From owner-svn-src-vendor@freebsd.org Wed Feb 28 06:23:15 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7587CF2D01B; Wed, 28 Feb 2018 06:23:15 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B98187200; Wed, 28 Feb 2018 06:23:15 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1467D15D23; Wed, 28 Feb 2018 06:23:15 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1S6NFia002971; Wed, 28 Feb 2018 06:23:15 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1S6NCbo002959; Wed, 28 Feb 2018 06:23:12 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201802280623.w1S6NCbo002959@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 28 Feb 2018 06:23:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r330102 - in vendor/ntp/dist: . adjtimed clockstuff html html/drivers include include/isc kernel kernel/sys libntp libparse ntpd ntpdate ntpdc ntpq ntpsnmpd parseutil ports/winnt/includ... X-SVN-Group: vendor X-SVN-Commit-Author: delphij X-SVN-Commit-Paths: in vendor/ntp/dist: . adjtimed clockstuff html html/drivers include include/isc kernel kernel/sys libntp libparse ntpd ntpdate ntpdc ntpq ntpsnmpd parseutil ports/winnt/include ports/winnt/instsrv por... X-SVN-Commit-Revision: 330102 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 06:23:15 -0000 Author: delphij Date: Wed Feb 28 06:23:12 2018 New Revision: 330102 URL: https://svnweb.freebsd.org/changeset/base/330102 Log: Vendor import of ntp-4.2.8p11. Added: vendor/ntp/dist/sntp/m4/ntp_af_unspec.m4 vendor/ntp/dist/sntp/tests/testconf.yml vendor/ntp/dist/tests/bug-2803/testconf.yml vendor/ntp/dist/tests/libntp/testconf.yml vendor/ntp/dist/tests/ntpd/testconf.yml vendor/ntp/dist/tests/ntpq/testconf.yml vendor/ntp/dist/tests/sandbox/testconf.yml vendor/ntp/dist/tests/sec-2853/testconf.yml Modified: vendor/ntp/dist/ChangeLog vendor/ntp/dist/Makefile.am vendor/ntp/dist/Makefile.in vendor/ntp/dist/NEWS vendor/ntp/dist/aclocal.m4 vendor/ntp/dist/adjtimed/Makefile.in vendor/ntp/dist/clockstuff/Makefile.in vendor/ntp/dist/configure vendor/ntp/dist/configure.ac vendor/ntp/dist/html/access.html vendor/ntp/dist/html/accopt.html vendor/ntp/dist/html/authentic.html vendor/ntp/dist/html/drivers/driver18.html vendor/ntp/dist/html/drivers/driver40-ja.html vendor/ntp/dist/html/drivers/driver40.html vendor/ntp/dist/html/keygen.html vendor/ntp/dist/html/miscopt.html vendor/ntp/dist/html/monopt.html vendor/ntp/dist/html/ntpq.html vendor/ntp/dist/include/Makefile.in vendor/ntp/dist/include/isc/Makefile.in vendor/ntp/dist/include/ntp.h vendor/ntp/dist/include/ntp_calendar.h vendor/ntp/dist/include/ntp_config.h vendor/ntp/dist/include/ntp_fp.h vendor/ntp/dist/include/ntp_keyacc.h vendor/ntp/dist/include/ntp_request.h vendor/ntp/dist/include/ntp_stdlib.h vendor/ntp/dist/include/ntpd.h vendor/ntp/dist/include/recvbuff.h vendor/ntp/dist/include/ssl_applink.c vendor/ntp/dist/kernel/Makefile.in vendor/ntp/dist/kernel/sys/Makefile.in vendor/ntp/dist/libntp/Makefile.in vendor/ntp/dist/libntp/a_md5encrypt.c vendor/ntp/dist/libntp/adjtime.c vendor/ntp/dist/libntp/authkeys.c vendor/ntp/dist/libntp/authreadkeys.c vendor/ntp/dist/libntp/libssl_compat.c vendor/ntp/dist/libntp/ntp_calendar.c vendor/ntp/dist/libntp/ssl_init.c vendor/ntp/dist/libntp/statestr.c vendor/ntp/dist/libntp/systime.c vendor/ntp/dist/libntp/work_thread.c vendor/ntp/dist/libparse/Makefile.in vendor/ntp/dist/ntpd/Makefile.in vendor/ntp/dist/ntpd/complete.conf.in vendor/ntp/dist/ntpd/invoke-ntp.conf.texi vendor/ntp/dist/ntpd/invoke-ntp.keys.texi vendor/ntp/dist/ntpd/invoke-ntpd.texi vendor/ntp/dist/ntpd/keyword-gen-utd vendor/ntp/dist/ntpd/keyword-gen.c vendor/ntp/dist/ntpd/ntp.conf.5man vendor/ntp/dist/ntpd/ntp.conf.5mdoc vendor/ntp/dist/ntpd/ntp.conf.def vendor/ntp/dist/ntpd/ntp.conf.html vendor/ntp/dist/ntpd/ntp.conf.man.in vendor/ntp/dist/ntpd/ntp.conf.mdoc.in vendor/ntp/dist/ntpd/ntp.keys.5man vendor/ntp/dist/ntpd/ntp.keys.5mdoc vendor/ntp/dist/ntpd/ntp.keys.def vendor/ntp/dist/ntpd/ntp.keys.html vendor/ntp/dist/ntpd/ntp.keys.man.in vendor/ntp/dist/ntpd/ntp.keys.mdoc.in vendor/ntp/dist/ntpd/ntp_config.c vendor/ntp/dist/ntpd/ntp_control.c vendor/ntp/dist/ntpd/ntp_crypto.c vendor/ntp/dist/ntpd/ntp_io.c vendor/ntp/dist/ntpd/ntp_keyword.h vendor/ntp/dist/ntpd/ntp_leapsec.c vendor/ntp/dist/ntpd/ntp_parser.c vendor/ntp/dist/ntpd/ntp_parser.h vendor/ntp/dist/ntpd/ntp_parser.y vendor/ntp/dist/ntpd/ntp_peer.c vendor/ntp/dist/ntpd/ntp_proto.c vendor/ntp/dist/ntpd/ntp_refclock.c vendor/ntp/dist/ntpd/ntp_request.c vendor/ntp/dist/ntpd/ntp_restrict.c vendor/ntp/dist/ntpd/ntp_scanner.c vendor/ntp/dist/ntpd/ntp_util.c vendor/ntp/dist/ntpd/ntpd-opts.c vendor/ntp/dist/ntpd/ntpd-opts.h vendor/ntp/dist/ntpd/ntpd.1ntpdman vendor/ntp/dist/ntpd/ntpd.1ntpdmdoc vendor/ntp/dist/ntpd/ntpd.c vendor/ntp/dist/ntpd/ntpd.html vendor/ntp/dist/ntpd/ntpd.man.in vendor/ntp/dist/ntpd/ntpd.mdoc.in vendor/ntp/dist/ntpd/ntpsim.c vendor/ntp/dist/ntpd/refclock_gpsdjson.c vendor/ntp/dist/ntpd/refclock_jjy.c vendor/ntp/dist/ntpd/refclock_palisade.c vendor/ntp/dist/ntpd/refclock_parse.c vendor/ntp/dist/ntpdate/Makefile.in vendor/ntp/dist/ntpdc/Makefile.in vendor/ntp/dist/ntpdc/invoke-ntpdc.texi vendor/ntp/dist/ntpdc/layout.std vendor/ntp/dist/ntpdc/ntpdc-opts.c vendor/ntp/dist/ntpdc/ntpdc-opts.h vendor/ntp/dist/ntpdc/ntpdc.1ntpdcman vendor/ntp/dist/ntpdc/ntpdc.1ntpdcmdoc vendor/ntp/dist/ntpdc/ntpdc.c vendor/ntp/dist/ntpdc/ntpdc.html vendor/ntp/dist/ntpdc/ntpdc.man.in vendor/ntp/dist/ntpdc/ntpdc.mdoc.in vendor/ntp/dist/ntpdc/ntpdc_ops.c vendor/ntp/dist/ntpq/Makefile.am vendor/ntp/dist/ntpq/Makefile.in vendor/ntp/dist/ntpq/invoke-ntpq.texi vendor/ntp/dist/ntpq/ntpq-opts.c vendor/ntp/dist/ntpq/ntpq-opts.def vendor/ntp/dist/ntpq/ntpq-opts.h vendor/ntp/dist/ntpq/ntpq-subs.c vendor/ntp/dist/ntpq/ntpq.1ntpqman vendor/ntp/dist/ntpq/ntpq.1ntpqmdoc vendor/ntp/dist/ntpq/ntpq.c vendor/ntp/dist/ntpq/ntpq.html vendor/ntp/dist/ntpq/ntpq.man.in vendor/ntp/dist/ntpq/ntpq.mdoc.in vendor/ntp/dist/ntpq/ntpq.texi vendor/ntp/dist/ntpsnmpd/Makefile.in vendor/ntp/dist/ntpsnmpd/invoke-ntpsnmpd.texi vendor/ntp/dist/ntpsnmpd/netsnmp_daemonize.c vendor/ntp/dist/ntpsnmpd/ntpsnmpd-opts.c vendor/ntp/dist/ntpsnmpd/ntpsnmpd-opts.h vendor/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdman vendor/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc vendor/ntp/dist/ntpsnmpd/ntpsnmpd.html vendor/ntp/dist/ntpsnmpd/ntpsnmpd.man.in vendor/ntp/dist/ntpsnmpd/ntpsnmpd.mdoc.in vendor/ntp/dist/packageinfo.sh vendor/ntp/dist/parseutil/Makefile.in vendor/ntp/dist/ports/winnt/include/msvc_ssl_autolib.h vendor/ntp/dist/ports/winnt/instsrv/instsrv.c vendor/ntp/dist/ports/winnt/ntpd/nt_ppsimpl.c vendor/ntp/dist/ports/winnt/ntpd/ntp_iocompletionport.c vendor/ntp/dist/ports/winnt/scripts/mkver.bat vendor/ntp/dist/ports/winnt/vs2008/debug-x64.vsprops vendor/ntp/dist/ports/winnt/vs2008/debug.vsprops vendor/ntp/dist/ports/winnt/vs2008/release-x64.vsprops vendor/ntp/dist/ports/winnt/vs2008/release.vsprops vendor/ntp/dist/ports/winnt/vs2013/debug-x64.props vendor/ntp/dist/ports/winnt/vs2013/debug.props vendor/ntp/dist/ports/winnt/vs2013/release-x64.props vendor/ntp/dist/ports/winnt/vs2013/release.props vendor/ntp/dist/ports/winnt/vs2015/debug-x64.props vendor/ntp/dist/ports/winnt/vs2015/debug.props vendor/ntp/dist/ports/winnt/vs2015/release-x64.props vendor/ntp/dist/ports/winnt/vs2015/release.props vendor/ntp/dist/scripts/Makefile.in vendor/ntp/dist/scripts/build/Makefile.in vendor/ntp/dist/scripts/build/UpdatePoint vendor/ntp/dist/scripts/calc_tickadj/Makefile.in vendor/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman vendor/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc vendor/ntp/dist/scripts/calc_tickadj/calc_tickadj.html vendor/ntp/dist/scripts/calc_tickadj/calc_tickadj.man.in vendor/ntp/dist/scripts/calc_tickadj/calc_tickadj.mdoc.in vendor/ntp/dist/scripts/calc_tickadj/invoke-calc_tickadj.texi vendor/ntp/dist/scripts/invoke-plot_summary.texi vendor/ntp/dist/scripts/invoke-summary.texi vendor/ntp/dist/scripts/lib/Makefile.in vendor/ntp/dist/scripts/ntp-wait/Makefile.in vendor/ntp/dist/scripts/ntp-wait/invoke-ntp-wait.texi vendor/ntp/dist/scripts/ntp-wait/ntp-wait-opts vendor/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitman vendor/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc vendor/ntp/dist/scripts/ntp-wait/ntp-wait.html vendor/ntp/dist/scripts/ntp-wait/ntp-wait.man.in vendor/ntp/dist/scripts/ntp-wait/ntp-wait.mdoc.in vendor/ntp/dist/scripts/ntpsweep/Makefile.in vendor/ntp/dist/scripts/ntpsweep/invoke-ntpsweep.texi vendor/ntp/dist/scripts/ntpsweep/ntpsweep-opts vendor/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepman vendor/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc vendor/ntp/dist/scripts/ntpsweep/ntpsweep.html vendor/ntp/dist/scripts/ntpsweep/ntpsweep.man.in vendor/ntp/dist/scripts/ntpsweep/ntpsweep.mdoc.in vendor/ntp/dist/scripts/ntptrace/Makefile.in vendor/ntp/dist/scripts/ntptrace/invoke-ntptrace.texi vendor/ntp/dist/scripts/ntptrace/ntptrace-opts vendor/ntp/dist/scripts/ntptrace/ntptrace.1ntptraceman vendor/ntp/dist/scripts/ntptrace/ntptrace.1ntptracemdoc vendor/ntp/dist/scripts/ntptrace/ntptrace.html vendor/ntp/dist/scripts/ntptrace/ntptrace.man.in vendor/ntp/dist/scripts/ntptrace/ntptrace.mdoc.in vendor/ntp/dist/scripts/plot_summary-opts vendor/ntp/dist/scripts/plot_summary.1plot_summaryman vendor/ntp/dist/scripts/plot_summary.1plot_summarymdoc vendor/ntp/dist/scripts/plot_summary.html vendor/ntp/dist/scripts/plot_summary.man.in vendor/ntp/dist/scripts/plot_summary.mdoc.in vendor/ntp/dist/scripts/summary-opts vendor/ntp/dist/scripts/summary.1summaryman vendor/ntp/dist/scripts/summary.1summarymdoc vendor/ntp/dist/scripts/summary.html vendor/ntp/dist/scripts/summary.man.in vendor/ntp/dist/scripts/summary.mdoc.in vendor/ntp/dist/scripts/update-leap/Makefile.in vendor/ntp/dist/scripts/update-leap/invoke-update-leap.texi vendor/ntp/dist/scripts/update-leap/update-leap-opts vendor/ntp/dist/scripts/update-leap/update-leap.1update-leapman vendor/ntp/dist/scripts/update-leap/update-leap.1update-leapmdoc vendor/ntp/dist/scripts/update-leap/update-leap.html vendor/ntp/dist/scripts/update-leap/update-leap.in vendor/ntp/dist/scripts/update-leap/update-leap.man.in vendor/ntp/dist/scripts/update-leap/update-leap.mdoc.in vendor/ntp/dist/sntp/Makefile.in vendor/ntp/dist/sntp/check-libntp.mf vendor/ntp/dist/sntp/configure vendor/ntp/dist/sntp/crypto.c vendor/ntp/dist/sntp/crypto.h vendor/ntp/dist/sntp/harden/linux vendor/ntp/dist/sntp/include/version.def vendor/ntp/dist/sntp/include/version.texi vendor/ntp/dist/sntp/invoke-sntp.texi vendor/ntp/dist/sntp/m4/ntp_harden.m4 vendor/ntp/dist/sntp/m4/ntp_libevent.m4 vendor/ntp/dist/sntp/m4/ntp_openssl.m4 vendor/ntp/dist/sntp/m4/version.m4 vendor/ntp/dist/sntp/main.c vendor/ntp/dist/sntp/networking.c vendor/ntp/dist/sntp/sntp-opts.c vendor/ntp/dist/sntp/sntp-opts.def vendor/ntp/dist/sntp/sntp-opts.h vendor/ntp/dist/sntp/sntp.1sntpman vendor/ntp/dist/sntp/sntp.1sntpmdoc vendor/ntp/dist/sntp/sntp.html vendor/ntp/dist/sntp/sntp.man.in vendor/ntp/dist/sntp/sntp.mdoc.in vendor/ntp/dist/sntp/tests/Makefile.am vendor/ntp/dist/sntp/tests/Makefile.in vendor/ntp/dist/sntp/tests/crypto.c vendor/ntp/dist/sntp/tests/keyFile.c vendor/ntp/dist/sntp/tests/packetHandling.c vendor/ntp/dist/sntp/tests/packetProcessing.c vendor/ntp/dist/sntp/tests/run-crypto.c vendor/ntp/dist/sntp/tests/run-keyFile.c vendor/ntp/dist/sntp/tests/run-kodDatabase.c vendor/ntp/dist/sntp/tests/run-kodFile.c vendor/ntp/dist/sntp/tests/run-networking.c vendor/ntp/dist/sntp/tests/run-packetHandling.c vendor/ntp/dist/sntp/tests/run-packetProcessing.c vendor/ntp/dist/sntp/tests/run-t-log.c vendor/ntp/dist/sntp/tests/run-utilities.c vendor/ntp/dist/sntp/unity/auto/generate_test_runner.rb vendor/ntp/dist/sntp/utilities.c vendor/ntp/dist/sntp/version.c vendor/ntp/dist/tests/Makefile.in vendor/ntp/dist/tests/bug-2803/Makefile.am vendor/ntp/dist/tests/bug-2803/Makefile.in vendor/ntp/dist/tests/bug-2803/run-bug-2803.c vendor/ntp/dist/tests/libntp/Makefile.am vendor/ntp/dist/tests/libntp/Makefile.in vendor/ntp/dist/tests/libntp/a_md5encrypt.c vendor/ntp/dist/tests/libntp/authkeys.c vendor/ntp/dist/tests/libntp/run-a_md5encrypt.c vendor/ntp/dist/tests/libntp/run-atoint.c vendor/ntp/dist/tests/libntp/run-atouint.c vendor/ntp/dist/tests/libntp/run-authkeys.c vendor/ntp/dist/tests/libntp/run-buftvtots.c vendor/ntp/dist/tests/libntp/run-calendar.c vendor/ntp/dist/tests/libntp/run-caljulian.c vendor/ntp/dist/tests/libntp/run-caltontp.c vendor/ntp/dist/tests/libntp/run-calyearstart.c vendor/ntp/dist/tests/libntp/run-clocktime.c vendor/ntp/dist/tests/libntp/run-decodenetnum.c vendor/ntp/dist/tests/libntp/run-hextoint.c vendor/ntp/dist/tests/libntp/run-hextolfp.c vendor/ntp/dist/tests/libntp/run-humandate.c vendor/ntp/dist/tests/libntp/run-lfpfunc.c vendor/ntp/dist/tests/libntp/run-lfptostr.c vendor/ntp/dist/tests/libntp/run-modetoa.c vendor/ntp/dist/tests/libntp/run-msyslog.c vendor/ntp/dist/tests/libntp/run-netof.c vendor/ntp/dist/tests/libntp/run-numtoa.c vendor/ntp/dist/tests/libntp/run-numtohost.c vendor/ntp/dist/tests/libntp/run-octtoint.c vendor/ntp/dist/tests/libntp/run-prettydate.c vendor/ntp/dist/tests/libntp/run-recvbuff.c vendor/ntp/dist/tests/libntp/run-refidsmear.c vendor/ntp/dist/tests/libntp/run-refnumtoa.c vendor/ntp/dist/tests/libntp/run-sfptostr.c vendor/ntp/dist/tests/libntp/run-socktoa.c vendor/ntp/dist/tests/libntp/run-ssl_init.c vendor/ntp/dist/tests/libntp/run-statestr.c vendor/ntp/dist/tests/libntp/run-strtolfp.c vendor/ntp/dist/tests/libntp/run-timespecops.c vendor/ntp/dist/tests/libntp/run-timevalops.c vendor/ntp/dist/tests/libntp/run-tsafememcmp.c vendor/ntp/dist/tests/libntp/run-tstotv.c vendor/ntp/dist/tests/libntp/run-tvtots.c vendor/ntp/dist/tests/libntp/run-uglydate.c vendor/ntp/dist/tests/libntp/run-vi64ops.c vendor/ntp/dist/tests/libntp/run-ymd2yd.c vendor/ntp/dist/tests/libntp/ssl_init.c vendor/ntp/dist/tests/libntp/timespecops.c vendor/ntp/dist/tests/libntp/timevalops.c vendor/ntp/dist/tests/ntpd/Makefile.am vendor/ntp/dist/tests/ntpd/Makefile.in vendor/ntp/dist/tests/ntpd/leapsec.c vendor/ntp/dist/tests/ntpd/ntp_prio_q.c vendor/ntp/dist/tests/ntpd/ntp_restrict.c vendor/ntp/dist/tests/ntpd/rc_cmdlength.c vendor/ntp/dist/tests/ntpd/run-leapsec.c