From fe2755c09e0b2d78c42dedd6d63110350a44411c Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 16:57:46 -0600 Subject: [PATCH] reorder patches by priority and generality --- ...001-include-time.h-for-clock_gettime.patch | 2 +- ...nused-libevent-header-and-structures.patch | 2 +- ...patch => 0003-remove-unused-dns_pid.patch} | 4 +- ...X-macro.patch => 0004-add-MAX-macro.patch} | 6 +-- ...-verbose-when-logging-privsep-errors.patch | 38 +++++++++++++++++++ ...privsep-user-to-be-a-privileged-user.patch | 31 +++++++++++++++ ...ecords-on-IPv4-networks-more-libera.patch} | 17 +++++---- ...cket-to-avoid-a-variable-called-sun.patch} | 10 ++--- ...atch => 0009-Fix-DNS-timeout-lookup.patch} | 12 +++--- ...=> 0010-Use-LOG_NTP-syslog-facility.patch} | 4 +- ...l-in-sin_len-sin6_len-if-they-exist.patch} | 4 +- ...AI_NODATA-does-not-exist-everywhere.patch} | 4 +- .../0012-don-t-be-too-stingy-on-braces.patch | 34 ----------------- ...eck-if-rdomain-support-is-available.patch} | 14 +++---- ...nf-to-indicate-OS-dependent-options.patch} | 4 +- ...ding-default-user-and-file-locations.patch | 6 +-- ...ption-to-create-a-pid-file.patch.disabled} | 22 +++++------ 17 files changed, 125 insertions(+), 89 deletions(-) rename patches/{0004-remove-unused-dns_pid.patch => 0003-remove-unused-dns_pid.patch} (90%) rename patches/{0014-add-MAX-macro.patch => 0004-add-MAX-macro.patch} (79%) create mode 100644 patches/0005-be-more-verbose-when-logging-privsep-errors.patch create mode 100644 patches/0006-do-not-allow-privsep-user-to-be-a-privileged-user.patch rename patches/{0008-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch => 0007-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch} (69%) rename patches/{0013-rename-socket-to-avoid-a-variable-called-sun.patch => 0008-rename-socket-to-avoid-a-variable-called-sun.patch} (91%) rename patches/{0011-Fix-DNS-timeout-lookup.patch => 0009-Fix-DNS-timeout-lookup.patch} (77%) rename patches/{0003-Use-LOG_NTP-syslog-facility.patch => 0010-Use-LOG_NTP-syslog-facility.patch} (86%) rename patches/{0005-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch => 0011-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch} (92%) rename patches/{0006-EAI_NODATA-does-not-exist-everywhere.patch => 0012-EAI_NODATA-does-not-exist-everywhere.patch} (87%) delete mode 100644 patches/0012-don-t-be-too-stingy-on-braces.patch rename patches/{0007-check-if-rdomain-support-is-available.patch => 0013-check-if-rdomain-support-is-available.patch} (91%) rename patches/{0009-update-ntpd.conf-to-indicate-OS-dependent-options.patch => 0014-update-ntpd.conf-to-indicate-OS-dependent-options.patch} (92%) rename patches/{0010-add-p-option-to-create-a-pid-file.patch.disabled => 0016-add-p-option-to-create-a-pid-file.patch.disabled} (85%) diff --git a/patches/0001-include-time.h-for-clock_gettime.patch b/patches/0001-include-time.h-for-clock_gettime.patch index 7fa38e5..02d986b 100644 --- a/patches/0001-include-time.h-for-clock_gettime.patch +++ b/patches/0001-include-time.h-for-clock_gettime.patch @@ -1,7 +1,7 @@ From 53006c85af7c8b69afa3847e12107588c1460c5a Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 08:58:26 -0600 -Subject: [PATCH 01/12] include time.h for clock_gettime +Subject: [PATCH 01/16] include time.h for clock_gettime --- src/usr.sbin/ntpd/ntpd.c | 1 + diff --git a/patches/0002-removed-unused-libevent-header-and-structures.patch