Brent Cook
5ee53acb25
update the example configuration file from upstream
9 years ago
Brent Cook
70ed567131
re-add the configurable --with-privsep-path install-time sanity check
While this still doesn't affect the behavior of the daemon, the
configuration option can at least be set to check the correct privsep
directory for permissions. Revisit in 5.8 as a possible extension to the
runtime check instead to remove the 'knob'.
9 years ago
Brent Cook
7933741802
work around quirky behavior of Solaris adjtime
I could not find a lot of precedence for this, because most time
daemons do not actually look at the value of olddelta. Account for
olddelta getting stuck at 1ms, and for a NULL value of delta being
treated as an error condition.
9 years ago
Brent Cook
128bd48fe2
include tls.h with the distribution package
9 years ago
Brent Cook
ddbf99be57
note libtls dependency for HTTPS constraint
Document CA path option.
9 years ago
Brent Cook
f4da13d519
allow configuring the CA cert path
this is only necessary if constraints are enabled
9 years ago
Brent Cook
d29a678524
allow updating the CA cert path as well
9 years ago
Brent Cook
5daa36f023
remove --with-privsep-path
This has effectively been a no-op during the 5.7 release series and
nobody has yelped (other than being slightly confused about its
purpose). Remove it as an option, since the home dir of the privsep user
is always used as the actual privsep directory anyway.
9 years ago
Brent Cook
21d17b2984
don't assume libtls has linker scripts to resolve dependencies
found this testing on OpenBSD itself :)
9 years ago
Brent Cook
bff382a60f
we don't need a dummy constraint_cmp
9 years ago
Brent Cook
5035e4decb
constraint_init needs to return 0 if we have no constraints
9 years ago
degretr
63d2b407d0
fix typo at line 79
replace "this this" by "like this"
9 years ago
Brent Cook
b493f59fb8
refresh for the latest ntpd upstream code
- add closefrom fallback for OS X / Linux systems, extracted from sudo,
but without the optimized versions, since they cannot work in a
chroot environment (and we're not performance critical here.)
- enable detecting libtls
- conditionally enable https constraint support
9 years ago
Brent Cook
21bbb4be66
rebase patches
9 years ago
Brent Cook
733037e6fc
spring cleaning before resyncing with upstream
Layout build machinery closer to LibreSSL to make code sharing easier.
Split the big Makefile.am into src/compat.
9 years ago
Brent Cook
dfa1d7eb13
remove allocation logging patch
This could come back some other time, for now its just an arbitrary
difference with upstream.
9 years ago
Brent Cook
c58ebbb441
properly document what specifying the privsep dir does
9 years ago
Brent Cook
3f3b70197c
bump version
9 years ago
Brent Cook
2b3c9bfe49
rebase patches
9 years ago
Brent Cook
3b695eb518
update changelog
9 years ago
Brent Cook
29e3fe363e
ensure that all of the fields of struct timex are initialized
9 years ago
Brent Cook
5980ef6d61
remove BEGIN/END_DECLS annotations from internal headers
These do not exist on all systems in sys/cdefs.h, and they are unneeded
since the header is being used privately anyway.
9 years ago
Brent Cook
3b37dd2849
add extra note about properties of the privilege separation directory
9 years ago
Brent Cook
eeb97529cd
prefer adjtimex over the deprecated ntp_adjtime on Linux
Thanks to @chneukirchen for the suggestion.
9 years ago
Brent Cook
198294a383
add __progname emulation, prevent setproctitle from overwriting it
Make a copy of __progname on start to avoid setproctitle clobbering it
later. Check if the OS supports __progname and emulate if unavailable.
- from OpenSSH.
Thanks to Paul B. Henson for reporting the setproctitle emulation issue
and Jonas 'Sortie' Termansen for suggesting __progname emulation.
9 years ago
Brent Cook
c72225ad1e
Change default privsep directory to /var/empty.
Add a post-install check to ensure that PRIVSEP_PATH is really empty.
9 years ago
Brent Cook
ad3510571d
bump version
9 years ago
Brent Cook
8dafd6324d
Go back to original SA_LEN macro.
Due to some circular dependencies on Solaris, this needs to be defined
as a macro. We should just remove SA_LEN usage here next.
9 years ago
Brent Cook
968c340d56
Format the 'make install' instructions.
Make them a little more readable.
9 years ago
Brent Cook
207a65ca0b
Add NetBSD support.
Fixes #3 , thanks to @gitisihara for providing the initial patch and
testing.
9 years ago
Brent Cook
f3d67df248
Improve err.h macros.
Handle 'NULL', emit the program name.
9 years ago
Brent Cook
cefe9907fd
correct arc4random/arc4random_uniform checks
reported by Loganaden Velvindron
9 years ago
Brent Cook
b15e6b2575
resync patches
update manpage and add more fatal logging
9 years ago
Brent Cook
2c04ab7158
rebase patches
9 years ago
Brent Cook
9938199ddf
add a local ChangeLog file
9 years ago
Brent Cook
ec41520b47
bump version
9 years ago
Brent Cook
6f93baf369
fix setproctitle on OS X and Linux
Call the compat code and select the correct emulation mode.
Remove the string encoding support, since we have fixed inputs for the
title string.
9 years ago
Brent Cook
b759f56133
add fallback err.h and queue.h
9 years ago
Brent Cook
75d2f0aafb
remove need for bash
9 years ago
Brent Cook
91244782ba
update patches
9 years ago
Brent Cook
12bfe6dafa
move and improve SA_LEN emulation
If sa_family is not set, sa_len should be zero.
9 years ago
Brent Cook
a533233b18
fix last-minute FreeBSD build issue with latest log.c
9 years ago
Brent Cook
0ee203eeb0
sync with latest OpenBSD source, adjust patch queue
9 years ago
Brent Cook
183faa4cde
point to the correct file for OS X privsep user instructions
9 years ago
Brent Cook
c7992f4312
resync patches
9 years ago
Brent Cook
aa14b765de
update install docs, fix outdated links
- add OS X privsep user creation instructions from jasper@
- update install instructions to be the same everywhere
- remove outdated compiler flags
9 years ago
Brent Cook
2e79e8cb07
mach_absolute_time is monotonic
which is convenient, since it is exactly what we need.
9 years ago
Brent Cook
667d758c34
remove applied patches from upstream
9 years ago
Brent Cook
132ece510b
resync patch set
9 years ago
Brent Cook
f55fb2f9bb
check for sockaddr_in.sin_len directly.
There is no standard SIN_LEN, unlike SIN6_LEN.
9 years ago