ChangeLog

 ---
-(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
-(4.2.8p10)
+
+* [Sec 3454] Unauthenticated packet can reset authenticated interleave
+  associations.  HStenn.
+* [Sec 3453] Interleaved symmetric mode cannot recover from bad state.  HStenn.
+* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
+  Implement ippeerlimit.  HStenn, JPerlinger.
+* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
+  - initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
+* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
+* [Sec 3012] Sybil vulnerability: noepeer support.  HStenn, JPerlinger.
+* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
+* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
+ - applied patch by Sean Haugh 
+* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
+* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
+ - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
+* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
+  - refactoring the MAC code, too
+* [Bug 3441] Validate the assumption that AF_UNSPEC is 0.  stenn@ntp.org
+* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
+ - applied patch by ggarvey
+* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
+ - applied patch by ggarvey (with minor mods)
+* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
+ - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
+* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
+* [Bug 3433] sntp crashes when run with -a.  <stenn@ntp.org>
+* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
+  - fixed several issues with hash algos in ntpd, sntp, ntpq,
+    ntpdc and the test suites <perlinger@ntp.org>
+* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
+  - initial patch by Daniel Pouzzner
+* [Bug 3423] QNX adjtime() implementation error checking is
+  wrong <perlinger@ntp.org>
+* [Bug 3417] ntpq ifstats packet counters can be negative
+  made IFSTATS counter quantities unsigned <perlinger@ntp.org>
+* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
+  - raised receive buffer size to 1200 <perlinger@ntp.org>
+* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
+  analysis tool. <abe@ntp.org>
+* [Bug 3405] update-leap.in: general cleanup, HTTPS support.  Paul McMath.
+* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
+  - fix/drop assumptions on OpenSSL libs directory layout
+* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
+  - initial patch by timeflies@mail2tor.com  <perlinger@ntp.org>
+* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
+  - patch contributed by Alexander Bluhm
+* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
+  rework of formatting & data transfer stuff in 'ntp_control.c'
+  avoids unecessary buffers and size limitations. <perlinger@ntp.org>
+* [Bug 3394] Leap second deletion does not work on ntpd clients
+  - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
+* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
+  - increased mimimum stack size to 32kB <perlinger@ntp.org>
+* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
+  - reverted handling of PPS kernel consumer to 4.2.6 behavior
+* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
+* [Bug 3358] Spurious KoD log messages in .INIT. phase.  HStenn.
+* [Bug 3016] wrong error position reported for bad ":config pool"
+  - fixed location counter & ntpq output <perlinger@ntp.org>
+* [Bug 2900] libntp build order problem.  HStenn.
+* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
+* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
+  perlinger@ntp.org
+* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
+* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
+* Use strlcpy() to copy strings, not memcpy().  HStenn.
+* Typos.  HStenn.
+* test_ntp_scanner_LDADD needs ntpd/ntp_io.o.  HStenn.
+* refclock_jjy.c: Add missing "%s" to an msyslog() call.  HStenn.
+* Build ntpq and libntpq.a with NTP_HARD_*FLAGS.  perlinger@ntp.org
+* Fix trivial warnings from 'make check'. perlinger@ntp.org
+* Fix bug in the override portion of the compiler hardening macro. HStenn.
+* record_raw_stats(): Log entire packet.  Log writes.  HStenn.
+* AES-128-CMAC support.  BInglis, HStenn, JPerlinger.
+* sntp: tweak key file logging.  HStenn.
+* sntp: pkt_output(): Improve debug output.  HStenn.
+* update-leap: updates from Paul McMath.
+* When using pkg-config, report --modversion.  HStenn.
+* Clean up libevent configure checks.  HStenn.
+* sntp: show the IP of who sent us a crypto-NAK.  HStenn.
+* Allow .../N to specify subnet bits for IPs in ntp.keys.  HStenn, JPerlinger.
+* authistrustedip() - use it in more places.  HStenn, JPerlinger.
+* New sysstats: sys_lamport, sys_tsrounding.  HStenn.
+* Update ntp.keys .../N documentation.  HStenn.
+* Distribute testconf.yml.  HStenn.
+* Add DPRINTF(2,...) lines to receive() for packet drops.  HStenn.
+* Rename the configuration flag fifo variables.  HStenn.
+* Improve saveconfig output.  HStenn.
+* Decode restrict flags on receive() debug output.  HStenn.
+* Decode interface flags on receive() debug output.  HStenn.
+* Warn the user if deprecated "driftfile name WanderThreshold" is used.  HStenn.
+* Update the documentation in ntp.conf.def .  HStenn.
+* restrictions() must return restrict flags and ippeerlimit.  HStenn.
+* Update ntpq peer documentation to describe the 'p' type.  HStenn.
+* Rename restrict 'flags' to 'rflags.  Use an enum for the values.  HStenn.
+* Provide dump_restricts() for debugging.  HStenn.
+* Use consistent 4th arg type for [gs]etsockopt.  JPerlinger.
+* Some tests might need LIBM.  HStenn.
+* update-leap: Allow -h/--help early.  HStenn.
+
+---
+(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
 
 * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
   (Pentest report 01.2017) <perlinger@ntp.org>

Makefile.am

@@ -5,10 +5,10 @@ NULL =
 # moved sntp first to get libtool and libevent built.
 
