Date: Wed, 7 Mar 2018 05:58:25 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r330567 - in releng: 10.3/contrib/ntp 10.3/contrib/ntp/adjtimed 10.3/contrib/ntp/clockstuff 10.3/contrib/ntp/html 10.3/contrib/ntp/html/drivers 10.3/contrib/ntp/include 10.3/contrib/ntp... Message-ID: <201803070558.w275wPGe088165@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Wed Mar 7 05:58:24 2018 New Revision: 330567 URL: https://svnweb.freebsd.org/changeset/base/330567 Log: Fix multiple vulnerabilities in ntp. [SA-18:02.ntp] Approved by: so Security: FreeBSD-SA-18:02.ntp Security: CVE-2018-7182 Security: CVE-2018-7170 Security: CVE-2018-7184 Security: CVE-2018-7185 Security: CVE-2018-7183 Added: releng/10.3/contrib/ntp/sntp/harden/ releng/10.3/contrib/ntp/sntp/harden/README releng/10.3/contrib/ntp/sntp/harden/default releng/10.3/contrib/ntp/sntp/harden/freebsd10 releng/10.3/contrib/ntp/sntp/harden/freebsd11 releng/10.3/contrib/ntp/sntp/harden/freebsd12 releng/10.3/contrib/ntp/sntp/harden/linux releng/10.3/contrib/ntp/sntp/harden/netbsd7.0 releng/10.3/contrib/ntp/sntp/harden/netbsd7.99 releng/10.3/contrib/ntp/sntp/m4/ntp_af_unspec.m4 releng/10.3/contrib/ntp/sntp/m4/ntp_harden.m4 releng/10.3/contrib/ntp/sntp/scripts/genHardFlags releng/10.3/contrib/ntp/sntp/tests/testconf.yml releng/10.4/contrib/ntp/sntp/m4/ntp_af_unspec.m4 releng/10.4/contrib/ntp/sntp/tests/testconf.yml releng/11.1/contrib/ntp/sntp/m4/ntp_af_unspec.m4 releng/11.1/contrib/ntp/sntp/tests/testconf.yml Modified: releng/10.3/contrib/ntp/ChangeLog releng/10.3/contrib/ntp/Makefile.am releng/10.3/contrib/ntp/Makefile.in releng/10.3/contrib/ntp/NEWS releng/10.3/contrib/ntp/aclocal.m4 releng/10.3/contrib/ntp/adjtimed/Makefile.in releng/10.3/contrib/ntp/clockstuff/Makefile.in releng/10.3/contrib/ntp/configure releng/10.3/contrib/ntp/configure.ac releng/10.3/contrib/ntp/html/access.html releng/10.3/contrib/ntp/html/accopt.html releng/10.3/contrib/ntp/html/authentic.html releng/10.3/contrib/ntp/html/drivers/driver18.html releng/10.3/contrib/ntp/html/drivers/driver40.html releng/10.3/contrib/ntp/html/keygen.html releng/10.3/contrib/ntp/html/miscopt.html releng/10.3/contrib/ntp/html/monopt.html releng/10.3/contrib/ntp/html/ntpq.html releng/10.3/contrib/ntp/include/Makefile.in releng/10.3/contrib/ntp/include/isc/Makefile.in releng/10.3/contrib/ntp/include/ntp.h releng/10.3/contrib/ntp/include/ntp_calendar.h releng/10.3/contrib/ntp/include/ntp_config.h releng/10.3/contrib/ntp/include/ntp_fp.h releng/10.3/contrib/ntp/include/ntp_keyacc.h releng/10.3/contrib/ntp/include/ntp_request.h releng/10.3/contrib/ntp/include/ntp_stdlib.h releng/10.3/contrib/ntp/include/ntpd.h releng/10.3/contrib/ntp/include/recvbuff.h releng/10.3/contrib/ntp/include/ssl_applink.c releng/10.3/contrib/ntp/kernel/Makefile.in releng/10.3/contrib/ntp/kernel/sys/Makefile.in releng/10.3/contrib/ntp/libntp/Makefile.in releng/10.3/contrib/ntp/libntp/a_md5encrypt.c releng/10.3/contrib/ntp/libntp/adjtime.c releng/10.3/contrib/ntp/libntp/authkeys.c releng/10.3/contrib/ntp/libntp/authreadkeys.c releng/10.3/contrib/ntp/libntp/libssl_compat.c releng/10.3/contrib/ntp/libntp/ntp_calendar.c releng/10.3/contrib/ntp/libntp/ssl_init.c releng/10.3/contrib/ntp/libntp/statestr.c releng/10.3/contrib/ntp/libntp/systime.c releng/10.3/contrib/ntp/libntp/work_thread.c releng/10.3/contrib/ntp/libparse/Makefile.in releng/10.3/contrib/ntp/ntpd/Makefile.in releng/10.3/contrib/ntp/ntpd/complete.conf.in releng/10.3/contrib/ntp/ntpd/invoke-ntp.conf.texi releng/10.3/contrib/ntp/ntpd/invoke-ntp.keys.texi releng/10.3/contrib/ntp/ntpd/invoke-ntpd.texi releng/10.3/contrib/ntp/ntpd/keyword-gen-utd releng/10.3/contrib/ntp/ntpd/keyword-gen.c releng/10.3/contrib/ntp/ntpd/ntp.conf.5man releng/10.3/contrib/ntp/ntpd/ntp.conf.5mdoc releng/10.3/contrib/ntp/ntpd/ntp.conf.def releng/10.3/contrib/ntp/ntpd/ntp.conf.html releng/10.3/contrib/ntp/ntpd/ntp.conf.man.in releng/10.3/contrib/ntp/ntpd/ntp.conf.mdoc.in releng/10.3/contrib/ntp/ntpd/ntp.keys.5man releng/10.3/contrib/ntp/ntpd/ntp.keys.5mdoc releng/10.3/contrib/ntp/ntpd/ntp.keys.def releng/10.3/contrib/ntp/ntpd/ntp.keys.html releng/10.3/contrib/ntp/ntpd/ntp.keys.man.in releng/10.3/contrib/ntp/ntpd/ntp.keys.mdoc.in releng/10.3/contrib/ntp/ntpd/ntp_config.c releng/10.3/contrib/ntp/ntpd/ntp_control.c releng/10.3/contrib/ntp/ntpd/ntp_crypto.c releng/10.3/contrib/ntp/ntpd/ntp_io.c releng/10.3/contrib/ntp/ntpd/ntp_keyword.h releng/10.3/contrib/ntp/ntpd/ntp_leapsec.c releng/10.3/contrib/ntp/ntpd/ntp_parser.c releng/10.3/contrib/ntp/ntpd/ntp_parser.h releng/10.3/contrib/ntp/ntpd/ntp_peer.c releng/10.3/contrib/ntp/ntpd/ntp_proto.c releng/10.3/contrib/ntp/ntpd/ntp_refclock.c releng/10.3/contrib/ntp/ntpd/ntp_request.c releng/10.3/contrib/ntp/ntpd/ntp_restrict.c releng/10.3/contrib/ntp/ntpd/ntp_scanner.c releng/10.3/contrib/ntp/ntpd/ntp_util.c releng/10.3/contrib/ntp/ntpd/ntpd-opts.c releng/10.3/contrib/ntp/ntpd/ntpd-opts.h releng/10.3/contrib/ntp/ntpd/ntpd.1ntpdman releng/10.3/contrib/ntp/ntpd/ntpd.1ntpdmdoc releng/10.3/contrib/ntp/ntpd/ntpd.c releng/10.3/contrib/ntp/ntpd/ntpd.html releng/10.3/contrib/ntp/ntpd/ntpd.man.in releng/10.3/contrib/ntp/ntpd/ntpd.mdoc.in releng/10.3/contrib/ntp/ntpd/ntpsim.c releng/10.3/contrib/ntp/ntpd/refclock_gpsdjson.c releng/10.3/contrib/ntp/ntpd/refclock_jjy.c releng/10.3/contrib/ntp/ntpd/refclock_palisade.c releng/10.3/contrib/ntp/ntpd/refclock_parse.c releng/10.3/contrib/ntp/ntpdate/Makefile.in releng/10.3/contrib/ntp/ntpdc/Makefile.in releng/10.3/contrib/ntp/ntpdc/invoke-ntpdc.texi releng/10.3/contrib/ntp/ntpdc/layout.std releng/10.3/contrib/ntp/ntpdc/ntpdc-opts.c releng/10.3/contrib/ntp/ntpdc/ntpdc-opts.h releng/10.3/contrib/ntp/ntpdc/ntpdc.1ntpdcman releng/10.3/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc releng/10.3/contrib/ntp/ntpdc/ntpdc.c releng/10.3/contrib/ntp/ntpdc/ntpdc.html releng/10.3/contrib/ntp/ntpdc/ntpdc.man.in releng/10.3/contrib/ntp/ntpdc/ntpdc.mdoc.in releng/10.3/contrib/ntp/ntpdc/ntpdc_ops.c releng/10.3/contrib/ntp/ntpq/Makefile.am releng/10.3/contrib/ntp/ntpq/Makefile.in releng/10.3/contrib/ntp/ntpq/invoke-ntpq.texi releng/10.3/contrib/ntp/ntpq/ntpq-opts.c releng/10.3/contrib/ntp/ntpq/ntpq-opts.def releng/10.3/contrib/ntp/ntpq/ntpq-opts.h releng/10.3/contrib/ntp/ntpq/ntpq-subs.c releng/10.3/contrib/ntp/ntpq/ntpq.1ntpqman releng/10.3/contrib/ntp/ntpq/ntpq.1ntpqmdoc releng/10.3/contrib/ntp/ntpq/ntpq.c releng/10.3/contrib/ntp/ntpq/ntpq.html releng/10.3/contrib/ntp/ntpq/ntpq.man.in releng/10.3/contrib/ntp/ntpq/ntpq.mdoc.in releng/10.3/contrib/ntp/ntpq/ntpq.texi releng/10.3/contrib/ntp/ntpsnmpd/Makefile.in releng/10.3/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi releng/10.3/contrib/ntp/ntpsnmpd/netsnmp_daemonize.c releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd.html releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in releng/10.3/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in releng/10.3/contrib/ntp/packageinfo.sh releng/10.3/contrib/ntp/parseutil/Makefile.in releng/10.3/contrib/ntp/scripts/Makefile.in releng/10.3/contrib/ntp/scripts/build/Makefile.in releng/10.3/contrib/ntp/scripts/build/UpdatePoint releng/10.3/contrib/ntp/scripts/calc_tickadj/Makefile.in releng/10.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman releng/10.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc releng/10.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html releng/10.