Commit 5263b053 authored by Bernhard Schmidt's avatar Bernhard Schmidt

New upstream version 4.2.8p12+dfsg

parent cf394574
--- ---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>
---
(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3454] Unauthenticated packet can reset authenticated interleave * [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn. associations. HStenn.
...@@ -14,16 +78,16 @@ ...@@ -14,16 +78,16 @@
- applied patch by Sean Haugh - applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> * [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime() * [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> * [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too - refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org * [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> * [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey - applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> * [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods) - applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain * [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> * [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> * [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" * [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
......
-- --
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27) NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
NOTE: this NEWS file will be undergoing more revisions. NOTE: this NEWS file will be undergoing more revisions.
...@@ -7,6 +7,77 @@ Focus: Security, Bug fixes, enhancements. ...@@ -7,6 +7,77 @@ Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM Severity: MEDIUM
This release fixes a "hole" in the noepeer capability introduced to ntpd
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
* [Sec 3012] Fix a hole in the new "noepeer" processing.
* Bug Fixes:
[Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
[Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
[Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
[Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
[Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
[Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
[Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
[Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
[Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
[Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
[Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
[Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
[Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
[Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
[Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
[Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
[Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
[Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
[Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
[Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
html/authopt.html: cleanup, from <stenn@ntp.org>
ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
--
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
provides 65 other non-security fixes and improvements: provides 65 other non-security fixes and improvements:
......
...@@ -311,6 +311,9 @@ ...@@ -311,6 +311,9 @@
/* Provide the explicit 127.0.0.0/8 martian filter? */ /* Provide the explicit 127.0.0.0/8 martian filter? */
#undef ENABLE_BUG3020_FIX #undef ENABLE_BUG3020_FIX
/* Enable CMAC support? */
#undef ENABLE_CMAC
/* nls support in libopts */ /* nls support in libopts */
#undef ENABLE_NLS #undef ENABLE_NLS
...@@ -372,6 +375,14 @@ ...@@ -372,6 +375,14 @@
/* Define to 1 if you have the `daemon' function. */ /* Define to 1 if you have the `daemon' function. */
#undef HAVE_DAEMON #undef HAVE_DAEMON
/* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you
don't. */
#undef HAVE_DECL_SIGLONGJMP
/* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you
don't. */
#undef HAVE_DECL_SIGSETJMP
/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
don't. */ don't. */
#undef HAVE_DECL_STRERROR_R #undef HAVE_DECL_STRERROR_R
...@@ -653,6 +664,12 @@ ...@@ -653,6 +664,12 @@
/* if you have NT Threads */ /* if you have NT Threads */
#undef HAVE_NT_THREADS #undef HAVE_NT_THREADS
/* Define to 1 if you have the <openssl/cmac.h> header file. */
#undef HAVE_OPENSSL_CMAC_H
/* Define to 1 if you have the <openssl/hmac.h> header file. */
#undef HAVE_OPENSSL_HMAC_H
/* Define to 1 if the system has the type `pid_t'. */ /* Define to 1 if the system has the type `pid_t'. */
#undef HAVE_PID_T #undef HAVE_PID_T
...@@ -957,6 +974,9 @@ ...@@ -957,6 +974,9 @@
/* Define to 1 if you have the <sys/lock.h> header file. */ /* Define to 1 if you have the <sys/lock.h> header file. */
#undef HAVE_SYS_LOCK_H #undef HAVE_SYS_LOCK_H
/* Define to 1 if you have the <sys/mac.h> header file. */
#undef HAVE_SYS_MAC_H
/* Define to 1 if you have the <sys/mman.h> header file. */ /* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H #undef HAVE_SYS_MMAN_H
...@@ -1117,6 +1137,9 @@ ...@@ -1117,6 +1137,9 @@
/* Do we have the TIO serial stuff? */ /* Do we have the TIO serial stuff? */
#undef HAVE_TIO_SERIAL_STUFF #undef HAVE_TIO_SERIAL_STUFF
/* Are TrustedBSD MAC policy privileges available? */
#undef HAVE_TRUSTEDBSD_MAC
/* Define to 1 if the system has the type `uint16_t'. */ /* Define to 1 if the system has the type `uint16_t'. */
#undef HAVE_UINT16_T #undef HAVE_UINT16_T
......
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11. # Generated by GNU Autoconf 2.69 for ntp 4.2.8p12.
