From 725c0c89cbafa7f3edcdf116bc683e5f31b50eb1 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 21 Dec 2015 05:35:29 -0600 Subject: [PATCH] add the rest of the rebased patches --- ...ll-in-sin_len-sin6_len-if-they-exist.patch | 53 ++++++ ...heck-if-rdomain-support-is-available.patch | 116 +++++++++++++ ...onf-to-indicate-OS-dependent-options.patch | 53 ++++++ ...ding-default-user-and-file-locations.patch | 52 ++++++ ...07-add-p-option-to-create-a-pid-file.patch | 159 ++++++++++++++++++ ...initialize-setproctitle-where-needed.patch | 58 +++++++ ...-when-constraint-support-is-disabled.patch | 68 ++++++++ ...-updating-the-realtime-clock-on-sync.patch | 33 ++++ .../0011-Deal-with-missing-SO_TIMESTAMP.patch | 69 ++++++++ 9 files changed, 661 insertions(+) create mode 100644 patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch create mode 100644 patches/0004-check-if-rdomain-support-is-available.patch create mode 100644 patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch create mode 100644 patches/0006-allow-overriding-default-user-and-file-locations.patch create mode 100644 patches/0007-add-p-option-to-create-a-pid-file.patch create mode 100644 patches/0008-initialize-setproctitle-where-needed.patch create mode 100644 patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch create mode 100644 patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch create mode 100644 patches/0011-Deal-with-missing-SO_TIMESTAMP.patch diff --git a/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch b/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch new file mode 100644 index 0000000..fa90d0b --- /dev/null +++ b/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch @@ -0,0 +1,53 @@ +From d75fce3c40a9e24d8af8a568581e1882d21eb520 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Tue, 30 Dec 2014 09:02:50 -0600 +Subject: [PATCH 03/11] conditionally fill in sin_len/sin6_len if they exist + +--- + src/usr.sbin/ntpd/config.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c +index c0a99b1..87de17a 100644 +--- a/src/usr.sbin/ntpd/config.c ++++ b/src/usr.sbin/ntpd/config.c +@@ -72,7 +72,9 @@ host_v4(const char *s) + if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) + fatal(NULL); + sa_in = (struct sockaddr_in *)&h->ss; ++#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN + sa_in->sin_len = sizeof(struct sockaddr_in); ++#endif + sa_in->sin_family = AF_INET; + sa_in->sin_addr.s_addr = ina.s_addr; + +@@ -94,7 +96,9 @@ host_v6(const char *s) + if ((h = calloc(1, sizeof(struct ntp_addr))) == NULL) + fatal(NULL); + sa_in6 = (struct sockaddr_in6 *)&h->ss; ++#ifdef SIN6_LEN + sa_in6->sin6_len = sizeof(struct sockaddr_in6); ++#endif + sa_in6->sin6_family = AF_INET6; + memcpy(&sa_in6->sin6_addr, + &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, +@@ -156,12 +160,16 @@ host_dns(const char *s, struct ntp_addr **hn) + h->ss.ss_family = res->ai_family; + if (res->ai_family == AF_INET) { + sa_in = (struct sockaddr_in *)&h->ss; ++#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN + sa_in->sin_len = sizeof(struct sockaddr_in); ++#endif + sa_in->sin_addr.s_addr = ((struct sockaddr_in *) + res->ai_addr)->sin_addr.s_addr; + } else { + sa_in6 = (struct sockaddr_in6 *)&h->ss; ++#ifdef SIN6_LEN + sa_in6->sin6_len = sizeof(struct sockaddr_in6); ++#endif + memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *) + res->ai_addr)->sin6_addr, sizeof(struct in6_addr)); + } +-- +2.6.4 + diff --git a/patches/0004-check-if-rdomain-support-is-available.patch b/patches/0004-check-if-rdomain-support-is-available.patch new file mode 100644 index 0000000..0a3e358 --- /dev/null +++ b/patches/0004-check-if-rdomain-support-is-available.patch @@ -0,0 +1,116 @@ +From 222700a524b3466607b84c9a896aa8278c4d1aa9 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Tue, 30 Dec 2014 09:05:46 -0600 +Subject: [PATCH 04/11] check if rdomain support is available. + +Handle FreeBSD's calling rdomain 'FIB'. + - from naddy@openbsd.org +--- + src/usr.sbin/ntpd/ntpd.h | 6 ++++++ + src/usr.sbin/ntpd/parse.y | 2 ++ + src/usr.sbin/ntpd/server.c | 15 ++++++++++++++- + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h +index c93ca20..b007da3 100644 +--- a/src/usr.sbin/ntpd/ntpd.h ++++ b/src/usr.sbin/ntpd/ntpd.h +@@ -40,6 +40,12 @@ + #define DRIFTFILE "/var/db/ntpd.drift" + #define CTLSOCKET "/var/run/ntpd.sock" + ++#if defined(SO_SETFIB) ++#define SO_RTABLE SO_SETFIB ++#define SIOCGIFRDOMAIN SIOCGIFFIB ++#define ifr_rdomainid ifr_fib ++#endif ++ + #define INTERVAL_QUERY_NORMAL 30 /* sync to peers every n secs */ + #define INTERVAL_QUERY_PATHETIC 60 + #define INTERVAL_QUERY_AGGRESSIVE 5 +diff --git a/src/usr.sbin/ntpd/parse.y b/src/usr.sbin/ntpd/parse.y +index 6d50795..33fe13d 100644 +--- a/src/usr.sbin/ntpd/parse.y ++++ b/src/usr.sbin/ntpd/parse.y +@@ -404,11 +404,13 @@ weight : WEIGHT NUMBER { + opts.weight = $2; + } + rtable : RTABLE NUMBER { ++#ifdef RT_TABLEID_MAX + if ($2 < 0 || $2 > RT_TABLEID_MAX) { + yyerror("rtable must be between 1" + " and RT_TABLEID_MAX"); + YYERROR; + } ++#endif + opts.rtable = $2; + } + ; +diff --git a/src/usr.sbin/ntpd/server.c b/src/usr.sbin/ntpd/server.c +index fb297d7..2e28b9b 100644 +--- a/src/usr.sbin/ntpd/server.c ++++ b/src/usr.sbin/ntpd/server.c +@@ -35,11 +35,16 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) + struct listen_addr *la, *nla, *lap; + struct ifaddrs *ifa, *ifap; + struct sockaddr *sa; ++#ifdef SO_RTABLE + struct if_data *ifd; ++#endif + u_int8_t *a6; + size_t sa6len = sizeof(struct in6_addr); + u_int new_cnt = 0; +- int tos = IPTOS_LOWDELAY, rdomain = 0; ++ int tos = IPTOS_LOWDELAY; ++#ifdef SO_RTABLE ++ int rdomain = 0; ++#endif + + TAILQ_FOREACH(lap, &lconf->listen_addrs, entry) { + switch (lap->sa.ss_family) { +@@ -51,15 +56,19 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) + sa = ifap->ifa_addr; + if (sa == NULL || SA_LEN(sa) == 0) + continue; ++#ifdef SO_RTABLE + if (sa->sa_family == AF_LINK) { + ifd = ifap->ifa_data; + rdomain = ifd->ifi_rdomain; + } ++#endif + if (sa->sa_family != AF_INET && + sa->sa_family != AF_INET6) + continue; ++#ifdef SO_RTABLE + if (lap->rtable != -1 && rdomain != lap->rtable) + continue; ++#endif + + if (sa->sa_family == AF_INET && + ((struct sockaddr_in *)sa)->sin_addr.s_addr == +@@ -78,7 +87,9 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) + fatal("setup_listeners calloc"); + + memcpy(&la->sa, sa, SA_LEN(sa)); ++#ifdef SO_RTABLE + la->rtable = rdomain; ++#endif + + TAILQ_INSERT_TAIL(&lconf->listen_addrs, la, entry); + } +@@ -123,10 +134,12 @@ setup_listeners(struct servent *se, struct ntpd_conf *lconf, u_int *cnt) + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) + log_warn("setsockopt IPTOS_LOWDELAY"); + ++#ifdef SO_RTABLE + if (la->rtable != -1 && + setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable, + sizeof(la->rtable)) == -1) + fatal("setup_listeners setsockopt SO_RTABLE"); ++#endif + + if (bind(la->fd, (struct sockaddr *)&la->sa, + SA_LEN((struct sockaddr *)&la->sa)) == -1) { +-- +2.6.4 + diff --git a/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch b/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch new file mode 100644 index 0000000..afa08e3 --- /dev/null +++ b/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch @@ -0,0 +1,53 @@ +From f1e8552352638f4214768df629e9020507e4af05 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Tue, 30 Dec 2014 09:20:03 -0600 +Subject: [PATCH 