Date: Thu, 22 Dec 2016 16:27:54 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r49757 - in head/share: security/advisories security/patches/SA-16:39 xml Message-ID: <201612221627.uBMGRsQ3027171@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Dec 22 16:27:54 2016 New Revision: 49757 URL: https://svnweb.freebsd.org/changeset/doc/49757 Log: Add SA-16:39. Added: head/share/security/advisories/FreeBSD-SA-16:39.ntp.asc (contents, props changed) head/share/security/patches/SA-16:39/ head/share/security/patches/SA-16:39/ntp-10.x.patch (contents, props changed) head/share/security/patches/SA-16:39/ntp-10.x.patch.asc (contents, props changed) head/share/security/patches/SA-16:39/ntp-11.0.patch (contents, props changed) head/share/security/patches/SA-16:39/ntp-11.0.patch.asc (contents, props changed) head/share/security/patches/SA-16:39/ntp-9.3.patch (contents, props changed) head/share/security/patches/SA-16:39/ntp-9.3.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-16:39.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:39.ntp.asc Thu Dec 22 16:27:54 2016 (r49757) @@ -0,0 +1,239 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:39.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities of ntp + +Category: contrib +Module: ntp +Announced: XXXX-XX-XX +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2016-11-22 16:22:51 UTC (stable/11, 11.0-STABLE) + 2016-12-22 16:19:05 UTC (releng/11.0, 11.0-RELEASE-p6) + 2016-11-22 16:23:20 UTC (stable/10, 10.3-STABLE) + 2016-12-22 16:19:05 UTC (releng/10.3, 10.3-RELEASE-p15) + 2016-12-22 16:19:05 UTC (releng/10.2, 10.2-RELEASE-p28) + 2016-12-22 16:19:05 UTC (releng/10.1, 10.1-RELEASE-p45) + 2016-11-22 16:23:46 UTC (stable/9, 9.3-STABLE) + 2016-12-22 16:19:05 UTC (releng/9.3, 9.3-RELEASE-p53) +CVE Name: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431, + CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +Trap is a mechanism to collect NTP daemon information from remote. + +II. Problem Description + +Multiple vulnerabilities have been discovered in the NTP suite: + +CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. + +CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS +vector. Reported by Matthew Van Gundy of Cisco ASIG. + +CVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by +Matthew Van Gundy of Cisco ASIG. + +CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported by +Matthew Van Gundy of Cisco ASIG. + +CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass. +Reported by Sharon Goldberg and Aanchal Malhotra of Boston University. + +CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal(). +Reported by Magnus Stubman. + +CVE-2016-7426: Client rate limiting and server responses. Reported by +Miroslav Lichvar of Red Hat. + +CVE-2016-7433: Reboot sync calculation problem. Reported independently +by Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal Malhotra +of Boston University. + +III. Impact + +A remote attacker who can send a specially crafted packet to cause a +NULL pointer dereference that will crash ntpd, resulting in a Denial of +Service. [CVE-2016-9311] + +An exploitable configuration modification vulnerability exists in the +control mode (mode 6) functionality of ntpd. If, against long-standing +BCP recommendations, "restrict default noquery ..." is not specified, +a specially crafted control mode packet can set ntpd traps, providing +information disclosure and DDoS amplification, and unset ntpd traps, +disabling legitimate monitoring by an attacker from remote. [CVE-2016-9310] + +An attacker with access to the NTP broadcast domain can periodically +inject specially crafted broadcast mode NTP packets into the broadcast +domain which, while being logged by ntpd, can cause ntpd to reject +broadcast mode packets from legitimate NTP broadcast servers. +[CVE-2016-7427] + +An attacker with access to the NTP broadcast domain can send specially +crafted broadcast mode NTP packets to the broadcast domain which, while +being logged by ntpd, will cause ntpd to reject broadcast mode packets +from legitimate NTP broadcast servers. [CVE-2016-7428] + +Origin timestamp problems were fixed in ntp 4.2.8p6. However, subsequent +timestamp validation checks introduced a regression in the handling of +some Zero origin timestamp checks. [CVE-2016-7431] + +If ntpd is configured to allow mrulist query requests from a server +that sends a crafted malicious packet, ntpd will crash on receipt of +that crafted malicious mrulist query packet. [CVE-2016-7434] + +An attacker who knows the sources (e.g., from an IPv4 refid in server +response) and knows the system is (mis)configured in this way can +periodically send packets