From owner-freebsd-questions@FreeBSD.ORG  Wed May 20 07:03:51 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 20250634
 for <freebsd-questions@freebsd.org>; Wed, 20 May 2015 07:03:51 +0000 (UTC)
Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "thoth.sbs.de", Issuer "savelogs.saacon.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id AC5171916
 for <freebsd-questions@freebsd.org>; Wed, 20 May 2015 07:03:49 +0000 (UTC)
Received: from mail2.siemens.de (localhost [127.0.0.1])
 by thoth.sbs.de (8.14.3/8.14.3) with ESMTP id t4K6rIAX021561;
 Wed, 20 May 2015 08:53:18 +0200
Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130])
 by mail2.siemens.de (8.14.3/8.14.3) with ESMTP id t4K6rI38025206;
 Wed, 20 May 2015 08:53:18 +0200
Received: (from user@localhost)
 by curry.mchp.siemens.de (8.14.9/8.14.9) id t4K6rIS2028825;
Date: Wed, 20 May 2015 08:53:17 +0200
From: Andre Albsmeier <Andre.Albsmeier@siemens.com>
To: Dennis Glatting <freebsd@pki2.com>
Cc: Kent Kuriyama <kent.kuriyama@gmail.com>,
 Arthur Chance <freebsd@qeng-ho.org>,
 FreeBSD-Questions <freebsd-questions@freebsd.org>
Subject: Re: NTP peering broken since recent security update?
Message-ID: <20150520065317.GA69895@bali>
References: <5526A2F1.5030609@qeng-ho.org>
 <CACArijCGxeFFzuP6X=vyvz+5CR25ik74jvrdPsSUv2yFVjz3OA@mail.gmail.com>
 <1428816325.33049.17.camel@pki2.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1428816325.33049.17.camel@pki2.com>
X-Echelon: <censored>
X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses!
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2015 07:03:51 -0000

On Sat, 11-Apr-2015 at 22:25:25 -0700, Dennis Glatting wrote:
> On Thu, 2015-04-09 at 08:14 -1000, Kent Kuriyama wrote:
> > Are you doing any NTP authentication between peers?
> > 
> 
> ntp_proto.c appears to be the problem.

Same here. I don't use auth between my peers but was hit
by the same problem.

> * If you make the diffs from the enclosed patch against the updated
> ntp_proto.c (i.e., the updated version from svn), peering works.

This patch restored functionality here as well. I hope we
will get a revised SA-15:07 soon (or an MFC of HEAD's ntp
into 9-STABLE).

	-Andre