 SUBDIRS =		\
-	sntp		\
 	scripts		\
 	include		\
 	libntp		\
+	sntp		\
 	libparse	\
 	ntpd		\
 	ntpdate		\

Makefile.in

@@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
 	$(top_srcdir)/sntp/m4/ltsugar.m4 \
 	$(top_srcdir)/sntp/m4/ltversion.m4 \
 	$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
+	$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
 	$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
 	$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
 	$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@@ -523,10 +524,10 @@ NULL =
 
 # moved sntp first to get libtool and libevent built.
 SUBDIRS = \
-	sntp		\
 	scripts		\
 	include		\
 	libntp		\
+	sntp		\
 	libparse	\
 	ntpd		\
 	ntpdate		\

NEWS

 --
+NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
+
+NOTE: this NEWS file will be undergoing more revisions.
+
+Focus: Security, Bug fixes, enhancements.
+
+Severity: MEDIUM
+
+This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
+vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
+provides 65 other non-security fixes and improvements:
+
+* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved
+	association (LOW/MED)
+   Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+   References: Sec 3454 / CVE-2018-7185 / VU#961909
+   Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
+   CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between
+	2.9 and 6.8.
+   CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could
+	score between 2.6 and 3.1
+   Summary:
+	The NTP Protocol allows for both non-authenticated and
+	authenticated associations, in client/server, symmetric (peer),
+	and several broadcast modes. In addition to the basic NTP
+	operational modes, symmetric mode and broadcast servers can
+	support an interleaved mode of operation. In ntp-4.2.8p4 a bug
+	was inadvertently introduced into the protocol engine that
+	allows a non-authenticated zero-origin (reset) packet to reset
+	an authenticated interleaved peer association. If an attacker
+	can send a packet with a zero-origin timestamp and the source
+	IP address of the "other side" of an interleaved association,
+	the 'victim' ntpd will reset its association. The attacker must
+	continue sending these packets in order to maintain the
+	disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
+	interleave mode could be entered dynamically. As of ntp-4.2.8p7,
+	interleaved mode must be explicitly configured/enabled.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to 4.2.8p11, or later, from the NTP Project Download Page
+	    or the NTP Public Services Project Download Page.
+	If you are unable to upgrade to 4.2.8p11 or later and have
+	    'peer HOST xleave' lines in your ntp.conf file, remove the
+	    'xleave' option.
+	Have enough sources of time.
+	Properly monitor your ntpd instances.
+	If ntpd stops running, auto-restart it without -g .
+   Credit:
+   	This weakness was discovered by Miroslav Lichvar of Red Hat.
+
+* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad
+	state (LOW/MED)
+   Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+   References: Sec 3453 / CVE-2018-7184 / VU#961909
+   Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
+   CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
+	Could score between 2.9 and 6.8.
+   CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
+	Could score between 2.6 and 6.0.
+   Summary:
+   	The fix for NtpBug2952 was incomplete, and while it fixed one
+	problem it created another.  Specifically, it drops bad packets
+	before updating the "received" timestamp.  This means a
+	third-party can inject a packet with a zero-origin timestamp,
+	meaning the sender wants to reset the association, and the
+	transmit timestamp in this bogus packet will be saved as the
+	most recent "received" timestamp.  The real remote peer does
+	not know this value and this will disrupt the association until
+	the association resets.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+	    or the NTP Public Services Project Download Page.
+	Use authentication with 'peer' mode.
+	Have enough sources of time.
+	Properly monitor your ntpd instances.
+	If ntpd stops running, auto-restart it without -g .
+   Credit:
+   	This weakness was discovered by Miroslav Lichvar of Red Hat.
+
+* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive
+	peering (LOW)
+   Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+   References: Sec 3415 / CVE-2018-7170 / VU#961909
+   	       Sec 3012 / CVE-2016-1549 / VU#718152
+   Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
+   	4.3.0 up to, but not including 4.3.92.  Resolved in 4.2.8p11.
+   CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
+   CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
+   Summary:
+	ntpd can be vulnerable to Sybil attacks.  If a system is set up to
+	use a trustedkey and if one is not using the feature introduced in
+	ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
+	specify which IPs can serve time, a malicious authenticated peer
+	-- i.e. one where the attacker knows the private symmetric key --
+	can create arbitrarily-many ephemeral associations in order to win
+	the clock selection of ntpd and modify a victim's clock.  Three
+	additional protections are offered in ntp-4.2.8p11.  One is the
+	new 'noepeer' directive, which disables symmetric passive
+	ephemeral peering. Another is the new 'ippeerlimit' directive,
+	which limits the number of peers that can be created from an IP.