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in releng/10.3/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in releng/10.3/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi releng/10.3/contrib/ntp/scripts/invoke-plot_summary.texi releng/10.3/contrib/ntp/scripts/invoke-summary.texi releng/10.3/contrib/ntp/scripts/lib/Makefile.in releng/10.3/contrib/ntp/scripts/ntp-wait/Makefile.in releng/10.3/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait-opts releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait.html releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in releng/10.3/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in releng/10.3/contrib/ntp/scripts/ntpsweep/Makefile.in releng/10.3/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep-opts releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep.html releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in releng/10.3/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in releng/10.3/contrib/ntp/scripts/ntptrace/Makefile.in releng/10.3/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace-opts releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace.html releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace.man.in releng/10.3/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in releng/10.3/contrib/ntp/scripts/plot_summary-opts releng/10.3/contrib/ntp/scripts/plot_summary.1plot_summaryman releng/10.3/contrib/ntp/scripts/plot_summary.1plot_summarymdoc releng/10.3/contrib/ntp/scripts/plot_summary.html releng/10.3/contrib/ntp/scripts/plot_summary.man.in releng/10.3/contrib/ntp/scripts/plot_summary.mdoc.in releng/10.3/contrib/ntp/scripts/summary-opts releng/10.3/contrib/ntp/scripts/summary.1summaryman releng/10.3/contrib/ntp/scripts/summary.1summarymdoc releng/10.3/contrib/ntp/scripts/summary.html releng/10.3/contrib/ntp/scripts/summary.man.in releng/10.3/contrib/ntp/scripts/summary.mdoc.in releng/10.3/contrib/ntp/scripts/update-leap/Makefile.in releng/10.3/contrib/ntp/scripts/update-leap/invoke-update-leap.texi releng/10.3/contrib/ntp/scripts/update-leap/update-leap-opts releng/10.3/contrib/ntp/scripts/update-leap/update-leap.1update-leapman releng/10.3/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc releng/10.3/contrib/ntp/scripts/update-leap/update-leap.html releng/10.3/contrib/ntp/scripts/update-leap/update-leap.in releng/10.3/contrib/ntp/scripts/update-leap/update-leap.man.in releng/10.3/contrib/ntp/scripts/update-leap/update-leap.mdoc.in releng/10.3/contrib/ntp/sntp/Makefile.in releng/10.3/contrib/ntp/sntp/check-libntp.mf releng/10.3/contrib/ntp/sntp/configure releng/10.3/contrib/ntp/sntp/crypto.c releng/10.3/contrib/ntp/sntp/crypto.h releng/10.3/contrib/ntp/sntp/include/version.def releng/10.3/contrib/ntp/sntp/include/version.texi releng/10.3/contrib/ntp/sntp/invoke-sntp.texi releng/10.3/contrib/ntp/sntp/m4/ntp_libevent.m4 releng/10.3/contrib/ntp/sntp/m4/ntp_openssl.m4 releng/10.3/contrib/ntp/sntp/m4/version.m4 releng/10.3/contrib/ntp/sntp/main.c releng/10.3/contrib/ntp/sntp/networking.c releng/10.3/contrib/ntp/sntp/sntp-opts.c releng/10.3/contrib/ntp/sntp/sntp-opts.def releng/10.3/contrib/ntp/sntp/sntp-opts.h releng/10.3/contrib/ntp/sntp/sntp.1sntpman releng/10.3/contrib/ntp/sntp/sntp.1sntpmdoc releng/10.3/contrib/ntp/sntp/sntp.html releng/10.3/contrib/ntp/sntp/sntp.man.in releng/10.3/contrib/ntp/sntp/sntp.mdoc.in releng/10.3/contrib/ntp/sntp/tests/Makefile.am releng/10.3/contrib/ntp/sntp/tests/Makefile.in releng/10.3/contrib/ntp/sntp/tests/crypto.c releng/10.3/contrib/ntp/sntp/tests/keyFile.c releng/10.3/contrib/ntp/sntp/tests/packetHandling.c releng/10.3/contrib/ntp/sntp/tests/packetProcessing.c releng/10.3/contrib/ntp/sntp/tests/run-crypto.c releng/10.3/contrib/ntp/sntp/tests/run-keyFile.c releng/10.3/contrib/ntp/sntp/tests/run-kodDatabase.c releng/10.3/contrib/ntp/sntp/tests/run-kodFile.c releng/10.3/contrib/ntp/sntp/tests/run-networking.c releng/10.3/contrib/ntp/sntp/tests/run-packetHandling.c releng/10.3/contrib/ntp/sntp/tests/run-packetProcessing.c releng/10.3/contrib/ntp/sntp/tests/run-t-log.c releng/10.3/contrib/ntp/sntp/tests/run-utilities.c releng/10.3/contrib/ntp/sntp/unity/auto/generate_test_runner.rb releng/10.3/contrib/ntp/sntp/utilities.c releng/10.3/contrib/ntp/sntp/version.c releng/10.3/contrib/ntp/util/Makefile.in releng/10.3/contrib/ntp/util/invoke-ntp-keygen.texi releng/10.3/contrib/ntp/util/ntp-keygen-opts.c releng/10.3/contrib/ntp/util/ntp-keygen-opts.def releng/10.3/contrib/ntp/util/ntp-keygen-opts.h releng/10.3/contrib/ntp/util/ntp-keygen.1ntp-keygenman releng/10.3/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc releng/10.3/contrib/ntp/util/ntp-keygen.html releng/10.3/contrib/ntp/util/ntp-keygen.man.in releng/10.3/contrib/ntp/util/ntp-keygen.mdoc.in releng/10.3/usr.sbin/ntp/config.h releng/10.3/usr.sbin/ntp/doc/ntp-keygen.8 releng/10.3/usr.sbin/ntp/doc/ntp.conf.5 releng/10.3/usr.sbin/ntp/doc/ntp.keys.5 releng/10.3/usr.sbin/ntp/doc/ntpd.8 releng/10.3/usr.sbin/ntp/doc/ntpdc.8 releng/10.3/usr.sbin/ntp/doc/ntpq.8 releng/10.3/usr.sbin/ntp/doc/sntp.8 releng/10.3/usr.sbin/ntp/ntp-keygen/Makefile releng/10.3/usr.sbin/ntp/ntptime/Makefile releng/10.3/usr.sbin/ntp/scripts/mkver releng/10.3/usr.sbin/ntp/sntp/Makefile releng/10.4/contrib/ntp/ChangeLog releng/10.4/contrib/ntp/Makefile.am releng/10.4/contrib/ntp/Makefile.in releng/10.4/contrib/ntp/NEWS releng/10.4/contrib/ntp/aclocal.m4 releng/10.4/contrib/ntp/adjtimed/Makefile.in releng/10.4/contrib/ntp/clockstuff/Makefile.in releng/10.4/contrib/ntp/configure releng/10.4/contrib/ntp/configure.ac releng/10.4/contrib/ntp/html/access.html releng/10.4/contrib/ntp/html/accopt.html releng/10.4/contrib/ntp/html/authentic.html releng/10.4/contrib/ntp/html/drivers/driver18.html releng/10.4/contrib/ntp/html/drivers/driver40.html releng/10.4/contrib/ntp/html/keygen.html releng/10.4/contrib/ntp/html/miscopt.html releng/10.4/contrib/ntp/html/monopt.html releng/10.4/contrib/ntp/html/ntpq.html releng/10.4/contrib/ntp/include/Makefile.in releng/10.4/contrib/ntp/include/isc/Makefile.in releng/10.4/contrib/ntp/include/ntp.h releng/10.4/contrib/ntp/include/ntp_calendar.h releng/10.4/contrib/ntp/include/ntp_config.h releng/10.4/contrib/ntp/include/ntp_fp.h releng/10.4/contrib/ntp/include/ntp_keyacc.h releng/10.4/contrib/ntp/include/ntp_request.h releng/10.4/contrib/ntp/include/ntp_stdlib.h releng/10.4/contrib/ntp/include/ntpd.h releng/10.4/contrib/ntp/include/recvbuff.h releng/10.4/contrib/ntp/include/ssl_applink.c releng/10.4/contrib/ntp/kernel/Makefile.in releng/10.4/contrib/ntp/kernel/sys/Makefile.in releng/10.4/contrib/ntp/libntp/Makefile.in releng/10.4/contrib/ntp/libntp/a_md5encrypt.c releng/10.4/contrib/ntp/libntp/adjtime.c releng/10.4/contrib/ntp/libntp/authkeys.c releng/10.4/contrib/ntp/libntp/authreadkeys.c releng/10.4/contrib/ntp/libntp/libssl_compat.c releng/10.4/contrib/ntp/libntp/ntp_calendar.c releng/10.4/contrib/ntp/libntp/ssl_init.c releng/10.4/contrib/ntp/libntp/statestr.c releng/10.4/contrib/ntp/libntp/systime.c releng/10.4/contrib/ntp/libntp/work_thread.c releng/10.4/contrib/ntp/libparse/Makefile.in releng/10.4/contrib/ntp/ntpd/Makefile.in releng/10.4/contrib/ntp/ntpd/complete.conf.in releng/10.4/contrib/ntp/ntpd/invoke-ntp.conf.texi releng/10.4/contrib/ntp/ntpd/invoke-ntp.keys.texi releng/10.4/contrib/ntp/ntpd/invoke-ntpd.texi releng/10.4/contrib/ntp/ntpd/keyword-gen-utd releng/10.4/contrib/ntp/ntpd/keyword-gen.c releng/10.4/contrib/ntp/ntpd/ntp.conf.5man releng/10.4/contrib/ntp/ntpd/ntp.conf.5mdoc releng/10.4/contrib/ntp/ntpd/ntp.conf.def releng/10.4/contrib/ntp/ntpd/ntp.conf.html releng/10.4/contrib/ntp/ntpd/ntp.conf.man.in releng/10.4/contrib/ntp/ntpd/ntp.conf.mdoc.in releng/10.4/contrib/ntp/ntpd/ntp.keys.5man releng/10.4/contrib/ntp/ntpd/ntp.keys.5mdoc releng/10.4/contrib/ntp/ntpd/ntp.keys.def releng/10.4/contrib/ntp/ntpd/ntp.keys.html releng/10.4/contrib/ntp/ntpd/ntp.keys.man.in releng/10.4/contrib/ntp/ntpd/ntp.keys.mdoc.in releng/10.4/contrib/ntp/ntpd/ntp_config.c releng/10.4/contrib/ntp/ntpd/ntp_control.c releng/10.4/contrib/ntp/ntpd/ntp_crypto.c releng/10.4/contrib/ntp/ntpd/ntp_io.c releng/10.4/contrib/ntp/ntpd/ntp_keyword.h releng/10.4/contrib/ntp/ntpd/ntp_leapsec.c releng/10.4/contrib/ntp/ntpd/ntp_parser.c releng/10.4/contrib/ntp/ntpd/ntp_parser.h releng/10.4/contrib/ntp/ntpd/ntp_peer.c releng/10.4/contrib/ntp/ntpd/ntp_proto.c releng/10.4/contrib/ntp/ntpd/ntp_refclock.c