b/patches/0002-removed-unused-libevent-header-and-structures.patch index f9356da..2979948 100644 --- a/patches/0002-removed-unused-libevent-header-and-structures.patch +++ b/patches/0002-removed-unused-libevent-header-and-structures.patch @@ -1,7 +1,7 @@ From da6f7a99e25c9fa0fca75576eaf29f0e8fe67441 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 08:59:19 -0600 -Subject: [PATCH 02/12] removed unused libevent header and structures +Subject: [PATCH 02/16] removed unused libevent header and structures --- src/usr.sbin/ntpd/ntpd.h | 10 ---------- diff --git a/patches/0004-remove-unused-dns_pid.patch b/patches/0003-remove-unused-dns_pid.patch similarity index 90% rename from patches/0004-remove-unused-dns_pid.patch rename to patches/0003-remove-unused-dns_pid.patch index aae337b..4b6cbdd 100644 --- a/patches/0004-remove-unused-dns_pid.patch +++ b/patches/0003-remove-unused-dns_pid.patch @@ -1,7 +1,7 @@ -From f67a51ea7b11f1082dac77beb632f4d71f397584 Mon Sep 17 00:00:00 2001 +From be678b846a8bbeede06d66a630a64a19c589c45f Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:01:57 -0600 -Subject: [PATCH 04/12] remove unused dns_pid +Subject: [PATCH 03/16] remove unused dns_pid --- src/usr.sbin/ntpd/ntp.c | 4 ++-- diff --git a/patches/0014-add-MAX-macro.patch b/patches/0004-add-MAX-macro.patch similarity index 79% rename from patches/0014-add-MAX-macro.patch rename to patches/0004-add-MAX-macro.patch index c6bbc8c..933bbae 100644 --- a/patches/0014-add-MAX-macro.patch +++ b/patches/0004-add-MAX-macro.patch @@ -1,14 +1,14 @@ -From 802b2ccf5257b840ed252a2bc1a6cb70a37b3f57 Mon Sep 17 00:00:00 2001 +From 06c8339b3a1bde6f71d437d792ae01d118832fb4 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 31 Dec 2014 22:39:58 -0600 -Subject: [PATCH 14/14] add MAX macro +Subject: [PATCH 04/16] add MAX macro --- src/usr.sbin/ntpd/ntpd.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h -index f8d6382..5ac0bbb 100644 +index aa9858b..61a447f 100644 --- a/src/usr.sbin/ntpd/ntpd.h +++ b/src/usr.sbin/ntpd/ntpd.h @@ -72,6 +72,10 @@ diff --git a/patches/0005-be-more-verbose-when-logging-privsep-errors.patch b/patches/0005-be-more-verbose-when-logging-privsep-errors.patch new file mode 100644 index 0000000..ae3271d --- /dev/null +++ b/patches/0005-be-more-verbose-when-logging-privsep-errors.patch @@ -0,0 +1,38 @@ +From b0d68d365d6b4512a5a07d14e56f0c51cdeae0c3 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Thu, 1 Jan 2015 13:06:38 -0600 +Subject: [PATCH 05/16] be more verbose when logging privsep errors + +Make it easy for a sysadmin to diagnose a privilege separation path +problem without looking at the source code. +--- + src/usr.sbin/ntpd/ntp.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c +index ddbcedd..26701c8 100644 +--- a/src/usr.sbin/ntpd/ntp.c ++++ b/src/usr.sbin/ntpd/ntp.c +@@ -121,10 +121,15 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, + ntp_dns(pipe_dns, nconf, pw); + close(pipe_dns[1]); + +- if (stat(pw->pw_dir, &stb) == -1) +- fatal("stat"); +- if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) +- fatalx("bad privsep dir permissions"); ++ if (stat(pw->pw_dir, &stb) == -1) { ++ log_warn("privsep dir %s could not be opened", pw->pw_dir); ++ exit(1); ++ } ++ if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { ++ log_warnx("bad privsep dir %s permissions: %o", ++ pw->pw_dir, stb.st_mode); ++ exit(1); ++ } + if (chroot(pw->pw_dir) == -1) + fatal("chroot"); + if (chdir("/") == -1) +-- +1.9.1 + diff --git a/patches/0006-do-not-allow-privsep-user-to-be-a-privileged-user.patch b/patches/0006-do-not-allow-privsep-user-to-be-a-privileged-user.patch new file mode 100644 index 0000000..fec226e --- /dev/null +++ b/patches/0006-do-not-allow-privsep-user-to-be-a-privileged-user.patch @@ -0,0 +1,31 @@ +From 555e4346d4a441e2385b91c3188edbe9b093cfd5 Mon Sep 17 00:00:00 2001 +From: Brent Cook +Date: Thu, 1 Jan 2015 13:26:29 -0600 +Subject: [PATCH 06/16] do not allow privsep user to be a privileged user + +This may need to be a function call for different platforms with +different capability / privilege mechanisms. +--- + src/usr.sbin/ntpd/ntp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c +index 26701c8..a24f305 100644 +--- a/src/usr.sbin/ntpd/ntp.c ++++ b/src/usr.sbin/ntpd/ntp.c +@@ -147,6 +147,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, + conf = nconf; + setup_listeners(se, conf, &listener_cnt); + ++ if (pw->pw_uid == 0 || pw->pw_gid == 0) ++ fatal("privsep user cannot be root"); ++ ++ if (pw->pw_uid == geteuid() || pw->pw_gid == getegid()) ++ fatal("privsep user cannot be the privileged user"); ++ + if (setgroups(1, &pw->pw_gid) || + setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || + setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) +-- +1.9.1 + diff --git a/patches/0008-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch b/patches/0007-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch similarity index 69% rename from patches/0008-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch rename to patches/0007-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch index 1d81c25..10bc53e 100644 --- a/patches/0008-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch +++ b/patches/0007-Handle-IPv6-DNS-records-on-IPv4-networks-more-libera.patch @@ -1,7 +1,7 @@ -From c26c6628e7ea92d6f3f1c128db15da199787a1fd Mon Sep 17 00:00:00 2001 +From 42535b62e78e5869fd6fef0f075eb17fb0148559 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:10:22 -0600 -Subject: [PATCH 08/12] Handle IPv6 DNS records on IPv4 networks more liberally +Subject: [PATCH 07/16] Handle IPv6 DNS records on IPv4 networks more liberally Rather than fail on IPv4 only networks when seeing an IPv6 DNS record, just give a warning. @@ -9,14 +9,14 @@ just give a warning. Debian bug ID: 500676. Original Author: Stefan Praszalowicz --- - src/usr.sbin/ntpd/client.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) + src/usr.sbin/ntpd/client.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c -index 9b9b522..0271068 100644 +index e59112a..36d0d9e 100644 --- a/src/usr.sbin/ntpd/client.c +++ b/src/usr.sbin/ntpd/client.c -@@ -138,9 +138,15 @@ client_query(struct ntp_peer *p) +@@ -138,9 +138,16 @@ client_query(struct ntp_peer *p) if (p->query->fd == -1) { struct sockaddr *sa = (struct sockaddr *)&p->addr->ss; @@ -24,7 +24,7 @@ index 9b9b522..0271068 100644 - 0)) == -1) - fatal("client_query socket"); + p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM, 0); -+ if (p->query->fd == -1) ++ if (p->query->fd == -1) { + if (errno == EAFNOSUPPORT) { + log_warn("client_query socket"); + client_nextaddr(p); @@ -32,9 +32,10 @@ index 9b9b522..0271068 100644 + return (-1); + } else + fatal("client_query socket"); ++ } - #ifdef SO_RTABLE if (p->rtable != -1 && + setsockopt(p->query->fd, SOL_SOCKET, SO_RTABLE, -- 