+	The third extends the functionality of the 4th field in the
+	ntp.keys file to include specifying a subnet range.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+	    or the NTP Public Services Project Download Page.
+	Use the 'noepeer' directive to prohibit symmetric passive
+	    ephemeral associations.
+	Use the 'ippeerlimit' directive to limit the number of peers
+	    that can be created from an IP.
+	Use the 4th argument in the ntp.keys file to limit the IPs and
+	    subnets that can be time servers.
+	Have enough sources of time.
+	Properly monitor your ntpd instances.
+	If ntpd stops running, auto-restart it without -g .
+   Credit:
+	This weakness was reported as Bug 3012 by Matthew Van Gundy of
+	Cisco ASIG, and separately by Stefan Moser as Bug 3415.
+
+* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium)
+   Date Resolved: 27 Feb 2018
+   References: Sec 3414 / CVE-2018-7183 / VU#961909
+   Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
+   CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
+   CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
+   Summary:
+   	ntpq is a monitoring and control program for ntpd.  decodearr()
+	is an internal function of ntpq that is used to -- wait for it --
+	decode an array in a response string when formatted data is being
+	displayed.  This is a problem in affected versions of ntpq if a
+	maliciously-altered ntpd returns an array result that will trip this
+	bug, or if a bad actor is able to read an ntpq request on its way to
+	a remote ntpd server and forge and send a response before the remote
+	ntpd sends its response.  It's potentially possible that the
+	malicious data could become injectable/executable code.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+	    or the NTP Public Services Project Download Page.
+   Credit:
+	This weakness was discovered by Michael Macnair of Thales e-Security.
+
+* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined
+	behavior and information leak (Info/Medium)
+   Date Resolved: 27 Feb 2018
+   References: Sec 3412 / CVE-2018-7182 / VU#961909
+   Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
+   CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
+   CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+	0.0 if C:N
+   Summary:
+	ctl_getitem()  is used by ntpd to process incoming mode 6 packets.
+	A malicious mode 6 packet can be sent to an ntpd instance, and
+	if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will
+	cause ctl_getitem() to read past the end of its buffer.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+	    or the NTP Public Services Project Download Page.
+	Have enough sources of time.
+	Properly monitor your ntpd instances.
+	If ntpd stops running, auto-restart it without -g .
+   Credit:
+   	This weakness was discovered by Yihan Lian of Qihoo 360.
+
+* NTP Bug 3012: Sybil vulnerability: ephemeral association attack
+   Also see Bug 3415, above.
+   Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
+   Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+   References: Sec 3012 / CVE-2016-1549 / VU#718152
+   Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
+	4.3.0 up to, but not including 4.3.92.  Resolved in 4.2.8p11.
+   CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
+   CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
+   Summary:
+	ntpd can be vulnerable to Sybil attacks.  If a system is set up
+	to use a trustedkey and if one is not using the feature
+	introduced in ntp-4.2.8p6 allowing an optional 4th field in the
+	ntp.keys file to specify which IPs can serve time, a malicious
+	authenticated peer -- i.e. one where the attacker knows the
+	private symmetric key -- can create arbitrarily-many ephemeral
+	associations in order to win the clock selection of ntpd and
+	modify a victim's clock.  Two additional protections are
+	offered in ntp-4.2.8p11.  One is the 'noepeer' directive, which
+	disables symmetric passive ephemeral peering. The other extends
+	the functionality of the 4th field in the ntp.keys file to
+	include specifying a subnet range.
+   Mitigation:
+	Implement BCP-38.
+	Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or
+	    the NTP Public Services Project Download Page.
+	Use the 'noepeer' directive to prohibit symmetric passive
+	    ephemeral associations.
+	Use the 'ippeerlimit' directive to limit the number of peer
+	    associations from an IP.
+	Use the 4th argument in the ntp.keys file to limit the IPs
+	    and subnets that can be time servers.
+	Properly monitor your ntpd instances.
+   Credit:
+   	This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
+
+* Bug fixes:
+ [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
+ [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
+ - applied patch by Sean Haugh 
+ [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
+ [Bug 3450] Dubious error messages from plausibility checks in get_systime()
+ - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
+ [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
+ - refactoring the MAC code, too
+ [Bug 3441] Validate the assumption that AF_UNSPEC is 0.  stenn@ntp.org
+ [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
+ - applied patch by ggarvey
+ [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
+ - applied patch by ggarvey (with minor mods)
+ [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
+ - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
+ [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
+ [Bug 3433] sntp crashes when run with -a.  <stenn@ntp.org>
