Chase a466cc5537, updating the version string in the local config.h.
Reported by: Trond Endrestol <Trond.Endrestol@ximalas.info>
Fixes: a466cc5537
MFC after: immediately
* powerpc time_t is 64 bit, not 32 bit.
* Add definition for powerpc64le.
With this, powerpc64le ntpd and ntpdate operate correctly instead of
corrupting the clock and exiting.
Tested on powerpc64, powerpc64le, and powerpc.
No feedback from cy@.
I am a bit confused as to how SIZEOF_TIME_T being wrong ever worked on
powerpc, it being big endian and all.
Sponsored by: Tag1 Consulting, Inc.
Differential Revision: https://reviews.freebsd.org/D26379
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.
MFC after: 3 days
Security: NTP Bug 3661
pages to page as necessary.
To restore historic BSD behaviour add the following to ntp.conf:
rlimit memlock 32
Discussed on: freebsd-current@ between Sept 6-9, 2019
Reported by: Users using ASLR with stack gap != 0
Reviewed by: ian, kib, rgrimes (all previous versions)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21581
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.
This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.
Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.
Differential Revision: https://reviews.freebsd.org/D16281
Leap-second smearing is an experimental option that may be specified in
ntp.conf(5) and the -x option on the command line to spread the effect
of a leap-second over an interval as specified by the leapsmearinterval
config file statement. Recommended values are between 7200 (2 hours) and
86400 (24 hours).
It is advised that leap-second smearing not be used for public NTP
servers (https://www.meinbergglobal.com/download/burnicki/Leap\
%20Second%20Smearing%20With%20NTP.pdf). It is also advised that NTP
clients not use a mix of NTP servers using leap-second smearing with
NTP servers not using leap-second smearing as that could cause
undefined client behaviour.
Leap-second smearing was committed to ports net/ntp and net/ntp-devel
by r426825 on 2016-11-22.
Suggested by: des
MFC after: 4 weeks
-HEAD) in libntp so we can make reproducible build.
PR: bin/201661
Reviewed by: gjb, cy, roberto
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D3122
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
getting more and more popular, as source of precise time, and the gpsd
daemon from ports is using the shared memory to synchronize with ntpd.
Reviewed by: roberto
The utmp code in systime.c is not enabled, so including <utmp.h> has no
effect in our setup. This makes it a little easier for me to migrate to
<utmpx.h>.
Approved by: roberto
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
It does survive « make release ».
Uses an upcoming patch from the vendor branch (ntp-stable) of ntp-keygen.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
This bring us several things:
- updated drivers
- IPv6 support at last
- ntp-genkeys is replaced by ntp-keygen
- ntptrace is now a script (courtesy of John Hay)
- lots of renamed files from .htm to .html (while I prefer .html, I
find the change a bit gratuitous)
- still no manpages :(
Please test and report.
Commit very much helped by: GNU arch (http://gnuarch.org/)
branch and a few new drivers. See contrib/ntp/ChangeLog for details.
Hide kernel header sys/lock.h from ntp [1]
PR: bin/33914
Submitted by: thomas, bde[1]
MFC after: 1 month