# #
# Report bugs to <http://bugs.ntp.org./>. # Report bugs to <http://bugs.ntp.org./>.
# #
...@@ -590,8 +590,8 @@ MAKEFLAGS= ...@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='ntp' PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp' PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p11' PACKAGE_VERSION='4.2.8p12'
PACKAGE_STRING='ntp 4.2.8p11' PACKAGE_STRING='ntp 4.2.8p12'
PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./' PACKAGE_URL='http://www.ntp.org./'
...@@ -968,6 +968,7 @@ enable_c99_snprintf ...@@ -968,6 +968,7 @@ enable_c99_snprintf
enable_clockctl enable_clockctl
enable_linuxcaps enable_linuxcaps
enable_solarisprivs enable_solarisprivs
enable_trustedbsd_mac
with_arlib with_arlib
with_net_snmp_config with_net_snmp_config
enable_libseccomp enable_libseccomp
...@@ -1614,7 +1615,7 @@ if test "$ac_init_help" = "long"; then ...@@ -1614,7 +1615,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems. \`configure' configures ntp 4.2.8p12 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
...@@ -1684,7 +1685,7 @@ fi ...@@ -1684,7 +1685,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p11:";; short | recursive ) echo "Configuration of ntp 4.2.8p12:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
...@@ -1731,6 +1732,8 @@ Optional Features and Packages: ...@@ -1731,6 +1732,8 @@ Optional Features and Packages:
--enable-clockctl s Use /dev/clockctl for non-root clock control --enable-clockctl s Use /dev/clockctl for non-root clock control
--enable-linuxcaps + Use Linux capabilities for non-root clock control --enable-linuxcaps + Use Linux capabilities for non-root clock control
--enable-solarisprivs + Use Solaris privileges for non-root clock control --enable-solarisprivs + Use Solaris privileges for non-root clock control
--enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock
control
--with-arlib - deprecated, arlib not distributed --with-arlib - deprecated, arlib not distributed
--with-net-snmp-config + =net-snmp-config --with-net-snmp-config + =net-snmp-config
--enable-libseccomp EXPERIMENTAL: enable support for libseccomp --enable-libseccomp EXPERIMENTAL: enable support for libseccomp
...@@ -1923,7 +1926,7 @@ fi ...@@ -1923,7 +1926,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
ntp configure 4.2.8p11 ntp configure 4.2.8p12
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
...@@ -2632,7 +2635,7 @@ cat >config.log <<_ACEOF ...@@ -2632,7 +2635,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p11, which was It was created by ntp $as_me 4.2.8p12, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
...@@ -3633,7 +3636,7 @@ fi ...@@ -3633,7 +3636,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='ntp' PACKAGE='ntp'
VERSION='4.2.8p11' VERSION='4.2.8p12'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
...@@ -24026,7 +24029,40 @@ esac ...@@ -24026,7 +24029,40 @@ esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5
$as_echo "$ntp_have_solarisprivs" >&6; } $as_echo "$ntp_have_solarisprivs" >&6; }
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in for ac_header in sys/mac.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default"
if test "x$ac_cv_header_sys_mac_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_SYS_MAC_H 1
_ACEOF
fi
done
# Check whether --enable-trustedbsd_mac was given.
if test "${enable_trustedbsd_mac+set}" = set; then :
enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5
$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; }
case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
yesyes)
$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5
$as_echo "$ntp_use_trustedbsd_mac" >&6; }
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
*yes*) *yes*)
$as_echo "#define HAVE_DROPROOT 1" >>confdefs.h $as_echo "#define HAVE_DROPROOT 1" >>confdefs.h
...@@ -30311,6 +30347,19 @@ $as_echo "$ntp_openssl" >&6; } ...@@ -30311,6 +30347,19 @@ $as_echo "$ntp_openssl" >&6; }
case "$ntp_openssl" in case "$ntp_openssl" in
yes) yes)
for ac_header in openssl/cmac.h openssl/hmac.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
$as_echo "#define OPENSSL /**/" >>confdefs.h $as_echo "#define OPENSSL /**/" >>confdefs.h
...@@ -30534,6 +30583,21 @@ LIBS="$NTPO_SAVED_LIBS" ...@@ -30534,6 +30583,21 @@ LIBS="$NTPO_SAVED_LIBS"
{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} { ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5
$as_echo_n "checking if we want to enable CMAC support... " >&6; }
case "$ac_cv_header_openssl_cmac_h" in
yes)
$as_echo "#define ENABLE_CMAC 1" >>confdefs.h
ans="yes"
;;
*) ans="no"
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
$as_echo "$ans" >&6; }
...@@ -33221,6 +33285,32 @@ fi ...@@ -33221,6 +33285,32 @@ fi
###
ac_fn_c_check_decl "$LINENO" "sigsetjmp" "ac_cv_have_decl_sigsetjmp" "#include <setjmp.h>
"
if test "x$ac_cv_have_decl_sigsetjmp" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SIGSETJMP $ac_have_decl
_ACEOF
ac_fn_c_check_decl "$LINENO" "siglongjmp" "ac_cv_have_decl_siglongjmp" "#include <setjmp.h>
"
if test "x$ac_cv_have_decl_siglongjmp" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SIGLONGJMP $ac_have_decl
_ACEOF
### ###
...@@ -33964,7 +34054,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ...@@ -33964,7 +34054,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by ntp $as_me 4.2.8p11, which was This file was extended by ntp $as_me 4.2.8p12, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
...@@ -34031,7 +34121,7 @@ _ACEOF ...@@ -34031,7 +34121,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
ntp config.status 4.2.8p11 ntp config.status 4.2.8p12
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"
......
