Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 Sep 2018 04:10:27 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r338531 - in stable/10: contrib/ntp contrib/ntp/html contrib/ntp/include contrib/ntp/libntp contrib/ntp/ntpd contrib/ntp/ntpdate contrib/ntp/ntpdc contrib/ntp/ntpq contrib/ntp/ntpsnmpd ...
Message-ID:  <201809080410.w884ARW4080210@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Sat Sep  8 04:10:26 2018
New Revision: 338531
URL: https://svnweb.freebsd.org/changeset/base/338531

Log:
  MFC r338126: MFV r338092: ntp 4.2.8p12.
  
  Relnotes:	yes

Modified:
  stable/10/contrib/ntp/ChangeLog
  stable/10/contrib/ntp/NEWS
  stable/10/contrib/ntp/config.h.in
  stable/10/contrib/ntp/configure
  stable/10/contrib/ntp/configure.ac
  stable/10/contrib/ntp/html/authentic.html
  stable/10/contrib/ntp/html/authopt.html
  stable/10/contrib/ntp/html/confopt.html
  stable/10/contrib/ntp/html/keygen.html
  stable/10/contrib/ntp/html/ntpdate.html
  stable/10/contrib/ntp/include/ntp.h
  stable/10/contrib/ntp/include/ntp_md5.h
  stable/10/contrib/ntp/libntp/a_md5encrypt.c
  stable/10/contrib/ntp/libntp/ntp_calendar.c
  stable/10/contrib/ntp/libntp/prettydate.c
  stable/10/contrib/ntp/libntp/ssl_init.c
  stable/10/contrib/ntp/libntp/syssignal.c
  stable/10/contrib/ntp/libntp/work_fork.c
  stable/10/contrib/ntp/libntp/work_thread.c
  stable/10/contrib/ntp/ntpd/complete.conf.in
  stable/10/contrib/ntp/ntpd/invoke-ntp.conf.texi
  stable/10/contrib/ntp/ntpd/invoke-ntp.keys.texi
  stable/10/contrib/ntp/ntpd/invoke-ntpd.texi
  stable/10/contrib/ntp/ntpd/ntp.conf.5man
  stable/10/contrib/ntp/ntpd/ntp.conf.5mdoc
  stable/10/contrib/ntp/ntpd/ntp.conf.def
  stable/10/contrib/ntp/ntpd/ntp.conf.html
  stable/10/contrib/ntp/ntpd/ntp.conf.man.in
  stable/10/contrib/ntp/ntpd/ntp.conf.mdoc.in
  stable/10/contrib/ntp/ntpd/ntp.keys.5man
  stable/10/contrib/ntp/ntpd/ntp.keys.5mdoc
  stable/10/contrib/ntp/ntpd/ntp.keys.def
  stable/10/contrib/ntp/ntpd/ntp.keys.html
  stable/10/contrib/ntp/ntpd/ntp.keys.man.in
  stable/10/contrib/ntp/ntpd/ntp.keys.mdoc.in
  stable/10/contrib/ntp/ntpd/ntp_config.c
  stable/10/contrib/ntp/ntpd/ntp_control.c
  stable/10/contrib/ntp/ntpd/ntp_io.c
  stable/10/contrib/ntp/ntpd/ntp_loopfilter.c
  stable/10/contrib/ntp/ntpd/ntp_parser.c
  stable/10/contrib/ntp/ntpd/ntp_parser.h
  stable/10/contrib/ntp/ntpd/ntp_proto.c
  stable/10/contrib/ntp/ntpd/ntp_refclock.c
  stable/10/contrib/ntp/ntpd/ntp_request.c
  stable/10/contrib/ntp/ntpd/ntpd-opts.c
  stable/10/contrib/ntp/ntpd/ntpd-opts.h
  stable/10/contrib/ntp/ntpd/ntpd.1ntpdman
  stable/10/contrib/ntp/ntpd/ntpd.1ntpdmdoc
  stable/10/contrib/ntp/ntpd/ntpd.c
  stable/10/contrib/ntp/ntpd/ntpd.html
  stable/10/contrib/ntp/ntpd/ntpd.man.in
  stable/10/contrib/ntp/ntpd/ntpd.mdoc.in
  stable/10/contrib/ntp/ntpd/rc_cmdlength.c
  stable/10/contrib/ntp/ntpd/refclock_datum.c
  stable/10/contrib/ntp/ntpd/refclock_gpsdjson.c
  stable/10/contrib/ntp/ntpd/refclock_jupiter.c
  stable/10/contrib/ntp/ntpd/refclock_shm.c
  stable/10/contrib/ntp/ntpd/refclock_true.c
  stable/10/contrib/ntp/ntpdate/ntpdate.c
  stable/10/contrib/ntp/ntpdc/invoke-ntpdc.texi
  stable/10/contrib/ntp/ntpdc/ntpdc-opts.c
  stable/10/contrib/ntp/ntpdc/ntpdc-opts.h
  stable/10/contrib/ntp/ntpdc/ntpdc.1ntpdcman
  stable/10/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc
  stable/10/contrib/ntp/ntpdc/ntpdc.c
  stable/10/contrib/ntp/ntpdc/ntpdc.html
  stable/10/contrib/ntp/ntpdc/ntpdc.man.in
  stable/10/contrib/ntp/ntpdc/ntpdc.mdoc.in
  stable/10/contrib/ntp/ntpq/invoke-ntpq.texi
  stable/10/contrib/ntp/ntpq/ntpq-opts.c
  stable/10/contrib/ntp/ntpq/ntpq-opts.h
  stable/10/contrib/ntp/ntpq/ntpq-subs.c
  stable/10/contrib/ntp/ntpq/ntpq.1ntpqman
  stable/10/contrib/ntp/ntpq/ntpq.1ntpqmdoc
  stable/10/contrib/ntp/ntpq/ntpq.c
  stable/10/contrib/ntp/ntpq/ntpq.html
  stable/10/contrib/ntp/ntpq/ntpq.man.in
  stable/10/contrib/ntp/ntpq/ntpq.mdoc.in
  stable/10/contrib/ntp/ntpq/ntpq.texi
  stable/10/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd.html
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in
  stable/10/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in
  stable/10/contrib/ntp/packageinfo.sh
  stable/10/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
  stable/10/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
  stable/10/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html
  stable/10/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in
  stable/10/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in
  stable/10/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi
  stable/10/contrib/ntp/scripts/invoke-plot_summary.texi
  stable/10/contrib/ntp/scripts/invoke-summary.texi
  stable/10/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait-opts
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait.html
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in
  stable/10/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in
  stable/10/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep-opts
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep.html
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in
  stable/10/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in
  stable/10/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace-opts
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace.html
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace.man.in
  stable/10/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in
  stable/10/contrib/ntp/scripts/plot_summary-opts
  stable/10/contrib/ntp/scripts/plot_summary.1plot_summaryman
  stable/10/contrib/ntp/scripts/plot_summary.1plot_summarymdoc
  stable/10/contrib/ntp/scripts/plot_summary.html
  stable/10/contrib/ntp/scripts/plot_summary.man.in
  stable/10/contrib/ntp/scripts/plot_summary.mdoc.in
  stable/10/contrib/ntp/scripts/summary-opts
  stable/10/contrib/ntp/scripts/summary.1summaryman
  stable/10/contrib/ntp/scripts/summary.1summarymdoc
  stable/10/contrib/ntp/scripts/summary.html
  stable/10/contrib/ntp/scripts/summary.man.in
  stable/10/contrib/ntp/scripts/summary.mdoc.in
  stable/10/contrib/ntp/scripts/update-leap/invoke-update-leap.texi
  stable/10/contrib/ntp/scripts/update-leap/update-leap-opts
  stable/10/contrib/ntp/scripts/update-leap/update-leap.1update-leapman
  stable/10/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc
  stable/10/contrib/ntp/scripts/update-leap/update-leap.html
  stable/10/contrib/ntp/scripts/update-leap/update-leap.man.in
  stable/10/contrib/ntp/scripts/update-leap/update-leap.mdoc.in
  stable/10/contrib/ntp/sntp/config.h.in
  stable/10/contrib/ntp/sntp/configure
  stable/10/contrib/ntp/sntp/crypto.c
  stable/10/contrib/ntp/sntp/include/version.def
  stable/10/contrib/ntp/sntp/include/version.texi
  stable/10/contrib/ntp/sntp/invoke-sntp.texi
  stable/10/contrib/ntp/sntp/m4/ntp_libntp.m4
  stable/10/contrib/ntp/sntp/m4/ntp_openssl.m4
  stable/10/contrib/ntp/sntp/m4/version.m4
  stable/10/contrib/ntp/sntp/main.c
  stable/10/contrib/ntp/sntp/sntp-opts.c
  stable/10/contrib/ntp/sntp/sntp-opts.h
  stable/10/contrib/ntp/sntp/sntp.1sntpman
  stable/10/contrib/ntp/sntp/sntp.1sntpmdoc
  stable/10/contrib/ntp/sntp/sntp.html
  stable/10/contrib/ntp/sntp/sntp.man.in
  stable/10/contrib/ntp/sntp/sntp.mdoc.in
  stable/10/contrib/ntp/sntp/tests/crypto.c
  stable/10/contrib/ntp/sntp/tests/packetProcessing.c
  stable/10/contrib/ntp/sntp/version.c
  stable/10/contrib/ntp/util/invoke-ntp-keygen.texi
  stable/10/contrib/ntp/util/ntp-keygen-opts.c
  stable/10/contrib/ntp/util/ntp-keygen-opts.def
  stable/10/contrib/ntp/util/ntp-keygen-opts.h
  stable/10/contrib/ntp/util/ntp-keygen.1ntp-keygenman
  stable/10/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc
  stable/10/contrib/ntp/util/ntp-keygen.html
  stable/10/contrib/ntp/util/ntp-keygen.man.in
  stable/10/contrib/ntp/util/ntp-keygen.mdoc.in
  stable/10/contrib/ntp/util/ntp-keygen.texi
  stable/10/contrib/ntp/util/sht.c
  stable/10/usr.sbin/ntp/config.h
  stable/10/usr.sbin/ntp/doc/ntp-keygen.8
  stable/10/usr.sbin/ntp/doc/ntp.conf.5
  stable/10/usr.sbin/ntp/doc/ntp.keys.5
  stable/10/usr.sbin/ntp/doc/ntpd.8
  stable/10/usr.sbin/ntp/doc/ntpdc.8
  stable/10/usr.sbin/ntp/doc/ntpq.8
  stable/10/usr.sbin/ntp/doc/sntp.8
  stable/10/usr.sbin/ntp/scripts/mkver
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/contrib/ntp/ChangeLog
==============================================================================
--- stable/10/contrib/ntp/ChangeLog	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/ChangeLog	Sat Sep  8 04:10:26 2018	(r338531)
@@ -1,5 +1,69 @@
 ---
+(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
 
+* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
+  - fixed stack buffer overflow in the openhost() command-line call
+    of NTPQ/NTPDC <perlinger@ntp.org>
+* [Sec 3012] noepeer tweaks.  <stenn@ntp.org>
+* [Bug 3521] Fix a logic bug in the INVALIDNAK checks.  <stenn@ntp.org>
+* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
+             other TrustedBSD platforms
+  - applied patch by Ian Lepore <perlinger@ntp.org>
+* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
+  - changed interaction with SCM to signal pending startup
+* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
+  - rework of ntpq 'nextvar()' key/value parsing
+* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
+  - applied patch by Gerry Garvey (with mods)
+* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
+  - applied patch by Gerry Garvey (with mods)
+* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
+  - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
+* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3471] Check for openssl/[ch]mac.h.  HStenn.
+  - add #define ENABLE_CMAC support in configure.  HStenn.
+* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
+* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
+  - patch by Stephen Friedl
+* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
+  - fixed IO redirection and CTRL-C handling in ntq and ntpdc
+* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
+* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
+  - initial patch by Hal Murray; also fixed refclock_report() trouble
+* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph.  <stenn@ntp.org>
+* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
+  - According to Brooks Davis, there was only one location <perlinger@ntp.org>
+* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
+  - applied patch by Gerry Garvey
+* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
+  with modifications
+  New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
+* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
+  - applied patch by Miroslav Lichvar
+* [Bug 3426] ntpdate.html -t default is 2 seconds.  Leonid Evdokimov.
+* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
+  - integrated patch by  Reinhard Max
+* [Bug 2821] minor build issues <perlinger@ntp.org>
+  - applied patches by Christos Zoulas, including real bug fixes
+* html/authopt.html: cleanup, from <stenn@ntp.org>
+* ntpd/ntpd.c: DROPROOT cleanup.  <stenn@ntp.org>
+* Symmetric key range is 1-65535.  Update docs.  <stenn@ntp.org>
+* html/authentic.html: cleanup, from <stenn@ntp.org>
+
+---
+(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org>
+
 * [Sec 3454] Unauthenticated packet can reset authenticated interleave
   associations.  HStenn.
 * [Sec 3453] Interleaved symmetric mode cannot recover from bad state.  HStenn.
@@ -14,16 +78,16 @@
  - applied patch by Sean Haugh 
 * [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
 * [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
+  - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
 * [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
   - refactoring the MAC code, too
 * [Bug 3441] Validate the assumption that AF_UNSPEC is 0.  stenn@ntp.org
 * [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- - applied patch by ggarvey
+  - applied patch by ggarvey
 * [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- - applied patch by ggarvey (with minor mods)
+  - applied patch by ggarvey (with minor mods)
 * [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
+  - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
 * [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
 * [Bug 3433] sntp crashes when run with -a.  <stenn@ntp.org>
 * [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"

