From 78b3e58cfbebf03fa6ae2b8f82a9ef395ac1ee0d Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 8 Jun 2020 06:57:52 -0500 Subject: [PATCH] update patches --- ...records-on-IPv4-networks-more-libera.patch | 2 +- ...EAI_NODATA-does-not-exist-everywhere.patch | 2 +- ...ll-in-sin_len-sin6_len-if-they-exist.patch | 2 +- ...heck-if-rdomain-support-is-available.patch | 2 +- ...onf-to-indicate-OS-dependent-options.patch | 2 +- ...ding-default-user-and-file-locations.patch | 2 +- ...07-add-p-option-to-create-a-pid-file.patch | 2 +- ...initialize-setproctitle-where-needed.patch | 2 +- ...-when-constraint-support-is-disabled.patch | 2 +- ...-updating-the-realtime-clock-on-sync.patch | 2 +- .../0011-Deal-with-missing-SO_TIMESTAMP.patch | 2 +- ...012-check-result-of-ftello-ftruncate.patch | 2 +- ...if-we-are-binding-to-an-IPv6-address.patch | 2 +- ...r-adjtime-check-return-value-and-adj.patch | 2 +- ...se-buffer-sizes-potential-truncation.patch | 2 +- ...if-Checking-Disable-flag-is-not-avai.patch | 70 +++++++++++++++++++ ...handle-KERN_SECURELVL-when-available.patch | 43 ++++++++++++ patches/0018-initialize-deadline.patch | 25 +++++++ 18 files changed, 153 insertions(+), 15 deletions(-) create mode 100644 patches/0016-Don-t-retry-DNS-if-Checking-Disable-flag-is-not-avai.patch create mode 100644 patches/0017-handle-KERN_SECURELVL-when-available.patch create mode 100644 patches/0018-initialize-deadline.patch diff --git a/patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch b/patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch index 6c5a5bf..80571f1 100644 --- a/patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch +++ b/patches/0001-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch @@ -1,7 +1,7 @@ From d6a269d214fbb8de854f8b5e7292d5c1fad5f424 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:10:22 -0600 -Subject: [PATCH 01/15] Handle IPv6 DNS records on IPv4 networks more liberally +Subject: [PATCH 01/18] Handle IPv6 DNS records on IPv4 networks more liberally Rather than fail on IPv4 only networks when seeing an IPv6 DNS record, just give a warning. diff --git a/patches/0002-EAI_NODATA-does-not-exist-everywhere.patch b/patches/0002-EAI_NODATA-does-not-exist-everywhere.patch index 0fc3f60..c4a7a40 100644 --- a/patches/0002-EAI_NODATA-does-not-exist-everywhere.patch +++ b/patches/0002-EAI_NODATA-does-not-exist-everywhere.patch @@ -1,7 +1,7 @@ From ccda13569b027cdcc391a6efa83e03793291bf25 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:04:08 -0600 -Subject: [PATCH 02/15] EAI_NODATA does not exist everywhere +Subject: [PATCH 02/18] EAI_NODATA does not exist everywhere FreeBSD says it is deprecated #ifdef's it out. diff --git a/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch b/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch index a2b0e31..3eae6ba 100644 --- a/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch +++ b/patches/0003-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch @@ -1,7 +1,7 @@ From 30d5fa3841facc188d5332d385069cce394b4dcd Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:02:50 -0600 -Subject: [PATCH 03/15] conditionally fill in sin_len/sin6_len if they exist +Subject: [PATCH 03/18] conditionally fill in sin_len/sin6_len if they exist --- src/usr.sbin/ntpd/parse.y | 8 +++++--- diff --git a/patches/0004-check-if-rdomain-support-is-available.patch b/patches/0004-check-if-rdomain-support-is-available.patch index 853706e..74ffb83 100644 --- a/patches/0004-check-if-rdomain-support-is-available.patch +++ b/patches/0004-check-if-rdomain-support-is-available.patch @@ -1,7 +1,7 @@ From b83879413dbdc63ed6745f722ca59cf5942a149f Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:05:46 -0600 -Subject: [PATCH 04/15] check if rdomain support is available. +Subject: [PATCH 04/18] check if rdomain support is available. Handle FreeBSD's calling rdomain 'FIB'. - from naddy@openbsd.org diff --git a/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch b/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch index 90dc918..6e11693 100644 --- a/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch +++ b/patches/0005-update-ntpd.conf-to-indicate-OS-dependent-options.patch @@ -1,7 +1,7 @@ From 52eebc084d17e17870e69937c5c2704126e15384 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:20:03 -0600 -Subject: [PATCH 05/15] update ntpd.conf to indicate OS-dependent options +Subject: [PATCH 05/18] update ntpd.conf to indicate OS-dependent options Also, clarify listening behavior based on a patch from Dererk diff --git a/patches/0006-allow-overriding-default-user-and-file-locations.patch b/patches/0006-allow-overriding-default-user-and-file-locations.patch index ea75a0c..3b0d60f 100644 --- a/patches/0006-allow-overriding-default-user-and-file-locations.patch +++ b/patches/0006-allow-overriding-default-user-and-file-locations.patch @@ -1,7 +1,7 @@ From 2359f4e6bc17e2924739cf4af4e21335ddd8508a Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 07:18:11 -0600 -Subject: [PATCH 06/15] allow overriding default user and file locations +Subject: [PATCH 06/18] allow overriding default user and file locations Allow the build process to override the default ntpd file paths and default user. diff --git a/patches/0007-add-p-option-to-create-a-pid-file.patch b/patches/0007-add-p-option-to-create-a-pid-file.patch index 439d9c3..08c9436 100644 --- a/patches/0007-add-p-option-to-create-a-pid-file.patch +++ b/patches/0007-add-p-option-to-create-a-pid-file.patch @@ -1,7 +1,7 @@ From 3275b87581b58ea6ee9d5a774afaad9314c73be0 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 31 Dec 2014 08:26:41 -0600 -Subject: [PATCH 07/15] add -p option to create a pid file +Subject: [PATCH 07/18] add -p option to create a pid file This is used in both the Gentoo and Debian ports. diff --git a/patches/0008-initialize-setproctitle-where-needed.patch b/patches/0008-initialize-setproctitle-where-needed.patch index 024d114..42e0bf6 100644 --- a/patches/0008-initialize-setproctitle-where-needed.patch +++ b/patches/0008-initialize-setproctitle-where-needed.patch @@ -1,7 +1,7 @@ From 34fcb744944e651e0b26b019a3e69cbbc181a1ad Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 12 Jan 2015 06:18:31 -0600 -Subject: [PATCH 08/15] initialize setproctitle where needed +Subject: [PATCH 08/18] initialize setproctitle where needed We need to save a copy of argv and __progname to avoid setproctitle clobbering them. diff --git a/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch index 8b7aea4..496edc6 100644 --- a/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch +++ b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch @@ -1,7 +1,7 @@ From 8e59facf2906e02c93eb63c69342b622836ea384 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Fri, 27 Mar 2015 23:14:15 -0500 -Subject: [PATCH 09/15] Notify the user when constraint support is disabled. +Subject: [PATCH 09/18] Notify the user when constraint support is disabled. Update the manpage and warn if constraints are configured but ntpd is built without libtls present. diff --git a/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch index 23ab6a5..e22e26b 100644 --- a/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch +++ b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch @@ -1,7 +1,7 @@ From fe9855dbbb553d5eccd40d24a7a356c017722f00 