...@@ -3014,6 +3014,17 @@ AC_MSG_RESULT([$ans]) ...@@ -3014,6 +3014,17 @@ AC_MSG_RESULT([$ans])
NTP_OPENSSL NTP_OPENSSL
AC_MSG_CHECKING([if we want to enable CMAC support])
case "$ac_cv_header_openssl_cmac_h" in
yes)
AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?])
ans="yes"
;;
*) ans="no"
;;
esac
AC_MSG_RESULT([$ans])
NTP_CRYPTO_RAND NTP_CRYPTO_RAND
# if we are using OpenSSL (--with-crypto), by default Autokey is enabled # if we are using OpenSSL (--with-crypto), by default Autokey is enabled
...@@ -4380,6 +4391,10 @@ NTP_PROBLEM_TESTS ...@@ -4380,6 +4391,10 @@ NTP_PROBLEM_TESTS
### ###
AC_CHECK_DECLS([sigsetjmp,siglongjmp], [], [], [[#include <setjmp.h>]])
###
AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir], AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir],
[Default location of crypto key info]) [Default location of crypto key info])
......
This diff is collapsed.
This diff is collapsed.
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
Walt Kelly</a> Walt Kelly</a>
<p>The chicken is getting configuration advice.</p> <p>The chicken is getting configuration advice.</p>
<p>Last update: <p>Last update:
<!-- #BeginDate format:En2m -->10-Mar-2014 05:01<!-- #EndDate --> <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p> UTC</p>
<br clear="left"> <br clear="left">
<h4>Related Links</h4> <h4>Related Links</h4>
...@@ -67,7 +67,7 @@ Walt Kelly</a> ...@@ -67,7 +67,7 @@ Walt Kelly</a>
<dt><tt>ident</tt> <em><tt>group</tt></em></dt> <dt><tt>ident</tt> <em><tt>group</tt></em></dt>
<dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd> <dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt><tt>key</tt> <i><tt>key</tt></i></dt> <dt><tt>key</tt> <i><tt>key</tt></i></dt>
<dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br> <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt> </i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd> <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd>
<dt><tt>mode <i>option</i></tt></dt> <dt><tt>mode <i>option</i></tt></dt>
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p> <p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
<p>Alice holds the key.</p> <p>Alice holds the key.</p>
<p>Last update: <p>Last update:
<!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate --> <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p> UTC</p>
<br clear="left"> <br clear="left">
<h4>Related Links</h4> <h4>Related Links</h4>
...@@ -313,7 +313,7 @@ ...@@ -313,7 +313,7 @@
</pre></td></tr></table> </pre></td></tr></table>
<p>Figure 1 shows a typical symmetric keys file used by the reference <p>Figure 1 shows a typical symmetric keys file used by the reference
implementation. Each line of the file contains three or four fields, implementation. Each line of the file contains three or four fields,
first an integer between 1 and 65534, inclusive, representing the key first an integer between 1 and 65535, inclusive, representing the key
identifier used in the <tt>server</tt> and <tt>peer</tt> configuration identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
commands. Second is the key type for the message digest algorithm, commands. Second is the key type for the message digest algorithm,
which in the absence of the OpenSSL library must be <tt>MD5</tt> to which in the absence of the OpenSSL library must be <tt>MD5</tt> to
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
<img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a> <img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>I told you it was eyeball and wristwatch.</p> <p>I told you it was eyeball and wristwatch.</p>
<p>Last update: <p>Last update:
<!-- #BeginDate format:En2m -->9-Feb-2014 03:34<!-- #EndDate --> <!-- #BeginDate format:En2m -->21-Jul-2018 04:09<!-- #EndDate -->
UTC</p> UTC</p>
<br clear="left"> <br clear="left">
<hr> <hr>
...@@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page. After a suitable period of mourning, the <tt>n ...@@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page. After a suitable period of mourning, the <tt>n
<dt><tt>-s</tt></dt> <dt><tt>-s</tt></dt>
<dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd> <dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd>
<dt><tt>-t <i>timeout</i></tt></dt> <dt><tt>-t <i>timeout</i></tt></dt>
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.</dd> <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 2 seconds, a value suitable for polling across a LAN.</dd>
<dt><tt>-u</tt></dt> <dt><tt>-u</tt></dt>
<dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports. <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
<dt><tt>-<i>v</i></tt></dt> <dt><tt>-<i>v</i></tt></dt>
......
...@@ -610,6 +610,18 @@ struct pkt { ...@@ -610,6 +610,18 @@ struct pkt {
#define STRATUM_TO_PKT(s) ((u_char)(((s) == (STRATUM_UNSPEC)) ?\ #define STRATUM_TO_PKT(s) ((u_char)(((s) == (STRATUM_UNSPEC)) ?\
(STRATUM_PKT_UNSPEC) : (s))) (STRATUM_PKT_UNSPEC) : (s)))
/*
* A test to determine if the refid should be interpreted as text string.
* This is usually the case for a refclock, which has stratum 0 internally,
* which results in sys_stratum 1 if the refclock becomes system peer, or
* in case of a kiss-of-death (KoD) packet that has STRATUM_PKT_UNSPEC (==0)
* in the packet which is converted to STRATUM_UNSPEC when the packet
* is evaluated.
*/
#define REFID_ISTEXT(s) (((s) <= 1) || ((s) >= STRATUM_UNSPEC))