with spoofed source address to keep the rate +limiting activated and prevent ntpd from accepting valid responses +from its sources. [CVE-2016-7426] + +Ntp Bug 2085 described a condition where the root delay was included +twice, causing the jitter value to be higher than expected. Due to +a misinterpretation of a small-print variable in The Book, the fix +for this problem was incorrect, resulting in a root distance that did +not include the peer dispersion. The calculations and formulas have +been reviewed and reconciled, and the code has been updated accordingly. +[CVE-2016-7433] + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) are not +affected. Network administrators are advised to implement BCP-38, +which helps to reduce the risk associated with these attacks. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.0] +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-11.0.patch +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-11.0.patch.asc +# gpg --verify ntp-11.0.patch.asc + +[FreeBSD 10.x] +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-10.x.patch +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-10.x.patch.asc +# gpg --verify ntp-10.x.patch.asc + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-9.3.patch +# fetch https://security.FreeBSD.org/patches/SA-16:39/ntp-9.3.patch.asc +# gpg --verify ntp-9.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r309009 +releng/9.3/ r310419 +stable/10/ r309008 +releng/10.1/ r310419 +releng/10.2/ r310419 +releng/10.3/ r310419 +stable/11/ r309007 +releng/11.0/ r310419 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se>; + +<URL:https://www.kb.cert.org/vuls/id/633847>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.16 (FreeBSD) + +iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlhb/kAACgkQ7Wfs1l3P +audQRhAA02Xpoz4mSF1Cz1gCgWAKpTNpB2fG5z8Pqv1q8BqdArr+ZH/G1g2L4E/b +Id/g8WUvpZLozTeuWMx/6dm/XCbI+OhbzasZp46Cak3o2LMB6v3OC43qVX8fQiiO +9GgCltR6I8V939MVFKxo+cdflqIwmguKdLJHvnin8mv8MAjXOG7rrAx+FqcQjJ5i +oATuFLj/A9kWDiRH4TAQr/rVRmJGmIQY2GpEMt7oB/1ho5HFGhIdNZLCuriIcAGZ +HpZJoNKmDHV3mOfM+C03e4otBaoX6asid2TiY5lnDMx4j+a+Gxdv5tWnt72Bn0X/ +EC5HWYjm7QFDg/hfrymBfT7cObuVKtdEJikkRw3huBy6RN6d4zsaTJFMIODl6sNs +zBE5+vrwcXiUrbic10RoVzeSEFdVh7C6Ji1OK/rsxXAbgs0zkoHua/nxO2fhdyHr +m3Mb59QE7TiM1zaMjks1QZXORo53CrGHrhE6Qi7sISO0SS4mWCOkulOZeNjXQ3xK +GFox3YV0WDZz4m7VjZQS6/pj+dO4sABVQ0mahydJJX35FVkdJuknv/98yxmYRuHG +jP9NTUEh6dGDT3w/57hGg7VIgTR47q3e6UbutrqNoxiV5Br465mb9LxMjngDW7bA +poe9XHFMCmFV96gYN2va2cENUM/PjWI8mHWjZShG5DCXMVnK64A= +=PDXk +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:39/ntp-10.x.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:39/ntp-10.x.patch Thu Dec 22 16:27:54 2016 (r49757) @@ -0,0 +1,17239 @@ +--- contrib/ntp/ChangeLog.orig ++++ contrib/ntp/ChangeLog +@@ -1,4 +1,73 @@ + --- ++(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org> ++(4.2.8p9) 2016/MM/DD Released by Harlan Stenn <stenn@ntp.org> ++ ++* [Sec 3119] Trap crash <perlinger@ntp.org> ++* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org> ++ - TRAP config via mode 6 packet requires AUTH now. ++* [Sec 3114] Broadcast Mode Replay Prevention DoS ++ - applied patches by Matthew Van Gundy. <perlinger@ntp.org> ++ - with bcpollbstep, tweaks and cleanup by stenn@ntp.org ++* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org> ++ - applied fix as suggested by Matthew Van Gundy ++* [Sec 3110] Windows: ntpd DoS by oversized UDP packet ++ - fixed error handling for truncated UDP packets. <perlinger@ntp.org> ++* [Sec 3102] Zero origin issues. HStenn. ++* [Sec 3082] null pointer dereference in _IO_str_init_static_internal() ++ - more hardening to read_mru_list(). perlinger@ntp.org ++* [Sec 3072] Attack on interface selection <perlinger@ntp.org> ++ - implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion ++ to skip interface updates based on incoming packets ++* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org> ++* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org ++* [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ - moved retry decision where it belongs. <perlinger@ntp.org> ++* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order ++ using the loopback-ppsapi-provider.dll <perlinger@ntp.org> ++* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org> ++* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org> ++ - fixed extended sysvar lookup (bug introduced with bug 3008 fix) ++* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org> ++ - applied patches by Kurt Roeckx <kurt@roeckx.be> to source ++ - added shim layer for SSL API calls with issues (both directions) ++* [Bug 3089] Serial Parser does not work anymore