Brent Cook
7523d1ea94
do not override CFLAGS during configure, remove USER_CFLAGS
9 years ago
Brent Cook
ff76a641e3
enable foreign mode, remove unused NEWS file
9 years ago
Brent Cook
f3bb8bae60
rebase patches
9 years ago
Brent Cook
70b6d21af6
signal time sync to the OS
This is used to ensure that the time is written to the RTC when it is
synced. Problem noticed and patched by Christian Weisgerber.
9 years ago
Brent Cook
3efb0d135f
remove unused stub functions, init code
9 years ago
Brent Cook
22bd0a37e9
Update patches: remove integer overflow, add constraint helper
9 years ago
Brent Cook
a9874d0652
add sys/sysctl.h check
9 years ago
Brent Cook
45577a4ab5
bump version
9 years ago
Brent Cook
9aee72e432
bump release one day
9 years ago
Brent Cook
8fedfe3985
ensure that the default value gets substituted for config variables
Remove unneeded AC_SUBST's, call AC_DEFINE for default and user-specified
cases.
Thanks to naddy@ for reporting and suggesting the fixes.
9 years ago
Brent Cook
2994ccfee9
update ChangeLog for the next release
9 years ago
Brent Cook
8511d5afcd
add 32-bit time_t overflow fix, reported by @Romua1d
9 years ago
Brent Cook
35ae470907
define the correct variable for CONSTRAINT_CA
from naddy@
9 years ago
Brent Cook
5ee53acb25
update the example configuration file from upstream
9 years ago
Brent Cook
70ed567131
re-add the configurable --with-privsep-path install-time sanity check
While this still doesn't affect the behavior of the daemon, the
configuration option can at least be set to check the correct privsep
directory for permissions. Revisit in 5.8 as a possible extension to the
runtime check instead to remove the 'knob'.
9 years ago
Brent Cook
7933741802
work around quirky behavior of Solaris adjtime
I could not find a lot of precedence for this, because most time
daemons do not actually look at the value of olddelta. Account for
olddelta getting stuck at 1ms, and for a NULL value of delta being
treated as an error condition.
9 years ago
Brent Cook
128bd48fe2
include tls.h with the distribution package
9 years ago
Brent Cook
ddbf99be57
note libtls dependency for HTTPS constraint
Document CA path option.
9 years ago
Brent Cook
f4da13d519
allow configuring the CA cert path
this is only necessary if constraints are enabled
9 years ago
Brent Cook
d29a678524
allow updating the CA cert path as well
9 years ago
Brent Cook
5daa36f023
remove --with-privsep-path
This has effectively been a no-op during the 5.7 release series and
nobody has yelped (other than being slightly confused about its
purpose). Remove it as an option, since the home dir of the privsep user
is always used as the actual privsep directory anyway.
9 years ago
Brent Cook
21d17b2984
don't assume libtls has linker scripts to resolve dependencies
found this testing on OpenBSD itself :)
9 years ago
Brent Cook
bff382a60f
we don't need a dummy constraint_cmp
9 years ago
Brent Cook
5035e4decb
constraint_init needs to return 0 if we have no constraints
9 years ago
degretr
63d2b407d0
fix typo at line 79
replace "this this" by "like this"
10 years ago
Brent Cook
b493f59fb8
refresh for the latest ntpd upstream code
- add closefrom fallback for OS X / Linux systems, extracted from sudo,
but without the optimized versions, since they cannot work in a
chroot environment (and we're not performance critical here.)
- enable detecting libtls
- conditionally enable https constraint support
9 years ago
Brent Cook
21bbb4be66
rebase patches
9 years ago
Brent Cook
733037e6fc
spring cleaning before resyncing with upstream
Layout build machinery closer to LibreSSL to make code sharing easier.
Split the big Makefile.am into src/compat.
9 years ago
Brent Cook
dfa1d7eb13
remove allocation logging patch
This could come back some other time, for now its just an arbitrary
difference with upstream.
9 years ago
Brent Cook
c58ebbb441
properly document what specifying the privsep dir does
10 years ago
Brent Cook
3f3b70197c
bump version
10 years ago
Brent Cook
2b3c9bfe49
rebase patches
10 years ago
Brent Cook
3b695eb518
update changelog
10 years ago
Brent Cook
29e3fe363e
ensure that all of the fields of struct timex are initialized
10 years ago
Brent Cook
5980ef6d61
remove BEGIN/END_DECLS annotations from internal headers
These do not exist on all systems in sys/cdefs.h, and they are unneeded
since the header is being used privately anyway.
10 years ago
Brent Cook
3b37dd2849
add extra note about properties of the privilege separation directory
10 years ago
Brent Cook
eeb97529cd
prefer adjtimex over the deprecated ntp_adjtime on Linux
Thanks to @chneukirchen for the suggestion.
10 years ago
Brent Cook
198294a383
add __progname emulation, prevent setproctitle from overwriting it
Make a copy of __progname on start to avoid setproctitle clobbering it
later. Check if the OS supports __progname and emulate if unavailable.
- from OpenSSH.
Thanks to Paul B. Henson for reporting the setproctitle emulation issue
and Jonas 'Sortie' Termansen for suggesting __progname emulation.
10 years ago
Brent Cook
c72225ad1e
Change default privsep directory to /var/empty.
Add a post-install check to ensure that PRIVSEP_PATH is really empty.
10 years ago
Brent Cook
ad3510571d
bump version
10 years ago
Brent Cook
8dafd6324d
Go back to original SA_LEN macro.
Due to some circular dependencies on Solaris, this needs to be defined
as a macro. We should just remove SA_LEN usage here next.
10 years ago
Brent Cook
968c340d56
Format the 'make install' instructions.
Make them a little more readable.
10 years ago
Brent Cook
207a65ca0b
Add NetBSD support.
Fixes #3 , thanks to @gitisihara for providing the initial patch and
testing.
10 years ago
Brent Cook
f3d67df248
Improve err.h macros.
Handle 'NULL', emit the program name.
10 years ago
Brent Cook
cefe9907fd
correct arc4random/arc4random_uniform checks
reported by Loganaden Velvindron
10 years ago
Brent Cook
b15e6b2575
resync patches
update manpage and add more fatal logging
10 years ago
Brent Cook
2c04ab7158
rebase patches
10 years ago
Brent Cook
9938199ddf
add a local ChangeLog file
10 years ago
Brent Cook
ec41520b47
bump version
10 years ago
Brent Cook
6f93baf369
fix setproctitle on OS X and Linux
Call the compat code and select the correct emulation mode.
Remove the string encoding support, since we have fixed inputs for the
title string.
10 years ago