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 4 May 2015 04:27:29 -0500 -Subject: [PATCH 10/15] add a method for updating the realtime clock on sync +Subject: [PATCH 10/18] add a method for updating the realtime clock on sync from Christian Weisgerber --- diff --git a/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch index d0114a0..aa051b7 100644 --- a/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch +++ b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch @@ -1,7 +1,7 @@ From d32c974b39575f6c61273459f943eddbdf49169a Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sun, 6 Dec 2015 22:35:38 -0600 -Subject: [PATCH 11/15] Deal with missing SO_TIMESTAMP +Subject: [PATCH 11/18] Deal with missing SO_TIMESTAMP from Paul B. Henson" diff --git a/patches/0012-check-result-of-ftello-ftruncate.patch b/patches/0012-check-result-of-ftello-ftruncate.patch index e662b56..1e588d5 100644 --- a/patches/0012-check-result-of-ftello-ftruncate.patch +++ b/patches/0012-check-result-of-ftello-ftruncate.patch @@ -1,7 +1,7 @@ From e75f69a1c7c6000b7a0b51ba4d00455013db80b6 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 21 Dec 2015 05:53:20 -0600 -Subject: [PATCH 12/15] check result of ftello/ftruncate +Subject: [PATCH 12/18] check result of ftello/ftruncate --- src/usr.sbin/ntpd/ntpd.c | 7 +++++-- diff --git a/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch b/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch index f0d8517..a8ca7ec 100644 --- a/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch +++ b/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch @@ -1,7 +1,7 @@ From ba37da3170bc54b8bff0a341229d8dd20034f18e Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 13 Aug 2016 14:22:02 -0500 -Subject: [PATCH 13/15] set IPV6_V6ONLY if we are binding to an IPv6 address +Subject: [PATCH 13/18] set IPV6_V6ONLY if we are binding to an IPv6 address --- src/usr.sbin/ntpd/server.c | 9 +++++++++ diff --git a/patches/0014-use-adjtimex-over-adjtime-check-return-value-and-adj.patch b/patches/0014-use-adjtimex-over-adjtime-check-return-value-and-adj.patch index 14f68a5..366877b 100644 --- a/patches/0014-use-adjtimex-over-adjtime-check-return-value-and-adj.patch +++ b/patches/0014-use-adjtimex-over-adjtime-check-return-value-and-adj.patch @@ -1,7 +1,7 @@ From 9c40c5ecbbc4682a5f931a0723754a8340160860 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 19 Jan 2019 04:25:44 -0600 -Subject: [PATCH 14/15] use adjtimex over adjtime, check return value and +Subject: [PATCH 14/18] use adjtimex over adjtime, check return value and adjust offset as needed --- diff --git a/patches/0015-increase-buffer-sizes-potential-truncation.patch b/patches/0015-increase-buffer-sizes-potential-truncation.patch index 5ba1978..10d54bf 100644 --- a/patches/0015-increase-buffer-sizes-potential-truncation.patch +++ b/patches/0015-increase-buffer-sizes-potential-truncation.patch @@ -1,7 +1,7 @@ From 2b3abb5914e6ee355a7eb42e99acbbecf50ed252 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 13 Apr 2019 04:45:22 -0500 -Subject: [PATCH 15/15] increase buffer sizes potential truncation +Subject: [PATCH 15/18] increase buffer sizes potential truncation --- src/usr.sbin/ntpd/ntpd.c | 2 +- diff --git a/patches/0016-Don-t-retry-DNS-if-Checking-Disable-flag-is-not-avai.patch b/patches/0016-Don-t-retry-DNS-if-Checking-Disable-flag-is-not-avai.patch new file mode 100644 index 0000000..3dd5f08 --- /dev/null +++ b/patches/0016-Don-t-retry-DNS-if-Checking-Disable-flag-is-not-avai.patch @@ -0,0 +1,70 @@ +From ea1afcebbc2e1a87dddee231b48da5a891461ff9 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Mon, 8 Jun 2020 06:53:10 -0500 +Subject: [PATCH 16/18] Don't retry