releng/10.4/contrib/ntp/ntpd/ntp_request.c releng/10.4/contrib/ntp/ntpd/ntp_restrict.c releng/10.4/contrib/ntp/ntpd/ntp_scanner.c releng/10.4/contrib/ntp/ntpd/ntp_util.c releng/10.4/contrib/ntp/ntpd/ntpd-opts.c releng/10.4/contrib/ntp/ntpd/ntpd-opts.h releng/10.4/contrib/ntp/ntpd/ntpd.1ntpdman releng/10.4/contrib/ntp/ntpd/ntpd.1ntpdmdoc releng/10.4/contrib/ntp/ntpd/ntpd.c releng/10.4/contrib/ntp/ntpd/ntpd.html releng/10.4/contrib/ntp/ntpd/ntpd.man.in releng/10.4/contrib/ntp/ntpd/ntpd.mdoc.in releng/10.4/contrib/ntp/ntpd/ntpsim.c releng/10.4/contrib/ntp/ntpd/refclock_gpsdjson.c releng/10.4/contrib/ntp/ntpd/refclock_jjy.c releng/10.4/contrib/ntp/ntpd/refclock_palisade.c releng/10.4/contrib/ntp/ntpd/refclock_parse.c releng/10.4/contrib/ntp/ntpdate/Makefile.in releng/10.4/contrib/ntp/ntpdc/Makefile.in releng/10.4/contrib/ntp/ntpdc/invoke-ntpdc.texi releng/10.4/contrib/ntp/ntpdc/layout.std releng/10.4/contrib/ntp/ntpdc/ntpdc-opts.c releng/10.4/contrib/ntp/ntpdc/ntpdc-opts.h releng/10.4/contrib/ntp/ntpdc/ntpdc.1ntpdcman releng/10.4/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc releng/10.4/contrib/ntp/ntpdc/ntpdc.c releng/10.4/contrib/ntp/ntpdc/ntpdc.html releng/10.4/contrib/ntp/ntpdc/ntpdc.man.in releng/10.4/contrib/ntp/ntpdc/ntpdc.mdoc.in releng/10.4/contrib/ntp/ntpdc/ntpdc_ops.c releng/10.4/contrib/ntp/ntpq/Makefile.am releng/10.4/contrib/ntp/ntpq/Makefile.in releng/10.4/contrib/ntp/ntpq/invoke-ntpq.texi releng/10.4/contrib/ntp/ntpq/ntpq-opts.c releng/10.4/contrib/ntp/ntpq/ntpq-opts.def releng/10.4/contrib/ntp/ntpq/ntpq-opts.h releng/10.4/contrib/ntp/ntpq/ntpq-subs.c releng/10.4/contrib/ntp/ntpq/ntpq.1ntpqman releng/10.4/contrib/ntp/ntpq/ntpq.1ntpqmdoc releng/10.4/contrib/ntp/ntpq/ntpq.c releng/10.4/contrib/ntp/ntpq/ntpq.html releng/10.4/contrib/ntp/ntpq/ntpq.man.in releng/10.4/contrib/ntp/ntpq/ntpq.mdoc.in releng/10.4/contrib/ntp/ntpq/ntpq.texi releng/10.4/contrib/ntp/ntpsnmpd/Makefile.in releng/10.4/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi releng/10.4/contrib/ntp/ntpsnmpd/netsnmp_daemonize.c releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd.html releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in releng/10.4/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in releng/10.4/contrib/ntp/packageinfo.sh releng/10.4/contrib/ntp/parseutil/Makefile.in releng/10.4/contrib/ntp/scripts/Makefile.in releng/10.4/contrib/ntp/scripts/build/Makefile.in releng/10.4/contrib/ntp/scripts/build/UpdatePoint releng/10.4/contrib/ntp/scripts/calc_tickadj/Makefile.in releng/10.4/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman releng/10.4/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc releng/10.4/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html releng/10.4/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in releng/10.4/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in releng/10.4/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi releng/10.4/contrib/ntp/scripts/invoke-plot_summary.texi releng/10.4/contrib/ntp/scripts/invoke-summary.texi releng/10.4/contrib/ntp/scripts/lib/Makefile.in releng/10.4/contrib/ntp/scripts/ntp-wait/Makefile.in releng/10.4/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait-opts releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait.html releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in releng/10.4/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in releng/10.4/contrib/ntp/scripts/ntpsweep/Makefile.in releng/10.4/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep-opts releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep.html releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in releng/10.4/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in releng/10.4/contrib/ntp/scripts/ntptrace/Makefile.in releng/10.4/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace-opts releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace.html releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace.man.in releng/10.4/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in releng/10.4/contrib/ntp/scripts/plot_summary-opts releng/10.4/contrib/ntp/scripts/plot_summary.1plot_summaryman releng/10.4/contrib/ntp/scripts/plot_summary.1plot_summarymdoc releng/10.4/contrib/ntp/scripts/plot_summary.html releng/10.4/contrib/ntp/scripts/plot_summary.man.in releng/10.4/contrib/ntp/scripts/plot_summary.mdoc.in releng/10.4/contrib/ntp/scripts/summary-opts releng/10.4/contrib/ntp/scripts/summary.1summaryman releng/10.4/contrib/ntp/scripts/summary.1summarymdoc releng/10.4/contrib/ntp/scripts/summary.html releng/10.4/contrib/ntp/scripts/summary.man.in releng/10.4/contrib/ntp/scripts/summary.mdoc.in releng/10.4/contrib/ntp/scripts/update-leap/Makefile.in releng/10.4/contrib/ntp/scripts/update-leap/invoke-update-leap.texi releng/10.4/contrib/ntp/scripts/update-leap/update-leap-opts releng/10.4/contrib/ntp/scripts/update-leap/update-leap.1update-leapman releng/10.4/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc releng/10.4/contrib/ntp/scripts/update-leap/update-leap.html releng/10.4/contrib/ntp/scripts/update-leap/update-leap.in releng/10.4/contrib/ntp/scripts/update-leap/update-leap.man.in releng/10.4/contrib/ntp/scripts/update-leap/update-leap.mdoc.in releng/10.4/contrib/ntp/sntp/Makefile.in releng/10.4/contrib/ntp/sntp/check-libntp.mf releng/10.4/contrib/ntp/sntp/configure releng/10.4/contrib/ntp/sntp/crypto.c releng/10.4/contrib/ntp/sntp/crypto.h releng/10.4/contrib/ntp/sntp/harden/linux releng/10.4/contrib/ntp/sntp/include/version.def releng/10.4/contrib/ntp/sntp/include/version.texi releng/10.4/contrib/ntp/sntp/invoke-sntp.texi releng/10.4/contrib/ntp/sntp/m4/ntp_harden.m4 releng/10.4/contrib/ntp/sntp/m4/ntp_libevent.m4 releng/10.4/contrib/ntp/sntp/m4/ntp_openssl.m4 releng/10.4/contrib/ntp/sntp/m4/version.m4 releng/10.4/contrib/ntp/sntp/main.c releng/10.4/contrib/ntp/sntp/networking.c releng/10.4/contrib/ntp/sntp/sntp-opts.c releng/10.4/contrib/ntp/sntp/sntp-opts.def releng/10.4/contrib/ntp/sntp/sntp-opts.h releng/10.4/contrib/ntp/sntp/sntp.1sntpman releng/10.4/contrib/ntp/sntp/sntp.1sntpmdoc releng/10.4/contrib/ntp/sntp/sntp.html releng/10.4/contrib/ntp/sntp/sntp.man.in releng/10.4/contrib/ntp/sntp/sntp.mdoc.in releng/10.4/contrib/ntp/sntp/tests/Makefile.am releng/10.4/contrib/ntp/sntp/tests/Makefile.in releng/10.4/contrib/ntp/sntp/tests/crypto.c releng/10.4/contrib/ntp/sntp/tests/keyFile.c releng/10.4/contrib/ntp/sntp/tests/packetHandling.c releng/10.4/contrib/ntp/sntp/tests/packetProcessing.c releng/10.4/contrib/ntp/sntp/tests/run-crypto.c releng/10.4/contrib/ntp/sntp/tests/run-keyFile.c releng/10.4/contrib/ntp/sntp/tests/run-kodDatabase.c releng/10.4/contrib/ntp/sntp/tests/run-kodFile.c releng/10.4/contrib/ntp/sntp/tests/run-networking.c releng/10.4/contrib/ntp/sntp/tests/run-packetHandling.c releng/10.4/contrib/ntp/sntp/tests/run-packetProcessing.c releng/10.4/contrib/ntp/sntp/tests/run-t-log.c releng/10.4/contrib/ntp/sntp/tests/run-utilities.c releng/10.4/contrib/ntp/sntp/unity/auto/generate_test_runner.rb releng/10.4/contrib/ntp/sntp/utilities.c releng/10.4/contrib/ntp/sntp/version.c releng/10.4/contrib/ntp/util/Makefile.in releng/10.4/contrib/ntp/util/invoke-ntp-keygen.texi releng/10.4/contrib/ntp/util/ntp-keygen-opts.c releng/10.4/contrib/ntp/util/ntp-keygen-opts.def releng/10.4/contrib/ntp/util/ntp-keygen-opts.h releng/10.4/contrib/ntp/util/ntp-keygen.1ntp-keygenman releng/10.4/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc releng/10.4/contrib/ntp/util/ntp-keygen.html releng/10.4/contrib/ntp/util/ntp-keygen.man.in releng/10.4/contrib/ntp/util/ntp-keygen.mdoc.in releng/10.4/usr.sbin/ntp/config.h releng/10.4/usr.sbin/ntp/doc/ntp-keygen.8 releng/10.4/usr.sbin/ntp/doc/ntp.conf.5 releng/10.4/usr.sbin/ntp/doc/ntp.keys.5 releng/10.4/usr.sbin/ntp/doc/ntpd.8 releng/10.4/usr.sbin/ntp/doc/ntpdc.8 releng/10.4/usr.sbin/ntp/doc/ntpq.8 releng/10.4/usr.sbin/ntp/doc/sntp.8 