Modified: stable/10/contrib/ntp/NEWS
==============================================================================
--- stable/10/contrib/ntp/NEWS	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/NEWS	Sat Sep  8 04:10:26 2018	(r338531)
@@ -1,7 +1,78 @@
 --
-NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
+NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
 
 NOTE: this NEWS file will be undergoing more revisions.
+
+Focus: Security, Bug fixes, enhancements.
+
+Severity: MEDIUM
+
+This release fixes a "hole" in the noepeer capability introduced to ntpd
+in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
+ntpq and ntpdc.  It also provides 26 other bugfixes, and 4 other improvements:
+
+* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
+
+* [Sec 3012] Fix a hole in the new "noepeer" processing.
+
+* Bug Fixes:
+ [Bug 3521] Fix a logic bug in the INVALIDNAK checks.  <stenn@ntp.org>
+ [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
+            other TrustedBSD platforms
+ - applied patch by Ian Lepore <perlinger@ntp.org>
+ [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
+ - changed interaction with SCM to signal pending startup
+ [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
+ - rework of ntpq 'nextvar()' key/value parsing
+ [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods)
+ [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods)
+ [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
+ [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3471] Check for openssl/[ch]mac.h.  HStenn.
+ - add #define ENABLE_CMAC support in configure.  HStenn.
+ [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
+ [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
+ - patch by Stephen Friedl
+ [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
+ - fixed IO redirection and CTRL-C handling in ntq and ntpdc
+ [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
+ [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
+ - initial patch by Hal Murray; also fixed refclock_report() trouble
+ [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph.  <stenn@ntp.org>
+ [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
+ - According to Brooks Davis, there was only one location <perlinger@ntp.org>
+ [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
+ with modifications
+ New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
+ [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
+ - applied patch by Miroslav Lichvar
+ [Bug 3426] ntpdate.html -t default is 2 seconds.  Leonid Evdokimov.
+ [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
+ - integrated patch by  Reinhard Max
+ [Bug 2821] minor build issues <perlinger@ntp.org>
+ - applied patches by Christos Zoulas, including real bug fixes
+ html/authopt.html: cleanup, from <stenn@ntp.org>
+ ntpd/ntpd.c: DROPROOT cleanup.  <stenn@ntp.org>
+ Symmetric key range is 1-65535.  Update docs.   <stenn@ntp.org>
+
+--
+NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
 
 Focus: Security, Bug fixes, enhancements.
 

Modified: stable/10/contrib/ntp/config.h.in
==============================================================================
--- stable/10/contrib/ntp/config.h.in	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/config.h.in	Sat Sep  8 04:10:26 2018	(r338531)
@@ -311,6 +311,9 @@
 /* Provide the explicit 127.0.0.0/8 martian filter? */
 #undef ENABLE_BUG3020_FIX
 
+/* Enable CMAC support? */
+#undef ENABLE_CMAC
+
 /* nls support in libopts */
 #undef ENABLE_NLS
 
@@ -372,6 +375,14 @@
 /* Define to 1 if you have the `daemon' function. */
 #undef HAVE_DAEMON
 
+/* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you
+   don't. */
+#undef HAVE_DECL_SIGLONGJMP
+
+/* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you
+   don't. */
+#undef HAVE_DECL_SIGSETJMP
+
 /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
    don't. */
 #undef HAVE_DECL_STRERROR_R
@@ -653,6 +664,12 @@
 /* if you have NT Threads */
 #undef HAVE_NT_THREADS
 
+/* Define to 1 if you have the <openssl/cmac.h> header file. */
+#undef HAVE_OPENSSL_CMAC_H
+
+/* Define to 1 if you have the <openssl/hmac.h> header file. */
+#undef HAVE_OPENSSL_HMAC_H
+
 /* Define to 1 if the system has the type `pid_t'. */
 #undef HAVE_PID_T
 
@@ -957,6 +974,9 @@
 /* Define to 1 if you have the <sys/lock.h> header file. */
 #undef HAVE_SYS_LOCK_H
 
+/* Define to 1 if you have the <sys/mac.h> header file. */
+#undef HAVE_SYS_MAC_H
+
 /* Define to 1 if you have the <sys/mman.h> header file. */
 #undef HAVE_SYS_MMAN_H
 
@@ -1116,6 +1136,9 @@
 
 /* Do we have the TIO serial stuff? */
 #undef HAVE_TIO_SERIAL_STUFF
+
+/* Are TrustedBSD MAC policy privileges available? */
+#undef HAVE_TRUSTEDBSD_MAC
 
 /* Define to 1 if the system has the type `uint16_t'. */
 #undef HAVE_UINT16_T

Modified: stable/10/contrib/ntp/configure
==============================================================================
--- stable/10/contrib/ntp/configure	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/configure	Sat Sep  8 04:10:26 2018	(r338531)
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
+# Generated by GNU Autoconf 2.69 for ntp 4.2.8p12.
 #
 # Report bugs to <http://bugs.ntp.org./>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='ntp'
 PACKAGE_TARNAME='ntp'
-PACKAGE_VERSION='4.2.8p11'
-PACKAGE_STRING='ntp 4.2.8p11'
+PACKAGE_VERSION='4.2.8p12'
+PACKAGE_STRING='ntp 4.2.8p12'
 PACKAGE_BUGREPORT='http://bugs.ntp.org./'
 PACKAGE_URL='http://www.ntp.org./'
 
@@ -968,6 +968,7 @@ enable_c99_snprintf
 enable_clockctl
 enable_linuxcaps
 enable_solarisprivs
+enable_trustedbsd_mac
 with_arlib
 with_net_snmp_config
 enable_libseccomp
@@ -1614,7 +1615,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
+\`configure' configures ntp 4.2.8p12 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1684,7 +1685,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
+     short | recursive ) echo "Configuration of ntp 4.2.8p12:";;
    esac
   cat <<\_ACEOF
 
