB v2.0 support added.'
* driver8.html updates.
* [Bug 747] Drop <NOBR> tags from ntpdc.html.
* sntp now uses the returned precision to control decimal places.
* sntp -u will use an unprivileged port for its queries.
* [Bug 741] "burst" doesn't work with !unfit peers.
* [Bug 735] Fix a make/gmake VPATH issue on Solaris.
* [Bug 739] ntpd -x should not take an argument.
* [Bug 737] Some systems need help providing struct iovec.
* [Bug 717] Fix libopts compile problem.
* [Bug 728] parse documentation fixes.
* [Bug 734] setsockopt(..., IP_MULTICAST_IF, ...) fails on 64-bit platforms.
* [Bug 732] C-DEX JST2000 patch from Hideo Kuramatsu.
* [Bug 721] check for __ss_family and __ss_len separately.
* [Bug 666] ntpq opeers displays jitter rather than dispersion.
* [Bug 718] Use the recommended type for the saddrlen arg to getsockname().
* [Bug 715] Fix a multicast issue under Linux.
* [Bug 690] Fix a Windows DNS lookup buffer overflow.
* [Bug 670] Resolved a Windows issue with the dynamic interface rescan code.
* K&R C support is being deprecated.
* [Bug 714] ntpq -p should conflict with -i, not -c.
* WWV refclock improvements from Dave Mills.
* [Bug 708] Use thread affinity only for the clock interpolation thread.
* [Bug 706] ntpd can be running several times in parallel.
* [Bug 704] Documentation typos.
* [Bug 701] coverity: NULL dereference in ntp_peer.c
* [Bug 695] libopts does not protect against macro collisions.
* [Bug 693] __adjtimex is independent of ntp_{adj,get}time.
* [Bug 692] sys_limitrejected was not being incremented.
* [Bug 691] restrictions() assumption not always valid.
* [Bug 689] Deprecate HEATH GC-1001 II; the driver never worked.
* [Bug 688] Fix documentation typos.
* [Bug 686] Handle leap seconds better under Windows.
* [Bug 685] Use the Windows multimedia timer.
* [Bug 684] Only allow debug options if debugging is enabled.
* [Bug 683] Use the right version string.
* [Bug 680] Fix the generated version string on Windows.
* [Bug 678] Use the correct size for control messages.
* [Bug 677] Do not check uint_t in configure.ac.
* [Bug 676] Use the right value for msg_namelen.
* [Bug 675] Make sure ntpd builds without debugging.
* [Bug 672] Fix cross-platform structure padding/size differences.
* [Bug 660] New TIMESTAMP code fails tp build on Solaris Express.
* [Bug 659] libopts does not build under Windows.
* [Bug 658] HP-UX with cc needs -Wp,-H8166 in CFLAGS.
* [Bug 656] ntpdate doesn't work with multicast address.
* [Bug 638] STREAMS_TLI is deprecated - remove it.
* [Bug 635] Fix tOptions definition.
* [Bug 628] Fallback to ntp discipline not working for large offsets.
* [Bug 622] Dynamic interface tracking for ntpd.
* [Bug 603] Don't link with libelf if it's not needed.
* [Bug 523] ntpd service under Windows does't shut down properly.
* [Bug 500] sntp should always be built.
* [Bug 479] Fix the -P option.
* [Bug 421] Support the bc637PCI-U card.
* [Bug 342] Deprecate broken TRAK refclock driver.
* [Bug 340] Deprecate broken MSF EES refclock driver.
* [Bug 153] Don't do DNS lookups on address masks.
* [Bug 143] Fix interrupted system call on HP-UX.
* [Bug 42] Distribution tarballs should be signed.
* Support separate PPS devices for PARSE refclocks.
* [Bug 637, 51?] Dynamic interface scanning can now be done.
* Options processing now uses GNU AutoGen.