releng/10.4/usr.sbin/ntp/ntp-keygen/Makefile releng/10.4/usr.sbin/ntp/ntptime/Makefile releng/10.4/usr.sbin/ntp/scripts/mkver releng/11.1/contrib/ntp/ChangeLog releng/11.1/contrib/ntp/Makefile.am releng/11.1/contrib/ntp/Makefile.in releng/11.1/contrib/ntp/NEWS releng/11.1/contrib/ntp/aclocal.m4 releng/11.1/contrib/ntp/adjtimed/Makefile.in releng/11.1/contrib/ntp/clockstuff/Makefile.in releng/11.1/contrib/ntp/configure releng/11.1/contrib/ntp/configure.ac releng/11.1/contrib/ntp/html/access.html releng/11.1/contrib/ntp/html/accopt.html releng/11.1/contrib/ntp/html/authentic.html releng/11.1/contrib/ntp/html/drivers/driver18.html releng/11.1/contrib/ntp/html/drivers/driver40.html releng/11.1/contrib/ntp/html/keygen.html releng/11.1/contrib/ntp/html/miscopt.html releng/11.1/contrib/ntp/html/monopt.html releng/11.1/contrib/ntp/html/ntpq.html releng/11.1/contrib/ntp/include/Makefile.in releng/11.1/contrib/ntp/include/isc/Makefile.in releng/11.1/contrib/ntp/include/ntp.h releng/11.1/contrib/ntp/include/ntp_calendar.h releng/11.1/contrib/ntp/include/ntp_config.h releng/11.1/contrib/ntp/include/ntp_fp.h releng/11.1/contrib/ntp/include/ntp_keyacc.h releng/11.1/contrib/ntp/include/ntp_request.h releng/11.1/contrib/ntp/include/ntp_stdlib.h releng/11.1/contrib/ntp/include/ntpd.h releng/11.1/contrib/ntp/include/recvbuff.h releng/11.1/contrib/ntp/include/ssl_applink.c releng/11.1/contrib/ntp/kernel/Makefile.in releng/11.1/contrib/ntp/kernel/sys/Makefile.in releng/11.1/contrib/ntp/libntp/Makefile.in releng/11.1/contrib/ntp/libntp/a_md5encrypt.c releng/11.1/contrib/ntp/libntp/adjtime.c releng/11.1/contrib/ntp/libntp/authkeys.c releng/11.1/contrib/ntp/libntp/authreadkeys.c releng/11.1/contrib/ntp/libntp/libssl_compat.c releng/11.1/contrib/ntp/libntp/ntp_calendar.c releng/11.1/contrib/ntp/libntp/ssl_init.c releng/11.1/contrib/ntp/libntp/statestr.c releng/11.1/contrib/ntp/libntp/systime.c releng/11.1/contrib/ntp/libntp/work_thread.c releng/11.1/contrib/ntp/libparse/Makefile.in releng/11.1/contrib/ntp/ntpd/Makefile.in releng/11.1/contrib/ntp/ntpd/complete.conf.in releng/11.1/contrib/ntp/ntpd/invoke-ntp.conf.texi releng/11.1/contrib/ntp/ntpd/invoke-ntp.keys.texi releng/11.1/contrib/ntp/ntpd/invoke-ntpd.texi releng/11.1/contrib/ntp/ntpd/keyword-gen-utd releng/11.1/contrib/ntp/ntpd/keyword-gen.c releng/11.1/contrib/ntp/ntpd/ntp.conf.5man releng/11.1/contrib/ntp/ntpd/ntp.conf.5mdoc releng/11.1/contrib/ntp/ntpd/ntp.conf.def releng/11.1/contrib/ntp/ntpd/ntp.conf.html releng/11.1/contrib/ntp/ntpd/ntp.conf.man.in releng/11.1/contrib/ntp/ntpd/ntp.conf.mdoc.in releng/11.1/contrib/ntp/ntpd/ntp.keys.5man releng/11.1/contrib/ntp/ntpd/ntp.keys.5mdoc releng/11.1/contrib/ntp/ntpd/ntp.keys.def releng/11.1/contrib/ntp/ntpd/ntp.keys.html releng/11.1/contrib/ntp/ntpd/ntp.keys.man.in releng/11.1/contrib/ntp/ntpd/ntp.keys.mdoc.in releng/11.1/contrib/ntp/ntpd/ntp_config.c releng/11.1/contrib/ntp/ntpd/ntp_control.c releng/11.1/contrib/ntp/ntpd/ntp_crypto.c releng/11.1/contrib/ntp/ntpd/ntp_io.c releng/11.1/contrib/ntp/ntpd/ntp_keyword.h releng/11.1/contrib/ntp/ntpd/ntp_leapsec.c releng/11.1/contrib/ntp/ntpd/ntp_parser.c releng/11.1/contrib/ntp/ntpd/ntp_parser.h releng/11.1/contrib/ntp/ntpd/ntp_peer.c releng/11.1/contrib/ntp/ntpd/ntp_proto.c releng/11.1/contrib/ntp/ntpd/ntp_refclock.c releng/11.1/contrib/ntp/ntpd/ntp_request.c releng/11.1/contrib/ntp/ntpd/ntp_restrict.c releng/11.1/contrib/ntp/ntpd/ntp_scanner.c releng/11.1/contrib/ntp/ntpd/ntp_util.c releng/11.1/contrib/ntp/ntpd/ntpd-opts.c releng/11.1/contrib/ntp/ntpd/ntpd-opts.h releng/11.1/contrib/ntp/ntpd/ntpd.1ntpdman releng/11.1/contrib/ntp/ntpd/ntpd.1ntpdmdoc releng/11.1/contrib/ntp/ntpd/ntpd.c releng/11.1/contrib/ntp/ntpd/ntpd.html releng/11.1/contrib/ntp/ntpd/ntpd.man.in releng/11.1/contrib/ntp/ntpd/ntpd.mdoc.in releng/11.1/contrib/ntp/ntpd/ntpsim.c releng/11.1/contrib/ntp/ntpd/refclock_gpsdjson.c releng/11.1/contrib/ntp/ntpd/refclock_jjy.c releng/11.1/contrib/ntp/ntpd/refclock_palisade.c releng/11.1/contrib/ntp/ntpd/refclock_parse.c releng/11.1/contrib/ntp/ntpdate/Makefile.in releng/11.1/contrib/ntp/ntpdc/Makefile.in releng/11.1/contrib/ntp/ntpdc/invoke-ntpdc.texi releng/11.1/contrib/ntp/ntpdc/layout.std releng/11.1/contrib/ntp/ntpdc/ntpdc-opts.c releng/11.1/contrib/ntp/ntpdc/ntpdc-opts.h releng/11.1/contrib/ntp/ntpdc/ntpdc.1ntpdcman releng/11.1/contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc releng/11.1/contrib/ntp/ntpdc/ntpdc.c releng/11.1/contrib/ntp/ntpdc/ntpdc.html releng/11.1/contrib/ntp/ntpdc/ntpdc.man.in releng/11.1/contrib/ntp/ntpdc/ntpdc.mdoc.in releng/11.1/contrib/ntp/ntpdc/ntpdc_ops.c releng/11.1/contrib/ntp/ntpq/Makefile.am releng/11.1/contrib/ntp/ntpq/Makefile.in releng/11.1/contrib/ntp/ntpq/invoke-ntpq.texi releng/11.1/contrib/ntp/ntpq/ntpq-opts.c releng/11.1/contrib/ntp/ntpq/ntpq-opts.def releng/11.1/contrib/ntp/ntpq/ntpq-opts.h releng/11.1/contrib/ntp/ntpq/ntpq-subs.c releng/11.1/contrib/ntp/ntpq/ntpq.1ntpqman releng/11.1/contrib/ntp/ntpq/ntpq.1ntpqmdoc releng/11.1/contrib/ntp/ntpq/ntpq.c releng/11.1/contrib/ntp/ntpq/ntpq.html releng/11.1/contrib/ntp/ntpq/ntpq.man.in releng/11.1/contrib/ntp/ntpq/ntpq.mdoc.in releng/11.1/contrib/ntp/ntpq/ntpq.texi releng/11.1/contrib/ntp/ntpsnmpd/Makefile.in releng/11.1/contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi releng/11.1/contrib/ntp/ntpsnmpd/netsnmp_daemonize.c releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd.html releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd.man.in releng/11.1/contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in releng/11.1/contrib/ntp/packageinfo.sh releng/11.1/contrib/ntp/parseutil/Makefile.in releng/11.1/contrib/ntp/scripts/Makefile.in releng/11.1/contrib/ntp/scripts/build/Makefile.in releng/11.1/contrib/ntp/scripts/build/UpdatePoint releng/11.1/contrib/ntp/scripts/calc_tickadj/Makefile.in releng/11.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman releng/11.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc releng/11.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.html releng/11.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in releng/11.1/contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in releng/11.1/contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi releng/11.1/contrib/ntp/scripts/invoke-plot_summary.texi releng/11.1/contrib/ntp/scripts/invoke-summary.texi releng/11.1/contrib/ntp/scripts/lib/Makefile.in releng/11.1/contrib/ntp/scripts/ntp-wait/Makefile.in releng/11.1/contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait-opts releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait.html releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait.man.in releng/11.1/contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in releng/11.1/contrib/ntp/scripts/ntpsweep/Makefile.in releng/11.1/contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep-opts releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep.html releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep.man.in releng/11.1/contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in releng/11.1/contrib/ntp/scripts/ntptrace/Makefile.in releng/11.1/contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace-opts releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace.html releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace.man.in releng/11.1/contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in releng/11.1/contrib/ntp/scripts/plot_summary-opts releng/11.1/contrib/ntp/scripts/plot_summary.1plot_summaryman releng/11.1/contrib/ntp/scripts/plot_summary.1plot_summarymdoc releng/11.1/contrib/ntp/scripts/plot_summary.html releng/11.1/contrib/ntp/scripts/plot_summary.man.in releng/11.1/contrib/ntp/scripts/plot_summary.mdoc.in releng/11.1/contrib/ntp/scripts/summary-opts releng/11.1/contrib/ntp/scripts/summary.1summaryman releng/11.1/contrib/ntp/scripts/summary.1summarymdoc