vendor/ntp/dist/tests/ntpd/run-ntp_prio_q.c vendor/ntp/dist/tests/ntpd/run-ntp_restrict.c vendor/ntp/dist/tests/ntpd/run-rc_cmdlength.c vendor/ntp/dist/tests/ntpd/run-t-ntp_scanner.c vendor/ntp/dist/tests/ntpd/run-t-ntp_signd.c vendor/ntp/dist/tests/ntpd/t-ntp_scanner.c vendor/ntp/dist/tests/ntpq/Makefile.am vendor/ntp/dist/tests/ntpq/Makefile.in vendor/ntp/dist/tests/ntpq/run-t-ntpq.c vendor/ntp/dist/tests/sandbox/Makefile.am vendor/ntp/dist/tests/sandbox/Makefile.in vendor/ntp/dist/tests/sandbox/run-modetoa.c vendor/ntp/dist/tests/sandbox/run-uglydate.c vendor/ntp/dist/tests/sandbox/run-ut-2803.c vendor/ntp/dist/tests/sec-2853/Makefile.am vendor/ntp/dist/tests/sec-2853/Makefile.in vendor/ntp/dist/tests/sec-2853/run-sec-2853.c vendor/ntp/dist/util/Makefile.in vendor/ntp/dist/util/invoke-ntp-keygen.texi vendor/ntp/dist/util/ntp-keygen-opts.c vendor/ntp/dist/util/ntp-keygen-opts.def vendor/ntp/dist/util/ntp-keygen-opts.h vendor/ntp/dist/util/ntp-keygen.1ntp-keygenman vendor/ntp/dist/util/ntp-keygen.1ntp-keygenmdoc vendor/ntp/dist/util/ntp-keygen.html vendor/ntp/dist/util/ntp-keygen.man.in vendor/ntp/dist/util/ntp-keygen.mdoc.in Modified: vendor/ntp/dist/ChangeLog ============================================================================== --- vendor/ntp/dist/ChangeLog Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/ChangeLog Wed Feb 28 06:23:12 2018 (r330102) @@ -1,6 +1,107 @@ --- -(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn -(4.2.8p10) + +* [Sec 3454] Unauthenticated packet can reset authenticated interleave + associations. HStenn. +* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn. +* [Sec 3415] Permit blocking authenticated symmetric/passive associations. + Implement ippeerlimit. HStenn, JPerlinger. +* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits + - initial patch by , extended by +* [Sec 3412] ctl_getitem(): Don't compare names past NUL. +* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger. +* [Bug 3457] OpenSSL FIPS mode regression +* [Bug 3455] ntpd doesn't use scope id when binding multicast + - applied patch by Sean Haugh +* [Bug 3452] PARSE driver prints uninitialized memory. +* [Bug 3450] Dubious error messages from plausibility checks in get_systime() + - removed error log caused by rounding/slew, ensured postcondition +* [Bug 3447] AES-128-CMAC (fixes) + - refactoring the MAC code, too +* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org +* [Bug 3439] When running multiple commands / hosts in ntpq... + - applied patch by ggarvey +* [Bug 3438] Negative values and values > 999 days in... + - applied patch by ggarvey (with minor mods) +* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain + - applied patch (with mods) by Miroslav Lichvar +* [Bug 3435] anchor NTP era alignment +* [Bug 3433] sntp crashes when run with -a. +* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" + - fixed several issues with hash algos in ntpd, sntp, ntpq, + ntpdc and the test suites +* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug + - initial patch by Daniel Pouzzner +* [Bug 3423] QNX adjtime() implementation error checking is + wrong +* [Bug 3417] ntpq ifstats packet counters can be negative + made IFSTATS counter quantities unsigned +* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 + - raised receive buffer size to 1200 +* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static + analysis tool. +* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. +* [Bug 3404] Fix openSSL DLL usage under Windows + - fix/drop assumptions on OpenSSL libs directory layout +* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation + - initial patch by timeflies@mail2tor.com +* [Bug 3398] tests fail with core dump + - patch contributed by Alexander Bluhm +* [Bug 3397] ctl_putstr() asserts that data fits in its buffer + rework of formatting & data transfer stuff in 'ntp_control.c' + avoids unecessary buffers and size limitations. +* [Bug 3394] Leap second deletion does not work on ntpd clients + - fixed handling of dynamic deletion w/o leap file +* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size + - increased mimimum stack size to 32kB +* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 + - reverted handling of PPS kernel consumer to 4.2.6 behavior +* [Bug 3365] Updates driver40(-ja).html and miscopt.html +* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. +* [Bug 3016] wrong error position reported for bad ":config pool" + - fixed location counter & ntpq output +* [Bug 2900] libntp build order problem. HStenn. +* [Bug 2878] Tests are cluttering up syslog +* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, + perlinger@ntp.org +* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. +* [Bug 948] Trustedkey config directive leaks memory. +* Use strlcpy() to copy strings, not memcpy(). HStenn. +* Typos. HStenn. +* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. +* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. +* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org +* Fix trivial warnings from 'make check'. perlinger@ntp.org +* Fix bug in the override portion of the compiler hardening macro. HStenn. +* record_raw_stats(): Log entire packet. Log writes. HStenn. +* AES-128-CMAC support. BInglis, HStenn, JPerlinger. +* sntp: tweak key file logging. HStenn. +* sntp: pkt_output(): Improve debug output. HStenn. +* update-leap: updates from Paul McMath. +* When using pkg-config, report --modversion. HStenn. +* Clean up libevent configure checks. HStenn. +* sntp: show the IP of who sent us a crypto-NAK. HStenn. +* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. +* authistrustedip() - use it in more places. HStenn, JPerlinger. +* New sysstats: sys_lamport, sys_tsrounding. HStenn. +* Update ntp.keys .../N documentation. HStenn. +* Distribute testconf.yml. HStenn. +* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. +* Rename the configuration flag fifo variables. HStenn. +* Improve saveconfig output. HStenn. +* Decode restrict flags on receive() debug output. HStenn. +* Decode interface flags on receive() debug output. HStenn. +* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. +* Update the documentation in ntp.conf.def . HStenn. +* restrictions() must return restrict flags and ippeerlimit. HStenn. +* Update ntpq peer documentation to describe the 'p' type. HStenn. +* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. +* Provide dump_restricts() for debugging. HStenn. +* Use consistent 4th arg type for [gs]etsockopt. JPerlinger. +* Some tests might need LIBM. HStenn. +* update-leap: Allow -h/--help early. HStenn. + +--- +(4.2.8p10) 2017/03/21 Released by Harlan Stenn * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config (Pentest report 01.2017) Modified: vendor/ntp/dist/Makefile.am ============================================================================== --- vendor/ntp/dist/Makefile.am Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/Makefile.am Wed Feb 28 06:23:12 2018 (r330102) @@ -5,10 +5,10 @@ NULL = # moved sntp first to get libtool and libevent built. SUBDIRS = \ - sntp \ scripts \ include \ libntp \ + sntp \ libparse \ ntpd \ ntpdate \ Modified: vendor/ntp/dist/Makefile.in ============================================================================== --- vendor/ntp/dist/Makefile.in Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/Makefile.in Wed Feb 28 06:23:12 2018 (r330102) @@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -523,10 +524,10 @@ NULL = # moved sntp first to get libtool and libevent built. SUBDIRS = \ - sntp \ scripts \ include \ libntp \ + sntp \ libparse \ ntpd \ ntpdate \ Modified: vendor/ntp/dist/NEWS ============================================================================== --- vendor/ntp/dist/NEWS Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/NEWS Wed Feb 28 06:23:12 2018 (r330102) @@ -1,4 +1,331 @@ -- +NTP 4.2.8p11 (Harlan Stenn , 2018/02/27) + +NOTE: this NEWS file will be undergoing more revisions. + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity +vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and +provides 65 other non-security fixes and improvements: + +* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved + association (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3454 / CVE-2018-7185 / VU#961909 + Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between + 2.9 and 6.8. + CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could + score between 2.6 and 3.1 + Summary: + The NTP Protocol allows for both non-authenticated and + authenticated associations, in client/server, symmetric (peer), + and several broadcast modes. In addition to the basic NTP + operational modes, symmetric mode and broadcast servers can + support an interleaved mode of operation. In ntp-4.2.8p4 a bug + was inadvertently introduced into the protocol engine that + allows a non-authenticated zero-origin (reset) packet to reset + an authenticated interleaved peer association. If an attacker + can send a packet with a zero-origin timestamp and the source + IP address of the "other side" of an interleaved association, + the 'victim' ntpd will reset its association. The attacker must + continue sending these packets in order to maintain the + disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6, + interleave mode could be entered dynamically. As of ntp-4.2.8p7, + interleaved mode must be explicitly configured/enabled. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade to 4.2.8p11 or later and have + 'peer HOST xleave' lines in your ntp.conf file, remove the + 'xleave' option. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad + state (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3453 / CVE-2018-7184 / VU#961909 + Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) + Could score between 2.9 and 6.8. + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L + Could score between 2.6 and 6.0. + Summary: + The fix for NtpBug2952 was incomplete, and while it fixed one + problem it created another. Specifically, it drops bad packets + before updating the "received" timestamp. This means a + third-party can inject a packet with a zero-origin timestamp, + meaning the sender wants to reset the association, and the + transmit timestamp in this bogus packet will be saved as the + most recent "received" timestamp. The real remote peer does + not know this value and this will disrupt the association until + the association resets. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use authentication with 'peer' mode. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive + peering (LOW) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3415 / CVE-2018-7170 / VU#961909 + Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up to + use a trustedkey and if one is not using the feature introduced in + ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to + specify which IPs can serve time, a malicious authenticated peer + -- i.e. one where the attacker knows the private symmetric key -- + can create arbitrarily-many ephemeral associations in order to win + the clock selection of ntpd and modify a victim's clock. Three + additional protections are offered in ntp-4.2.8p11. One is the + new 'noepeer' directive, which disables symmetric passive + ephemeral peering. Another is the new 'ippeerlimit' directive, + which limits the number of peers that can be created from an IP. + The third extends the functionality of the 4th field in the + ntp.keys file to include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peers + that can be created from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs and + subnets that can be time servers. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was reported as Bug 3012 by Matthew Van Gundy of + Cisco ASIG, and separately by Stefan Moser as Bug 3415. + +* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3414 / CVE-2018-7183 / VU#961909 + Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L + Summary: + ntpq is a monitoring and control program for ntpd. decodearr() + is an internal function of ntpq that is used to -- wait for it -- + decode an array in a response string when formatted data is being + displayed. This is a problem in affected versions of ntpq if a + maliciously-altered ntpd returns an array result that will trip this + bug, or if a bad actor is able to read an ntpq request on its way to + a remote ntpd server and forge and send a response before the remote + ntpd sends its response. It's potentially possible that the + malicious data could become injectable/executable code. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Credit: + This weakness was discovered by Michael Macnair of Thales e-Security. + +* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined + behavior and information leak (Info/Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3412 / CVE-2018-7182 / VU#961909 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N + CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + 0.0 if C:N + Summary: + ctl_getitem() is used by ntpd to process incoming mode 6 packets. + A malicious mode 6 packet can be sent to an ntpd instance, and + if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will + cause ctl_getitem() to read past the end of its buffer. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Yihan Lian of Qihoo 360. + +* NTP Bug 3012: Sybil vulnerability: ephemeral association attack + Also see Bug 3415, above. + Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up + to use a trustedkey and if one is not using the feature + introduced in ntp-4.2.8p6 allowing an optional 4th field in the + ntp.keys file to specify which IPs can serve time, a malicious + authenticated peer -- i.e. one where the attacker knows the + private symmetric key -- can create arbitrarily-many ephemeral + associations in order to win the clock selection of ntpd and + modify a victim's clock. Two additional protections are + offered in ntp-4.2.8p11. One is the 'noepeer' directive, which + disables symmetric passive ephemeral peering. The other extends + the functionality of the 4th field in the ntp.keys file to + include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or + the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peer + associations from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs + and subnets that can be time servers. + Properly monitor your ntpd instances. + Credit: + This weakness was discovered by Matthew Van Gundy of Cisco ASIG. + +* Bug fixes: + [Bug 3457] OpenSSL FIPS mode regression + [Bug 3455] ntpd doesn't use scope id when binding multicast + - applied patch by Sean Haugh + [Bug 3452] PARSE driver prints uninitialized memory. + [Bug 3450] Dubious error messages from plausibility checks in get_systime() + - removed error log caused by rounding/slew, ensured postcondition + [Bug 3447] AES-128-CMAC (fixes) + - refactoring the MAC code, too + [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org + [Bug 3439] When running multiple commands / hosts in ntpq... + - applied patch by ggarvey + [Bug 3438] Negative values and values > 999 days in... + - applied patch by ggarvey (with minor mods) + [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain + - applied patch (with mods) by Miroslav Lichvar + [Bug 3435] anchor NTP era alignment + [Bug 3433] sntp crashes when run with -a. + [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" + - fixed several issues with hash algos in ntpd, sntp, ntpq, + ntpdc and the test suites + [Bug 3424] Trimble Thunderbolt 1024 week millenium bug + - initial patch by Daniel Pouzzner + [Bug 3423] QNX adjtime() implementation error checking is + wrong + [Bug 3417] ntpq ifstats packet counters can be negative + made IFSTATS counter quantities unsigned + [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 + - raised receive buffer size to 1200 + [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static + analysis tool. + [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. + [Bug 3404] Fix openSSL DLL usage under Windows + - fix/drop assumptions on OpenSSL libs directory layout + [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation + - initial patch by timeflies@mail2tor.com + [Bug 3398] tests fail with core dump + - patch contributed by Alexander Bluhm + [Bug 3397] ctl_putstr() asserts that data fits in its buffer + rework of formatting & data transfer stuff in 'ntp_control.c' + avoids unecessary buffers and size limitations. + [Bug 3394] Leap second deletion does not work on ntpd clients + - fixed handling of dynamic deletion w/o leap file + [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size + - increased mimimum stack size to 32kB + [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 + - reverted handling of PPS kernel consumer to 4.2.6 behavior + [Bug 3365] Updates driver40(-ja).html and miscopt.html + [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. + [Bug 3016] wrong error position reported for bad ":config pool" + - fixed location counter & ntpq output + [Bug 2900] libntp build order problem. HStenn. + [Bug 2878] Tests are cluttering up syslog + [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, + perlinger@ntp.org + [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. + [Bug 948] Trustedkey config directive leaks memory. + Use strlcpy() to copy strings, not memcpy(). HStenn. + Typos. HStenn. + test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. + refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. + Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org + Fix trivial warnings from 'make check'. perlinger@ntp.org + Fix bug in the override portion of the compiler hardening macro. HStenn. + record_raw_stats(): Log entire packet. Log writes. HStenn. + AES-128-CMAC support. BInglis, HStenn, JPerlinger. + sntp: tweak key file logging. HStenn. + sntp: pkt_output(): Improve debug output. HStenn. + update-leap: updates from Paul McMath. + When using pkg-config, report --modversion. HStenn. + Clean up libevent configure checks. HStenn. + sntp: show the IP of who sent us a crypto-NAK. HStenn. + Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. + authistrustedip() - use it in more places. HStenn, JPerlinger. + New sysstats: sys_lamport, sys_tsrounding. HStenn. + Update ntp.keys .../N documentation. HStenn. + Distribute testconf.yml. HStenn. + Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. + Rename the configuration flag fifo variables. HStenn. + Improve saveconfig output. HStenn. + Decode restrict flags on receive() debug output. HStenn. + Decode interface flags on receive() debug output. HStenn. + Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. + Update the documentation in ntp.conf.def . HStenn. + restrictions() must return restrict flags and ippeerlimit. HStenn. + Update ntpq peer documentation to describe the 'p' type. HStenn. + Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. + Provide dump_restricts() for debugging. HStenn. + Use consistent 4th arg type for [gs]etsockopt. JPerlinger. + +* Other items: + +* update-leap needs the following perl modules: + Net::SSLeay + IO::Socket::SSL + +* New sysstats variables: sys_lamport, sys_tsrounding +See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding" +sys_lamport counts the number of observed Lamport violations, while +sys_tsrounding counts observed timestamp rounding events. + +* New ntp.conf items: + +- restrict ... noepeer +- restrict ... ippeerlimit N + +The 'noepeer' directive will disallow all ephemeral/passive peer +requests. + +The 'ippeerlimit' directive limits the number of time associations +for each IP in the designated set of addresses. This limit does not +apply to explicitly-configured associations. A value of -1, the current +default, means an unlimited number of associations may connect from a +single IP. 0 means "none", etc. Ordinarily the only way multiple +associations would come from the same IP would be if the remote side +was using a proxy. But a trusted machine might become compromised, +in which case an attacker might spin up multiple authenticated sessions +from different ports. This directive should be helpful in this case. + +* New ntp.keys feature: Each IP in the optional list of IPs in the 4th +field may contain a /subnetbits specification, which identifies the +scope of IPs that may use this key. This IP/subnet restriction can be +used to limit the IPs that may use the key in most all situations where +a key is used. +-- NTP 4.2.8p10 (Harlan Stenn , 2017/03/21) Focus: Security, Bug fixes, enhancements. @@ -960,7 +1287,7 @@ following 9 low- and medium-severity vulnerabilities: Implement BCP-38. Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page - Properly monitor your =ntpd= instances + Properly monitor your ntpd instances Credit: This weakness was discovered by Stephen Gray and Matthew Van Gundy of Cisco ASIG. @@ -1029,7 +1356,7 @@ following 9 low- and medium-severity vulnerabilities: Implement BCP-38. Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page - Properly monitor your =ntpd= instances + Properly monitor your ntpd instances Credit: This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360. @@ -1266,7 +1593,7 @@ following 1 low- and 8 medium-severity vulnerabilities Configure 'ntpd' to get time from multiple sources. Upgrade to 4.2.8p6, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page. - Monitor your 'ntpd= instances. + Monitor your 'ntpd' instances. Credit: This weakness was discovered by Matthey Van Gundy and Jonathan Gardner of Cisco ASIG. Modified: vendor/ntp/dist/aclocal.m4 ============================================================================== --- vendor/ntp/dist/aclocal.m4 Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/aclocal.m4 Wed Feb 28 06:23:12 2018 (r330102) @@ -1339,6 +1339,7 @@ m4_include([sntp/m4/ltoptions.m4]) m4_include([sntp/m4/ltsugar.m4]) m4_include([sntp/m4/ltversion.m4]) m4_include([sntp/m4/lt~obsolete.m4]) +m4_include([sntp/m4/ntp_af_unspec.m4]) m4_include([sntp/m4/ntp_cacheversion.m4]) m4_include([sntp/m4/ntp_compiler.m4]) m4_include([sntp/m4/ntp_crosscompile.m4]) Modified: vendor/ntp/dist/adjtimed/Makefile.in ============================================================================== --- vendor/ntp/dist/adjtimed/Makefile.in Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/adjtimed/Makefile.in Wed Feb 28 06:23:12 2018 (r330102) @@ -108,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -952,7 +953,6 @@ install-exec-hook: # check-libntp: ../libntp/libntp.a - @echo stamp > $@ ../libntp/libntp.a: cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a Modified: vendor/ntp/dist/clockstuff/Makefile.in ============================================================================== --- vendor/ntp/dist/clockstuff/Makefile.in Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/clockstuff/Makefile.in Wed Feb 28 06:23:12 2018 (r330102) @@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -793,7 +794,6 @@ uninstall-am: check-libntp: ../libntp/libntp.a - @echo stamp > $@ ../libntp/libntp.a: cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a Modified: vendor/ntp/dist/configure ============================================================================== --- vendor/ntp/dist/configure Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/configure Wed Feb 28 06:23:12 2018 (r330102) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10. +# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p10' -PACKAGE_STRING='ntp 4.2.8p10' +PACKAGE_VERSION='4.2.8p11' +PACKAGE_STRING='ntp 4.2.8p11' PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_URL='http://www.ntp.org./' @@ -944,6 +944,7 @@ ac_user_opts=' enable_option_checking enable_silent_rules enable_dependency_tracking +with_hardenfile with_locfile enable_shared enable_static @@ -1613,7 +1614,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1683,7 +1684,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p10:";; + short | recursive ) echo "Configuration of ntp 4.2.8p11:";; esac cat <<\_ACEOF @@ -1699,6 +1700,7 @@ Optional Features and Packages: do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build + --with-hardenfile=XXX os-specific or "/dev/null" --with-locfile=XXX os-specific or "legacy" --enable-shared[=PKGS] build shared libraries [default=no] --enable-static[=PKGS] build static libraries [default=yes] @@ -1921,7 +1923,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p10 +ntp configure 4.2.8p11 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2630,7 +2632,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p10, which was +It was created by ntp $as_me 4.2.8p11, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3631,7 +3633,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p10' + VERSION='4.2.8p11' cat >>confdefs.h <<_ACEOF @@ -6581,11 +6583,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu $as_echo_n "checking for compile/link hardening flags... " >&6; } -# Check whether --with-locfile was given. -if test "${with_locfile+set}" = set; then : - withval=$with_locfile; +# Check whether --with-hardenfile was given. +if test "${with_hardenfile+set}" = set; then : + withval=$with_hardenfile; else - with_locfile=no + with_hardenfile=no fi @@ -6593,12 +6595,12 @@ fi ( \ SENTINEL_DIR="$PWD" && \ cd $srcdir/sntp && \ - case "$with_locfile" in \ + case "$with_hardenfile" in \ yes|no|'') \ scripts/genHardFlags -d "$SENTINEL_DIR" \ ;; \ *) \ - scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile" \ + scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile" \ ;; \ esac \ ) > genHardFlags.i 2> genHardFlags.err @@ -15937,8 +15939,13 @@ $as_echo_n "checking if libevent $ntp_libevent_min_ver if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent then ntp_use_local_libevent=no - { $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5 -$as_echo "$as_me: Using the installed libevent" >&6;} + ntp_libevent_version="`$PKG_CONFIG --modversion libevent`" + case "$ntp_libevent_version" in + *.*) ;; + *) ntp_libevent_version='(unknown)' ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5 +$as_echo "yes, version $ntp_libevent_version" >&6; } CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent` # HMS: I hope the following is accurate. @@ -15966,8 +15973,6 @@ $as_echo "$as_me: Using the installed libevent" >&6;} LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads" esac LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } else ntp_use_local_libevent=yes # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS @@ -26468,6 +26473,36 @@ fi done + + +# We could do a cv check here, but is it worth it? + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifndef AF_UNSPEC + #include "Bletch: AF_UNSPEC is undefined!" + #endif + #if AF_UNSPEC != 0 + #include "Bletch: AF_UNSPEC != 0" + #endif + +int +main () +{ +{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5 +$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;} + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if ${ac_cv_type_signal+:} false; then : @@ -30114,8 +30149,13 @@ $as_echo_n "checking pkg-config for $pkg... " >&6; } VER_SUFFIX=o ntp_openssl=yes ntp_openssl_from_pkg_config=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" + case "$ntp_openssl_version" in + *.*) ;; + *) ntp_openssl_version='(unknown)' ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 +$as_echo "yes, version $ntp_openssl_version" >&6; } break fi @@ -33924,7 +33964,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p10, which was +This file was extended by ntp $as_me 4.2.8p11, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33991,7 +34031,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ntp config.status 4.2.8p10 +ntp config.status 4.2.8p11 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: vendor/ntp/dist/configure.ac ============================================================================== --- vendor/ntp/dist/configure.ac Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/configure.ac Wed Feb 28 06:23:12 2018 (r330102) @@ -528,6 +528,8 @@ AC_CHECK_HEADERS([sys/timex.h], [], [], [ #endif ]) +NTP_AF_UNSPEC + AC_TYPE_SIGNAL AC_TYPE_OFF_T AC_STRUCT_TM dnl defines TM_IN_SYS_TIME used by refclock_parse.c Modified: vendor/ntp/dist/html/access.html ============================================================================== --- vendor/ntp/dist/html/access.html Wed Feb 28 05:11:10 2018 (r330101) +++ vendor/ntp/dist/html/access.html Wed Feb 28 06:23:12 2018 (r330102) @@ -19,7 +19,7 @@ color: #FF0000;