1.9.1 diff --git a/patches/0013-rename-socket-to-avoid-a-variable-called-sun.patch b/patches/0008-rename-socket-to-avoid-a-variable-called-sun.patch similarity index 91% rename from patches/0013-rename-socket-to-avoid-a-variable-called-sun.patch rename to patches/0008-rename-socket-to-avoid-a-variable-called-sun.patch index 4ccb5a9..98d2a59 100644 --- a/patches/0013-rename-socket-to-avoid-a-variable-called-sun.patch +++ b/patches/0008-rename-socket-to-avoid-a-variable-called-sun.patch @@ -1,7 +1,7 @@ -From 4283830eb8ae4cc1919271bb11f452d87c717b73 Mon Sep 17 00:00:00 2001 +From 8c872d895d50214a23aad90a7cb31a7a51a08e29 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 31 Dec 2014 22:08:09 -0600 -Subject: [PATCH 13/13] rename socket to avoid a variable called 'sun' +Subject: [PATCH 08/16] rename socket to avoid a variable called 'sun' Solaris defines 'sun' as a constant. --- @@ -63,10 +63,10 @@ index 6c5b05d..eb3575b 100644 log_warn("control_accept: accept"); return (0); diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c -index b45f4ca..b6b3663 100644 +index 17ebf67..d764a50 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c -@@ -554,7 +554,7 @@ writefreq(double d) +@@ -527,7 +527,7 @@ writefreq(double d) void ctl_main(int argc, char *argv[]) { @@ -75,7 +75,7 @@ index b45f4ca..b6b3663 100644 struct imsg imsg; struct imsgbuf *ibuf_ctl; int fd, n, done, ch, action; -@@ -607,12 +607,12 @@ ctl_main(int argc, char *argv[]) +@@ -580,12 +580,12 @@ ctl_main(int argc, char *argv[]) if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) err(1, "ntpctl: socket"); diff --git a/patches/0011-Fix-DNS-timeout-lookup.patch b/patches/0009-Fix-DNS-timeout-lookup.patch similarity index 77% rename from patches/0011-Fix-DNS-timeout-lookup.patch rename to patches/0009-Fix-DNS-timeout-lookup.patch index fc5bafe..a61b975 100644 --- a/patches/0011-Fix-DNS-timeout-lookup.patch +++ b/patches/0009-Fix-DNS-timeout-lookup.patch @@ -1,7 +1,7 @@ -From 6f091765d6ee996ad679868deb7f196c240c314e Mon Sep 17 00:00:00 2001 +From b3c2b2c8c9c4e59ad3518d10d3765cf35934d76c Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 31 Dec 2014 08:31:20 -0600 -Subject: [PATCH 11/12] Fix DNS timeout lookup +Subject: [PATCH 09/16] Fix DNS timeout lookup Author: Paul B. Henson Origin: https://bugs.gentoo.org/show_bug.cgi?id=493358 @@ -10,10 +10,10 @@ Origin: https://bugs.gentoo.org/show_bug.cgi?id=493358 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c -index 2d5809c..b45f4ca 100644 +index d764a50..3622a13 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c -@@ -123,6 +123,7 @@ main(int argc, char *argv[]) +@@ -111,6 +111,7 @@ main(int argc, char *argv[]) int pipe_chld[2]; struct passwd *pw; extern char *__progname; @@ -21,7 +21,7 @@ index 2d5809c..b45f4ca 100644 if (strcmp(__progname, "ntpctl") == 0) { ctl_main (argc, argv); -@@ -222,6 +223,8 @@ main(int argc, char *argv[]) +@@ -205,6 +206,8 @@ main(int argc, char *argv[]) fatal(NULL); imsg_init(ibuf, pipe_chld[0]); @@ -30,7 +30,7 @@ index 2d5809c..b45f4ca 100644 while (quit == 0) { pfd[PFD_PIPE].fd = ibuf->fd; pfd[PFD_PIPE].events = POLLIN; -@@ -234,7 +237,8 @@ main(int argc, char *argv[]) +@@ -217,7 +220,8 @@ main(int argc, char *argv[]) quit = 1; } diff --git a/patches/0003-Use-LOG_NTP-syslog-facility.patch b/patches/0010-Use-LOG_NTP-syslog-facility.patch similarity index 86% rename from