05/11] update ntpd.conf to indicate OS-dependent options + +Also, clarify listening behavior based on a patch from +Dererk +Debian bug ID: 575705 +--- + src/usr.sbin/ntpd/ntpd.conf.5 | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 +index af11a7e..87f94e8 100644 +--- a/src/usr.sbin/ntpd/ntpd.conf.5 ++++ b/src/usr.sbin/ntpd/ntpd.conf.5 +@@ -38,9 +38,14 @@ The basic configuration options are as follows: + .It Xo Ic listen on Ar address + .Op Ic rtable Ar table-id + .Xc ++.Xr ntpd 8 ++has the ability to sync the local clock to remote NTP servers and, if ++this directive is specified, can act as NTP server itself, redistributing the ++local clock. ++.Pp + Specify a local IP address or a hostname the + .Xr ntpd 8 +-daemon should listen on. ++daemon should listen on to enable remote clients synchronization. + If it appears multiple times, + .Xr ntpd 8 + will listen on each given address. +@@ -53,7 +58,7 @@ will listen on all local addresses using the specified routing table. + does not listen on any address by default. + The optional + .Ic rtable +-keyword will specify which routing table to listen on. ++keyword will specify which routing table to listen on, if the operating system supports rdomains. + By default + .Xr ntpd 8 + will listen using the current routing table. +@@ -76,7 +81,7 @@ listen on 127.0.0.1 rtable 4 + .Xc + Specify a timedelta sensor device + .Xr ntpd 8 +-should use. ++should use, if the operating system supports sensors. + The sensor can be specified multiple times: + .Xr ntpd 8 + will use each given sensor that actually exists. +-- +2.6.4 + diff --git a/patches/0006-allow-overriding-default-user-and-file-locations.patch b/patches/0006-allow-overriding-default-user-and-file-locations.patch new file mode 100644 index 0000000..6e66021 --- /dev/null +++ b/patches/0006-allow-overriding-default-user-and-file-locations.patch @@ -0,0 +1,52 @@ +From fdb958c8a66e32287aa5292200d0777f9f96784a Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Thu, 1 Jan 2015 07:18:11 -0600 +Subject: [PATCH 06/11] allow overriding default user and file locations + +Allow the build process to override the default ntpd file paths and +default user. +--- + src/usr.sbin/ntpd/ntpd.h | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h +index b007da3..7e739c4 100644 +--- a/src/usr.sbin/ntpd/ntpd.h ++++ b/src/usr.sbin/ntpd/ntpd.h +@@ -35,10 +35,20 @@ + + #define MAXIMUM(a, b) ((a) > (b) ? (a) : (b)) + ++#ifndef NTPD_USER + #define NTPD_USER "_ntp" +-#define CONFFILE "/etc/ntpd.conf" +-#define DRIFTFILE "/var/db/ntpd.drift" +-#define CTLSOCKET "/var/run/ntpd.sock" ++#endif ++ ++#ifndef SYSCONFDIR ++#define SYSCONFDIR "/etc" ++#endif ++#define CONFFILE SYSCONFDIR "/ntpd.conf" ++ ++#ifndef LOCALSTATEDIR ++#define LOCALSTATEDIR "/var" ++#endif ++#define DRIFTFILE LOCALSTATEDIR "/db/ntpd.drift" ++#define CTLSOCKET LOCALSTATEDIR "/run/ntpd.sock" + + #if defined(SO_SETFIB) + #define SO_RTABLE SO_SETFIB +@@ -86,7 +96,9 @@ + #define CONSTRAINT_PORT "443" /* HTTPS port */ + #define CONSTRAINT_MAXHEADERLENGTH 8192 + #define CONSTRAINT_PASSFD (STDERR_FILENO + 1) ++#ifndef CONSTRAINT_CA + #define CONSTRAINT_CA "/etc/ssl/cert.pem" ++#endif + + enum client_state { + STATE_NONE, +-- +2.6.4 + diff --git a/patches/0007-add-p-option-to-create-a-pid-file.patch b/patches/0007-add-p-option-to-create-a-pid-file.patch new file mode 100644 index 0000000..6bf655e --- /dev/null +++ b/patches/0007-add-p-option-to-create-a-pid-file.patch @@ -0,0 +1,159 @@ +From b4f723b7fd4c3a56f8b0e08da5998fa31bac5673 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Wed, 31 Dec 2014 08:26:41 -0600 +Subject: [PATCH 07/11] add -p option to create a pid file + +This is used in both the Gentoo and Debian