giffrom Pogo, Walt Kelly

The skunk watches for intruders and sprays.

Last update: - 11-Sep-2010 05:53 + 26-Jul-2017 20:10 UTC


Related Links

@@ -32,7 +32,7 @@ color: #FF0000;

The ACL is specified as a list of restrict commands in the following format:

restrict address [mask mask] [flag][...]

The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. restrict default, with no mask option, modifies both IPv4 and IPv6 default entries. restrict source configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.

-

Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.

+

Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.

An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:

 restrict default nopeer					# deny new associations

Modified: vendor/ntp/dist/html/accopt.html
==============================================================================
--- vendor/ntp/dist/html/accopt.html	Wed Feb 28 05:11:10 2018	(r330101)
+++ vendor/ntp/dist/html/accopt.html	Wed Feb 28 06:23:12 2018	(r330102)
@@ -3,89 +3,185 @@
 
 
 
-Access Control Commands and Options
-
+Access Control Commands and Options 
 
 
 
 
 
Access Control Commands and Options

-giffrom Pogo, Walt Kelly
+giffrom Pogo,
+Walt Kelly
 
The skunk watches for intruders and sprays.

-
Last update:
-  13-Nov-2014  03:00
-  UTC

+
Last update: 7-Jan-2018 23:56 UTC

 

 
Related Links

-
-
+
+
 

 
Commands and Options

-
Unless noted otherwise, further information about these ccommands is on the Access Control Support page.

+
Unless noted otherwise, further information about these ccommands is on
+the Access Control Support page.

 

-  
discard [ average avg ][ minimum min ] [ monitor prob ]

-  
Set the parameters of the rate control facility which protects the server from client abuse. If the limited flag is present in the ACL, packets that violate these limits are discarded. If, in addition, the kod flag is present, a kiss-o'-death packet is returned. See the Rate Management page for further information. The options are:
+  
discard [ average avg ][ minimum min ]
+      [ monitor prob ]

+  
Set the parameters of the rate control facility which protects the
+    server from client abuse. If the limited flag is present in the
+    ACL, packets that violate these limits are discarded. If, in addition,
+    the kod flag is present, a kiss-o'-death packet is
+    returned. See the Rate Management page for
+    further information. The options are:
     

       
average avg

-      
Specify the minimum average interpacket spacing (minimum average headway
-        time) in log2 s with default 3.

+      
Specify the minimum average interpacket spacing (minimum average
+        headway time) in log2 s with default 3.

       
minimum min

-      
Specify the minimum interpacket spacing (guard time) in seconds with default 2.

+      
Specify the minimum interpacket spacing (guard time) in seconds
+	with default 2.

       
monitor

-      
Specify the probability of being recorded for packets that overflow the MRU list size limit set by mru maxmem or mru maxdepth. This is a performance optimization for servers with aggregate arrivals of 1000 packets per second or more.

+      
Specify the probability of being recorded for packets that
+	overflow the MRU list size limit set by mru maxmem
+	or mru maxdepth. This is a performance optimization for
+	servers with aggregate arrivals of 1000 packets per second or
+	more.

     

   

-  
restrict default [flag][...]

-    restrict source [flag][...]

-    restrict address [mask mask] [flag][...]

-  
The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0,	mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. restrict default, with no mask option, modifies both IPv4 and IPv6 default entries. restrict source configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptible, and removed when the association is demobilized.

-  
Some flags have the effect to deny service, some  have the effect to enable service and some are  conditioned by other flags. The  flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:

+  
restrict [-4 | -6] default [ippeerlimit num]
+      [flag][...]
  restrict source [ippeerlimit num]
+      [flag][...]
  restrict address [mask mask]
+      [ippeerlimit num] [flag][...]

+  
The address argument expressed in IPv4 or IPv6 numeric
+    address form is the address of a host or network. Alternatively,
+    the address argument can be a valid host DNS
+    name. The mask argument expressed in IPv4 or IPv6
+    numeric address form defaults to all mask bits on, meaning that
+    the address is treated as the address of an individual
+    host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and
+    address :: mask :: for IPv6) is always the first entry in the
+    list. restrict default, with no mask option, modifies both IPv4
+    and IPv6 default entries. restrict source configures a template
+    restriction automatically added at runtime for each association, whether
+    configured, ephemeral, or preemptible, and removed when the association
+    is demobilized.

+  
The optional ippeerlimit takes a numeric argument that
+    indicates how many incoming (at present) peer requests will be permitted
+    for each IP, regardless of whether or not the request comes from an
+    authenticated source.  A value of -1 means "unlimited", which is the
+    current default.  A value of 0 means "none".  Ordinarily one would
+    expect at most 1 of these sessions to exist per IP, however if the
+    remote side is operating thru a proxy there would be one association for
+    each remote peer at that IP.

+  
Some flags have the effect to deny service, some have the effect to
+    enable service and some are conditioned by other flags. The flags are
+    not orthogonal, in that more restrictive flags will often make less
+    restrictive ones redundant. The flags that deny service are classed in
+    two categories, those that restrict time service and those that restrict
+    informational queries and attempts to do run-time reconfiguration of the
+    server. One or more of the following flags may be specified:

   

     

       
flake

-      
Discard received NTP packets with probability 0.1; that is, on average drop one packet in ten. This is for testing and amusement. The name comes from Bob Braden's flakeway, which once did a similar thing for early Internet testing.

+      
Discard received NTP packets with probability 0.1; that is, on
+	average drop one packet in ten. This is for testing and
+	amusement. The name comes from Bob Braden's flakeway, which
+	once did a similar thing for early Internet testing.

       
ignore

-      
Deny packets of all kinds, including ntpq and ntpdc queries.

+      
Deny packets of all kinds, including ntpq
+	and ntpdc queries.

       
kod

-      
Send a kiss-o'-death (KoD) packet if the limited flag is present and a packet violates the rate limits established by the discard command. KoD packets are themselves rate limited for each source address separately. If the kod flag is used in a restriction which does not have the limited flag, no KoD responses will result.

+      
Send a kiss-o'-death (KoD) packet if the limited flag is
+	present and a packet violates the rate limits established by
+	the discard command. KoD packets are themselves rate
+	limited for each source address separately. If the kod flag
+	is used in a restriction which does not have the limited
+	flag, no KoD responses will result.

       
limited

-      
Deny time service if the packet violates the rate limits established by the discard command. This does not apply to ntpq and ntpdc queries.

+      
Deny time service if the packet violates the rate limits
+	established by the discard command. This does not apply
+	to ntpq and ntpdc queries.

       
lowpriotrap

-      
Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps.

+      
Declare traps set by matching hosts to be low priority. The number
+	of traps a server can maintain is limited (the current limit is
+	3). Traps are usually assigned on a first come, first served basis,
+	with later trap requestors being denied service. This flag modifies
+	the assignment algorithm by allowing low priority traps to be
+	overridden by later requests for normal priority traps.

       
mssntp

-      
Enable Microsoft Windows MS-SNTP authentication using Active Directory services. Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated  server with no clients other than MS-SNTP.

+      
Enable Microsoft Windows MS-SNTP authentication using Active
+	Directory services. Note: Potential users
+	should be aware that these services involve a TCP connection to
+	another process that could potentially block, denying services to
+	other users. Therefore, this flag should be used only for a
+	dedicated server with no clients other than MS-SNTP.

+      
noepeer

+      
Deny packets that would mobilize an ephemeral peering association,
+	even if authenticated.

       
nomodify

-      
Deny ntpq and ntpdc queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.

+      
Deny ntpq and ntpdc queries which attempt to
+	modify the state of the server (i.e., run time
+	reconfiguration). Queries which return information are
+	permitted.

       
noquery

-      
Deny ntpq and ntpdc queries. Time service is not affected.

+      
Deny ntpq and ntpdc queries. Time service is not
+	affected.

       
nopeer

-      
Deny packets that might mobilize an association unless authenticated. This includes broadcast, symmetric-active and manycast server packets when a configured association does not exist. It also includes pool associations, so if you want to use servers from a pool directive and also want to use nopeer by default, you'll want a "restrict source ..." line as well that does not include the nopeer directive.  Note that this flag does not apply to packets that do not attempt to mobilize an association. 

+      
Deny packets that might mobilize an association unless
+	authenticated. This includes broadcast, symmetric-active and
+	manycast server packets when a configured association does not
+	exist. It also includes pool associations, so if you want
+	to use servers from a pool directive and also want to
+	use nopeer by default, you'll want a "restrict source
+	..." line as well that does not include
+	the nopeer directive.  Note that this flag does not apply
+	to packets that do not attempt to mobilize an association. 

       
noserve

-      
Deny all packets except ntpq and ntpdc queries.

+      
Deny all packets except ntpq and ntpdc
+	queries.

       
notrap

-      
Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the ntpdc control message protocol which is intended for use by remote event logging programs.

+      
Decline to provide mode 6 control message trap service to matching
+	hosts. The trap service is a subsystem of the ntpdc control
+	message protocol which is intended for use by remote event logging
+	programs.

       
notrust

-      
Deny packets that are not cryptographically authenticated. Note carefully how this flag interacts with the auth option of the enable and disable commands. If auth is enabled, which is the default, authentication is required for all packets that might mobilize  an association. If auth is disabled, but the notrust flag is not present, an association can be mobilized whether or not authenticated. If auth is disabled, but the notrust flag is present, authentication is required only for the specified address/mask range. 

+      
Deny packets that are not cryptographically authenticated. Note
+	carefully how this flag interacts with the auth option of
+	the enable and disable commands. If auth
+	is enabled, which is the default, authentication is required for all
+	packets that might mobilize an association. If auth is
+	disabled, but the notrust flag is not present, an
+	association can be mobilized whether or not
+	authenticated. If auth is disabled, but
+	the notrust flag is present, authentication is required
+	only for the specified address/mask range. 

       
ntpport

-      
This is actually a match algorithm modifier, rather than a restriction
-        flag. Its presence causes the restriction entry to be matched only if the
-        source port in the packet is the standard NTP UDP port (123). A restrict line
-        containing ntpport is considered more specific than one with the

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-vendor@freebsd.org  Wed Feb 28 06:23:58 2018
Return-Path: 
Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60ADDF2D0C9;
 Wed, 28 Feb 2018 06:23:58 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 13FAE87344;
 Wed, 28 Feb 2018 06:23:58 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E93C815D27;
 Wed, 28 Feb 2018 06:23:57 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1S6Nv7q003032;
 Wed, 28 Feb 2018 06:23:57 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1S6NvgJ003031;
 Wed, 28 Feb 2018 06:23:57 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201802280623.w1S6NvgJ003031@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI 
Date: Wed, 28 Feb 2018 06:23:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r330103 - vendor/ntp/4.2.8p11
X-SVN-Group: vendor
X-SVN-Commit-Author: delphij
X-SVN-Commit-Paths: vendor/ntp/4.2.8p11
X-SVN-Commit-Revision: 330103
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 
List-Unsubscribe: , 
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Wed, 28 Feb 2018 06:23:58 -0000

Author: delphij
Date: Wed Feb 28 06:23:57 2018
New Revision: 330103
URL: https://svnweb.freebsd.org/changeset/base/330103

Log:
  Tag ntp 4.2.8p11.