releng/11.1/contrib/ntp/scripts/summary.html releng/11.1/contrib/ntp/scripts/summary.man.in releng/11.1/contrib/ntp/scripts/summary.mdoc.in releng/11.1/contrib/ntp/scripts/update-leap/Makefile.in releng/11.1/contrib/ntp/scripts/update-leap/invoke-update-leap.texi releng/11.1/contrib/ntp/scripts/update-leap/update-leap-opts releng/11.1/contrib/ntp/scripts/update-leap/update-leap.1update-leapman releng/11.1/contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc releng/11.1/contrib/ntp/scripts/update-leap/update-leap.html releng/11.1/contrib/ntp/scripts/update-leap/update-leap.in releng/11.1/contrib/ntp/scripts/update-leap/update-leap.man.in releng/11.1/contrib/ntp/scripts/update-leap/update-leap.mdoc.in releng/11.1/contrib/ntp/sntp/Makefile.in releng/11.1/contrib/ntp/sntp/check-libntp.mf releng/11.1/contrib/ntp/sntp/configure releng/11.1/contrib/ntp/sntp/crypto.c releng/11.1/contrib/ntp/sntp/crypto.h releng/11.1/contrib/ntp/sntp/harden/linux releng/11.1/contrib/ntp/sntp/include/version.def releng/11.1/contrib/ntp/sntp/include/version.texi releng/11.1/contrib/ntp/sntp/invoke-sntp.texi releng/11.1/contrib/ntp/sntp/m4/ntp_harden.m4 releng/11.1/contrib/ntp/sntp/m4/ntp_libevent.m4 releng/11.1/contrib/ntp/sntp/m4/ntp_openssl.m4 releng/11.1/contrib/ntp/sntp/m4/version.m4 releng/11.1/contrib/ntp/sntp/main.c releng/11.1/contrib/ntp/sntp/networking.c releng/11.1/contrib/ntp/sntp/sntp-opts.c releng/11.1/contrib/ntp/sntp/sntp-opts.def releng/11.1/contrib/ntp/sntp/sntp-opts.h releng/11.1/contrib/ntp/sntp/sntp.1sntpman releng/11.1/contrib/ntp/sntp/sntp.1sntpmdoc releng/11.1/contrib/ntp/sntp/sntp.html releng/11.1/contrib/ntp/sntp/sntp.man.in releng/11.1/contrib/ntp/sntp/sntp.mdoc.in releng/11.1/contrib/ntp/sntp/tests/Makefile.am releng/11.1/contrib/ntp/sntp/tests/Makefile.in releng/11.1/contrib/ntp/sntp/tests/crypto.c releng/11.1/contrib/ntp/sntp/tests/keyFile.c releng/11.1/contrib/ntp/sntp/tests/packetHandling.c releng/11.1/contrib/ntp/sntp/tests/packetProcessing.c releng/11.1/contrib/ntp/sntp/tests/run-crypto.c releng/11.1/contrib/ntp/sntp/tests/run-keyFile.c releng/11.1/contrib/ntp/sntp/tests/run-kodDatabase.c releng/11.1/contrib/ntp/sntp/tests/run-kodFile.c releng/11.1/contrib/ntp/sntp/tests/run-networking.c releng/11.1/contrib/ntp/sntp/tests/run-packetHandling.c releng/11.1/contrib/ntp/sntp/tests/run-packetProcessing.c releng/11.1/contrib/ntp/sntp/tests/run-t-log.c releng/11.1/contrib/ntp/sntp/tests/run-utilities.c releng/11.1/contrib/ntp/sntp/unity/auto/generate_test_runner.rb releng/11.1/contrib/ntp/sntp/utilities.c releng/11.1/contrib/ntp/sntp/version.c releng/11.1/contrib/ntp/util/Makefile.in releng/11.1/contrib/ntp/util/invoke-ntp-keygen.texi releng/11.1/contrib/ntp/util/ntp-keygen-opts.c releng/11.1/contrib/ntp/util/ntp-keygen-opts.def releng/11.1/contrib/ntp/util/ntp-keygen-opts.h releng/11.1/contrib/ntp/util/ntp-keygen.1ntp-keygenman releng/11.1/contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc releng/11.1/contrib/ntp/util/ntp-keygen.html releng/11.1/contrib/ntp/util/ntp-keygen.man.in releng/11.1/contrib/ntp/util/ntp-keygen.mdoc.in releng/11.1/usr.sbin/ntp/config.h releng/11.1/usr.sbin/ntp/doc/ntp-keygen.8 releng/11.1/usr.sbin/ntp/doc/ntp.conf.5 releng/11.1/usr.sbin/ntp/doc/ntp.keys.5 releng/11.1/usr.sbin/ntp/doc/ntpd.8 releng/11.1/usr.sbin/ntp/doc/ntpdc.8 releng/11.1/usr.sbin/ntp/doc/ntpq.8 releng/11.1/usr.sbin/ntp/doc/sntp.8 releng/11.1/usr.sbin/ntp/ntp-keygen/Makefile releng/11.1/usr.sbin/ntp/ntptime/Makefile releng/11.1/usr.sbin/ntp/scripts/mkver Modified: releng/10.3/contrib/ntp/ChangeLog ============================================================================== --- releng/10.3/contrib/ntp/ChangeLog Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/ChangeLog Wed Mar 7 05:58:24 2018 (r330567) @@ -1,6 +1,107 @@ --- -(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org> -(4.2.8p10) + +* [Sec 3454] Unauthenticated packet can reset authenticated interleave + associations. HStenn. +* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn. +* [Sec 3415] Permit blocking authenticated symmetric/passive associations. + Implement ippeerlimit. HStenn, JPerlinger. +* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits + - initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org> +* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org> +* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger. +* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org> +* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org> + - applied patch by Sean Haugh +* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> +* [Bug 3450] Dubious error messages from plausibility checks in get_systime() + - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> +* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> + - refactoring the MAC code, too +* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org +* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> + - applied patch by ggarvey +* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> + - applied patch by ggarvey (with minor mods) +* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain + - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> +* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> +* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> +* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" + - fixed several issues with hash algos in ntpd, sntp, ntpq, + ntpdc and the test suites <perlinger@ntp.org> +* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org> + - initial patch by Daniel Pouzzner +* [Bug 3423] QNX adjtime() implementation error checking is + wrong <perlinger@ntp.org> +* [Bug 3417] ntpq ifstats packet counters can be negative + made IFSTATS counter quantities unsigned <perlinger@ntp.org> +* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 + - raised receive buffer size to 1200 <perlinger@ntp.org> +* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static + analysis tool. <abe@ntp.org> +* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. +* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org> + - fix/drop assumptions on OpenSSL libs directory layout +* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation + - initial patch by timeflies@mail2tor.com <perlinger@ntp.org> +* [Bug 3398] tests fail with core dump <perlinger@ntp.org> + - patch contributed by Alexander Bluhm +* [Bug 3397] ctl_putstr() asserts that data fits in its buffer + rework of formatting & data transfer stuff in 'ntp_control.c' + avoids unecessary buffers and size limitations. <perlinger@ntp.org> +* [Bug 3394] Leap second deletion does not work on ntpd clients + - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org> +* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size + - increased mimimum stack size to 32kB <perlinger@ntp.org> +* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org> + - reverted handling of PPS kernel consumer to 4.2.6 behavior +* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org> +* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. +* [Bug 3016] wrong error position reported for bad ":config pool" + - fixed location counter & ntpq output <perlinger@ntp.org> +* [Bug 2900] libntp build order problem. HStenn. +* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org> +* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, + perlinger@ntp.org +* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. +* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org> +* Use strlcpy() to copy strings, not memcpy(). HStenn. +* Typos. HStenn. +* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. +* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. +* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org +* Fix trivial warnings from 'make check'. perlinger@ntp.org +* Fix bug in the override portion of the compiler hardening macro. HStenn. +* record_raw_stats(): Log