diff --git a/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch index f83ed06..430ba29 100644 --- a/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch +++ b/patches/0009-Notify-the-user-when-constraint-support-is-disabled.patch @@ -1,19 +1,19 @@ -From efb678b08cbff1e994513621b113e864dec9e0c6 Mon Sep 17 00:00:00 2001 +From e76aeb2f1854ae698325aa03fe1f0b7f7bcbf411 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Fri, 27 Mar 2015 23:14:15 -0500 Subject: [PATCH 09/13] Notify the user when constraint support is disabled. -Update the manpage and make a constraint line a fatal error if it is +Update the manpage and warn if constraints are configured but ntpd is built without libtls present. From Paul B. Henson. --- - src/usr.sbin/ntpd/config.c | 3 +++ - src/usr.sbin/ntpd/constraint.c | 2 ++ - src/usr.sbin/ntpd/ntpd.conf.5 | 7 +++++-- - 3 files changed, 10 insertions(+), 2 deletions(-) + src/usr.sbin/ntpd/config.c | 3 +++ + src/usr.sbin/ntpd/constraint.c | 2 ++ + src/usr.sbin/ntpd/ntpd.conf.5 | 11 +++++++++-- + 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/usr.sbin/ntpd/config.c b/src/usr.sbin/ntpd/config.c -index a84635ab7..d46fca62f 100644 +index a84635ab7..430992137 100644 --- a/src/usr.sbin/ntpd/config.c +++ b/src/usr.sbin/ntpd/config.c @@ -219,6 +219,9 @@ new_constraint(void) @@ -21,7 +21,7 @@ index a84635ab7..d46fca62f 100644 p->fd = -1; +#ifndef HAVE_LIBTLS -+ fatal("constraint configured without libtls support"); ++ log_warnx("constraint configured without libtls support"); +#endif return (p); } @@ -46,20 +46,24 @@ index 7e259af2d..8a3ddacc1 100644 if (chroot(pw_dir) == -1) fatal("chroot"); diff --git a/src/usr.sbin/ntpd/ntpd.conf.5 b/src/usr.sbin/ntpd/ntpd.conf.5 -index e3c0ddd78..804ebaa12 100644 +index e3c0ddd78..4218b811b 100644 --- a/src/usr.sbin/ntpd/ntpd.conf.5 +++ b/src/usr.sbin/ntpd/ntpd.conf.5 -@@ -195,8 +195,11 @@ authenticated constraint, +@@ -195,8 +195,15 @@ authenticated constraint, thereby reducing the impact of unauthenticated NTP man-in-the-middle attacks. Received NTP packets with time information falling outside of a range -near the constraint will be discarded and such NTP servers -will be marked as invalid. +near the constraint will be discarded and such NTP servers will be marked as -+invalid. Contraints are only available if ++invalid. ++.Pp ++Support for constraints is only available if +.Xr ntpd 8 -+has been compiled with libtls support. Configuring a constraint without libtls -+support will result in a fatal error. ++has been linked with libtls from LibreSSL. Configuring a constraint ++without libtls causes ++.Xr ntpd 8 ++to log a warning message on startup. .Bl -tag -width Ds .It Ic constraint from Ar url Specify the URL, IP address or the hostname of an HTTPS server to diff --git a/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch index a47a639..20854e4 100644 --- a/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch +++ b/patches/0010-add-a-method-for-updating-the-realtime-clock-on-sync.patch @@ -1,4 +1,4 @@ -From daec8e4e9571441a76485ae566b1e974d96752a9 Mon Sep 17 00:00:00 2001 +From 3fbb0bef99d10fdacda9583b8c0f80efd82797db Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 4 May 2015 04:27:29 -0500 Subject: [PATCH 10/13] add a method for updating the realtime clock on sync diff --git a/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch index fa7f58c..dfebb2a 100644 --- a/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch +++ b/patches/0011-Deal-with-missing-SO_TIMESTAMP.patch @@ -1,4 +1,4 @@ -From 551dfcb76bfcd11299729e69d4df5c61bcc6a994 Mon Sep 17 00:00:00 2001 +From 3d2500746a780d03c48b7dd10e821a5944ae33ed Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sun, 6 Dec 2015 22:35:38 -0600 Subject: [PATCH 11/13] Deal with missing SO_TIMESTAMP diff --git a/patches/0012-check-result-of-ftello-ftruncate.patch b/patches/0012-check-result-of-ftello-ftruncate.patch index 4a6731d..4d318e1 100644 --- a/patches/0012-check-result-of-ftello-ftruncate.patch +++ b/patches/0012-check-result-of-ftello-ftruncate.patch @@ -1,4 +1,4 @@ -From 974f13df1d84aa9199288cf4689db4f19f28af16 Mon Sep 17 00:00:00 2001 +From cf9058ca118785f7e73e163e9c4691cbf726dfcc Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 21 Dec 2015 05:53:20 -0600 Subject: [PATCH 12/13] check result of ftello/ftruncate diff --git a/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch b/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch index 77032e9..b25f706 100644 --- a/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch +++ b/patches/0013-set-IPV6_V6ONLY-if-we-are-binding-to-an-IPv6-address.patch @@ -1,4 +1,4 @@ -From 1e633c87b63e0933c854f82b965a3bd686eb0c1c Mon Sep 17 00:00:00 2001 +From b00291c2d9c8ecd1b17cb7d33a2e24819e550d26 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 13 Aug 2016 14:22:02 -0500 Subject: [PATCH 13/13] set IPV6_V6ONLY if we are binding to an IPv6 address