---
(4.2.2p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 710] compat getnameinfo() has off-by-one error
* [Bug 690] Buffer overflow in Windows when doing DNS Lookups
---
(4.2.2p3) Released by Harlan Stenn <stenn@ntp.org>
* Make the ChangeLog file cleaner and easier to read
* [Bug 601] ntpq's decodeint uses an extra level of indirection
* [Bug 657] Different OSes need different sized args for IP_MULTICAST_LOOP
* release engineering/build changes
* Documentation fixes
* Get sntp working under AIX-5
---
(4.2.2p2) (broken)
* Get sntp working under AIX-5
---
(4.2.2p1)
* [Bug 661] Use environment variable to specify the base path to openssl.
* Resolve an ambiguity in the copyright notice
* Added some new documentation files
* URL cleanup in the documentation
* [Bug 657]: IP_MULTICAST_LOOP uses a u_char value/size
* quiet gcc4 complaints
* more Coverity fixes
* [Bug 614] manage file descriptors better
* [Bug 632] update kernel PPS offsets when PPS offset is re-configured
* [Bug 637] Ignore UP in*addr_any interfaces
* [Bug 633] Avoid writing files in srcdir
* release engineering/build changes
---
(4.2.2)
* SNTP
* Many bugfixes
* Implements the current "goal state" of NTPv4
* Autokey improvements
* Much better IPv6 support
* [Bug 360] ntpd loses handles with LAN connection disabled.
* [Bug 239] Fix intermittent autokey failure with multicast clients.
* Rewrite of the multicast code
* New version numbering scheme
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
through PLIST_SUBST to the plist module.
|
|
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
|
|
It was changed in Makefile revision 1.49 in July 2006.
Bump PKGREVISION.
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
"pkglint --autofix" change.
|
|
change.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
|
|
regardless of whether we use the built-in or pkgsrc version of openssl.
|
|
|
|
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
* Conflicts with openntpd.
Bump PKGREVISION.
|
|
IRIX:
- add flexibility to PLIST
- add configure arguments to point to openssl if not builtin
- don't use '-print0' to find(1). IRIX' find does not have this capability,
and since we know for a fact that it will not be needed, we can leave it
out in this case.
|
|
|
|
PR pkg/24947; bump PKGREVISION.
|
|
The rc.d scripts are based on official NetBSD scripts.
This also adds:
CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR}
This was discussed and okayed with maintainer, fredb, in February,
Currently, the ntpd.sh rc.d script has a note about the
ntpd_chrootdir is only for NetBSD at this time. (Because I haven't
tested under other operating systems.)
|
|
Okay'd by maintainer, fredb.
|
|
so that "make clean" after just-in-time "su" works. Closes
PR pkg/23477 by Adrian Portelli.
|
|
systems (NetBSD 1.6ZF).
|
|
|
|
and especially fix permissions on the new directories. Should close
PR pkg/23378, by Wolfgang S. Rupprecht.
|
|
|
|
All platforms:
Autokey, using OpenSSL.
IPv6 support.
Bugfixes in loopfilter and refclocks.
NetBSD:
Support for editline command line editing
in "ntpq" and "ntpdc".
NetBSD-current:
Use nanosecond resolution POSIX timers.
|
|
|
|
|
|
- group 'zrw' and 'p' args, -s last
- use the && operator consistently
- strip unneeded parens
- some whitespace cleanup
|
|
and Zyfer GPStarplus, minor documentation updates.
|
|
* Lose the source port check on incoming packets
* (x)ntpdc compatibility patch
* Virtual IP improvements
* ntp_loopfilter fixes and improvements
* ntpdc improvements
* GOES refclock fix
* JJY driver
* bsdi port fixes
* HP MPE/iX port
* Win/NT port upgrade
* Dynix PTX port fixes
* Document conversion from CVS to BK
* readline support for ntpq
|
|
from the "ChangeLog" file below). Also, this NetBSD package now installs the
HTML docs into "/usr/pkg/share/doc/html".
* ntpd/refclock_oncore.c (oncore_start): Set pps_enable=1, just
like the atom driver does.
From: reg@dwf.com
* ntpd/refclock_nmea.c (nmea_ppsapi): Set pps_enable=1, just like
the atom driver does.
From: Scott Allendorf <sca@newton.physics.uiowa.edu>
* ntpd/ntp_config.c (getconfig): CONF_CLOCK_PANIC was using the
wrong config flag.
From: <justin_forrester@hp.com>
|
|
|