for hopfser like device ++ - simplified / refactored hex-decoding in driver. <perlinger@ntp.org> ++* [Bug 3084] update-leap mis-parses the leapfile name. HStenn. ++* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org ++ - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com> ++* [Bug 3067] Root distance calculation needs improvement. HStenn. ++* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org ++ - PPS-HACK works again. ++* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org> ++ - applied patch by Brian Utterback <brian.utterback@oracle.com> ++* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. ++* [Bug 3050] Fix for bug #2960 causes [...] spurious error message. ++ <perlinger@ntp.org> ++ - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no> ++* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org ++ - Patch provided by Kuramatsu. ++* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org> ++ - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' ++* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. ++ DMayer and JPerlinger. ++* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger ++* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. ++* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org> ++ - fixed GPS week expansion to work based on build date. Special thanks ++ to Craig Leres for initial patch and testing. ++* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' ++ - fixed Makefile.am <perlinger@ntp.org> ++* [Bug 2689] ATOM driver processes last PPS pulse at startup, ++ even if it is very old <perlinger@ntp.org> ++ - make sure PPS source is alive before processing samples ++ - improve stability close to the 500ms phase jump (phase gate) ++* Fix typos in include/ntp.h. ++* Shim X509_get_signature_nid() if needed. ++* git author attribution cleanup ++* bk ignore file cleanup ++* remove locks in Windows IO, use rpc-like thread synchronisation instead ++ ++--- + (4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org> + + * [Sec 3042] Broadcast Interleave. HStenn. +@@ -19,7 +88,7 @@ + * Fix typo in ntp-wait and plot_summary. HStenn. + * Make sure we have an "author" file for git imports. HStenn. + * Update the sntp problem tests for MacOS. HStenn. +- ++ + --- + (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> + +--- contrib/ntp/CommitLog.orig ++++ contrib/ntp/CommitLog +@@ -1,3 +1,1866 @@ ++ChangeSet@1.3720, 2016-11-21 08:08:21-05:00, stenn@deacon.udel.edu ++ NTP_4_2_8P9 ++ TAG: NTP_4_2_8P9 ++ ++ ChangeLog@1.1852 +1 -0 ++ NTP_4_2_8P9 ++ ++ ntpd/invoke-ntp.conf.texi@1.203 +1 -1 ++ NTP_4_2_8P9 ++ ++ ntpd/invoke-ntp.keys.texi@1.192 +1 -1 ++ NTP_4_2_8P9 ++ ++ ntpd/invoke-ntpd.texi@1.508 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.conf.5man@1.237 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.conf.5mdoc@1.237 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.conf.html@1.187 +157 -154 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.conf.man.in@1.237 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.conf.mdoc.in@1.237 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.keys.5man@1.226 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.keys.5mdoc@1.226 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.keys.html@1.188 +21 -33 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.keys.man.in@1.226 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntp.keys.mdoc.in@1.226 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd-opts.c@1.530 +245 -245 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd-opts.h@1.529 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd.1ntpdman@1.337 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd.1ntpdmdoc@1.337 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd.html@1.181 +142 -186 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd.man.in@1.337 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpd/ntpd.mdoc.in@1.337 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpdc/invoke-ntpdc.texi@1.505 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc-opts.c@1.523 +106 -106 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc-opts.h@1.522 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc.1ntpdcman@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc.html@1.349 +75 -95 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc.man.in@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpdc/ntpdc.mdoc.in@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpq/invoke-ntpq.texi@1.513 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq-opts.c@1.530 +113 -113 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq-opts.h@1.528 