@@ -1731,6 +1732,8 @@ Optional Features and Packages:
   --enable-clockctl       s Use /dev/clockctl for non-root clock control
   --enable-linuxcaps      + Use Linux capabilities for non-root clock control
   --enable-solarisprivs   + Use Solaris privileges for non-root clock control
+  --enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock
+                          control
   --with-arlib            - deprecated, arlib not distributed
   --with-net-snmp-config  + =net-snmp-config
   --enable-libseccomp     EXPERIMENTAL: enable support for libseccomp
@@ -1923,7 +1926,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ntp configure 4.2.8p11
+ntp configure 4.2.8p12
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2632,7 +2635,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ntp $as_me 4.2.8p11, which was
+It was created by ntp $as_me 4.2.8p12, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3633,7 +3636,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='ntp'
- VERSION='4.2.8p11'
+ VERSION='4.2.8p12'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -24026,7 +24029,40 @@ esac
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5
 $as_echo "$ntp_have_solarisprivs" >&6; }
 
-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
+for ac_header in sys/mac.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_mac_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_MAC_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# Check whether --enable-trustedbsd_mac was given.
+if test "${enable_trustedbsd_mac+set}" = set; then :
+  enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5
+$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; }
+
+case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
+ yesyes)
+
+$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h
+
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5
+$as_echo "$ntp_use_trustedbsd_mac" >&6; }
+
+case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
  *yes*)
 
 $as_echo "#define HAVE_DROPROOT 1" >>confdefs.h
@@ -30311,7 +30347,20 @@ $as_echo "$ntp_openssl" >&6; }
 
 case "$ntp_openssl" in
  yes)
+    for ac_header in openssl/cmac.h openssl/hmac.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+
+done
+
+
 $as_echo "#define OPENSSL /**/" >>confdefs.h
 
     case "$VER_SUFFIX" in
@@ -30534,9 +30583,24 @@ LIBS="$NTPO_SAVED_LIBS"
 { ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;}
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5
+$as_echo_n "checking if we want to enable CMAC support... " >&6; }
+case "$ac_cv_header_openssl_cmac_h" in
+ yes)
 
+$as_echo "#define ENABLE_CMAC 1" >>confdefs.h
 
+    ans="yes"
+    ;;
+ *) ans="no"
+    ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
+$as_echo "$ans" >&6; }
 
+
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to use OpenSSL's crypto random (if available)" >&5
 $as_echo_n "checking if we want to use OpenSSL's crypto random (if available)... " >&6; }
 # Check whether --enable-openssl-random was given.
@@ -33223,7 +33287,33 @@ fi
 
 ###
 
+ac_fn_c_check_decl "$LINENO" "sigsetjmp" "ac_cv_have_decl_sigsetjmp" "#include <setjmp.h>
+"
+if test "x$ac_cv_have_decl_sigsetjmp" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
 
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SIGSETJMP $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "siglongjmp" "ac_cv_have_decl_siglongjmp" "#include <setjmp.h>
+"
+if test "x$ac_cv_have_decl_siglongjmp" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SIGLONGJMP $ac_have_decl
+_ACEOF
+
+
+###
+
+
   prefix_NONE=
   exec_prefix_NONE=
   test "x$prefix" = xNONE && prefix_NONE=yes && prefix=$ac_default_prefix
@@ -33964,7 +34054,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ntp $as_me 4.2.8p11, which was
+This file was extended by ntp $as_me 4.2.8p12, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -34031,7 +34121,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ntp config.status 4.2.8p11
+ntp config.status 4.2.8p12
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

Modified: stable/10/contrib/ntp/configure.ac
==============================================================================
--- stable/10/contrib/ntp/configure.ac	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/configure.ac	Sat Sep  8 04:10:26 2018	(r338531)
@@ -3014,6 +3014,17 @@ AC_MSG_RESULT([$ans])
 
 NTP_OPENSSL
 
+AC_MSG_CHECKING([if we want to enable CMAC support])
+case "$ac_cv_header_openssl_cmac_h" in
+ yes)
+    AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?])
+    ans="yes"
+    ;;
+ *) ans="no"
+    ;;
+esac
+AC_MSG_RESULT([$ans])
+
 NTP_CRYPTO_RAND
 
 # if we are using OpenSSL (--with-crypto), by default Autokey is enabled
@@ -4377,6 +4388,10 @@ dnl  can't be conditionalized.
 NTP_GOOGLETEST
 
 NTP_PROBLEM_TESTS
+
+###
+
+AC_CHECK_DECLS([sigsetjmp,siglongjmp], [], [], [[#include <setjmp.h>]])
 