Added:
  vendor/ntp/4.2.8p11/
     - copied from r330102, vendor/ntp/dist/

From owner-svn-src-vendor@freebsd.org  Thu Mar  1 23:45:46 2018
Return-Path: 
Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC81EF34D3D;
 Thu,  1 Mar 2018 23:45:45 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8BC9C80908;
 Thu,  1 Mar 2018 23:45:45 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 826097D96;
 Thu,  1 Mar 2018 23:45:45 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w21Njjw7078281;
 Thu, 1 Mar 2018 23:45:45 GMT (envelope-from sjg@FreeBSD.org)
Received: (from sjg@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w21Njj9S078276;
 Thu, 1 Mar 2018 23:45:45 GMT (envelope-from sjg@FreeBSD.org)
Message-Id: <201803012345.w21Njj9S078276@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org
 using -f
From: "Simon J. Gerraty" 
Date: Thu, 1 Mar 2018 23:45:45 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r330258 - in vendor/NetBSD/bmake/dist: . mk unit-tests
X-SVN-Group: vendor
X-SVN-Commit-Author: sjg
X-SVN-Commit-Paths: in vendor/NetBSD/bmake/dist: . mk unit-tests
X-SVN-Commit-Revision: 330258
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 
List-Unsubscribe: , 
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Thu, 01 Mar 2018 23:45:46 -0000

Author: sjg
Date: Thu Mar  1 23:45:44 2018
New Revision: 330258
URL: https://svnweb.freebsd.org/changeset/base/330258

Log:
  Import bmake-20180222
  
  From ChangeLog
  
  * VERSION: 20180222
    Merge with NetBSD make, pick up
    o parse.c: avoid calling sysconf for every call to loadfile
  
  * VERSION: 20180218
    Merge with NetBSD make, pick up
    o var.c: Var_Set handle NULL value anytime.
  
  * VERSION: 20180212
    Merge with NetBSD make, pick up
    o parse.c: do not treat .info as warning with -W
  
  * VERSION: 20171207
    Merge with NetBSD make, pick up
    o var.c: Var_Append use Var_Set if var not previously set
      so that VAR_CMD is handled correctly.
      Add a suitable unit-test.
  
  * VERSION: 20171126
  
  * aclocal.m4: use AC_LINK_IFELSE for AC_C___ATTRIBUTE__
    since AC_TRY_COMPILE puts input inside main()
    which upsets modern compilers.
  
  * VERSION: 20171118
    Merge with NetBSD make, pick up
    o var.c: do not append to variable set on command line
      add unit-test to catch this.

Added:
  vendor/NetBSD/bmake/dist/mk/ldorder.mk   (contents, props changed)
Modified:
  vendor/NetBSD/bmake/dist/ChangeLog
  vendor/NetBSD/bmake/dist/Makefile.config.in
  vendor/NetBSD/bmake/dist/VERSION
  vendor/NetBSD/bmake/dist/aclocal.m4
  vendor/NetBSD/bmake/dist/bmake.cat1
  vendor/NetBSD/bmake/dist/configure
  vendor/NetBSD/bmake/dist/configure.in
  vendor/NetBSD/bmake/dist/job.c
  vendor/NetBSD/bmake/dist/make.h
  vendor/NetBSD/bmake/dist/meta.c
  vendor/NetBSD/bmake/dist/mk/ChangeLog
  vendor/NetBSD/bmake/dist/mk/FILES
  vendor/NetBSD/bmake/dist/mk/auto.obj.mk
  vendor/NetBSD/bmake/dist/mk/dpadd.mk
  vendor/NetBSD/bmake/dist/mk/final.mk
  vendor/NetBSD/bmake/dist/mk/gendirdeps.mk
  vendor/NetBSD/bmake/dist/mk/install-mk
  vendor/NetBSD/bmake/dist/mk/lib.mk
  vendor/NetBSD/bmake/dist/mk/own.mk
  vendor/NetBSD/bmake/dist/mk/prog.mk
  vendor/NetBSD/bmake/dist/mk/sys.mk
  vendor/NetBSD/bmake/dist/mk/sys.vars.mk
  vendor/NetBSD/bmake/dist/os.sh
  vendor/NetBSD/bmake/dist/parse.c
  vendor/NetBSD/bmake/dist/stresep.c
  vendor/NetBSD/bmake/dist/unit-tests/varcmd.exp
  vendor/NetBSD/bmake/dist/unit-tests/varcmd.mk
  vendor/NetBSD/bmake/dist/var.c

Modified: vendor/NetBSD/bmake/dist/ChangeLog
==============================================================================
--- vendor/NetBSD/bmake/dist/ChangeLog	Thu Mar  1 22:57:14 2018	(r330257)
+++ vendor/NetBSD/bmake/dist/ChangeLog	Thu Mar  1 23:45:44 2018	(r330258)
@@ -1,3 +1,44 @@
+2018-02-22  Simon J. Gerraty  
+
+	* VERSION: 20180222
+	  Merge with NetBSD make, pick up
+	  o parse.c: avoid calling sysconf for every call to loadfile
+
+2018-02-18  Simon J. Gerraty  
+
+	* VERSION: 20180218
+	  Merge with NetBSD make, pick up
+	  o var.c: Var_Set handle NULL value anytime.
+
+2018-02-12  Simon J. Gerraty  
+
+	* VERSION: 20180212
+	  Merge with NetBSD make, pick up
+	  o parse.c: do not treat .info as warning with -W
+
+2017-12-07  Simon J. Gerraty  
+
+	* VERSION: 20171207
+	  Merge with NetBSD make, pick up
+	  o var.c: Var_Append use Var_Set if var not previously set
+	    so that VAR_CMD is handled correctly.
+	    Add a suitable unit-test.
+
+2017-11-26  Simon J. Gerraty  
+
+	* VERSION (_MAKE_VERSION): 20171126
+
+	* aclocal.m4: use AC_LINK_IFELSE for AC_C___ATTRIBUTE__
+	  since AC_TRY_COMPILE puts input inside main()
+	  which upsets modern compilers.
+
+2017-11-18  Simon J. Gerraty  
+
+	* VERSION: 20171118
+	  Merge with NetBSD make, pick up
+	  o var.c: do not append to variable set on command line
+	    add unit-test to catch this.
+
 2017-10-28  Simon J. Gerraty  
 
 	* VERSION: 20171028

Modified: vendor/NetBSD/bmake/dist/Makefile.config.in
==============================================================================
--- vendor/NetBSD/bmake/dist/Makefile.config.in	Thu Mar  1 22:57:14 2018	(r330257)
+++ vendor/NetBSD/bmake/dist/Makefile.config.in	Thu Mar  1 23:45:44 2018	(r330258)
@@ -15,7 +15,7 @@ LDFLAGS= @LDFLAGS@
 LIBOBJS= @LIBOBJS@
 LDADD= @LIBS@
 USE_META= @use_meta@
-FILEMON_H= @filemon_h@
+FILEMON_H?= @filemon_h@
 BMAKE_PATH_MAX?= @bmake_path_max@
 # used if MAXPATHLEN not defined
 CPPFLAGS+= -DBMAKE_PATH_MAX=${BMAKE_PATH_MAX}

Modified: vendor/NetBSD/bmake/dist/VERSION
==============================================================================
--- vendor/NetBSD/bmake/dist/VERSION	Thu Mar  1 22:57:14 2018	(r330257)
+++ vendor/NetBSD/bmake/dist/VERSION	Thu Mar  1 23:45:44 2018	(r330258)
@@ -1,2 +1,2 @@
 # keep this compatible with sh and make
-_MAKE_VERSION=20171028
+_MAKE_VERSION=20180222

Modified: vendor/NetBSD/bmake/dist/aclocal.m4
==============================================================================
--- vendor/NetBSD/bmake/dist/aclocal.m4	Thu Mar  1 22:57:14 2018	(r330257)
+++ vendor/NetBSD/bmake/dist/aclocal.m4	Thu Mar  1 23:45:44 2018	(r330258)
@@ -1,5 +1,5 @@
 dnl RCSid:
-dnl	$Id: aclocal.m4,v 1.5 2003/03/06 21:21:30 sjg Exp $
+dnl	$Id: aclocal.m4,v 1.6 2017/11/26 22:39:20 sjg Exp $
 dnl
 
 dnl 
@@ -55,16 +55,21 @@ dnl
 AC_DEFUN(AC_C___ATTRIBUTE__, [
 AC_MSG_CHECKING(for __attribute__)
 AC_CACHE_VAL(ac_cv___attribute__, [
-AC_TRY_COMPILE([
+AC_LINK_IFELSE([
 #include 
-],
-[
+
 static void foo(void) __attribute__ ((noreturn));
 
 static void
 foo(void)
 {
   exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+	foo();
 }
 ],
 ac_cv___attribute__=yes,

Modified: vendor/NetBSD/bmake/dist/bmake.cat1
==============================================================================
--- vendor/NetBSD/bmake/dist/bmake.cat1	Thu Mar  1 22:57:14 2018	(r330257)
+++ vendor/NetBSD/bmake/dist/bmake.cat1	Thu Mar  1 23:45:44 2018	(r330258)
@@ -1,73 +1,73 @@
-BMAKE(1)                NetBSD General Commands Manual                BMAKE(1)
+BMAKE(1)                FreeBSD General Commands Manual               BMAKE(1)
 
-NNAAMMEE
-     bbmmaakkee -- maintain program dependencies
+NAME
+     bmake -- maintain program dependencies
 
-SSYYNNOOPPSSIISS
-     bbmmaakkee [--BBeeiikkNNnnqqrrssttWWwwXX] [--CC _d_i_r_e_c_t_o_r_y] [--DD _v_a_r_i_a_b_l_e] [--dd _f_l_a_g_s]
-           [--ff _m_a_k_e_f_i_l_e] [--II _d_i_r_e_c_t_o_r_y] [--JJ _p_r_i_v_a_t_e] [--jj _m_a_x___j_o_b_s]
-           [--mm _d_i_r_e_c_t_o_r_y] [--TT _f_i_l_e] [--VV _v_a_r_i_a_b_l_e] [--vv _v_a_r_i_a_b_l_e]
-           [_v_a_r_i_a_b_l_e_=_v_a_l_u_e] [_t_a_r_g_e_t _._._.]
+SYNOPSIS
+     bmake [-BeikNnqrstWwX] [-C directory] [-D variable] [-d flags]
+           [-f makefile] [-I directory] [-J private] [-j max_jobs]
+           [-m directory] [-T file] [-V variable] [-v variable]
+           [variable=value] [target ...]
 
-DDEESSCCRRIIPPTTIIOONN
-     bbmmaakkee is a program designed to simplify the maintenance of other pro-
+DESCRIPTION
+     bmake is a program designed to simplify the maintenance of other pro-
      grams.  Its input is a list of specifications as to the files upon which
-     programs and other files depend.  If no --ff _m_a_k_e_f_i_l_e makefile option is
-     given, bbmmaakkee will try to open `_m_a_k_e_f_i_l_e' then `_M_a_k_e_f_i_l_e' in order to find
-     the specifications.  If the file `_._d_e_p_e_n_d' exists, it is read (see
+     programs and other files depend.  If no -f makefile makefile option is
+     given, bmake will try to open `makefile' then `Makefile' in order to find
+     the specifications.  If the file `.depend' exists, it is read (see
      mkdep(1)).
 
      This manual page is intended as a reference document only.  For a more
-     thorough description of bbmmaakkee and makefiles, please refer to _P_M_a_k_e _- _A
-     _T_u_t_o_r_i_a_l.
+     thorough description of bmake and makefiles, please refer to PMake - A
+     Tutorial.
 
-     bbmmaakkee will prepend the contents of the _M_A_K_E_F_L_A_G_S environment variable to
+     bmake will prepend the contents of the MAKEFLAGS environment variable to
      the command line arguments before parsing them.
 
      The options are as follows:
 
-     --BB      Try to be backwards compatible by executing a single shell per
+     -B      Try to be backwards compatible by executing a single shell per
              command and by executing the commands to make the sources of a
              dependency line in sequence.
 
-     --CC _d_i_r_e_c_t_o_r_y
-             Change to _d_i_r_e_c_t_o_r_y before reading the makefiles or doing any-
-             thing else.  If multiple --CC options are specified, each is inter-
-             preted relative to the previous one: --CC _/ --CC _e_t_c is equivalent to
-             --CC _/_e_t_c.
+     -C directory
+             Change to directory before reading the makefiles or doing any-
+             thing else.  If multiple -C options are specified, each is inter-
+             preted relative to the previous one: -C / -C etc is equivalent to
+             -C /etc.
 
-     --DD _v_a_r_i_a_b_l_e
-             Define _v_a_r_i_a_b_l_e to be 1, in the global context.
+     -D variable
+             Define variable to be 1, in the global context.
 