ports. + +Origin: https://bugs.gentoo.org/show_bug.cgi?id=493082 +--- + src/usr.sbin/ntpd/ntpd.8 | 4 ++++ + src/usr.sbin/ntpd/ntpd.c | 35 +++++++++++++++++++++++++++++------ + src/usr.sbin/ntpd/ntpd.h | 1 + + 3 files changed, 34 insertions(+), 6 deletions(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.8 b/src/usr.sbin/ntpd/ntpd.8 +index dcfb6d2..1b885a1 100644 +--- a/src/usr.sbin/ntpd/ntpd.8 ++++ b/src/usr.sbin/ntpd/ntpd.8 +@@ -25,6 +25,7 @@ + .Bk -words + .Op Fl dnSsv + .Op Fl f Ar file ++.Op Fl p Ar file + .Ek + .Sh DESCRIPTION + The +@@ -59,6 +60,9 @@ instead of the default + .It Fl n + Configtest mode. + Only check the configuration file for validity. ++.It Fl p Ar file ++Write pid to ++.Ar file + .It Fl S + Do not set the time immediately at startup. + This is the default. +diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c +index 0f43b1f..e31db98 100644 +--- a/src/usr.sbin/ntpd/ntpd.c ++++ b/src/usr.sbin/ntpd/ntpd.c +@@ -87,6 +87,18 @@ sighdlr(int sig) + } + } + ++void ++writepid(struct ntpd_conf *lconf) ++{ ++ if (lconf->pid_file != NULL) { ++ FILE *f = fopen(lconf->pid_file, "w"); ++ if (f == NULL) ++ fatal("couldn't open pid file"); ++ fprintf(f, "%ld\n", (long) getpid()); ++ fclose(f); ++ } ++} ++ + __dead void + usage(void) + { +@@ -96,7 +108,7 @@ usage(void) + fprintf(stderr, + "usage: ntpctl -s all | peers | Sensors | status\n"); + else +- fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n", ++ fprintf(stderr, "usage: %s [-dnSsv] [-f file] [-p file]\n", + __progname); + exit(1); + } +@@ -134,7 +146,7 @@ main(int argc, char *argv[]) + + log_init(1, LOG_DAEMON); /* log to stderr until daemonized */ + +- while ((ch = getopt(argc, argv, "df:nsSv")) != -1) { ++ while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { + switch (ch) { + case 'd': + lconf.debug = 1; +@@ -146,6 +158,9 @@ main(int argc, char *argv[]) + case 'n': + lconf.noaction = 1; + break; ++ case 'p': ++ lconf.pid_file = optarg; ++ break; + case 's': + lconf.settime = 1; + break; +@@ -190,9 +205,11 @@ main(int argc, char *argv[]) + reset_adjtime(); + if (!lconf.settime) { + log_init(lconf.debug, LOG_DAEMON); +- if (!lconf.debug) ++ if (!lconf.debug) { + if (daemon(1, 0)) + fatal("daemon"); ++ writepid(&lconf); ++ } + } else + timeout = SETTIME_TIMEOUT * 1000; + +@@ -271,9 +288,11 @@ main(int argc, char *argv[]) + log_init(lconf.debug, LOG_DAEMON); + log_warnx("no reply received in time, skipping initial " + "time setting"); +- if (!lconf.debug) ++ if (!lconf.debug) { + if (daemon(1, 0)) + fatal("daemon"); ++ writepid(&lconf); ++ } + } + + if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT)) +@@ -316,6 +335,8 @@ main(int argc, char *argv[]) + msgbuf_clear(&ibuf->w); + free(ibuf); + log_info("Terminating"); ++ if (lconf.pid_file != NULL) ++ unlink(lconf.pid_file); + return (0); + } + +@@ -398,9 +419,11 @@ dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir, + memcpy(&d, imsg.data, sizeof(d)); + ntpd_settime(d); + /* daemonize now */ +- if (!lconf->debug) ++ if (!lconf->debug) { + if (daemon(1, 0)) + fatal("daemon"); ++ writepid(lconf); ++ } + lconf->settime = 0; + timeout = INFTIM; + break; +@@ -528,7 +551,7 @@ readfreq(void) + freqfp = fopen(DRIFTFILE, "w"); + return; + } +- ++ + freqfp = fdopen(fd, "r+"); + + /* if we're adjusting frequency already, don't override */ +diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h +index 7e739c4..864d4c4 100644 +--- a/src/usr.sbin/ntpd/ntpd.h ++++ b/src/usr.sbin/ntpd/ntpd.h +@@ -241,6 +241,7 @@ struct ntpd_conf { + u_int constraint_errors; + u_int8_t *ca; + size_t ca_len; ++ char *pid_file; + }; + + struct ctl_show_status { +-- +2.6.4 + diff --git a/patches/0008-initialize-setproctitle-where-needed.patch b/patches/0008-initialize-setproctitle-where-needed.patch new file mode 100644 index 0000000..fde26be --- /dev/null +++ b/patches/0008-initialize-setproctitle-where-needed.patch @@ -0,0 +1,58 @@ +From f86daab4bb1d41bcdcbdaeb6370c500962a09675 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Mon, 12 Jan 2015 06:18:31 -0600 +Subject: [PATCH 08/11] initialize setproctitle where needed + +We need to save a copy of argv and __progname to avoid setproctitle +clobbering them. +--- + src/usr.sbin/ntpd/ntpd.