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq.1ntpqman@1.341 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq.1ntpqmdoc@1.341 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq.html@1.178 +136 -160 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq.man.in@1.341 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpq/ntpq.mdoc.in@1.341 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.507 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.525 +67 -67 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.524 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd.html@1.176 +10 -14 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ packageinfo.sh@1.532 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.97 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.98 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.99 +30 -42 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.96 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.98 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.101 +1 -1 ++ NTP_4_2_8P9 ++ ++ scripts/invoke-plot_summary.texi@1.119 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/invoke-summary.texi@1.118 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.328 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.64 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.325 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.326 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait.html@1.345 +41 -59 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.325 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.326 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.116 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.66 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.104 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.104 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep.html@1.117 +46 -57 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.104 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.105 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.117 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace-opts@1.66 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.104 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.105 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace.html@1.118 +38 -47 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace.man.in@1.104 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.106 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary-opts@1.67 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary.1plot_summaryman@1.117 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.117 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary.html@1.120 +40 -58 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary.man.in@1.117 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/plot_summary.mdoc.in@1.117 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/summary-opts@1.66 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/summary.1summaryman@1.116 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/summary.1summarymdoc@1.116 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/summary.html@1.119 +37 -49 ++ NTP_4_2_8P9 ++ ++ scripts/summary.man.in@1.116 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/summary.mdoc.in@1.116 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.17 +1 -1 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap-opts@1.17 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.17 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.17 +2 -2 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap.html@1.17 +48 -72 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap.man.in@1.17 +3 -3 ++ NTP_4_2_8P9 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.17 +2 -2 ++ NTP_4_2_8P9 ++ ++ sntp/invoke-sntp.texi@1.505 +2 -2 ++ NTP_4_2_8P9 ++ ++ sntp/sntp-opts.c@1.524 +158 -158 ++ NTP_4_2_8P9 ++ ++ sntp/sntp-opts.h@1.522 +3 -3 ++ NTP_4_2_8P9 ++ ++ sntp/sntp.1sntpman@1.340 +3 -3 ++ NTP_4_2_8P9 ++ ++ sntp/sntp.1sntpmdoc@1.340 +2 -2 ++ NTP_4_2_8P9 ++ ++ sntp/sntp.html@1.520 +111 -135 ++ NTP_4_2_8P9 ++ ++ sntp/sntp.man.in@1.340 +3 -3 ++ NTP_4_2_8P9 ++ ++ sntp/sntp.mdoc.in@1.340 +2 -2 ++ NTP_4_2_8P9 ++ ++ util/invoke-ntp-keygen.texi@1.508 +2 -2 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen-opts.c@1.526 +172 -172 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen-opts.h@1.524 +3 -3 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen.1ntp-keygenman@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen.html@1.182 +157 -216 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen.man.in@1.336 +3 -3 ++ NTP_4_2_8P9 ++ ++ util/ntp-keygen.mdoc.in@1.336 +2 -2 ++ NTP_4_2_8P9 ++ ++ChangeSet@1.3719, 2016-11-21 07:07:04-05:00, stenn@deacon.udel.edu ++ ntp-4.2.8p9 ++ ++ packageinfo.sh@1.531 +1 -1 ++ ntp-4.2.8p9 ++ ++ChangeSet@1.3718, 2016-11-21 03:47:58+00:00, stenn@psp-deb1.ntp.org ++ NEWS updates, final p9 testing ++ ++ NEWS@1.203 +25 -17 ++ NEWS updates, final p9 testing ++ ++ packageinfo.sh@1.530 +2 -2 ++ NEWS updates, final p9 testing ++ ++ChangeSet@1.3717, 2016-11-18 10:33:02+00:00, stenn@psp-deb1.ntp.org ++ NEWS update for 3142 ++ ++ NEWS@1.202 +2 -1 ++ NEWS update for 3142 ++ ++ChangeSet@1.3686.23.1, 2016-11-18 08:55:13+01:00, perlinger@ntp.org ++ [Bug 3142] bug in netmask prefix length detection ++ ++ ChangeLog@1.1834.23.1 +3 -0 ++ [Bug 3142] bug in netmask prefix length detection ++ ++ lib/isc/netaddr.c@1.15 +0 -1 ++ [Bug 3142] bug in netmask prefix length detection ++ ++ChangeSet@1.3715, 2016-11-16 21:25:49-08:00, harlan@fb-x86-a.pfcs.com ++ NEWS file update ++ ++ NEWS@1.201 +7 -22 ++ NEWS file update ++ ++ChangeSet@1.3707.1.1, 2016-11-13 21:59:31-08:00, harlan@fb-x86-a.pfcs.com ++ cleanup ++ ++ NEWS@1.197.1.1 +201 -77 ++ cleanup ++ ++ChangeSet@1.3713, 2016-11-13 21:56:18-08:00, harlan@hms-mbp11.pfcs.com ++ cleanip ++ ++ ChangeLog@1.1850 +2 -0 ++ cleanip ++ ++ChangeSet@1.3712, 2016-11-13 02:43:02+00:00, stenn@psp-deb1.ntp.org ++ NEWS updates ++ ++ NEWS@1.199 +17 -0 ++ NEWS updates ++ ++ChangeSet@1.3710, 2016-11-13 02:30:31+00:00, stenn@psp-deb1.ntp.org ++ NEWS cleanup ++ ++ NEWS@1.198 +2 -0 ++ NEWS cleanup ++ ++ChangeSet@1.3707, 2016-11-12 17:36:54-08:00, harlan@fb-x86-a.pfcs.com ++ NEWS cleanup ++ ++ NEWS@1.197 +41 -6 ++ NEWS cleanup ++ ++ChangeSet@1.3706, 2016-11-12 16:55:59-08:00, harlan@fb-x86-a.pfcs.com ++ [Bug 3067] Root distance calculation needs improvement. HStenn ++ ++ ChangeLog@1.1846.1.2 +1 -0 ++ [Bug 3067] Root distance calculation needs improvement. HStenn ++ ++ NEWS@1.196 +1 -0 ++ [Bug 3067] Root distance calculation needs improvement. HStenn ++ ++ ntpd/ntp_proto.c@1.396 +16 -11 ++ [Bug 3067] Root distance calculation needs improvement. HStenn ++ ++ChangeSet@1.3705, 2016-11-12 15:57:34-08:00, harlan@fb-x86-a.pfcs.com ++ [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org ++ ++ ChangeLog@1.1846.1.1 +1 -0 ++ [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org ++ ++ NEWS@1.195 +1 -0 ++ [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org ++ ++ ntpd/refclock_gpsdjson.c@1.25 +1 -1 ++ [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org ++ ++ChangeSet@1.3686.22.1, 2016-11-12 05:54:39+01:00, perlinger@ntp.org ++ [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ ++ ChangeLog@1.1834.22.1 +4 -0 ++ [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ ++ include/ntp_intres.h@1.2 +6 -0 ++ [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ - add flags and prototype for 'getaddrinfo_sometime_ex()' ++ ++ libntp/ntp_intres.c@1.101 +48 -14 ++ [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ - implement 'getaddrinfo_sometime_ex()', support ignoring all errors ++ ++ ntpd/ntp_config.c@1.338.1.1 +11 -10 ++ [Bug 3129] Unknown hosts can put resolver thread into a hard loop ++ - move decison about igoring DNS errors to resolver code ++ ++ChangeSet@1.3703.1.2, 2016-11-09 12:32:07+00:00, stenn@psp-deb1.ntp.org ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ChangeLog@1.1848 +1 -1 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ html/miscopt.html@1.87 +4 -2 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ include/ntp.h@1.223 +1 -0 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ include/ntpd.h@1.194 +1 -0 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/complete.conf.in@1.32 +1 -1 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/invoke-ntp.conf.texi@1.202 +16 -1 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/keyword-gen-utd@1.29 +1 -1 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/keyword-gen.c@1.35 +1 -0 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp.conf.5man@1.236 +29 -8 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp.conf.5mdoc@1.236 +21 -2 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp.conf.def@1.25 +19 -0 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp.conf.man.in@1.236 +29 -8 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp.conf.mdoc.in@1.236 +21 -2 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_config.c@1.339 +15 -0 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_keyword.h@1.31 +1068 -1058 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_parser.c@1.103 +1196 -1193 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_parser.h@1.67 +373 -371 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_parser.y@1.93 +3 -1 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ ntpd/ntp_proto.c@1.394.1.2 +43 -26 ++ [Bug 3114] bcpollbstep, tweaks and cleanup ++ ++ChangeSet@1.3703, 2016-11-09 06:06:04+00:00, stenn@psp-deb1.ntp.org ++ typo ++ ++ ChangeLog@1.1846 +1 -1 ++ typo ++ ++ChangeSet@1.3686.21.1, 2016-11-08 20:01:41+01:00, perlinger@ntp.org ++ [Bug 3089] Serial Parser does not work anymore for hopfser like device ++ ++ ChangeLog@1.1834.21.1 +4 -0 ++ [Bug 3089] Serial Parser does not work anymore for hopfser like device ++ ++ libparse/clk_hopf6021.c@1.13 +43 -25 ++ [Bug 3089] Serial Parser does not work anymore for hopfser like device ++ - simplified / refactored hex-decoding in driver. ++ ++ChangeSet@1.3698.2.1, 2016-11-03 17:02:24-07:00, harlan@max.pfcs.com ++ Added leap smear/root dispersion comment ++ ++ ntpd/ntp_proto.c@1.393.1.1 +4 -0 ++ Added leap smear/root dispersion comment ++ ++ChangeSet@1.3699.1.2, 2016-10-31 10:56:33+00:00, stenn@psp-deb1.ntp.org ++ Add bug 3125 to the NEWS file ++ ++ NEWS@1.194 +2 -0 ++ Add bug 3125 to the NEWS file ++ ++ChangeSet@1.3701, 2016-10-24 07:37:25+02:00, perlinger@ntp.org ++ [winio2 - unlocked] ++ - the great lock removal ++ - the great renaming ++ ++ ChangeLog@1.1844 +1 -0 ++ [winio2 - unlocked] notes on changes ++ ++ ntpd/ntp_refclock.c@1.123 +1 -1 ++ [winio2 - unlocked] ++ - whitespace at EOL ++ ++ ports/winnt/include/ntp_iocpltypes.h@1.3 +21 -24 ++ [winio2 - unlocked] ++ - eliminate critical section, simplify API ++ - the great renaming ++ ++ ports/winnt/ntpd/ntp_iocompletionport.c@1.77 +331 -209 ++ [winio2 - unlocked] ++ - the great lock removal ++ - handle context objects are only manipulated by IOCPL thread ++ - closing handles is done by main thread after informing IOCPL thread (RPC-style) ++ - the great renaming ++ - restructured UNIX line mode emulation ++ ++ ports/winnt/ntpd/ntp_iocpltypes.c@1.3 +31 -95 ++ [winio2 - unlocked] ++ - eliminate critical section, simplify API ++ - the great renaming ++ ++ ++ChangeSet@1.3698.1.7, 2016-10-23 05:18:04+00:00, stenn@psp-deb1.ntp.org ++ ntp-4.2.8p9-PRE ++ ++ ntpd/invoke-ntp.conf.texi@1.201 +1 -1 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/invoke-ntp.keys.texi@1.191 +1 -1 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/invoke-ntpd.texi@1.507 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.conf.5man@1.235 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.conf.5mdoc@1.235 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.conf.html@1.186 +104 -91 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.conf.man.in@1.235 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.conf.mdoc.in@1.235 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.keys.5man@1.225 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.keys.5mdoc@1.225 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.keys.html@1.187 +29 -17 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.keys.man.in@1.225 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntp.keys.mdoc.in@1.225 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd-opts.c@1.529 +245 -245 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd-opts.h@1.528 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd.1ntpdman@1.336 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd.1ntpdmdoc@1.336 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd.html@1.180 +146 -102 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd.man.in@1.336 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpd/ntpd.mdoc.in@1.336 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/invoke-ntpdc.texi@1.504 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc-opts.c@1.522 +106 -106 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc-opts.h@1.521 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc.1ntpdcman@1.335 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.335 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc.html@1.348 +77 -57 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc.man.in@1.335 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpdc/ntpdc.mdoc.in@1.335 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/invoke-ntpq.texi@1.512 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq-opts.c@1.529 +113 -113 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq-opts.h@1.527 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq.1ntpqman@1.340 +3 -3 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq.1ntpqmdoc@1.340 +2 -2 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq.html@1.177 +129 -105 ++ ntp-4.2.8p9-PRE ++ ++ ntpq/ntpq.man.in@1.340 +3 -3 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221627.uBMGRsQ3027171>