-     --dd _[_-_]_f_l_a_g_s
-             Turn on debugging, and specify which portions of bbmmaakkee are to
+     -d [-]flags
+             Turn on debugging, and specify which portions of bmake are to
              print debugging information.  Unless the flags are preceded by
-             `-' they are added to the _M_A_K_E_F_L_A_G_S environment variable and will
+             `-' they are added to the MAKEFLAGS environment variable and will
              be processed by any child make processes.  By default, debugging
              information is printed to standard error, but this can be changed
-             using the _F debugging flag.  The debugging output is always
+             using the F debugging flag.  The debugging output is always
              unbuffered; in addition, if debugging is enabled but debugging
              output is not directed to standard output, then the standard out-
-             put is line buffered.  _F_l_a_g_s is one or more of the following:
+             put is line buffered.  Flags is one or more of the following:
 
-             _A       Print all possible debugging information; equivalent to
+             A       Print all possible debugging information; equivalent to
                      specifying all of the debugging flags.
 
-             _a       Print debugging information about archive searching and
+             a       Print debugging information about archive searching and
                      caching.
 
-             _C       Print debugging information about current working direc-
+             C       Print debugging information about current working direc-
                      tory.
 
-             _c       Print debugging information about conditional evaluation.
+             c       Print debugging information about conditional evaluation.
 
-             _d       Print debugging information about directory searching and
+             d       Print debugging information about directory searching and
                      caching.
 
-             _e       Print debugging information about failed commands and
+             e       Print debugging information about failed commands and
                      targets.
 
-             _F[++]_f_i_l_e_n_a_m_e
+             F[+]filename
                      Specify where debugging output is written.  This must be
                      the last flag, because it consumes the remainder of the
                      argument.  If the character immediately after the `F'
@@ -80,80 +80,80 @@ DDEESSCCRRIIPPTTIIOONN
                      named file.  If the file name ends `.%d' then the `%d' is
                      replaced by the pid.
 
-             _f       Print debugging information about loop evaluation.
+             f       Print debugging information about loop evaluation.
 
-             _g_1      Print the input graph before making anything.
+             g1      Print the input graph before making anything.
 
-             _g_2      Print the input graph after making everything, or before
+             g2      Print the input graph after making everything, or before
                      exiting on error.
 
-             _g_3      Print the input graph before exiting on error.
+             g3      Print the input graph before exiting on error.
 
-             _j       Print debugging information about running multiple
+             j       Print debugging information about running multiple
                      shells.
 
-             _l       Print commands in Makefiles regardless of whether or not
+             l       Print commands in Makefiles regardless of whether or not
                      they are prefixed by `@' or other "quiet" flags.  Also
                      known as "loud" behavior.
 
-             _M       Print debugging information about "meta" mode decisions
+             M       Print debugging information about "meta" mode decisions
                      about targets.
 
-             _m       Print debugging information about making targets, includ-
+             m       Print debugging information about making targets, includ-
                      ing modification dates.
 
-             _n       Don't delete the temporary command scripts created when
+             n       Don't delete the temporary command scripts created when
                      running commands.  These temporary scripts are created in
                      the directory referred to by the TMPDIR environment vari-
-                     able, or in _/_t_m_p if TMPDIR is unset or set to the empty
+                     able, or in /tmp if TMPDIR is unset or set to the empty
                      string.  The temporary scripts are created by mkstemp(3),
-                     and have names of the form _m_a_k_e_X_X_X_X_X_X.  _N_O_T_E: This can
-                     create many files in TMPDIR or _/_t_m_p, so use with care.
+                     and have names of the form makeXXXXXX.  NOTE: This can
+                     create many files in TMPDIR or /tmp, so use with care.
 
-             _p       Print debugging information about makefile parsing.
+             p       Print debugging information about makefile parsing.
 
-             _s       Print debugging information about suffix-transformation
+             s       Print debugging information about suffix-transformation
                      rules.
 
-             _t       Print debugging information about target list mainte-
+             t       Print debugging information about target list mainte-
                      nance.
 
-             _V       Force the --VV option to print raw values of variables,
+             V       Force the -V option to print raw values of variables,
                      overriding the default behavior set via
-                     _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S.
+                     .MAKE.EXPAND_VARIABLES.
 
-             _v       Print debugging information about variable assignment.
+             v       Print debugging information about variable assignment.
 
-             _x       Run shell commands with --xx so the actual commands are
+             x       Run shell commands with -x so the actual commands are
                      printed as they are executed.
 
-     --ee      Specify that environment variables override macro assignments
+     -e      Specify that environment variables override macro assignments
              within makefiles.
 
-     --ff _m_a_k_e_f_i_l_e
-             Specify a makefile to read instead of the default `_m_a_k_e_f_i_l_e'.  If
-             _m_a_k_e_f_i_l_e is `--', standard input is read.  Multiple makefiles may
+     -f makefile
+             Specify a makefile to read instead of the default `makefile'.  If
+             makefile is `-', standard input is read.  Multiple makefiles may
              be specified, and are read in the order specified.
 
-     --II _d_i_r_e_c_t_o_r_y
+     -I directory
              Specify a directory in which to search for makefiles and included
              makefiles.  The system makefile directory (or directories, see
-             the --mm option) is automatically included as part of this list.
+             the -m option) is automatically included as part of this list.
 
-     --ii      Ignore non-zero exit of shell commands in the makefile.  Equiva-
-             lent to specifying `--' before each command line in the makefile.
+     -i      Ignore non-zero exit of shell commands in the makefile.  Equiva-
+             lent to specifying `-' before each command line in the makefile.
 
-     --JJ _p_r_i_v_a_t_e
-             This option should _n_o_t be specified by the user.
+     -J private
+             This option should not be specified by the user.
 
-             When the _j option is in use in a recursive build, this option is
+             When the j option is in use in a recursive build, this option is
              passed by a make to child makes to allow all the make processes
              in the build to cooperate to avoid overloading the system.
 
-     --jj _m_a_x___j_o_b_s
-             Specify the maximum number of jobs that bbmmaakkee may have running at
-             any one time.  The value is saved in _._M_A_K_E_._J_O_B_S.  Turns compati-
-             bility mode off, unless the _B flag is also specified.  When com-
+     -j max_jobs
+             Specify the maximum number of jobs that bmake may have running at
+             any one time.  The value is saved in .MAKE.JOBS.  Turns compati-
+             bility mode off, unless the B flag is also specified.  When com-
              patibility mode is off, all commands associated with a target are
              executed in a single shell invocation as opposed to the tradi-
              tional one shell invocation per line.  This can break traditional
@@ -162,90 +162,90 @@ DDEESSCCRRIIPPTTIIOONN
              It is more efficient to correct the scripts rather than turn
              backwards compatibility on.
 
-     --kk      Continue processing after errors are encountered, but only on
+     -k      Continue processing after errors are encountered, but only on
              those targets that do not depend on the target whose creation
              caused the error.
 
-     --mm _d_i_r_e_c_t_o_r_y
+     -m directory
              Specify a directory in which to search for sys.mk and makefiles
-             included via the <_f_i_l_e>-style include statement.  The --mm option
+             included via the <file>-style include statement.  The -m option
              can be used multiple times to form a search path.  This path will
              override the default system include path: /usr/share/mk.  Fur-
              thermore the system include path will be appended to the search
-             path used for "_f_i_l_e"-style include statements (see the --II
+             path used for "file"-style include statements (see the -I
              option).
 
-             If a file or directory name in the --mm argument (or the
+             If a file or directory name in the -m argument (or the
              MAKESYSPATH environment variable) starts with the string ".../"
-             then bbmmaakkee will search for the specified file or directory named
+             then bmake will search for the specified file or directory named
              in the remaining part of the argument string.  The search starts
              with the current directory of the Makefile and then works upward
              towards the root of the file system.  If the search is success-
              ful, then the resulting directory replaces the ".../" specifica-
-             tion in the --mm argument.  If used, this feature allows bbmmaakkee to
+             tion in the -m argument.  If used, this feature allows bmake to
              easily search in the current source tree for customized sys.mk
              files (e.g., by using ".../mk/sys.mk" as an argument).
 
-     --nn      Display the commands that would have been executed, but do not
+     -n      Display the commands that would have been executed, but do not
              actually execute them unless the target depends on the .MAKE spe-
              cial source (see below).
 
-     --NN      Display the commands which would have been executed, but do not
+     -N      Display the commands which would have been executed, but do not
              actually execute any of them; useful for debugging top-level
              makefiles without descending into subdirectories.
 
-     --qq      Do not execute any commands, but exit 0 if the specified targets
+     -q      Do not execute any commands, but exit 0 if the specified targets
              are up-to-date and 1, otherwise.
 
-     --rr      Do not use the built-in rules specified in the system makefile.
+     -r      Do not use the built-in rules specified in the system makefile.
 
-     --ss      Do not echo any commands as they are executed.  Equivalent to
-             specifying `@@' before each command line in the makefile.
+     -s      Do not echo any commands as they are executed.  Equivalent to
+             specifying `@' before each command line in the makefile.
 
-     --TT _t_r_a_c_e_f_i_l_e
-             When used with the --jj flag, append a trace record to _t_r_a_c_e_f_i_l_e
+     -T tracefile
+             When used with the -j flag, append a trace record to tracefile
              for each job started and completed.
 
-     --tt      Rather than re-building a target as specified in the makefile,
+     -t      Rather than re-building a target as specified in the makefile,
              create it or update its modification time to make it appear up-
              to-date.
 
-     --VV _v_a_r_i_a_b_l_e
-             Print the value of _v_a_r_i_a_b_l_e.  Do not build any targets.  Multiple
+     -V variable
+             Print the value of variable.  Do not build any targets.  Multiple
              instances of this option may be specified; the variables will be
              printed one per line, with a blank line for each null or unde-
              fined variable.  The value printed is extracted from the global
              context after all makefiles have been read.  By default, the raw
              variable contents (which may include additional unexpanded vari-
-             able references) are shown.  If _v_a_r_i_a_b_l_e contains a `$' then the
+             able references) are shown.  If variable contains a `$' then the
              value will be recursively expanded to its complete resultant text
              before printing.  The expanded value will also be printed if
-             _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S is set to true and the --ddVV option has not
+             .MAKE.EXPAND_VARIABLES is set to true and the -dV option has not
              been used to override it.  Note that loop-local and target-local
              variables, as well as values taken temporarily by global vari-
              ables during makefile processing, are not accessible via this
-             option.  The --ddvv debug mode can be used to see these at the cost
+             option.  The -dv debug mode can be used to see these at the cost
              of generating substantial extraneous output.
 
-     --vv _v_a_r_i_a_b_l_e
-             Like --VV but the variable is always expanded to its complete
+     -v variable
+             Like -V but the variable is always expanded to its complete
              value.
 
-     --WW      Treat any warnings during makefile parsing as errors.
+     -W      Treat any warnings during makefile parsing as errors.
 
-     --ww      Print entering and leaving directory messages, pre and post pro-
+     -w      Print entering and leaving directory messages, pre and post pro-
              cessing.
 
-     --XX      Don't export variables passed on the command line to the environ-
+     -X      Don't export variables passed on the command line to the environ-
              ment individually.  Variables passed on the command line are
-             still exported via the _M_A_K_E_F_L_A_G_S environment variable.  This
+             still exported via the MAKEFLAGS environment variable.  This
              option may be useful on systems which have a small limit on the
              size of command arguments.
 
-     _v_a_r_i_a_b_l_e_=_v_a_l_u_e
-             Set the value of the variable _v_a_r_i_a_b_l_e to _v_a_l_u_e.  Normally, all
+     variable=value
+             Set the value of the variable variable to value.  Normally, all
              values passed on the command line are also exported to sub-makes
-             in the environment.  The --XX flag disables this behavior.  Vari-
+             in the environment.  The -X flag disables this behavior.  Vari-
              able assignments should follow options for POSIX compatibility
              but no ordering is enforced.
 
@@ -257,28 +257,28 @@ DDEESSCCRRIIPPTTIIOONN
      them with a backslash (`\').  The trailing newline character and initial
      whitespace on the following line are compressed into a single space.
 
-FFIILLEE DDEEPPEENNDDEENNCCYY SSPPEECCIIFFIICCAATTIIOONNSS
+FILE DEPENDENCY SPECIFICATIONS
      Dependency lines consist of one or more targets, an operator, and zero or
      more sources.  This creates a relationship where the targets ``depend''
      on the sources and are usually created from them.  The exact relationship
      between the target and the source is determined by the operator that sep-
      arates them.  The three operators are as follows:
 
-     ::     A target is considered out-of-date if its modification time is less
+     :     A target is considered out-of-date if its modification time is less
            than those of any of its sources.  Sources for a target accumulate
            over dependency lines when this operator is used.  The target is
-           removed if bbmmaakkee is interrupted.
+           removed if bmake is interrupted.
 
-     !!     Targets are always re-created, but not until all sources have been
+     !     Targets are always re-created, but not until all sources have been
            examined and re-created as necessary.  Sources for a target accumu-
            late over dependency lines when this operator is used.  The target
-           is removed if bbmmaakkee is interrupted.
+           is removed if bmake is interrupted.
 
-     ::::    If no sources are specified, the target is always re-created.  Oth-
+     ::    If no sources are specified, the target is always re-created.  Oth-
            erwise, a target is considered out-of-date if any of its sources
            has been modified more recently than the target.  Sources for a
            target do not accumulate over dependency lines when this operator
-           is used.  The target will not be removed if bbmmaakkee is interrupted.
+           is used.  The target will not be removed if bmake is interrupted.
 
      Targets and sources may contain the shell wildcard values `?', `*', `[]',
      and `{}'.  The values `?', `*', and `[]' may only be used as part of the
@@ -287,37 +287,37 @@ FFIILLEE DDEEPPEENNDDEENNCCYY SSPPEEC
      existing files.  Expansion is in directory order, not alphabetically as
      done in the shell.
 