 ###
 

Modified: stable/10/contrib/ntp/html/authentic.html
==============================================================================
--- stable/10/contrib/ntp/html/authentic.html	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/html/authentic.html	Sat Sep  8 04:10:26 2018	(r338531)
@@ -1,91 +1,223 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
-<head>
-<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-<meta name="generator" content="HTML Tidy, see www.w3.org">
-<title>Authentication Support</title>
-<link href="scripts/style.css" type="text/css" rel="stylesheet">
-<style type="text/css">
-<!--
-<style1 {
-color: #FF0000;
- font-weight: bold;
-}
-.style1 {color: #FF0000}
--->
-</style>
-</head>
-<body>
-<h3>Authentication Support</h3>
-<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-<p>Our resident cryptographer; now you see him, now you don't.</p>
-<p>Last update:
-  <!-- #BeginDate format:En2m -->5-Feb-2016  09:13<!-- #EndDate -->
-  UTC</p>
-<br clear="left">
-<h4>Related Links</h4>
-<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
-<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
-<h4>Table of Contents</h4>
-<ul>
-  <li class="inline"><a href="#auth">Introduction</a></li>
-  <li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
-  <li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
-  <li class="inline"><a href="#pub">Public Key Cryptography</a></li>
-</ul>
-<hr>
-<h4 id="auth">Introduction</h4>
-<p>This page describes the various cryptographic authentication provisions in NTPv4.  Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server.  A detailed discussion of the NTP multi-layer security model and vulnerability analysis is in the white paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP Security Analysis</a>.</p>
-<p> The NTPv3 specification (RFC-1305) defined an authentication scheme properly described as <em>symmetric key cryptography</em>.  It used the Data Encryption Standard (DES) algorithm operating in cipher-block chaining (CBC) mode.  Subsequently, this algorithm was replaced by the RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5.  Either algorithm computes a message digest or one-way hash which can be used to verify the client has the same message digest as the server.  The MD5 message digest algorithm is included in the distribution, so without further cryptographic support, the distribution can be freely exported.</p>
-<p>If the OpenSSL cryptographic library is installed prior to building the distribution, all message digest algorithms included in the library may be used, including SHA and SHA1.  However, if conformance to FIPS 140-2 is required, only a limited subset of these algorithms can be used.  This library is available from <a href="http://www.openssl.org">http://www.openssl.org</a>; and can be installed using the procedures outlined in the <a href="build.html">Building and Installing the Distribution</a> page.  Once installed, the configure and build process automatically detects the library and links the library routines
-required.</p>
-<p>In addition to the symmetric key algorithms, this distribution includes support for the Autokey public key algorithms and protocol specified in RFC-5906 &quot;Network Time Protocol Version 4: Autokey Specification&quot;.  This support is available only if the OpenSSL library has been installed and the <tt>--enable-autokey</tt> option is used when the distribution is built.</p>
-<p> Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed.  Autokey uses X.509 public certificates, which can be produced by commercial services, the OpenSSL application program, or the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in the NTP software distribution.</p>
-<p>Note that according to US law, NTP binaries including OpenSSL library components, including the OpenSSL library itself, cannot be exported outside the US without license from the US Department of Commerce.  Builders outside the US are advised to obtain the OpenSSL library directly from OpenSSL, which is outside the US, and build outside the US.</p>
-<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> configuration command, as described in the <a href="confopt.html">Server Options</a> page.  The <a href="keygen.html">ntp-keygen</a> page describes the files required for the various authentication schemes.  Further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p>;
-<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets.  If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not.  In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command.  In the current climate of targeted broadcast or &quot;letterbomb&quot; attacks, defeating this requirement would be decidedly dangerous.  In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p>
-<h4 id="symm">Symmetric Key Cryptography</h4>
-<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association.  The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p>
-<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC.  When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header.  The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest.  The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC.  On transmit, the message digest is computed and inserted in the MAC.  On receive, the message digest is computed and compared with the MAC.  The packet is accepted only if the two MACs are identical.  If a discrepancy is found by the client, the client ignores the packet, but raises an alarm.  If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>.  Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto
 -NAK.</p>
-<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself.  Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.  Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p>
-<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time.  If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library.  If the OpenSSL library is not installed, the only permitted key type is MD5.</p>
-<table>
-  <caption style="caption-side: bottom;">
-    Figure 1. Typical Symmetric Key File
-  </caption>
-  <tr><td style="border: 1px solid black; border-spacing: 0;">
-	<pre style="color:grey;">
-# ntpkey_MD5key_bk.ntp.org.3595864945
-# Thu Dec 12 19:22:25 2013
+  <head>
+    <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+    <meta name="generator" content="HTML Tidy, see www.w3.org">
+    <title>Authentication Support</title>
+    <!-- Changed by: Harlan Stenn, 24-Jul-2018 -->
+    <link href="scripts/style.css" type="text/css" rel="stylesheet">
+    <style type="text/css">
+      <!--
+	  <style1 {
+		  color: #FF0000;
+		  font-weight: bold;
+		  }
+		  .style1 {color: #FF0000}
+		  -->
+    </style>
+  </head>
+  <body>
+    <h3>Authentication Support</h3>
+    <img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+    <p>Our resident cryptographer; now you see him, now you don't.</p>
+    <p>Last update:
+      <!-- #BeginDate format:En2m -->24-Jul-2018  09:12<!-- #EndDate -->
+      UTC</p>
+    <br clear="left">
+    <h4>Related Links</h4>
+    <script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
+    <script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
+    <h4>Table of Contents</h4>
+    <ul>
+      <li class="inline"><a href="#auth">Introduction</a></li>
+      <li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
+      <li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
+      <li class="inline"><a href="#pub">Public Key Cryptography</a></li>
+    </ul>
+    <hr>
+    <h4 id="auth">Introduction</h4>
+    <p>This page describes the various cryptographic authentication
+      provisions in NTPv4.  Authentication support allows the NTP client to
+      verify that servers are in fact known and trusted and not intruders
+      intending accidentally or intentionally to masquerade as a legitimate
+      server.  A detailed discussion of the NTP multi-layer security model
+      and vulnerability analysis is in the white
+      paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP
+      Security Analysis</a>.</p>
+    <p>The NTPv3 specification (RFC-1305) defined an authentication scheme
+      properly described as <em>symmetric key cryptography</em>.  It used
+      the Data Encryption Standard (DES) algorithm operating in cipher-block
+      chaining (CBC) mode.  Subsequently, this algorithm was replaced by the
+      RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5.
+      Either algorithm computes a message digest or one-way hash which can
+      be used to verify the client has the same message digest as the
+      server.  The MD5 message digest algorithm is included in the
+      distribution, so without further cryptographic support, the
+      distribution can be freely exported.</p>
+    <p>If the OpenSSL cryptographic library is installed prior to building
+      the distribution, all message digest algorithms included in the
+      library may be used, including SHA and SHA1.  However, if conformance
+      to FIPS 140-2 is required, only a limited subset of these algorithms
+      can be used.  This library is available
+      from <a href="http://www.openssl.org">http://www.openssl.org</a>; and
+      can be installed using the procedures outlined in
+      the <a href="build.html">Building and Installing the Distribution</a>
+      page.  Once installed, the configure and build process automatically
+      detects the library and links the library routines required.</p>
+    <p>In addition to the symmetric key algorithms, this distribution
+      includes support for the Autokey public key algorithms and protocol
+      specified in RFC-5906 &quot;Network Time Protocol Version 4: Autokey
+      Specification&quot;.  This support is available only if the OpenSSL
+      library has been installed and the <tt>--enable-autokey</tt> option is
+      used when the distribution is built.</p>
+    <p> Public key cryptography is generally considered more secure than
+      symmetric key cryptography, since the security is based on private and
+      public values which are generated by each participant and where the
+      private value is never revealed.  Autokey uses X.509 public
+      certificates, which can be produced by commercial services, the
+      OpenSSL application program, or
+      the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in
+      the NTP software distribution.</p>
+    <p>Note that according to US law, NTP binaries including OpenSSL library
+      components, including the OpenSSL library itself, cannot be exported
+      outside the US without license from the US Department of Commerce.
+      Builders outside the US are advised to obtain the OpenSSL library
+      directly from OpenSSL, which is outside the US, and build outside the
+      US.</p>
+    <p>Authentication is configured separately for each association using
+      the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt>
+      configuration command, as described in
+      the <a href="confopt.html">Server Options</a> page.
+      The <a href="keygen.html">ntp-keygen</a> page describes the files
+      required for the various authentication schemes.  Further details are
+      in the briefings, papers and reports at the NTP project page linked
+      from <a href="http://www.ntp.org">www.ntp.org</a>.</p>;
+    <p>By default, the client sends non-authenticated packets and the server
+      responds with non-authenticated packets.  If the client sends
+      authenticated packets, the server responds with authenticated packets
+      if correct, or a crypto-NAK packet if not.  In the case of unsolicited
+      packets which might consume significant resources, such as broadcast
+      or symmetric mode packets, authentication is required, unless
+      overridden by a <tt>disable auth</tt> command.  In the current climate
+      of targeted broadcast or &quot;letterbomb&quot; attacks, defeating
+      this requirement would be decidedly dangerous.  In any case,
+      the <tt>notrust </tt>flag, described on
+      the <a href="authopt.html">Access Control Options</a> page, can be
+      used to disable access to all but correctly authenticated clients.</p>
+    <h4 id="symm">Symmetric Key Cryptography</h4>
+    <p>The original NTPv3 specification (RFC-1305), as well as the current
+      NTPv4 specification (RFC-5905), allows any one of possibly 65,535
+      message digest keys (excluding zero), each distinguished by a 32-bit
+      key ID, to authenticate an association.  The servers and clients
+      involved must agree on the key ID, key type and key to authenticate
+      NTP packets.</p>
+    <p>The message digest is a cryptographic hash computed by an algorithm
+      such as MD5, SHA, or AES-128 CMAC.  When authentication is specified,
+      a message authentication code (MAC) is appended to the NTP packet
+      header.  The MAC consists of a 32-bit key identifier (key ID) followed
+      by a 128- or 160-bit message digest.  The algorithm computes the
+      digest as the hash of a 128- or 160- bit message digest key
+      concatenated with the NTP packet header fields with the exception of
+      the MAC.  On transmit, the message digest is computed and inserted in
+      the MAC.  On receive, the message digest is computed and compared with
+      the MAC.  The packet is accepted only if the two MACs are identical.
+      If a discrepancy is found by the client, the client ignores the
+      packet, but raises an alarm.  If this happens at the server, the
+      server returns a special message called a <em>crypto-NAK</em>.  Since
+      the crypto-NAK is protected by the loopback test, an intruder cannot
+      disrupt the protocol by sending a bogus crypto-NAK.</p>
+    <p>Keys and related information are specified in a keys file, which must
+      be distributed and stored using secure means beyond the scope of the
+      NTP protocol itself.  Besides the keys used for ordinary NTP
+      associations, additional keys can be used as passwords for
+      the <tt><a href="ntpq.html">ntpq</a></tt>
+      and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.
+      Ordinarily, the <tt>ntp.keys</tt> file is generated by
+      the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can
+      be constructed and edited using an ordinary text editor.</p>
+    <p> Each line of the keys file consists of three or four fields: a key
+      ID in the range 1 to 65,535, inclusive, a key type, a message digest
+      key consisting of a printable ASCII string less than 40 characters or
+      a 40-character hex digit string, and an optional comma-separated list
+      of IPs that are allowed to serve time.  If the OpenSSL library is
+      installed, the key type can be any message digest algorithm supported
+      by the library.  If the OpenSSL library is not installed, the only
+      permitted key type is MD5.</p>
+    <table>
+      <caption style="caption-side: bottom;">
+	Figure 1. Typical Symmetric Key File
+      </caption>
+      <tr><td style="border: 1px solid black; border-spacing: 0;">
+	  <pre style="color:grey;">
+	    # ntpkey_MD5key_bk.ntp.org.3595864945
+	    # Thu Dec 12 19:22:25 2013
 