+ [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
+ - fixed several issues with hash algos in ntpd, sntp, ntpq,
+   ntpdc and the test suites <perlinger@ntp.org>
+ [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
+ - initial patch by Daniel Pouzzner
+ [Bug 3423] QNX adjtime() implementation error checking is
+ wrong <perlinger@ntp.org>
+ [Bug 3417] ntpq ifstats packet counters can be negative
+ made IFSTATS counter quantities unsigned <perlinger@ntp.org>
+ [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
+ - raised receive buffer size to 1200 <perlinger@ntp.org>
+ [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
+ analysis tool. <abe@ntp.org>
+ [Bug 3405] update-leap.in: general cleanup, HTTPS support.  Paul McMath.
+ [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
+ - fix/drop assumptions on OpenSSL libs directory layout
+ [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
+ - initial patch by timeflies@mail2tor.com  <perlinger@ntp.org>
+ [Bug 3398] tests fail with core dump <perlinger@ntp.org>
+ - patch contributed by Alexander Bluhm
+ [Bug 3397] ctl_putstr() asserts that data fits in its buffer
+ rework of formatting & data transfer stuff in 'ntp_control.c'
+ avoids unecessary buffers and size limitations. <perlinger@ntp.org>
+ [Bug 3394] Leap second deletion does not work on ntpd clients
+ - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
+ [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
+ - increased mimimum stack size to 32kB <perlinger@ntp.org>
+ [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
+ - reverted handling of PPS kernel consumer to 4.2.6 behavior
+ [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
+ [Bug 3358] Spurious KoD log messages in .INIT. phase.  HStenn.
+ [Bug 3016] wrong error position reported for bad ":config pool"
+ - fixed location counter & ntpq output <perlinger@ntp.org>
+ [Bug 2900] libntp build order problem.  HStenn.
+ [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
+ [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
+ perlinger@ntp.org
+ [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
+ [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
+ Use strlcpy() to copy strings, not memcpy().  HStenn.
+ Typos.  HStenn.
+ test_ntp_scanner_LDADD needs ntpd/ntp_io.o.  HStenn.
+ refclock_jjy.c: Add missing "%s" to an msyslog() call.  HStenn.
+ Build ntpq and libntpq.a with NTP_HARD_*FLAGS.  perlinger@ntp.org
+ Fix trivial warnings from 'make check'. perlinger@ntp.org
+ Fix bug in the override portion of the compiler hardening macro. HStenn.
+ record_raw_stats(): Log entire packet.  Log writes.  HStenn.
+ AES-128-CMAC support.  BInglis, HStenn, JPerlinger.
+ sntp: tweak key file logging.  HStenn.
+ sntp: pkt_output(): Improve debug output.  HStenn.
+ update-leap: updates from Paul McMath.
+ When using pkg-config, report --modversion.  HStenn.
+ Clean up libevent configure checks.  HStenn.
+ sntp: show the IP of who sent us a crypto-NAK.  HStenn.
+ Allow .../N to specify subnet bits for IPs in ntp.keys.  HStenn, JPerlinger.
+ authistrustedip() - use it in more places.  HStenn, JPerlinger.
+ New sysstats: sys_lamport, sys_tsrounding.  HStenn.
+ Update ntp.keys .../N documentation.  HStenn.
+ Distribute testconf.yml.  HStenn.
+ Add DPRINTF(2,...) lines to receive() for packet drops.  HStenn.
+ Rename the configuration flag fifo variables.  HStenn.
+ Improve saveconfig output.  HStenn.
+ Decode restrict flags on receive() debug output.  HStenn.
+ Decode interface flags on receive() debug output.  HStenn.
+ Warn the user if deprecated "driftfile name WanderThreshold" is used.  HStenn.
+ Update the documentation in ntp.conf.def .  HStenn.
+ restrictions() must return restrict flags and ippeerlimit.  HStenn.
+ Update ntpq peer documentation to describe the 'p' type.  HStenn.
+ Rename restrict 'flags' to 'rflags.  Use an enum for the values.  HStenn.
+ Provide dump_restricts() for debugging.  HStenn.
+ Use consistent 4th arg type for [gs]etsockopt.  JPerlinger.
+
+* Other items:
+
+* update-leap needs the following perl modules:
+	Net::SSLeay
+	IO::Socket::SSL
+
+* New sysstats variables: sys_lamport, sys_tsrounding
+See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
+sys_lamport counts the number of observed Lamport violations, while
+sys_tsrounding counts observed timestamp rounding events.
+
+* New ntp.conf items:
+
+- restrict ... noepeer
+- restrict ... ippeerlimit N
+
+The 'noepeer' directive will disallow all ephemeral/passive peer
+requests.
+
+The 'ippeerlimit' directive limits the number of time associations
+for each IP in the designated set of addresses.  This limit does not
+apply to explicitly-configured associations.  A value of -1, the current
+default, means an unlimited number of associations may connect from a
+single IP.  0 means "none", etc.  Ordinarily the only way multiple
+associations would come from the same IP would be if the remote side
+was using a proxy.  But a trusted machine might become compromised,
+in which case an attacker might spin up multiple authenticated sessions
+from different ports.  This directive should be helpful in this case.
+
+* New ntp.keys feature: Each IP in the optional list of IPs in the 4th
+field may contain a /subnetbits specification, which identifies  the
+scope of IPs that may use this key.  This IP/subnet restriction can be
+used to limit the IPs that may use the key in most all situations where
+a key is used.
+--
 NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21) 
 