-SSHHEELLLL CCOOMMMMAANNDDSS
+SHELL COMMANDS
      Each target may have associated with it one or more lines of shell com-
      mands, normally used to create the target.  Each of the lines in this
-     script _m_u_s_t be preceded by a tab.  (For historical reasons, spaces are
+     script must be preceded by a tab.  (For historical reasons, spaces are
      not accepted.)  While targets can appear in many dependency lines if
      desired, by default only one of these rules may be followed by a creation
-     script.  If the `::::' operator is used, however, all rules may include
+     script.  If the `::' operator is used, however, all rules may include
      scripts and the scripts are executed in the order found.
 
      Each line is treated as a separate shell command, unless the end of line
      is escaped with a backslash (`\') in which case that line and the next
      are combined.  If the first characters of the command are any combination
-     of `@@', `++', or `--', the command is treated specially.  A `@@' causes the
-     command not to be echoed before it is executed.  A `++' causes the command
-     to be executed even when --nn is given.  This is similar to the effect of
+     of `@', `+', or `-', the command is treated specially.  A `@' causes the
+     command not to be echoed before it is executed.  A `+' causes the command
+     to be executed even when -n is given.  This is similar to the effect of
      the .MAKE special source, except that the effect can be limited to a sin-
-     gle line of a script.  A `--' in compatibility mode causes any non-zero
+     gle line of a script.  A `-' in compatibility mode causes any non-zero
      exit status of the command line to be ignored.
 
-     When bbmmaakkee is run in jobs mode with --jj _m_a_x___j_o_b_s, the entire script for
+     When bmake is run in jobs mode with -j max_jobs, the entire script for
      the target is fed to a single instance of the shell.  In compatibility
      (non-jobs) mode, each command is run in a separate process.  If the com-
      mand contains any shell meta characters (`#=|^(){};&<>*?[]:$`\\n') it
-     will be passed to the shell; otherwise bbmmaakkee will attempt direct execu-
-     tion.  If a line starts with `--' and the shell has ErrCtl enabled then
+     will be passed to the shell; otherwise bmake will attempt direct execu-
+     tion.  If a line starts with `-' and the shell has ErrCtl enabled then
      failure of the command line will be ignored as in compatibility mode.
-     Otherwise `--' affects the entire job; the script will stop at the first
+     Otherwise `-' affects the entire job; the script will stop at the first
      command line that fails, but the target will not be deemed to have
      failed.
 
-     Makefiles should be written so that the mode of bbmmaakkee operation does not
+     Makefiles should be written so that the mode of bmake operation does not
      change their behavior.  For example, any command which needs to use
      ``cd'' or ``chdir'' without potentially changing the directory for subse-
      quent commands should be put in parentheses so it executes in a subshell.
@@ -334,35 +334,35 @@ SSHHEELLLL CCOOMMMMAANNDDSS
                    (cd ${.CURDIR} && ${MAKE} $@); \
                    echo Back in `pwd`
 
-     Since bbmmaakkee will chdir(2) to `_._O_B_J_D_I_R' before executing any targets, each
+     Since bmake will chdir(2) to `.OBJDIR' before executing any targets, each
      child process starts with that as its current working directory.
 
-VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNTTSS
+VARIABLE ASSIGNMENTS
      Variables in make are much like variables in the shell, and, by tradi-
      tion, consist of all upper-case letters.
 
-   VVaarriiaabbllee aassssiiggnnmmeenntt mmooddiiffiieerrss
+   Variable assignment modifiers
      The five operators that can be used to assign values to variables are as
      follows:
 
-     ==       Assign the value to the variable.  Any previous value is overrid-
+     =       Assign the value to the variable.  Any previous value is overrid-
              den.
 
-     ++==      Append the value to the current value of the variable.
+     +=      Append the value to the current value of the variable.
 
-     ??==      Assign the value to the variable if it is not already defined.
+     ?=      Assign the value to the variable if it is not already defined.
 
-     ::==      Assign with expansion, i.e. expand the value before assigning it
+     :=      Assign with expansion, i.e. expand the value before assigning it
              to the variable.  Normally, expansion is not done until the vari-
-             able is referenced.  _N_O_T_E: References to undefined variables are
-             _n_o_t expanded.  This can cause problems when variable modifiers
+             able is referenced.  NOTE: References to undefined variables are
+             not expanded.  This can cause problems when variable modifiers
              are used.
 
-     !!==      Expand the value and pass it to the shell for execution and
+     !=      Expand the value and pass it to the shell for execution and
              assign the result to the variable.  Any newlines in the result
              are replaced with spaces.
 
-     Any white-space before the assigned _v_a_l_u_e is removed; if the value is
+     Any white-space before the assigned value is removed; if the value is
      being appended, a single space is inserted between the previous contents
      of the variable and the appended value.
 
@@ -412,12 +412,12 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNT
           ${b} contains ``${j} ${j} ${j}'' which expands to ``3 3 3'' since
           after the loop completes ${j} contains ``3''.
 
-   VVaarriiaabbllee ccllaasssseess
+   Variable classes
      The four different classes of variables (in order of increasing prece-
      dence) are:
 
      Environment variables
-             Variables defined as part of bbmmaakkee's environment.
+             Variables defined as part of bmake's environment.
 
      Global variables
              Variables defined in the makefile or in included makefiles.
@@ -432,91 +432,91 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNT
      target to target.  It is not currently possible to define new local vari-
      ables.  The seven local variables are as follows:
 
-           _._A_L_L_S_R_C   The list of all sources for this target; also known as
-                     `_>'.
+           .ALLSRC   The list of all sources for this target; also known as
+                     `>'.
 
-           _._A_R_C_H_I_V_E  The name of the archive file; also known as `_!'.
+           .ARCHIVE  The name of the archive file; also known as `!'.
 
-           _._I_M_P_S_R_C   In suffix-transformation rules, the name/path of the
+           .IMPSRC   In suffix-transformation rules, the name/path of the
                      source from which the target is to be transformed (the
-                     ``implied'' source); also known as `_<'.  It is not
+                     ``implied'' source); also known as `<'.  It is not
                      defined in explicit rules.
 
-           _._M_E_M_B_E_R   The name of the archive member; also known as `_%'.
+           .MEMBER   The name of the archive member; also known as `%'.
 
-           _._O_O_D_A_T_E   The list of sources for this target that were deemed out-
-                     of-date; also known as `_?'.
+           .OODATE   The list of sources for this target that were deemed out-
+                     of-date; also known as `?'.
 
-           _._P_R_E_F_I_X   The file prefix of the target, containing only the file
+           .PREFIX   The file prefix of the target, containing only the file
                      portion, no suffix or preceding directory components;
-                     also known as `_*'.  The suffix must be one of the known
-                     suffixes declared with ..SSUUFFFFIIXXEESS or it will not be recog-
+                     also known as `*'.  The suffix must be one of the known
+                     suffixes declared with .SUFFIXES or it will not be recog-
                      nized.
 
-           _._T_A_R_G_E_T   The name of the target; also known as `_@'.  For compati-
-                     bility with other makes this is an alias for ..AARRCCHHIIVVEE in
+           .TARGET   The name of the target; also known as `@'.  For compati-
+                     bility with other makes this is an alias for .ARCHIVE in
                      archive member rules.
 
-     The shorter forms (`_>', `_!', `_<', `_%', `_?', `_*', and `_@') are permitted
+     The shorter forms (`>', `!', `<', `%', `?', `*', and `@') are permitted
      for backward compatibility with historical makefiles and legacy POSIX
      make and are not recommended.
 
      Variants of these variables with the punctuation followed immediately by
-     `D' or `F', e.g.  `_$_(_@_D_)', are legacy forms equivalent to using the `:H'
+     `D' or `F', e.g.  `$(@D)', are legacy forms equivalent to using the `:H'
      and `:T' modifiers.  These forms are accepted for compatibility with AT&T
      System V UNIX makefiles and POSIX but are not recommended.
 
      Four of the local variables may be used in sources on dependency lines
      because they expand to the proper value for each target on the line.
-     These variables are `_._T_A_R_G_E_T', `_._P_R_E_F_I_X', `_._A_R_C_H_I_V_E', and `_._M_E_M_B_E_R'.
+     These variables are `.TARGET', `.PREFIX', `.ARCHIVE', and `.MEMBER'.
 
-   AAddddiittiioonnaall bbuuiilltt--iinn vvaarriiaabblleess
-     In addition, bbmmaakkee sets or knows about the following variables:
+   Additional built-in variables
+     In addition, bmake sets or knows about the following variables:
 
-     _$               A single dollar sign `$', i.e.  `$$' expands to a single
+     $               A single dollar sign `$', i.e.  `$$' expands to a single
                      dollar sign.
 
-     _._A_L_L_T_A_R_G_E_T_S     The list of all targets encountered in the Makefile.  If
+     .ALLTARGETS     The list of all targets encountered in the Makefile.  If
                      evaluated during Makefile parsing, lists only those tar-
                      gets encountered thus far.
 
-     _._C_U_R_D_I_R         A path to the directory where bbmmaakkee was executed.  Refer
+     .CURDIR         A path to the directory where bmake was executed.  Refer
                      to the description of `PWD' for more details.
 
-     _._I_N_C_L_U_D_E_D_F_R_O_M_D_I_R
+     .INCLUDEDFROMDIR
                      The directory of the file this Makefile was included
                      from.
 
-     _._I_N_C_L_U_D_E_D_F_R_O_M_F_I_L_E
+     .INCLUDEDFROMFILE
                      The filename of the file this Makefile was included from.
 
-     MAKE            The name that bbmmaakkee was executed with (_a_r_g_v_[_0_]).  For
-                     compatibility bbmmaakkee also sets _._M_A_K_E with the same value.
+     MAKE            The name that bmake was executed with (argv[0]).  For
+                     compatibility bmake also sets .MAKE with the same value.
                      The preferred variable to use is the environment variable
                      MAKE because it is more compatible with other versions of
-                     bbmmaakkee and cannot be confused with the special target with
+                     bmake and cannot be confused with the special target with
                      the same name.
 
-     _._M_A_K_E_._D_E_P_E_N_D_F_I_L_E
-                     Names the makefile (default `_._d_e_p_e_n_d') from which gener-
+     .MAKE.DEPENDFILE
+                     Names the makefile (default `.depend') from which gener-
                      ated dependencies are read.
 
-     _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S
-                     A boolean that controls the default behavior of the --VV
-                     option.  If true, variable values printed with --VV are
+     .MAKE.EXPAND_VARIABLES
+                     A boolean that controls the default behavior of the -V
+                     option.  If true, variable values printed with -V are
                      fully expanded; if false, the raw variable contents
                      (which may include additional unexpanded variable refer-
                      ences) are shown.
 
-     _._M_A_K_E_._E_X_P_O_R_T_E_D  The list of variables exported by bbmmaakkee.
+     .MAKE.EXPORTED  The list of variables exported by bmake.
 
-     _._M_A_K_E_._J_O_B_S      The argument to the --jj option.
+     .MAKE.JOBS      The argument to the -j option.
 
-     _._M_A_K_E_._J_O_B_._P_R_E_F_I_X
-                     If bbmmaakkee is run with _j then output for each target is
+     .MAKE.JOB.PREFIX
+                     If bmake is run with j then output for each target is
                      prefixed with a token `--- target ---' the first part of
-                     which can be controlled via _._M_A_K_E_._J_O_B_._P_R_E_F_I_X.  If
-                     _._M_A_K_E_._J_O_B_._P_R_E_F_I_X is empty, no token is printed.
+                     which can be controlled via .MAKE.JOB.PREFIX.  If
+                     .MAKE.JOB.PREFIX is empty, no token is printed.
                      For example:
                      .MAKE.JOB.PREFIX=${.newline}---${.MAKE:T}[${.MAKE.PID}]
                      would produce tokens like `---make[1234] target ---' mak-
@@ -524,156 +524,156 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNT
                      achieved.
 
      MAKEFLAGS       The environment variable `MAKEFLAGS' may contain anything
-                     that may be specified on bbmmaakkee's command line.  Anything
-                     specified on bbmmaakkee's command line is appended to the
+                     that may be specified on bmake's command line.  Anything
+                     specified on bmake's command line is appended to the
                      `MAKEFLAGS' variable which is then entered into the envi-
-                     ronment for all programs which bbmmaakkee executes.
+                     ronment for all programs which bmake executes.
 
-     _._M_A_K_E_._L_E_V_E_L     The recursion depth of bbmmaakkee.  The initial instance of
-                     bbmmaakkee will be 0, and an incremented value is put into the
+     .MAKE.LEVEL     The recursion depth of bmake.  The initial instance of
+                     bmake will be 0, and an incremented value is put into the
                      environment to be seen by the next generation.  This
                      allows tests like: .if ${.MAKE.LEVEL} == 0 to protect
                      things which should only be evaluated in the initial
-                     instance of bbmmaakkee.
+                     instance of bmake.
 
-     _._M_A_K_E_._M_A_K_E_F_I_L_E___P_R_E_F_E_R_E_N_C_E
-                     The ordered list of makefile names (default `_m_a_k_e_f_i_l_e',
-                     `_M_a_k_e_f_i_l_e') that bbmmaakkee will look for.
+     .MAKE.MAKEFILE_PREFERENCE
+                     The ordered list of makefile names (default `makefile',
+                     `Makefile') that bmake will look for.
 
-     _._M_A_K_E_._M_A_K_E_F_I_L_E_S
-                     The list of makefiles read by bbmmaakkee, which is useful for
+     .MAKE.MAKEFILES
+                     The list of makefiles read by bmake, which is useful for
                      tracking dependencies.  Each makefile is recorded only
                      once, regardless of the number of times read.
 
-     _._M_A_K_E_._M_O_D_E      Processed after reading all makefiles.  Can affect the
-                     mode that bbmmaakkee runs in.  It can contain a number of key-
+     .MAKE.MODE      Processed after reading all makefiles.  Can affect the
+                     mode that bmake runs in.  It can contain a number of key-
                      words:
 
-                     _c_o_m_p_a_t               Like --BB, puts bbmmaakkee into "compat"
+                     compat               Like -B, puts bmake into "compat"
                                           mode.
 