-1  MD5 L";Nw&lt;`.I&lt;f4U0)247"i  # MD5 key
-2  MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~  # MD5 key
-3  MD5 lb4zLW~d^!K:]RsD'qb6  # MD5 key
-4  MD5 Yue:tL[+vR)M`n~bY,'?  # MD5 key
-5  MD5 B;fxlKgr/&amp;4ZTbL6=RxA  # MD5 key
-6  MD5 4eYwa`o}3i@@V@..R9!l  # MD5 key
-7  MD5 `A.([h+;wTQ|xfi%Sn_!  # MD5 key
-8  MD5 45:V,r4]l6y^JH6"Sh?F  # MD5 key
-9  MD5 3-5vcn*6l29DS?Xdsg)*  # MD5 key
-10 MD5 2late4Me              # MD5 key
-11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c  # SHA1 key
-12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74  # SHA1 key
-13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9  # SHA1 key
-14 SHA  a5332809c8878dd3a5b918819108a111509aeceb  # SHA  key
-15 MD2  2fe16c88c760ff2f16d4267e36c1aa6c926e6964  # MD2  key
-16 MD4  b2691811dc19cfc0e2f9bcacd74213f29812183d  # MD4  key
-17 MD5  e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c  # MD5  key
-18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc  # MDC2 key
-19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2  # RIPEMD160 key
-20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878  # AES128CMAC key
-  </pre></td></tr></table>
-<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed.  In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string.  For key IDs in the range 11-20, the key is a 40-character hex digit string.  The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type.  The line can be edited later or new lines can be added to change any field.  The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10.  Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
-<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache.  However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use.  This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>.  The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
-<h4 id="windows">Microsoft Windows Authentication</h4>
-<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services.  This support was contributed by the Samba Team and is still in development.  It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page.  <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users.  Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p>
-<h4 id="pub">Public Key Cryptography</h4>
-<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a> page.</p>
-<hr>
-<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-</body>
+	    1  MD5 L";Nw&lt;`.I&lt;f4U0)247"i  # MD5 key
+	    2  MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~  # MD5 key
+	    3  MD5 lb4zLW~d^!K:]RsD'qb6  # MD5 key
+	    4  MD5 Yue:tL[+vR)M`n~bY,'?  # MD5 key
+	    5  MD5 B;fxlKgr/&amp;4ZTbL6=RxA  # MD5 key
+	    6  MD5 4eYwa`o}3i@@V@..R9!l  # MD5 key
+	    7  MD5 `A.([h+;wTQ|xfi%Sn_!  # MD5 key
+	    8  MD5 45:V,r4]l6y^JH6"Sh?F  # MD5 key
+	    9  MD5 3-5vcn*6l29DS?Xdsg)*  # MD5 key
+	    10 MD5 2late4Me              # MD5 key
+	    11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c  # SHA1 key
+	    12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74  # SHA1 key
+	    13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9  # SHA1 key
+	    14 SHA  a5332809c8878dd3a5b918819108a111509aeceb  # SHA  key
+	    15 MD2  2fe16c88c760ff2f16d4267e36c1aa6c926e6964  # MD2  key
+	    16 MD4  b2691811dc19cfc0e2f9bcacd74213f29812183d  # MD4  key
+	    17 MD5  e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c  # MD5  key
+	    18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc  # MDC2 key
+	    19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2  # RIPEMD160 key
+	    20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878  # AES128CMAC key
+	    21 MD5 sampo 10.1.2.3/24
+    </pre></td></tr></table>
+    <p>Figure 1 shows a typical symmetric keys file used by the reference
+      implementation when the OpenSSL library is installed.  Each line of
+      the file contains three or four fields.  The first field is an integer
+      between 1 and 65535, inclusive, representing the key identifier.  The
+      second field is the digest algorithm, which in the absence of the
+      OpenSSL library must be <tt>MD5</tt>, which designates the MD5 message
+      digest algorithm.  The third field is the key.  The optional fourth
+      field is one or more comma-separated IPs.  An IP may end with an
+      optional <tt>/subnetbits</tt> suffix, which limits the acceptance of
+      the key identifier to packets claiming to be from the described IP
+      space.  In this example, for the key IDs in the range 1-10 the key is
+      interpreted as a printable ASCII string.  For the key IDs in the range
+      11-20, the key is a 40-character hex digit string.  In either case,
+      the key is truncated or zero-filled internally to either 128 or 160
+      bits, depending on the key type.  The line can be edited later or new
+      lines can be added to change any field.  The key can be changed to a
+      password, such as <tt>2late4Me</tt> for key ID 10.  Note that two or
+      more keys files can be combined in any order as long as the key IDs
+      are distinct.</p>
+    <p>When <tt>ntpd</tt> is started, it reads the keys file specified by
+      the <tt>keys</tt> command and installs the keys in the key cache.
+      However, individual keys must be activated with
+      the <tt>trustedkey</tt> configuration command before use.  This
+      allows, for instance, the installation of possibly several batches of
+      keys and then activating a key remotely using <tt>ntpq</tt>
+      or <tt>ntpdc</tt>.  The <tt>requestkey</tt> command selects the key ID
+      used as the password for the <tt>ntpdc</tt> utility, while
+      the <tt>controlkey</tt> command selects the key ID used as the
+      password for the <tt>ntpq</tt> utility.</p>
+    <h4 id="windows">Microsoft Windows Authentication</h4>
+    <p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft
+      Windows MS-SNTP authentication using Active Directory services.  This
+      support was contributed by the Samba Team and is still in development.
+      It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt>
+      command described on the <a href="accopt.html#restrict">Access Control
+      Options</a> page.  <span class="style1">Note: Potential users should
+      be aware that these services involve a TCP connection to another
+      process that could potentially block, denying services to other users.
+      Therefore, this flag should be used only for a dedicated server with
+      no clients other than MS-SNTP.</span></p>
+    <h4 id="pub">Public Key Cryptography</h4>
+    <p>See the <a href="autokey.html">Autokey Public-Key Authentication</a>
+      page.</p>
+    <hr>
+    <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+  </body>
 </html>