DNS if Checking Disable flag is not + available. + +--- + src/usr.sbin/ntpd/config.c | 4 +++- + src/usr.sbin/ntpd/ntp_dns.c | 8 +++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c +index 856c3147cc..fc9df84bc4 100644 +--- a/src/usr.sbin/ntpd/config.c ++++ b/src/usr.sbin/ntpd/config.c +@@ -138,9 +138,10 @@ int + host_dns(const char *s, int synced, struct ntp_addr **hn) + { + int error, save_opts; +- ++ + log_debug("trying to resolve %s", s); + error = host_dns1(s, hn, 0); ++#ifdef RES_USE_CD + if (!synced && error <= 0) { + log_debug("no luck, trying to resolve %s without checking", s); + save_opts = _res.options; +@@ -148,6 +149,7 @@ host_dns(const char *s, int synced, struct ntp_addr **hn) + error = host_dns1(s, hn, 1); + _res.options = save_opts; + } ++#endif + log_debug("resolve %s done: %d", s, error); + return error; + } +diff --git a/src/usr.sbin/ntpd/ntp_dns.c b/src/usr.sbin/ntpd/ntp_dns.c +index 439e7ab8a9..e74a8abe4d 100644 +--- a/src/usr.sbin/ntpd/ntp_dns.c ++++ b/src/usr.sbin/ntpd/ntp_dns.c +@@ -226,14 +226,16 @@ probe_root_ns(void) + old_options = _res.options; + _res.retrans = 1; + _res.retry = 1; ++#ifdef RES_USE_CD + _res.options |= RES_USE_CD; +- ++#endif ++ + ret = res_query(".", C_IN, T_NS, buf, sizeof(buf)); + + _res.retrans = old_retrans; + _res.retry = old_retry; + _res.options = old_options; +- ++ + return ret; + } + +@@ -242,7 +244,7 @@ probe_root(void) + { + int n; + +- n = probe_root_ns(); ++ n = probe_root_ns(); + if (n < 0) { + /* give programs like unwind a second chance */ + sleep(1); +-- +2.27.0 + diff --git a/patches/0017-handle-KERN_SECURELVL-when-available.patch b/patches/0017-handle-KERN_SECURELVL-when-available.patch new file mode 100644 index 0000000..48ea53f --- /dev/null +++ b/patches/0017-handle-KERN_SECURELVL-when-available.patch @@ -0,0 +1,43 @@ +From 1d973b92dd29d8d466003718f5608ce802ce9d4b Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Mon, 8 Jun 2020 06:53:53 -0500 +Subject: [PATCH 17/18] handle KERN_SECURELVL when available + +--- + src/usr.sbin/ntpd/ntpd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c +index bae6abd00f..7ea24dc58c 100644 +--- a/src/usr.sbin/ntpd/ntpd.c ++++ b/src/usr.sbin/ntpd/ntpd.c +@@ -23,7 +23,9 @@ + #include + #include + #include ++#ifdef KERN_SECURELVL + #include ++#endif + #include + #include + #include +@@ -123,12 +125,14 @@ usage(void) + int + auto_preconditions(const struct ntpd_conf *cnf) + { ++ int constraints, securelevel = 0; ++ ++#ifdef KERN_SECURELVL + int mib[2] = { CTL_KERN, KERN_SECURELVL }; +- int constraints, securelevel; + size_t sz = sizeof(int); +- + if (sysctl(mib, 2, &securelevel, &sz, NULL, 0) == -1) + err(1, "sysctl"); ++#endif + constraints = !TAILQ_EMPTY(&cnf->constraints); + return !cnf->settime && (constraints || cnf->trusted_peers || + conf->trusted_sensors) && securelevel == 0; +-- +2.27.0 + diff --git a/patches/0018-initialize-deadline.patch b/patches/0018-initialize-deadline.patch new file mode 100644 index 0000000..656796d --- /dev/null +++ b/patches/0018-initialize-deadline.patch @@ -0,0 +1,25 @@ +From cf2fec695318a130477875178d2f58de169306bd Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Mon, 8 Jun 2020 06:54:12 -0500 +Subject: [PATCH 18/18] initialize deadline + +--- + src/usr.sbin/ntpd/ntpd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c +index 7ea24dc58c..68514de948 100644 +--- a/src/usr.sbin/ntpd/ntpd.c ++++ b/src/usr.sbin/ntpd/ntpd.c +@@ -166,7 +166,7 @@ main(int argc, char *argv[]) + int argc0 = argc, logdest; + char **argv0 = argv; + char *pname = NULL; +- time_t settime_deadline; ++ time_t settime_deadline = 0; + int sopt = 0; + + __progname = get_progname(argv[0]); +-- +2.27.0 +