-                     _m_e_t_a                 Puts bbmmaakkee into "meta" mode, where
+                     meta                 Puts bmake into "meta" mode, where
                                           meta files are created for each tar-
                                           get to capture the command run, the
                                           output generated and if filemon(4)
                                           is available, the system calls which
-                                          are of interest to bbmmaakkee.  The cap-
+                                          are of interest to bmake.  The cap-
                                           tured output can be very useful when
                                           diagnosing errors.
 
-                     _c_u_r_d_i_r_O_k_= _b_f         Normally bbmmaakkee will not create .meta
-                                          files in `_._C_U_R_D_I_R'.  This can be
-                                          overridden by setting _b_f to a value
+                     curdirOk= bf         Normally bmake will not create .meta
+                                          files in `.CURDIR'.  This can be
+                                          overridden by setting bf to a value
                                           which represents True.
 
-                     _m_i_s_s_i_n_g_-_m_e_t_a_= _b_f     If _b_f is True, then a missing .meta
+                     missing-meta= bf     If bf is True, then a missing .meta
                                           file makes the target out-of-date.
 
-                     _m_i_s_s_i_n_g_-_f_i_l_e_m_o_n_= _b_f  If _b_f is True, then missing filemon
+                     missing-filemon= bf  If bf is True, then missing filemon
                                           data makes the target out-of-date.
 
-                     _n_o_f_i_l_e_m_o_n            Do not use filemon(4).
+                     nofilemon            Do not use filemon(4).
 
-                     _e_n_v                  For debugging, it can be useful to
+                     env                  For debugging, it can be useful to
                                           include the environment in the .meta
                                           file.
 
-                     _v_e_r_b_o_s_e              If in "meta" mode, print a clue
+                     verbose              If in "meta" mode, print a clue
                                           about the target being built.  This
                                           is useful if the build is otherwise
                                           running silently.  The message
                                           printed the value of:
-                                          _._M_A_K_E_._M_E_T_A_._P_R_E_F_I_X.
+                                          .MAKE.META.PREFIX.
 
-                     _i_g_n_o_r_e_-_c_m_d           Some makefiles have commands which
+                     ignore-cmd           Some makefiles have commands which
                                           are simply not stable.  This keyword
                                           causes them to be ignored for deter-
                                           mining whether a target is out of
                                           date in "meta" mode.  See also
-                                          ..NNOOMMEETTAA__CCMMPP.
+                                          .NOMETA_CMP.
 
-                     _s_i_l_e_n_t_= _b_f           If _b_f is True, when a .meta file is
-                                          created, mark the target ..SSIILLEENNTT.
+                     silent= bf           If bf is True, when a .meta file is
+                                          created, mark the target .SILENT.
 
-     _._M_A_K_E_._M_E_T_A_._B_A_I_L_I_W_I_C_K
+     .MAKE.META.BAILIWICK
                      In "meta" mode, provides a list of prefixes which match
-                     the directories controlled by bbmmaakkee.  If a file that was
-                     generated outside of _._O_B_J_D_I_R but within said bailiwick is
+                     the directories controlled by bmake.  If a file that was
+                     generated outside of .OBJDIR but within said bailiwick is
                      missing, the current target is considered out-of-date.
 
-     _._M_A_K_E_._M_E_T_A_._C_R_E_A_T_E_D
+     .MAKE.META.CREATED
                      In "meta" mode, this variable contains a list of all the
                      meta files updated.  If not empty, it can be used to
-                     trigger processing of _._M_A_K_E_._M_E_T_A_._F_I_L_E_S.
+                     trigger processing of .MAKE.META.FILES.
 
-     _._M_A_K_E_._M_E_T_A_._F_I_L_E_S
+     .MAKE.META.FILES
                      In "meta" mode, this variable contains a list of all the
                      meta files used (updated or not).  This list can be used
                      to process the meta files to extract dependency informa-
                      tion.
 
-     _._M_A_K_E_._M_E_T_A_._I_G_N_O_R_E___P_A_T_H_S
+     .MAKE.META.IGNORE_PATHS
                      Provides a list of path prefixes that should be ignored;
                      because the contents are expected to change over time.
-                     The default list includes: `_/_d_e_v _/_e_t_c _/_p_r_o_c _/_t_m_p _/_v_a_r_/_r_u_n
-                     _/_v_a_r_/_t_m_p'
+                     The default list includes: `/dev /etc /proc /tmp /var/run
+                     /var/tmp'
 
-     _._M_A_K_E_._M_E_T_A_._I_G_N_O_R_E___P_A_T_T_E_R_N_S
+     .MAKE.META.IGNORE_PATTERNS
                      Provides a list of patterns to match against pathnames.
                      Ignore any that match.
 
-     _._M_A_K_E_._M_E_T_A_._I_G_N_O_R_E___F_I_L_T_E_R
+     .MAKE.META.IGNORE_FILTER
                      Provides a list of variable modifiers to apply to each
                      pathname.  Ignore if the expansion is an empty string.
 
-     _._M_A_K_E_._M_E_T_A_._P_R_E_F_I_X
+     .MAKE.META.PREFIX
                      Defines the message printed for each meta file updated in
                      "meta verbose" mode.  The default value is:
                            Building ${.TARGET:H:tA}/${.TARGET:T}
 
-     _._M_A_K_E_O_V_E_R_R_I_D_E_S  This variable is used to record the names of variables
+     .MAKEOVERRIDES  This variable is used to record the names of variables
                      assigned to on the command line, so that they may be
                      exported as part of `MAKEFLAGS'.  This behavior can be
-                     disabled by assigning an empty value to `_._M_A_K_E_O_V_E_R_R_I_D_E_S'
+                     disabled by assigning an empty value to `.MAKEOVERRIDES'
                      within a makefile.  Extra variables can be exported from
-                     a makefile by appending their names to `_._M_A_K_E_O_V_E_R_R_I_D_E_S'.
-                     `MAKEFLAGS' is re-exported whenever `_._M_A_K_E_O_V_E_R_R_I_D_E_S' is
+                     a makefile by appending their names to `.MAKEOVERRIDES'.
+                     `MAKEFLAGS' is re-exported whenever `.MAKEOVERRIDES' is
                      modified.
 
-     _._M_A_K_E_._P_A_T_H___F_I_L_E_M_O_N
-                     If bbmmaakkee was built with filemon(4) support, this is set
+     .MAKE.PATH_FILEMON
+                     If bmake was built with filemon(4) support, this is set
                      to the path of the device node.  This allows makefiles to
                      test for this support.
 
-     _._M_A_K_E_._P_I_D       The process-id of bbmmaakkee.
+     .MAKE.PID       The process-id of bmake.
 
-     _._M_A_K_E_._P_P_I_D      The parent process-id of bbmmaakkee.
+     .MAKE.PPID      The parent process-id of bmake.
 
-     _._M_A_K_E_._S_A_V_E___D_O_L_L_A_R_S
+     .MAKE.SAVE_DOLLARS
                      value should be a boolean that controls whether `$$' are
                      preserved when doing `:=' assignments.  The default is
                      false, for backwards compatibility.  Set to true for com-
                      patability with other makes.  If set to false, `$$'
                      becomes `$' per normal evaluation rules.
 
-     _M_A_K_E___P_R_I_N_T___V_A_R___O_N___E_R_R_O_R
-                     When bbmmaakkee stops due to an error, it sets `_._E_R_R_O_R___T_A_R_G_E_T'
-                     to the name of the target that failed, `_._E_R_R_O_R___C_M_D' to
+     MAKE_PRINT_VAR_ON_ERROR
+                     When bmake stops due to an error, it sets `.ERROR_TARGET'
+                     to the name of the target that failed, `.ERROR_CMD' to
                      the commands of the failed target, and in "meta" mode, it
-                     also sets `_._E_R_R_O_R___C_W_D' to the getcwd(3), and
-                     `_._E_R_R_O_R___M_E_T_A___F_I_L_E' to the path of the meta file (if any)
+                     also sets `.ERROR_CWD' to the getcwd(3), and
+                     `.ERROR_META_FILE' to the path of the meta file (if any)
                      describing the failed target.  It then prints its name
-                     and the value of `_._C_U_R_D_I_R' as well as the value of any
-                     variables named in `_M_A_K_E___P_R_I_N_T___V_A_R___O_N___E_R_R_O_R'.
+                     and the value of `.CURDIR' as well as the value of any
+                     variables named in `MAKE_PRINT_VAR_ON_ERROR'.
 
-     _._n_e_w_l_i_n_e        This variable is simply assigned a newline character as
-                     its value.  This allows expansions using the ::@@ modifier
+     .newline        This variable is simply assigned a newline character as
+                     its value.  This allows expansions using the :@ modifier
                      to put a newline between iterations of the loop rather
                      than a space.  For example, the printing of
-                     `_M_A_K_E___P_R_I_N_T___V_A_R___O_N___E_R_R_O_R' could be done as
+                     `MAKE_PRINT_VAR_ON_ERROR' could be done as
                      ${MAKE_PRINT_VAR_ON_ERROR:@v@$v='${$v}'${.newline}@}.
 
-     _._O_B_J_D_I_R         A path to the directory where the targets are built.  Its
+     .OBJDIR         A path to the directory where the targets are built.  Its
                      value is determined by trying to chdir(2) to the follow-
                      ing directories in order and using the first match:
 
@@ -687,11 +687,11 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNT
                           (Only if `MAKEOBJDIR' is set in the environment or
                           on the command line.)
 
-                     3.   ${.CURDIR}_/_o_b_j_.${MACHINE}
+                     3.   ${.CURDIR}/obj.${MACHINE}
 
-                     4.   ${.CURDIR}_/_o_b_j
+                     4.   ${.CURDIR}/obj
 
-                     5.   _/_u_s_r_/_o_b_j_/${.CURDIR}
+                     5.   /usr/obj/${.CURDIR}
 
                      6.   ${.CURDIR}
 
@@ -701,43 +701,43 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNT
                      may be used.  This is especially useful with
                      `MAKEOBJDIR'.
 
-                     `_._O_B_J_D_I_R' may be modified in the makefile via the special
-                     target `..OOBBJJDDIIRR'.  In all cases, bbmmaakkee will chdir(2) to
-                     the specified directory if it exists, and set `_._O_B_J_D_I_R'
+                     `.OBJDIR' may be modified in the makefile via the special
+                     target `.OBJDIR'.  In all cases, bmake will chdir(2) to
+                     the specified directory if it exists, and set `.OBJDIR'
                      and `PWD' to that directory before executing any targets.
 
-     _._P_A_R_S_E_D_I_R       A path to the directory of the current `_M_a_k_e_f_i_l_e' being
+     .PARSEDIR       A path to the directory of the current `Makefile' being
                      parsed.
 
-     _._P_A_R_S_E_F_I_L_E      The basename of the current `_M_a_k_e_f_i_l_e' being parsed.
-                     This variable and `_._P_A_R_S_E_D_I_R' are both set only while the
-                     `_M_a_k_e_f_i_l_e_s' are being parsed.  If you want to retain
+     .PARSEFILE      The basename of the current `Makefile' being parsed.
+                     This variable and `.PARSEDIR' are both set only while the
+                     `Makefiles' are being parsed.  If you want to retain
                      their current values, assign them to a variable using
-                     assignment with expansion: (`::==').
+                     assignment with expansion: (`:=').
 
-     _._P_A_T_H           A variable that represents the list of directories that
-                     bbmmaakkee will search for files.  The search list should be
-                     updated using the target `_._P_A_T_H' rather than the vari-
+     .PATH           A variable that represents the list of directories that
+                     bmake will search for files.  The search list should be
+                     updated using the target `.PATH' rather than the vari-
                      able.
 
-     PWD             Alternate path to the current directory.  bbmmaakkee normally
-                     sets `_._C_U_R_D_I_R' to the canonical path given by getcwd(3).
+     PWD             Alternate path to the current directory.  bmake normally
+                     sets `.CURDIR' to the canonical path given by getcwd(3).
                      However, if the environment variable `PWD' is set and
-                     gives a path to the current directory, then bbmmaakkee sets
-                     `_._C_U_R_D_I_R' to the value of `PWD' instead.  This behavior
+                     gives a path to the current directory, then bmake sets
+                     `.CURDIR' to the value of `PWD' instead.  This behavior
                      is disabled if `MAKEOBJDIRPREFIX' is set or `MAKEOBJDIR'

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-vendor@freebsd.org  Thu Mar  1 23:46:03 2018
Return-Path: 
Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A615FF34DC3;
 Thu,  1 Mar 2018 23:46:03 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5AACB80A0E;
 Thu,  1 Mar 2018 23:46:03 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3C5417D97;
 Thu,  1 Mar 2018 23:46:03 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w21Nk3Db078338;
 Thu, 1 Mar 2018 23:46:03 GMT (envelope-from sjg@FreeBSD.org)
Received: (from sjg@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w21Nk3Db078337;
 Thu, 1 Mar 2018 23:46:03 GMT (envelope-from sjg@FreeBSD.org)
Message-Id: <201803012346.w21Nk3Db078337@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org
 using -f
From: "Simon J. Gerraty" 
Date: Thu, 1 Mar 2018 23:46:03 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r330259 - vendor/NetBSD/bmake/20180222
X-SVN-Group: vendor
X-SVN-Commit-Author: sjg
X-SVN-Commit-Paths: vendor/NetBSD/bmake/20180222
X-SVN-Commit-Revision: 330259
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 
List-Unsubscribe: , 
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Thu, 01 Mar 2018 23:46:03 -0000

Author: sjg
Date: Thu Mar  1 23:46:02 2018
New Revision: 330259
URL: https://svnweb.freebsd.org/changeset/base/330259

Log:
  tag bmake-20180222

Added:
  vendor/NetBSD/bmake/20180222/
     - copied from r330258, vendor/NetBSD/bmake/dist/