 Focus: Security, Bug fixes, enhancements.
@@ -960,7 +1287,7 @@ following 9 low- and medium-severity vulnerabilities:
 	Implement BCP-38.
 	Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
 	    or the NTP Public Services Project Download Page
-	Properly monitor your =ntpd= instances
+	Properly monitor your ntpd instances
    Credit: This weakness was discovered by Stephen Gray and
    	Matthew Van Gundy of Cisco ASIG.
 
@@ -1029,7 +1356,7 @@ following 9 low- and medium-severity vulnerabilities:
 	Implement BCP-38.
 	Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
 	    or the NTP Public Services Project Download Page
-	Properly monitor your =ntpd= instances
+	Properly monitor your ntpd instances
    Credit: This weakness was discovered by Yihan Lian of the Cloud
    	Security Team, Qihoo 360.
 
@@ -1266,7 +1593,7 @@ following 1 low- and 8 medium-severity vulnerabilities:
 	Configure 'ntpd' to get time from multiple sources.
 	Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
 	    or the NTP Public Services Project Download Page.
-	Monitor your 'ntpd= instances.
+	Monitor your 'ntpd' instances.
    Credit: This weakness was discovered by Matthey Van Gundy and
 	Jonathan Gardner of Cisco ASIG.
 

aclocal.m4

@@ -1339,6 +1339,7 @@ m4_include([sntp/m4/ltoptions.m4])
 m4_include([sntp/m4/ltsugar.m4])
 m4_include([sntp/m4/ltversion.m4])
 m4_include([sntp/m4/lt~obsolete.m4])
+m4_include([sntp/m4/ntp_af_unspec.m4])
 m4_include([sntp/m4/ntp_cacheversion.m4])
 m4_include([sntp/m4/ntp_compiler.m4])
 m4_include([sntp/m4/ntp_crosscompile.m4])

adjtimed/Makefile.in

@@ -108,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
 	$(top_srcdir)/sntp/m4/ltsugar.m4 \
 	$(top_srcdir)/sntp/m4/ltversion.m4 \
 	$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
+	$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
 	$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
 	$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
 	$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@@ -952,7 +953,6 @@ install-exec-hook:
 #
 
 check-libntp: ../libntp/libntp.a
-	@echo stamp > $@
 
 ../libntp/libntp.a:
 	cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

clockstuff/Makefile.in

@@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
 	$(top_srcdir)/sntp/m4/ltsugar.m4 \
 	$(top_srcdir)/sntp/m4/ltversion.m4 \
 	$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
+	$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
 	$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
 	$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
 	$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@@ -793,7 +794,6 @@ uninstall-am:
 
