ok deraadt@

while here i've reformatted the page to stop kidding that -s is 4 options;
original issue kind of spotted by adam thompson, though note i am not fixing the
issue he complained about (i'll address that mail in a minute);

ok reyk@

tls_config_insecure_noverifyname(), so that it is more accurate and keeps
inline with the distinction between DNS hostname and server name.
Requested by tedu@ during s2k15.

that order, tls, crypto, ssl.

ok reyk

Reported by Stefan Wollny.

Fixes segfault on configuration load time, as reported by Donovan Watteau.

allows to get constraint addresses even if network/DNS is not
available at startup (or system boot).
thumbs up & OK henning@

ntp_dns some years ago).
OK henning@

OK deraadt@

no need to request it ever again.  The only exception is the
escalation of failed constraint checks that might lead into
re-requesting the constraint time from all servers.  Adjust the states
accordingly.
OK henning@

OK henning@ deraadt@

the functionality.
Requested by henning@
OK beck@ deraadt@

time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses.  This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present.  This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@

ok phessler@ deraadt@

ok deraadt@

OK henning@

If the network is unreachable when ntpd starts and host_dns fails, be sure
that we still close the HOST_DNS imsg.
Thanks to Paul de Weerd <weerd at weirdnet dot nl> for reporting this.
ok beck@

This simplifies things and make action = -1 no longer a dead store.
Also, spell FALLTHROUGH consistently.
reported by fritjof@alokat.org

reported by Jonas 'Sortie' Termansen

daemon.
Old drift files will be interpreted as a minuscule adjustment and
ntpd will proceed to rediscover the drift, like starting from zero
on a newly installed machine.
ok deraadt@

from Paul B. Henson, ok phessler@

- Nothing seems to free the result of host_dns(), so add host_dns_free() and
call after each query.
- If imsg_add() fails, it frees buf. Avoid subsequently dereferencing the
freed buf in imsg_close().
ok millert@ deraadt@

ok tedu@ deraadt@

generations don't try to change any of the values and break the code.
ok deraadt

unbreak config file address parsing

Match what parse.y expects it to return.
ok millert@

peanuts -- but all work has to start somewhere.

I mirrored from smtpd a little too literally.

Reduces the number of log.c snowflakes by a little, and gives ntpd a
variadic fatal() function to be used later.
ok deraadt@

ok deraadt@

suggested by deraadt@ re: more general MIN/MAX cleanups

This avoids a namespace conflict with Solaris build environments.
discussed with deraadt@ and kettenis@

Switch to local definitions where MAX is needed.
discussed with deraadt@

Nothing is done with the return value from ntp_dns, and it already calls
fatal() on failure.
ok deraadt@

ok deraadt@ phessler@

ok jsing@ phessler@ naddy@

Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@

No yyerror() calls needed to be changed.
ok bluhm@

format string, create a temporary message.
OK claudio@

ok millert@

for free, FREE, FREEEEE
ok doug

found while building portable OpenNTPD
ok henning@

probably more 32-bit platforms).
Problem noticed by tobiasu@; ok tobiasu@ dtucker@ sthen@ benno@

as noticed by Arto Jonsson <ajonsson at kapsi dot fi>.
While here, give the full author names, which costs no additional work
because i had to cross-check against the original documents anyway.