Modified: stable/10/contrib/ntp/html/authopt.html
==============================================================================
--- stable/10/contrib/ntp/html/authopt.html	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/html/authopt.html	Sat Sep  8 04:10:26 2018	(r338531)
@@ -4,6 +4,7 @@
 <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 <meta name="generator" content="HTML Tidy, see www.w3.org">
 <title>Authentication Commands and Options</title>
+<!-- Changed by: stenn, 25-May-2018 -->
 <link href="scripts/style.css" type="text/css" rel="stylesheet">
 <style type="text/css">
 .style1 {
@@ -17,7 +18,7 @@
 <img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 <p>Our resident cryptographer; now you see him, now you don't.</p>
 <p>Last update:
-  <!-- #BeginDate format:En2m -->15-Oct-2011  01:00<!-- #EndDate -->
+  <!-- #BeginDate format:En2m -->24-Jul-2018  07:27<!-- #EndDate -->
   UTC</p>
 <br clear="left">
 <h4>Related Links</h4>
@@ -28,65 +29,65 @@
 <p>Unless noted otherwise, further information about these commands is on the <a href="authentic.html">Authentication Support</a> page.</p>
 <dl>
   <dt id=automax><tt>automax [<i>logsec</i>]</tt></dt>
-  <dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
+  <dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds.  Note that the size of the key list for each association depends on this interval and the current poll interval.  The default interval is 12 (about 1.1 hr).  For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent.  See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
   <dt id="controlkey"><tt>controlkey <i>keyid</i></tt></dt>
   <dd>Specifies the key ID for the <a
 	href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the
-    standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
-    key</a>, where the value can be in the range 1 to 65534,
+    standard protocol defined in RFC-1305.  The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
+    key</a>, where the value can be in the range 1 to 65535,
     inclusive.</dd>
-  <dt id="crypto"><tt>crypto [digest</tt> <em><tt>digest</tt></em><tt>]</tt> <tt>[host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
+  <dt id="crypto"><tt>crypto [digest <i>digest</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
   <dd>This command  activates the Autokey public key cryptography
-    and loads the required host keys and  certificate. If one or more files
-    are  unspecified, the default names are used. Unless
+    and loads the required host keys and  certificate.  If one or more files
+    are  unspecified, the default names are used.  Unless
     the complete path and name of the file are specified, the location of a file
     is relative to the keys directory specified in the <tt>keysdir</tt> configuration
-    command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd>
+    command with default <tt>/usr/local/etc</tt>.  See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.  Following are the options.</dd>
   <dd>
     <dl>
-      <dt><tt>digest</tt> <em><tt>digest</tt></em></dt>
+      <dt><tt>digest</tt> <i>digest</i></dt>
       <dd>&nbsp;</dd>
       <dd>Specify the message digest algorithm, with default MD5.  If the OpenSSL library
         is installed, <tt><i>digest</i></tt> can be be any message digest algorithm supported
-        by the library. The current  selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All 
-        participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric
-        key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
+        by the library.  The current  selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>.  All 
+        participants in an Autokey subnet must use the same algorithm.  The Autokey message digest algorithm is separate and distinct from the symmetric
+        key message digest algorithm.  Note: If compliance with FIPS 140-2 is required,
         the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
       <dt><tt>host <i>name</i></tt></dt>
-      <dd>Specify the cryptographic media  names for the host, sign and certificate files.   If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
+      <dd>Specify the cryptographic media  names for the host, sign and certificate files.  If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
       <dd><span class="style1">Note: In the latest Autokey version,  this option has no effect other than to change the cryptographic media file names.</span></dd>
       <dt><tt>ident <i>group</i></tt></dt>
-      <dd>Specify the cryptographic media  names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
+      <dd>Specify the cryptographic media  names for the identity scheme files.  If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
       <dd><span class="style1">Note: In the latest Autokey version,  this option has no effect other than to change the cryptographic media file names.</span></dd>
       <dt><tt>pw <i>password</i></tt></dt>
-      <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine. </dd>
+      <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option.  If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
       <dt><tt>randfile <i>file</i></tt></dt>
-      <dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
+      <dd>Specifies the location of the random seed file used by the OpenSSL library.  The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
     </dl>
   </dd>
   <dt id="ident"><tt>ident <i>group</i></tt></dt>
-  <dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
+  <dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes.  See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
   <dt id="keys"><tt>keys <i>path</i></tt></dt>
-  <dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography.  The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.  This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
+  <dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography.  The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.  This is the same operation as the <tt>-k</tt> command line option.  Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
   <dt id="keysdir"><tt>keysdir <i>path</i></tt></dt>
-  <dd>Specifies the  complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
+  <dd>Specifies the  complete directory path for the Autokey cryptographic keys, parameters and certificates.  The default is <tt>/usr/local/etc/</tt>.  Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
   <dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt>
   <dd>Specifies the key ID for the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which
-    uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
+    uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>.  The <tt><i>keyid</i></tt> argument is a key ID
     for a <a href="#trustedkey">trusted key</a>, in the range 1 to
-    65534, inclusive.</dd>
+    65535, inclusive.</dd>
   <dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt>
   <dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds, with default 17 (36 hr).  See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
   <dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt>
   <dd>Specifies the key ID(s) which are trusted for the purposes of
     authenticating peers with symmetric key cryptography.  Key IDs
     used to authenticate <tt>ntpq</tt> and <tt>ntpdc</tt> operations
-    must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication
+    must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>.  The authentication
     procedure for time transfer requires that both the local and
     remote NTP servers employ the same key ID and secret for this
     purpose, although different keys IDs may be used with different
-    servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
-    lowest 120 key IDs which start with the digit 1. The spaces
+    servers.  Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
+    lowest 120 key IDs which start with the digit 1.  The spaces
     surrounding the ellipsis are required when specifying a range.</dd>
 </dl>
 <hr>