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c +index e31db98..19720b3 100644 +--- a/src/usr.sbin/ntpd/ntpd.c ++++ b/src/usr.sbin/ntpd/ntpd.c +@@ -117,6 +117,13 @@ usage(void) + #define PFD_PIPE 0 + #define PFD_MAX 1 + ++/* Saves a copy of argv for setproctitle emulation */ ++#ifndef HAVE_SETPROCTITLE ++static char **saved_argv; ++#endif ++ ++char *get_progname(char *argv0); ++ + int + main(int argc, char *argv[]) + { +@@ -135,6 +142,8 @@ main(int argc, char *argv[]) + gid_t pw_gid; + void *newp; + ++ __progname = get_progname(argv[0]); ++ + if (strcmp(__progname, "ntpctl") == 0) { + ctl_main(argc, argv); + /* NOTREACHED */ +@@ -146,6 +155,16 @@ main(int argc, char *argv[]) + + log_init(1, LOG_DAEMON); /* log to stderr until daemonized */ + ++#ifndef HAVE_SETPROCTITLE ++ /* Prepare for later setproctitle emulation */ ++ saved_argv = calloc(argc + 1, sizeof(*saved_argv)); ++ for (i = 0; i < argc; i++) ++ saved_argv[i] = strdup(argv[i]); ++ saved_argv[i] = NULL; ++ compat_init_setproctitle(argc, argv); ++ argv = saved_argv; ++#endif ++ + while ((ch = getopt(argc, argv, "df:np:sSv")) != -1) { + switch (ch) { + case 'd': +-- +2.6.4 + diff --git a/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch new file mode 100644 index 0000000..bd874ef --- /dev/null +++ b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch @@ -0,0 +1,68 @@ +From 93555bfc44a0eb2039f625ab6a5badde63fa5215 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Fri, 27 Mar 2015 23:14:15 -0500 +Subject: [PATCH 09/11] Notify the user when constraint support is disabled. + +Update the manpage and make a constraint line a fatal error if it is +configured but ntpd is built without libtls present. +From Paul B. Henson. +--- + src/usr.sbin/ntpd/config.c | 3 +++ + src/usr.sbin/ntpd/constraint.c | 2 ++ + src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++-- + 3 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c +index 87de17a..5a75030 100644 +--- a/src/usr.sbin/ntpd/config.c ++++ b/src/usr.sbin/ntpd/config.c +@@ -219,6 +219,9 @@ new_constraint(void) + p->id = ++constraint_maxid; + p->fd = -1; + ++#ifndef HAVE_LIBTLS ++ fatal("constraint configured without libtls support"); ++#endif + return (p); + } + +diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c +index 84d21a9..97f0cd5 100644 +--- a/src/usr.sbin/ntpd/constraint.c ++++ b/src/usr.sbin/ntpd/constraint.c +@@ -289,12 +289,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am, + if (setpriority(PRIO_PROCESS, 0, 0) == -1) + log_warn("could not set priority"); + ++#ifdef HAVE_LIBTLS + /* Init TLS and load cert before chroot() */ + if (tls_init() == -1) + fatalx("tls_init"); + if ((conf->ca = tls_load_file(CONSTRAINT_CA, + &conf->ca_len, NULL)) == NULL) + log_warnx("constraint certificate verification turned off"); ++#endif + + if (chroot(pw_dir) == -1) + fatal("chroot"); +diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 +index 87f94e8..7f729d2 100644 +--- a/src/usr.sbin/ntpd/ntpd.conf.5 ++++ b/src/usr.sbin/ntpd/ntpd.conf.5 +@@ -185,8 +185,11 @@ authenticated constraint, + thereby reducing the impact of unauthenticated NTP + man-in-the-middle attacks. + Received NTP packets with time information falling outside of a