 
 check-libntp: ../libntp/libntp.a
-	@echo stamp > $@
 
 ../libntp/libntp.a:
 	cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

configure

 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10.
+# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
 #
 # Report bugs to <http://bugs.ntp.org./>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='ntp'
 PACKAGE_TARNAME='ntp'
-PACKAGE_VERSION='4.2.8p10'
-PACKAGE_STRING='ntp 4.2.8p10'
+PACKAGE_VERSION='4.2.8p11'
+PACKAGE_STRING='ntp 4.2.8p11'
 PACKAGE_BUGREPORT='http://bugs.ntp.org./'
 PACKAGE_URL='http://www.ntp.org./'
@@ -944,6 +944,7 @@ ac_user_opts='
 enable_option_checking
 enable_silent_rules
 enable_dependency_tracking
+with_hardenfile
 with_locfile
 enable_shared
 enable_static
@@ -1613,7 +1614,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems.
+\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1683,7 +1684,7 @@ fi
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ntp 4.2.8p10:";;
+     short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
    esac
   cat <<\_ACEOF
@@ -1699,6 +1700,7 @@ Optional Features and Packages:
                           do not reject slow dependency extractors
   --disable-dependency-tracking
                           speeds up one-time build
+  --with-hardenfile=XXX   os-specific or "/dev/null"
   --with-locfile=XXX      os-specific or "legacy"
   --enable-shared[=PKGS]  build shared libraries [default=no]
   --enable-static[=PKGS]  build static libraries [default=yes]
@@ -1921,7 +1923,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ntp configure 4.2.8p10
+ntp configure 4.2.8p11
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2630,7 +2632,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by ntp $as_me 4.2.8p10, which was
+It was created by ntp $as_me 4.2.8p11, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
   $ $0 $@
@@ -3631,7 +3633,7 @@ fi
 # Define the identity of the package.
  PACKAGE='ntp'
- VERSION='4.2.8p10'
+ VERSION='4.2.8p11'
 cat >>confdefs.h <<_ACEOF
@@ -6581,11 +6583,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 $as_echo_n "checking for compile/link hardening flags... " >&6; }
-# Check whether --with-locfile was given.
-if test "${with_locfile+set}" = set; then :
-  withval=$with_locfile;
+# Check whether --with-hardenfile was given.
+if test "${with_hardenfile+set}" = set; then :
+  withval=$with_hardenfile;
 else
-  with_locfile=no
+  with_hardenfile=no
 fi
@@ -6593,12 +6595,12 @@ fi
 (									\
     SENTINEL_DIR="$PWD" &&						\
     cd $srcdir/sntp &&							\
-    case "$with_locfile" in						\
+    case "$with_hardenfile" in						\
      yes|no|'')								\
 	scripts/genHardFlags -d "$SENTINEL_DIR"				\
 	;;								\
      *)									\
-	scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile"	\
+	scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile"	\
 	;;								\
     esac								\
 ) > genHardFlags.i 2> genHardFlags.err
@@ -15937,8 +15939,13 @@ $as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed
 	if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent
 	then
 	    ntp_use_local_libevent=no
-	    { $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
-$as_echo "$as_me: Using the installed libevent" >&6;}
+	    ntp_libevent_version="`$PKG_CONFIG --modversion libevent`"
+	    case "$ntp_libevent_version" in
+	     *.*) ;;
+	     *) ntp_libevent_version='(unknown)' ;;
+	    esac
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5
+$as_echo "yes, version $ntp_libevent_version" >&6; }
 	    CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
 	    CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
 	    # HMS: I hope the following is accurate.
@@ -15966,8 +15973,6 @@ $as_echo "$as_me: Using the installed libevent" >&6;}
 		LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads"
 	    esac
 	    LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core"
-	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
 	else
 	    ntp_use_local_libevent=yes
 	    # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS
@@ -26468,6 +26473,36 @@ fi
 done
+
+
+# We could do a cv check here, but is it worth it?
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+    	#include <sys/socket.h>
+	#ifndef AF_UNSPEC
+	#include "Bletch: AF_UNSPEC is undefined!"
+	#endif
+	#if AF_UNSPEC != 0
+	#include "Bletch: AF_UNSPEC != 0"
+	#endif
+
+int
+main ()
+{
+{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5
+$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;}
+  ;
+  return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
 $as_echo_n "checking return type of signal handlers... " >&6; }
 if ${ac_cv_type_signal+:} false; then :
@@ -30114,8 +30149,13 @@ $as_echo_n "checking pkg-config for $pkg... " >&6; }
 	    VER_SUFFIX=o
 	    ntp_openssl=yes
 	    ntp_openssl_from_pkg_config=yes
-	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+	    ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
+	    case "$ntp_openssl_version" in
+	     *.*) ;;
+	     *) ntp_openssl_version='(unknown)' ;;
+	    esac
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5
+$as_echo "yes, version $ntp_openssl_version" >&6; }
 	    break
 	fi
@@ -33924,7 +33964,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ntp $as_me 4.2.8p10, which was
+This file was extended by ntp $as_me 4.2.8p11, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
   CONFIG_FILES    = $CONFIG_FILES
@@ -33991,7 +34031,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ntp config.status 4.2.8p10
+ntp config.status 4.2.8p11
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"

configure.ac

@@ -528,6 +528,8 @@ AC_CHECK_HEADERS([sys/timex.h], [], [], [
     #endif
 ])
 
+NTP_AF_UNSPEC
+
 AC_TYPE_SIGNAL
 AC_TYPE_OFF_T
 AC_STRUCT_TM	dnl defines TM_IN_SYS_TIME used by refclock_parse.c

debian/apparmor-profile

@@ -13,7 +13,7 @@
 
 #include <tunables/global>
 #include <tunables/ntpd>
-/usr/sbin/ntpd {
+/usr/sbin/ntpd flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
@@ -39,6 +39,7 @@
 
   /{,s}bin/      r,
   /usr/{,s}bin/  r,
+  /usr/local/{,s}bin/  r,
   /usr/sbin/ntpd rmix,
 