patches/0003-Use-LOG_NTP-syslog-facility.patch rename to patches/0010-Use-LOG_NTP-syslog-facility.patch index 645e190..306ad5c 100644 --- a/patches/0003-Use-LOG_NTP-syslog-facility.patch +++ b/patches/0010-Use-LOG_NTP-syslog-facility.patch @@ -1,7 +1,7 @@ -From 20911c235ab4af36242a9b913bc41a3b1b0958cb Mon Sep 17 00:00:00 2001 +From 204f212fd5905b8af28f22c49254be4a29923c94 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:00:12 -0600 -Subject: [PATCH 03/12] Use LOG_NTP syslog facility. +Subject: [PATCH 10/16] Use LOG_NTP syslog facility. FreeBSD PR: 114191 Submitted by: Robert Archer diff --git a/patches/0005-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch b/patches/0011-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch similarity index 92% rename from patches/0005-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch rename to patches/0011-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch index 9fe2fb8..9c330ed 100644 --- a/patches/0005-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch +++ b/patches/0011-conditionally-fill-in-sin_len-sin6_len-if-they-exist.patch @@ -1,7 +1,7 @@ -From e73468f4e08442681c79e84edc62cf8e9f3b733a Mon Sep 17 00:00:00 2001 +From e6c8f113fb20f3768e3c35b2f23c694a61c7c5f2 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:02:50 -0600 -Subject: [PATCH 05/12] conditionally fill in sin_len/sin6_len if they exist +Subject: [PATCH 11/16] conditionally fill in sin_len/sin6_len if they exist Should we even be setting these at all? Does anything really rely in this anymore? diff --git a/patches/0006-EAI_NODATA-does-not-exist-everywhere.patch b/patches/0012-EAI_NODATA-does-not-exist-everywhere.patch similarity index 87% rename from patches/0006-EAI_NODATA-does-not-exist-everywhere.patch rename to patches/0012-EAI_NODATA-does-not-exist-everywhere.patch index b8499dd..f006f62 100644 --- a/patches/0006-EAI_NODATA-does-not-exist-everywhere.patch +++ b/patches/0012-EAI_NODATA-does-not-exist-everywhere.patch @@ -1,7 +1,7 @@ -From ec73e05867d8e80b1f5d056f35eea8f9011b8c3c Mon Sep 17 00:00:00 2001 +From d874a2d6c44f3656289437b49002ba0f19ca63a2 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:04:08 -0600 -Subject: [PATCH 06/14] EAI_NODATA does not exist everywhere +Subject: [PATCH 12/16] EAI_NODATA does not exist everywhere FreeBSD says it is deprecated and should be removed. --- diff --git a/patches/0012-don-t-be-too-stingy-on-braces.patch b/patches/0012-don-t-be-too-stingy-on-braces.patch deleted file mode 100644 index b645f7b..0000000 --- a/patches/0012-don-t-be-too-stingy-on-braces.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 47a111a45a541316d7ff9d844362b901f24f41e1 Mon Sep 17 00:00:00 2001 -From: Brent Cook -Date: Wed, 31 Dec 2014 08:47:45 -0600 -Subject: [PATCH 12/12] don't be too stingy on braces - -Match if bracing of the block below it to improve readability. ---- - src/usr.sbin/ntpd/client.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c -index 0271068..4bfbf90 100644 ---- a/src/usr.sbin/ntpd/client.c -+++ b/src/usr.sbin/ntpd/client.c -@@ -139,7 +139,7 @@ client_query(struct ntp_peer *p) - struct sockaddr *sa = (struct sockaddr *)&p->addr->ss; - - p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM, 0); -- if (p->query->fd == -1) -+ if (p->query->fd == -1) { - if (errno == EAFNOSUPPORT) { - log_warn("client_query socket"); - client_nextaddr(p); -@@ -147,6 +147,7 @@ client_query(struct ntp_peer *p) - return (-1); - } else - fatal("client_query socket"); -+ } - - #ifdef SO_RTABLE - if (p->rtable != -1 && --- -1.9.1 - diff --git a/patches/0007-check-if-rdomain-support-is-available.patch b/patches/0013-check-if-rdomain-support-is-available.patch similarity index 91% rename from patches/0007-check-if-rdomain-support-is-available.patch rename to patches/0013-check-if-rdomain-support-is-available.patch index 6970003..fa613cb 100644 --- a/patches/0007-check-if-rdomain-support-is-available.patch +++ b/patches/0013-check-if-rdomain-support-is-available.patch @@ -1,7 +1,7 @@ -From 0ec5710f4872d4feb8ff96b61d4d4a7ca0fa7b09 Mon Sep 17 00:00:00 2001 +From 7774d16dece25b907809a2cba3ede6195798a641 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:05:46 -0600 -Subject: [PATCH 07/12] check if rdomain support is available +Subject: [PATCH 13/16] check if rdomain support is available --- src/usr.sbin/ntpd/client.c | 4 ++++ @@ -10,12 +10,12 @@ Subject: [PATCH 07/12] check if rdomain support is available 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c -index e59112a..9b9b522 100644 +index 36d0d9e..4bfbf90 100644 --- a/src/usr.sbin/ntpd/client.c +++ b/src/usr.sbin/ntpd/client.c -@@ -142,10 +142,12 @@ client_query(struct ntp_peer *p) - 0)) == -1) - fatal("client_query socket"); +@@ -149,10 +149,12 @@ client_query(struct ntp_peer *p) + fatal("client_query socket"); + } +#ifdef SO_RTABLE if (p->rtable != -1 && @@ -26,7 +26,7 @@ index e59112a..9b9b522 100644 if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) { if (errno == ECONNREFUSED || errno == ENETUNREACH || errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) { -@@ -248,10 +250,12 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) +@@ -255,10 +257,12 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime) return (0); } diff --git a/patches/0009-update-ntpd.conf-to-indicate-OS-dependent-options.patch b/patches/0014-update-ntpd.conf-to-indicate-OS-dependent-options.patch similarity index 92% rename from patches/0009-update-ntpd.conf-to-indicate-OS-dependent-options.patch rename to patches/0014-update-ntpd.conf-to-indicate-OS-dependent-options.patch index 0a1fb8c..3e8d7d0 100644 --- a/patches/0009-update-ntpd.conf-to-indicate-OS-dependent-options.patch +++ b/patches/0014-update-ntpd.conf-to-indicate-OS-dependent-options.patch @@ -1,7 +1,7 @@ -From 84100327370fec7ef44555c380e09e94b8a21c7c Mon Sep 17 00:00:00 2001 +From edb43d28257d62671d7b364a55375bcf1332a1b9 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 30 Dec 2014 09:20:03 -0600 -Subject: [PATCH 09/12] update ntpd.conf to indicate OS-dependent options +Subject: [PATCH 14/16] update ntpd.conf to indicate OS-dependent options Also, clarify listening behavior based on a patch from Dererk diff --git a/patches/0015-allow-overriding-default-user-and-file-locations.patch b/patches/0015-allow-overriding-default-user-and-file-locations.patch index 04dc5c6..d8a5f81 100644 --- a/patches/0015-allow-overriding-default-user-and-file-locations.patch +++ b/patches/0015-allow-overriding-default-user-and-file-locations.patch @@ -1,7 +1,7 @@ -From b427630990b65377a7369b3d61e51ce02be1ec93 Mon Sep 17 00:00:00 2001 +From 6f9277a636cdd1c1a69d609f99b5c6ce00f1581b Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 07:18:11 -0600 -Subject: [PATCH 15/15] allow overriding default user and file locations +Subject: [PATCH 15/16] allow overriding default user and file locations Allow the build process to override the default ntpd file paths and default user. @@ -10,7 +10,7 @@ default user. 