Modified: stable/10/contrib/ntp/html/confopt.html
==============================================================================
--- stable/10/contrib/ntp/html/confopt.html	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/html/confopt.html	Sat Sep  8 04:10:26 2018	(r338531)
@@ -13,7 +13,7 @@
 Walt Kelly</a>
 <p>The chicken is getting configuration advice.</p>
 <p>Last update:
-  <!-- #BeginDate format:En2m -->10-Mar-2014  05:01<!-- #EndDate -->
+  <!-- #BeginDate format:En2m -->24-Jul-2018  07:27<!-- #EndDate -->
     UTC</p>
 <br clear="left">
 <h4>Related Links</h4>
@@ -67,7 +67,7 @@ Walt Kelly</a>
     <dt><tt>ident</tt> <em><tt>group</tt></em></dt>
     <dd>Specify the group name for the association.  See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
   <dt><tt>key</tt> <i><tt>key</tt></i></dt>
-  <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd>	<dt><tt>minpoll <i>minpoll<br>
+  <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd>	<dt><tt>minpoll <i>minpoll<br>
 	</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
 	<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s).  Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd>
 	<dt><tt>mode <i>option</i></tt></dt>

Modified: stable/10/contrib/ntp/html/keygen.html
==============================================================================
--- stable/10/contrib/ntp/html/keygen.html	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/html/keygen.html	Sat Sep  8 04:10:26 2018	(r338531)
@@ -11,7 +11,7 @@
     <p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
     <p>Alice holds the key.</p>
     <p>Last update:
-      <!-- #BeginDate format:En2m -->11-Jan-2018  11:55<!-- #EndDate -->
+      <!-- #BeginDate format:En2m -->24-Jul-2018  07:27<!-- #EndDate -->
       UTC</p>
     <br clear="left">
     <h4>Related Links</h4>
@@ -313,7 +313,7 @@
     </pre></td></tr></table>
     <p>Figure 1 shows a typical symmetric keys file used by the reference
       implementation.  Each line of the file contains three or four fields,
-      first an integer between 1 and 65534, inclusive, representing the key
+      first an integer between 1 and 65535, inclusive, representing the key
       identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
       commands.  Second is the key type for the message digest algorithm,
       which in the absence of the OpenSSL library must be <tt>MD5</tt> to

Modified: stable/10/contrib/ntp/html/ntpdate.html
==============================================================================
--- stable/10/contrib/ntp/html/ntpdate.html	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/html/ntpdate.html	Sat Sep  8 04:10:26 2018	(r338531)
@@ -11,7 +11,7 @@
 <img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 <p>I told you it was eyeball and wristwatch.</p>
 <p>Last update:
-  <!-- #BeginDate format:En2m -->9-Feb-2014  03:34<!-- #EndDate -->
+  <!-- #BeginDate format:En2m -->21-Jul-2018  04:09<!-- #EndDate -->
     UTC</p>
 <br clear="left">
 <hr>
@@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page.  After a suitable per
   <dt><tt>-s</tt></dt>
   <dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd>
   <dt><tt>-t <i>timeout</i></tt></dt>
-  <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.</dd>
+  <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 2 seconds, a value suitable for polling across a LAN.</dd>
   <dt><tt>-u</tt></dt>
   <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
   <dt><tt>-<i>v</i></tt></dt>

Modified: stable/10/contrib/ntp/include/ntp.h
==============================================================================
--- stable/10/contrib/ntp/include/ntp.h	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/include/ntp.h	Sat Sep  8 04:10:26 2018	(r338531)
@@ -610,6 +610,18 @@ struct pkt {
 #define	STRATUM_TO_PKT(s)	((u_char)(((s) == (STRATUM_UNSPEC)) ?\
 				(STRATUM_PKT_UNSPEC) : (s)))
 
+
+/*
+ * A test to determine if the refid should be interpreted as text string.
+ * This is usually the case for a refclock, which has stratum 0 internally,
+ * which results in sys_stratum 1 if the refclock becomes system peer, or
+ * in case of a kiss-of-death (KoD) packet that has STRATUM_PKT_UNSPEC (==0)
+ * in the packet which is converted to STRATUM_UNSPEC when the packet
+ * is evaluated.
+ */
+#define REFID_ISTEXT(s) (((s) <= 1) || ((s) >= STRATUM_UNSPEC))
+
+
 /*
  * Event codes. Used for reporting errors/events to the control module
  */

Modified: stable/10/contrib/ntp/include/ntp_md5.h
==============================================================================
--- stable/10/contrib/ntp/include/ntp_md5.h	Sat Sep  8 04:09:30 2018	(r338530)
+++ stable/10/contrib/ntp/include/ntp_md5.h	Sat Sep  8 04:10:26 2018	(r338531)
@@ -7,8 +7,13 @@
 #define NTP_MD5_H
 
 #ifdef OPENSSL
-# include "openssl/evp.h"
+# include <openssl/evp.h>
 # include "libssl_compat.h"

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809080410.w884ARW4080210>