   /etc/ntp.conf r,
@@ -68,6 +69,9 @@
 
   /{,var/}run/ntpd.pid w,
 
+  # to be able to check for running ntpdate
+  /run/lock/ntpdate wk,
+
   # samba4 ntp signing socket
   /{,var/}run/samba/ntp_signd/socket rw,
 

debian/changelog

+ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
+
+  * New upstream version 4.2.8p11+dfsg (Closes: #851096)
+    - Refresh patches
+    - Drop ntpd-increase-stack-size included upstream
+    - CVE-2018-7185: Unauthenticated packet can reset authenticated
+      interleaved association (LOW/MED)
+    - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
+      (LOW/MED)
+    - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
+      symmetric passive peering (LOW)
+    - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
+    - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
+      behavior and information leak (Info/Medium)
+    - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
+      (mitigated in 4.2.8p7)
+  * convert dfsg.sh into mk-origtargz script
+  * Run wrap-and-sort
+  * Sync AppArmor profile changes from Ubuntu, including a fix for a
+    harmless AppArmor denial in /usr/local (Closes: #883022)
+  * Don't chown in postinst recursively.
+    Thanks to Daniel Kahn Gillmor (Closes: #889488)
+  * Build sntp against system libevent
+  * Drop versioned build-deps already fulfilled by oldoldstable
+
+ -- Bernhard Schmidt <berni@debian.org>  Sun, 25 Mar 2018 23:52:51 +0200
+
 ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium
 
   * Make sntp KoD path FHS-compliant.

debian/control

@@ -2,8 +2,19 @@ Source: ntp
 Section: net
 Priority: optional
 Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
-Uploaders: Peter Eisentraut <petere@debian.org>, Kurt Roeckx <kurt@roeckx.be>, Bernhard Schmidt <berni@debian.org>
-Build-Depends: debhelper (>= 10), libedit-dev, libcap2-dev [linux-any], libssl-dev (>= 1.0.0e-1), autogen (>= 1:5.11), libopts25-dev (>= 1:5.11), pps-tools [linux-any], dh-apparmor
+Uploaders: Peter Eisentraut <petere@debian.org>,
+           Kurt Roeckx <kurt@roeckx.be>,
+           Bernhard Schmidt <berni@debian.org>
+Build-Depends: autogen,
+               debhelper (>= 10),
+               dh-apparmor,
+               libcap2-dev [linux-any],
+               libedit-dev,
+               libevent-dev,
+               libopts25-dev,
+               libssl-dev,
+               pkg-config,
+               pps-tools [linux-any]
 Build-Conflicts: libavahi-compat-libdnssd-dev, libwww-dev, libwww-ssl-dev
 Standards-Version: 4.1.3.0
 Homepage: http://support.ntp.org/
@@ -12,8 +23,13 @@ Vcs-Git: https://salsa.debian.org/pkg-ntp-team/ntp.git
 
 Package: ntp
 Architecture: any
-Depends: adduser, lsb-base (>= 3.2-13), netbase, tzdata, ${misc:Depends}, ${shlibs:Depends}
-Recommends: ${perl:Depends}, sntp
+Depends: adduser,
+         lsb-base (>= 3.2-13),
+         netbase,
+         tzdata,
+         ${misc:Depends},
+         ${shlibs:Depends}
+Recommends: sntp, ${perl:Depends}
 Suggests: ntp-doc
 Breaks: apparmor-profiles-extra (<< 1.8)
 Replaces: apparmor-profiles-extra (<< 1.8)

debian/dfsg-mkorigtargz.sh

+#!/bin/sh
+# Used to create the dfsg .orig.tar from the upstream source
+if [ -z "$1" -o -z "$2" ]; then
+	echo "Usage: $0 UPSTREAMTARBALL UPSTREAMVERSION"
+	exit 1
+fi
+
+UPSTREAMTARBALL=$1
+UPSTREAMVERSION=$2
+
+mk-origtargz \
+	--exclude-file html/hints/solaris-dosynctodr.html \
+	--exclude-file libntp/adjtime.c \
+	--exclude-file include/adjtime.h \
+	--exclude-file include/timepps-SCO.h \
+	--exclude-file include/timepps-Solaris.h \
+	--exclude-file include/timepps-SunOS.h \
+	--exclude-file ports/winnt/libntp/messages.mc \
+	--exclude-file ports/winnt/include/hopf_PCI_io.h \
+	--exclude-file scripts/monitoring/lr.pl \
+	--exclude-file scripts/monitoring/ntp.pl \
+	--exclude-file scripts/monitoring/ntploopstat \
+	--exclude-file scripts/monitoring/ntploopwatch \
+	--exclude-file scripts/monitoring/ntptrap \
+	--exclude-file scripts/ntpver.in \
+	--exclude-file libparse/clk_wharton.c \
+	--package ntp \
+	--repack \
+	--repack-suffix +dfsg \
+	--compression xz \
+	--version $2 \
+	$1