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h -index 5ac0bbb..136bdd2 100644 +index 61a447f..efb0c61 100644 --- a/src/usr.sbin/ntpd/ntpd.h +++ b/src/usr.sbin/ntpd/ntpd.h @@ -33,10 +33,20 @@ diff --git a/patches/0010-add-p-option-to-create-a-pid-file.patch.disabled b/patches/0016-add-p-option-to-create-a-pid-file.patch.disabled similarity index 85% rename from patches/0010-add-p-option-to-create-a-pid-file.patch.disabled rename to patches/0016-add-p-option-to-create-a-pid-file.patch.disabled index a1d8686..511ba5c 100644 --- a/patches/0010-add-p-option-to-create-a-pid-file.patch.disabled +++ b/patches/0016-add-p-option-to-create-a-pid-file.patch.disabled @@ -1,7 +1,7 @@ -From 9a6c847be092266d0cc6d7d1010b614e1253ba65 Mon Sep 17 00:00:00 2001 +From 4bf1b65f3ca244e47e9a7d6f0c475f402aea0d44 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 31 Dec 2014 08:26:41 -0600 -Subject: [PATCH 10/12] add -p option to create a pid file +Subject: [PATCH 16/16] add -p option to create a pid file This is used in both the Gentoo and Debian ports. @@ -35,7 +35,7 @@ index 18b12e8..9eb1fee 100644 Do not set the time immediately at startup. This is the default. diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c -index 17ebf67..2d5809c 100644 +index 3622a13..b6b3663 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c @@ -84,6 +84,18 @@ sighdlr(int sig) @@ -66,7 +66,7 @@ index 17ebf67..2d5809c 100644 __progname); exit(1); } -@@ -123,7 +135,7 @@ main(int argc, char *argv[]) +@@ -124,7 +136,7 @@ main(int argc, char *argv[]) log_init(1); /* log to stderr until daemonized */ @@ -75,7 +75,7 @@ index 17ebf67..2d5809c 100644 switch (ch) { case 'd': lconf.debug = 1; -@@ -134,6 +146,9 @@ main(int argc, char *argv[]) +@@ -135,6 +147,9 @@ main(int argc, char *argv[]) case 'n': lconf.noaction = 1; break; @@ -85,7 +85,7 @@ index 17ebf67..2d5809c 100644 case 's': lconf.settime = 1; break; -@@ -174,9 +189,11 @@ main(int argc, char *argv[]) +@@ -175,9 +190,11 @@ main(int argc, char *argv[]) reset_adjtime(); if (!lconf.settime) { log_init(lconf.debug); @@ -98,7 +98,7 @@ index 17ebf67..2d5809c 100644 } else timeout = SETTIME_TIMEOUT * 1000; -@@ -223,9 +240,11 @@ main(int argc, char *argv[]) +@@ -227,9 +244,11 @@ main(int argc, char *argv[]) log_init(lconf.debug); log_debug("no reply received in time, skipping initial " "time setting"); @@ -111,7 +111,7 @@ index 17ebf67..2d5809c 100644 } if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT)) -@@ -264,6 +283,8 @@ main(int argc, char *argv[]) +@@ -268,6 +287,8 @@ main(int argc, char *argv[]) msgbuf_clear(&ibuf->w); free(ibuf); log_info("Terminating"); @@ -120,7 +120,7 @@ index 17ebf67..2d5809c 100644 return (0); } -@@ -339,9 +360,11 @@ dispatch_imsg(struct ntpd_conf *lconf) +@@ -343,9 +364,11 @@ dispatch_imsg(struct ntpd_conf *lconf) memcpy(&d, imsg.data, sizeof(d)); ntpd_settime(d); /* daemonize now */ @@ -134,10 +134,10 @@ index 17ebf67..2d5809c 100644 timeout = INFTIM; break; diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h -index aa9858b..f8d6382 100644 +index efb0c61..136bdd2 100644 --- a/src/usr.sbin/ntpd/ntpd.h +++ b/src/usr.sbin/ntpd/ntpd.h -@@ -187,6 +187,7 @@ struct ntpd_conf { +@@ -201,6 +201,7 @@ struct ntpd_conf { u_int8_t debug; u_int8_t noaction; u_int8_t filters;