range +-near the constraint will be discarded and such NTP servers +-will be marked as invalid. ++near the constraint will be discarded and such NTP servers will be marked as ++invalid. Contraints are only available if ++.Xr ntpd 8 ++has been compiled with libtls support. Configuring a constraint without libtls ++support will result in a fatal error. + .Bl -tag -width Ds + .It Ic constraint from Ar url + Specify the URL, IP address or the hostname of an HTTPS server to +-- +2.6.4 + diff --git a/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch new file mode 100644 index 0000000..6668717 --- /dev/null +++ b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch @@ -0,0 +1,33 @@ +From 340f04a6e14b05803e376c22b0c9170407b6b77d Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Mon, 4 May 2015 04:27:29 -0500 +Subject: [PATCH 10/11] add a method for updating the realtime clock on sync + +from Christian Weisgerber +--- + src/usr.sbin/ntpd/ntpd.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c +index 19720b3..d7281c1 100644 +--- a/src/usr.sbin/ntpd/ntpd.c ++++ b/src/usr.sbin/ntpd/ntpd.c +@@ -55,6 +55,7 @@ const char *ctl_lookup_option(char *, const char **); + void show_status_msg(struct imsg *); + void show_peer_msg(struct imsg *, int); + void show_sensor_msg(struct imsg *, int); ++void update_time_sync_status(int); + + volatile sig_atomic_t quit = 0; + volatile sig_atomic_t reconfig = 0; +@@ -488,6 +489,7 @@ ntpd_adjtime(double d) + else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0) + synced = 1; + firstadj = 0; ++ update_time_sync_status(synced); + return (synced); + } + +-- +2.6.4 + diff --git a/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch new file mode 100644 index 0000000..2f25b2e --- /dev/null +++ b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch @@ -0,0 +1,69 @@ +From 93d09a37b9a3eb129c2d61db505082ca23ca12f1 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Sun, 6 Dec 2015 22:35:38 -0600 +Subject: [PATCH 11/11] Deal with missing SO_TIMESTAMP + +from Paul B. Henson" + +Fall back to the previous client.c implementation when it is not found. +--- + src/usr.sbin/ntpd/client.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c +index 7ce3b38..edca87c 100644 +--- a/src/usr.sbin/ntpd/client.c ++++ b/src/usr.sbin/ntpd/client.c +@@ -163,10 +163,12 @@ client_query(struct ntp_peer *p) + if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd, + IPPROTO_IP, IP_TOS, &val, sizeof(val)) == -1) + log_warn("setsockopt IPTOS_LOWDELAY"); ++#ifdef SO_TIMESTAMP + val = 1; + if (setsockopt(p->query->fd, SOL_SOCKET, SO_TIMESTAMP, + &val, sizeof(val)) == -1) + fatal("setsockopt SO_TIMESTAMP"); ++#endif + } + + /* +@@ -213,7 +215,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(tv))]; + } cmsgbuf; ++#ifdef SO_TIMESTAMP + struct cmsghdr *cmsg; ++#endif + ssize_t size; + double T1, T2, T3, T4; + time_t interval; +@@ -226,7 +230,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) + somsg.msg_control = cmsgbuf.buf; + somsg.msg_controllen = sizeof(cmsgbuf.buf); + +- T4 = getoffset(); + if ((size = recvmsg(p->query->fd, &somsg, 0)) == -1) { + if (errno == EHOSTUNREACH || errno == EHOSTDOWN || + errno == ENETUNREACH || errno == ENETDOWN || +@@ -251,6 +254,8 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) + return (0); + } + ++#ifdef SO_TIMESTAMP ++ T4 = getoffset(); + for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL; + cmsg = CMSG_NXTHDR(&somsg, cmsg)) { + if (cmsg->cmsg_level == SOL_SOCKET && +@@ -260,6 +265,9 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) + break; + } + } ++#else ++ T4 = gettime_corrected(); ++#endif + + if (T4 < JAN_1970) { + client_log_error(p, "recvmsg control format", EBADF); +-- +2.6.4 +