debian/ntp.dirs

 usr/sbin
+usr/share/apport/package-hooks
 var/lib/ntp
 var/log/ntpstats
-usr/share/apport/package-hooks

debian/ntp.install

+debian/ntp-systemd-wrapper usr/lib/ntp
 debian/tmp/usr/bin/calc_tickadj
 debian/tmp/usr/bin/ntpdc
 debian/tmp/usr/bin/ntpq
@@ -7,7 +8,6 @@ debian/tmp/usr/sbin/ntp-keygen
 debian/tmp/usr/sbin/ntp-wait
 debian/tmp/usr/sbin/ntpd
 debian/tmp/usr/sbin/ntptime
-debian/tmp/usr/share/ntp/lib/NTP/Util.pm
 debian/tmp/usr/share/doc/ntp/ntp-keygen.html
 debian/tmp/usr/share/doc/ntp/ntp-wait.html
 debian/tmp/usr/share/doc/ntp/ntp.conf.html
@@ -29,4 +29,4 @@ debian/tmp/usr/share/man/man5/ntp.keys.5
 debian/tmp/usr/share/man/man8/ntp-keygen.8
 debian/tmp/usr/share/man/man8/ntp-wait.8
 debian/tmp/usr/share/man/man8/ntpd.8
-debian/ntp-systemd-wrapper usr/lib/ntp
+debian/tmp/usr/share/ntp/lib/NTP/Util.pm

debian/ntp.postinst

@@ -21,7 +21,7 @@ fi
 if [ "$1" = "configure" ]; then
 	addgroup --system --quiet ntp
 	adduser --system --quiet --ingroup ntp --no-create-home --home /nonexistent ntp
-	chown -R ntp:ntp /var/lib/ntp /var/log/ntpstats
+	chown ntp:ntp /var/lib/ntp /var/log/ntpstats
 
 	# Bug#863857, the experimental version shipped a broken systemd wrapper
 	# writing a bogus PIDFILE on the root partition

debian/ntpdate.manpages

-debian/man/ntpdate.8
 debian/man/ntpdate-debian.8
+debian/man/ntpdate.8

debian/patches/ntpd-increase-stack-size.patch

-From: Juergen Perlinger <perlinger@ntp.org>
-Subject:  increase stack size to at least 32kB
-Origin: upstream, http://bugs.ntp.org/show_bug.cgi?id=3391
-Bug: http://bugs.ntp.org/show_bug.cgi?id=3391
-Bug-Debian: https://bugs.debian.org/887385
-diff -Nru a/ntpd/ntpd.c b/ntpd/ntpd.c
---- a/ntpd/ntpd.c	2017-03-27 08:33:16.690969527 +0200
-+++ b/ntpd/ntpd.c	2017-03-27 08:33:16.690969527 +0200
-@@ -313,11 +313,16 @@
- #if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
-     defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
-     defined(PTHREAD_STACK_MIN)
--	rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
--	if (0 != rc)
--		msyslog(LOG_ERR,
--			"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
--			strerror(rc));
-+	{
-+		size_t ssmin = 32*1024;	/* 32kB should be minimum */
-+		if (ssmin < PTHREAD_STACK_MIN)
-+			ssmin = PTHREAD_STACK_MIN;
-+		rc = pthread_attr_setstacksize(&thr_attr, ssmin);
-+		if (0 != rc)
-+			msyslog(LOG_ERR,
-+				"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
-+				strerror(rc));
-+	}
- #endif
- 	rc = pthread_create(
- 		&thread, &thr_attr, my_pthread_warmup_worker, NULL);

debian/patches/openssl-disable-check.patch

@@ -4,11 +4,9 @@
 -- Steve Langasek <vorlon@debian.org>  Sun, 21 Oct 2007 00:58:07 -0700
  
 unchanged:
-Index: ntp-4.2.8p10+dfsg/libntp/ssl_init.c
-===================================================================
---- ntp-4.2.8p10+dfsg.orig/libntp/ssl_init.c
-+++ ntp-4.2.8p10+dfsg/libntp/ssl_init.c
-@@ -62,18 +62,6 @@ ssl_init(void)
+--- a/libntp/ssl_init.c
++++ b/libntp/ssl_init.c
+@@ -67,18 +67,6 @@
  void
  ssl_check_version(void)
  {

debian/patches/series

@@ -9,4 +9,4 @@ reproducible-build.patch
 sntp-sysexits.patch
 debian-locfile.patch
 sntp-kod-location.patch
-ntpd-increase-stack-size.patch
+#ntpd-increase-stack-size.patch