entire packet. Log writes. HStenn. +* AES-128-CMAC support. BInglis, HStenn, JPerlinger. +* sntp: tweak key file logging. HStenn. +* sntp: pkt_output(): Improve debug output. HStenn. +* update-leap: updates from Paul McMath. +* When using pkg-config, report --modversion. HStenn. +* Clean up libevent configure checks. HStenn. +* sntp: show the IP of who sent us a crypto-NAK. HStenn. +* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. +* authistrustedip() - use it in more places. HStenn, JPerlinger. +* New sysstats: sys_lamport, sys_tsrounding. HStenn. +* Update ntp.keys .../N documentation. HStenn. +* Distribute testconf.yml. HStenn. +* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. +* Rename the configuration flag fifo variables. HStenn. +* Improve saveconfig output. HStenn. +* Decode restrict flags on receive() debug output. HStenn. +* Decode interface flags on receive() debug output. HStenn. +* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. +* Update the documentation in ntp.conf.def . HStenn. +* restrictions() must return restrict flags and ippeerlimit. HStenn. +* Update ntpq peer documentation to describe the 'p' type. HStenn. +* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. +* Provide dump_restricts() for debugging. HStenn. +* Use consistent 4th arg type for [gs]etsockopt. JPerlinger. +* Some tests might need LIBM. HStenn. +* update-leap: Allow -h/--help early. HStenn. + +--- +(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org> * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config (Pentest report 01.2017) <perlinger@ntp.org> Modified: releng/10.3/contrib/ntp/Makefile.am ============================================================================== --- releng/10.3/contrib/ntp/Makefile.am Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/Makefile.am Wed Mar 7 05:58:24 2018 (r330567) @@ -5,10 +5,10 @@ NULL = # moved sntp first to get libtool and libevent built. SUBDIRS = \ - sntp \ scripts \ include \ libntp \ + sntp \ libparse \ ntpd \ ntpdate \ Modified: releng/10.3/contrib/ntp/Makefile.in ============================================================================== --- releng/10.3/contrib/ntp/Makefile.in Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/Makefile.in Wed Mar 7 05:58:24 2018 (r330567) @@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -523,10 +524,10 @@ NULL = # moved sntp first to get libtool and libevent built. SUBDIRS = \ - sntp \ scripts \ include \ libntp \ + sntp \ libparse \ ntpd \ ntpdate \ Modified: releng/10.3/contrib/ntp/NEWS ============================================================================== --- releng/10.3/contrib/ntp/NEWS Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/NEWS Wed Mar 7 05:58:24 2018 (r330567) @@ -1,4 +1,331 @@ -- +NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27) + +NOTE: this NEWS file will be undergoing more revisions. + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity +vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and +provides 65 other non-security fixes and improvements: + +* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved + association (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3454 / CVE-2018-7185 / VU#961909 + Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between + 2.9 and 6.8. + CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could + score between 2.6 and 3.1 + Summary: + The NTP Protocol allows for both non-authenticated and + authenticated associations, in client/server, symmetric (peer), + and several broadcast modes. In addition to the basic NTP + operational modes, symmetric mode and broadcast servers can + support an interleaved mode of operation. In ntp-4.2.8p4 a bug + was inadvertently introduced into the protocol engine that + allows a non-authenticated zero-origin (reset) packet to reset + an authenticated interleaved peer association. If an attacker + can send a packet with a zero-origin timestamp and the source + IP address of the "other side" of an interleaved association, + the 'victim' ntpd will reset its association. The attacker must + continue sending these packets in order to maintain the + disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6, + interleave mode could be entered dynamically. As of ntp-4.2.8p7, + interleaved mode must be explicitly configured/enabled. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade to 4.2.8p11 or later and have + 'peer HOST xleave' lines in your ntp.conf file, remove the + 'xleave' option. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad + state (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3453 / CVE-2018-7184 / VU#961909 + Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) + Could score between 2.9 and 6.8. + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L + Could score between 2.6 and 6.0. + Summary: + The fix for NtpBug2952 was incomplete, and while it fixed one + problem it created another. Specifically, it drops bad packets + before updating the "received" timestamp. This means a + third-party can inject a packet with a zero-origin timestamp, + meaning the sender wants to reset the association, and the + transmit timestamp in this bogus packet will be saved as the + most recent "received" timestamp. The real remote peer does + not know this value and this will disrupt the association until + the association resets. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use authentication with 'peer' mode. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive + peering (LOW) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3415 / CVE-2018-7170 / VU#961909 + Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up to + use a trustedkey and if one is not using the feature introduced in + ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to + specify which IPs can serve time, a malicious authenticated peer + -- i.e. one where the attacker knows the private symmetric key -- + can create arbitrarily-many ephemeral associations in order to win + the clock selection of ntpd and modify a victim's clock. Three + additional protections are offered in ntp-4.2.8p11. One is the + new 'noepeer' directive, which disables symmetric passive + ephemeral peering. Another is the new 'ippeerlimit' directive, + which limits the number of peers that can be created from an IP. + The third extends the functionality of the 4th field in the + ntp.keys file to include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peers + that can be created from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs and + subnets that can be time servers. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was reported as Bug 3012 by Matthew Van Gundy of + Cisco ASIG, and separately by Stefan Moser as Bug 3415. + +* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3414 / CVE-2018-7183 / VU#961909 + Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L + Summary: + ntpq is a monitoring and control program for ntpd. decodearr() + is an internal function of ntpq that is used to -- wait for it -- + decode an array in a response string when formatted data is being + displayed. This is a problem in affected versions of ntpq if a + maliciously-altered ntpd returns an array result that will trip this + bug, or if a bad actor is able to read an ntpq request on its way to + a remote ntpd server and forge and send a response before the remote + ntpd sends its response. It's potentially possible that the + malicious data could become injectable/executable code. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Credit: + This weakness was discovered by Michael Macnair of Thales e-Security. + +* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined + behavior and information leak (Info/Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3412 / CVE-2018-7182 / VU#961909 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N + CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + 0.0 if C:N + Summary: + ctl_getitem() is used by ntpd to process incoming mode 6 packets. + A malicious mode 6 packet can be sent to an ntpd instance, and + if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will + cause ctl_getitem() to read past the end of its buffer. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Yihan Lian of Qihoo 360. + +* NTP Bug 3012: Sybil vulnerability: ephemeral association attack + Also see Bug 3415, above. + Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up + to use a trustedkey and if one is not using the feature + introduced in ntp-4.2.8p6 allowing an optional 4th field in the + ntp.keys file to specify which IPs can serve time, a malicious + authenticated peer -- i.e. one where the attacker knows the + private symmetric key -- can create arbitrarily-many ephemeral + associations in order to win the clock selection of ntpd and + modify a victim's clock. Two additional protections are + offered in ntp-4.2.8p11. One is the 'noepeer' directive, which + disables symmetric passive ephemeral peering. The other extends + the functionality of the 4th field in the ntp.keys file to + include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or + the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peer + associations from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs + and subnets that can be time servers. + Properly monitor your ntpd instances. + Credit: + This weakness was discovered by Matthew Van Gundy of Cisco ASIG. + +* Bug fixes: + [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org> + [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org> + - applied patch by Sean Haugh + [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> + [Bug 3450] Dubious error messages from plausibility checks in get_systime() + - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> + [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> + - refactoring the MAC code, too + [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org + [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> + - applied patch by ggarvey + [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> + - applied patch by ggarvey (with minor mods) + [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain + - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> + [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> + [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> + [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" + - fixed several issues with hash algos in ntpd, sntp, ntpq, + ntpdc and the test suites <perlinger@ntp.org> + [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org> + - initial patch by Daniel Pouzzner + [Bug 3423] QNX adjtime() implementation error checking is + wrong <perlinger@ntp.org> + [Bug 3417] ntpq ifstats packet counters can be negative + made IFSTATS counter quantities unsigned <perlinger@ntp.org> + [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 + - raised receive buffer size to 1200 <perlinger@ntp.org> + [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static + analysis tool. <abe@ntp.org> + [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. + [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org> + - fix/drop assumptions on OpenSSL libs directory layout + [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation + - initial patch by timeflies@mail2tor.com <perlinger@ntp.org> + [Bug 3398] tests fail with core dump <perlinger@ntp.org> + - patch contributed by Alexander Bluhm + [Bug 3397] ctl_putstr() asserts that data fits in its buffer + rework of formatting & data transfer stuff in 'ntp_control.c' + avoids unecessary buffers and size limitations. <perlinger@ntp.org> + [Bug 3394] Leap second deletion does not work on ntpd clients + - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org> + [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size + - increased mimimum stack size to 32kB <perlinger@ntp.org> + [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org> + - reverted handling of PPS kernel consumer to 4.2.6 behavior + [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org> + [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. + [Bug 3016] wrong error position reported for bad ":config pool" + - fixed location counter & ntpq output <perlinger@ntp.org> + [Bug 2900] libntp build order problem. HStenn. + [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org> + [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, + perlinger@ntp.org + [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. + [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org> + Use strlcpy() to copy strings, not memcpy(). HStenn. + Typos. HStenn. + test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. + refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. + Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org + Fix trivial warnings from 'make check'. perlinger@ntp.org + Fix bug in the override portion of the compiler hardening macro. HStenn. + record_raw_stats(): Log entire packet. Log writes. HStenn. + AES-128-CMAC support. BInglis, HStenn, JPerlinger. + sntp: tweak key file logging. HStenn. + sntp: pkt_output(): Improve debug output. HStenn. + update-leap: updates from Paul McMath. + When using pkg-config, report --modversion. HStenn. + Clean up libevent configure checks. HStenn. + sntp: show the IP of who sent us a crypto-NAK. HStenn. + Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. + authistrustedip() - use it in more places. HStenn, JPerlinger. + New sysstats: sys_lamport, sys_tsrounding. HStenn. + Update ntp.keys .../N documentation. HStenn. + Distribute testconf.yml. HStenn. + Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. + Rename the configuration flag fifo variables. HStenn. + Improve saveconfig output. HStenn. + Decode restrict flags on receive() debug output. HStenn. + Decode interface flags on receive() debug output. HStenn. + Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. + Update the documentation in ntp.conf.def . HStenn. + restrictions() must return restrict flags and ippeerlimit. HStenn. + Update ntpq peer documentation to describe the 'p' type. HStenn. + Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. + Provide dump_restricts() for debugging. HStenn. + Use consistent 4th arg type for [gs]etsockopt. JPerlinger. + +* Other items: + +* update-leap needs the following perl modules: + Net::SSLeay + IO::Socket::SSL + +* New sysstats variables: sys_lamport, sys_tsrounding +See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding" +sys_lamport counts the number of observed Lamport violations, while +sys_tsrounding counts observed timestamp rounding events. + +* New ntp.conf items: + +- restrict ... noepeer +- restrict ... ippeerlimit N + +The 'noepeer' directive will disallow all ephemeral/passive peer +requests. + +The 'ippeerlimit' directive limits the number of time associations +for each IP in the designated set of addresses. This limit does not +apply to explicitly-configured associations. A value of -1, the current +default, means an unlimited number of associations may connect from a +single IP. 0 means "none", etc. Ordinarily the only way multiple +associations would come from the same IP would be if the remote side +was using a proxy. But a trusted machine might become compromised, +in which case an attacker might spin up multiple authenticated sessions +from different ports. This directive should be helpful in this case. + +* New ntp.keys feature: Each IP in the optional list of IPs in the 4th +field may contain a /subnetbits specification, which identifies the +scope of IPs that may use this key. This IP/subnet restriction can be +used to limit the IPs that may use the key in most all situations where +a key is used. +-- NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21) Focus: Security, Bug fixes, enhancements. @@ -960,7 +1287,7 @@ following 9 low- and medium-severity vulnerabilities: Implement BCP-38. Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page - Properly monitor your =ntpd= instances + Properly monitor your ntpd instances Credit: This weakness was discovered by Stephen Gray and Matthew Van Gundy of Cisco ASIG. @@ -1029,7 +1356,7 @@ following 9 low- and medium-severity vulnerabilities: Implement BCP-38. Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page - Properly monitor your =ntpd= instances + Properly monitor your ntpd instances Credit: This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360. @@ -1266,7 +1593,7 @@ following 1 low- and 8 medium-severity vulnerabilities Configure 'ntpd' to get time from multiple sources. Upgrade to 4.2.8p6, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page. - Monitor your 'ntpd= instances. + Monitor your 'ntpd' instances. Credit: This weakness was discovered by Matthey Van Gundy and Jonathan Gardner of Cisco ASIG. Modified: releng/10.3/contrib/ntp/aclocal.m4 ============================================================================== --- releng/10.3/contrib/ntp/aclocal.m4 Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/aclocal.m4 Wed Mar 7 05:58:24 2018 (r330567) @@ -1339,6 +1339,7 @@ m4_include([sntp/m4/ltoptions.m4]) m4_include([sntp/m4/ltsugar.m4]) m4_include([sntp/m4/ltversion.m4]) m4_include([sntp/m4/lt~obsolete.m4]) +m4_include([sntp/m4/ntp_af_unspec.m4]) m4_include([sntp/m4/ntp_cacheversion.m4]) m4_include([sntp/m4/ntp_compiler.m4]) m4_include([sntp/m4/ntp_crosscompile.m4]) Modified: releng/10.3/contrib/ntp/adjtimed/Makefile.in ============================================================================== --- releng/10.3/contrib/ntp/adjtimed/Makefile.in Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/adjtimed/Makefile.in Wed Mar 7 05:58:24 2018 (r330567) @@ -108,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -952,7 +953,6 @@ install-exec-hook: # check-libntp: ../libntp/libntp.a - @echo stamp > $@ ../libntp/libntp.a: cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a Modified: releng/10.3/contrib/ntp/clockstuff/Makefile.in ============================================================================== --- releng/10.3/contrib/ntp/clockstuff/Makefile.in Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/clockstuff/Makefile.in Wed Mar 7 05:58:24 2018 (r330567) @@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/li $(top_srcdir)/sntp/m4/ltsugar.m4 \ $(top_srcdir)/sntp/m4/ltversion.m4 \ $(top_srcdir)/sntp/m4/lt~obsolete.m4 \ + $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \ $(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \ $(top_srcdir)/sntp/m4/ntp_compiler.m4 \ $(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \ @@ -793,7 +794,6 @@ uninstall-am: check-libntp: ../libntp/libntp.a - @echo stamp > $@ ../libntp/libntp.a: cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a Modified: releng/10.3/contrib/ntp/configure ============================================================================== --- releng/10.3/contrib/ntp/configure Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/configure Wed Mar 7 05:58:24 2018 (r330567) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10. +# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11. # # Report bugs to <http://bugs.ntp.org./>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p10' -PACKAGE_STRING='ntp 4.2.8p10' +PACKAGE_VERSION='4.2.8p11' +PACKAGE_STRING='ntp 4.2.8p11' PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_URL='http://www.ntp.org./' @@ -944,6 +944,7 @@ ac_user_opts=' enable_option_checking enable_silent_rules enable_dependency_tracking +with_hardenfile with_locfile enable_shared enable_static @@ -1613,7 +1614,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1683,7 +1684,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p10:";; + short | recursive ) echo "Configuration of ntp 4.2.8p11:";; esac cat <<\_ACEOF @@ -1699,6 +1700,7 @@ Optional Features and Packages: do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build + --with-hardenfile=XXX os-specific or "/dev/null" --with-locfile=XXX os-specific or "legacy" --enable-shared[=PKGS] build shared libraries [default=no] --enable-static[=PKGS] build static libraries [default=yes] @@ -1921,7 +1923,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p10 +ntp configure 4.2.8p11 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2630,7 +2632,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p10, which was +It was created by ntp $as_me 4.2.8p11, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3631,7 +3633,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p10' + VERSION='4.2.8p11' cat >>confdefs.h <<_ACEOF @@ -6581,11 +6583,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu $as_echo_n "checking for compile/link hardening flags... " >&6; } -# Check whether --with-locfile was given. -if test "${with_locfile+set}" = set; then : - withval=$with_locfile; +# Check whether --with-hardenfile was given. +if test "${with_hardenfile+set}" = set; then : + withval=$with_hardenfile; else - with_locfile=no + with_hardenfile=no fi @@ -6593,12 +6595,12 @@ fi ( \ SENTINEL_DIR="$PWD" && \ cd $srcdir/sntp && \ - case "$with_locfile" in \ + case "$with_hardenfile" in \ yes|no|'') \ scripts/genHardFlags -d "$SENTINEL_DIR" \ ;; \ *) \ - scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile" \ + scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile" \ ;; \ esac \ ) > genHardFlags.i 2> genHardFlags.err @@ -15937,8 +15939,13 @@ $as_echo_n "checking if libevent $ntp_libevent_min_ver if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent then ntp_use_local_libevent=no - { $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5 -$as_echo "$as_me: Using the installed libevent" >&6;} + ntp_libevent_version="`$PKG_CONFIG --modversion libevent`" + case "$ntp_libevent_version" in + *.*) ;; + *) ntp_libevent_version='(unknown)' ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5 +$as_echo "yes, version $ntp_libevent_version" >&6; } CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent` # HMS: I hope the following is accurate. @@ -15966,8 +15973,6 @@ $as_echo "$as_me: Using the installed libevent" >&6;} LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads" esac LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } else ntp_use_local_libevent=yes # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS @@ -26468,6 +26473,36 @@ fi done + + +# We could do a cv check here, but is it worth it? + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include <sys/socket.h> + #ifndef AF_UNSPEC + #include "Bletch: AF_UNSPEC is undefined!" + #endif + #if AF_UNSPEC != 0 + #include "Bletch: AF_UNSPEC != 0" + #endif + +int +main () +{ +{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5 +$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;} + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if ${ac_cv_type_signal+:} false; then : @@ -30114,8 +30149,13 @@ $as_echo_n "checking pkg-config for $pkg... " >&6; } VER_SUFFIX=o ntp_openssl=yes ntp_openssl_from_pkg_config=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" + case "$ntp_openssl_version" in + *.*) ;; + *) ntp_openssl_version='(unknown)' ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 +$as_echo "yes, version $ntp_openssl_version" >&6; } break fi @@ -33924,7 +33964,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p10, which was +This file was extended by ntp $as_me 4.2.8p11, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33991,7 +34031,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ntp config.status 4.2.8p10 +ntp config.status 4.2.8p11 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: releng/10.3/contrib/ntp/configure.ac ============================================================================== --- releng/10.3/contrib/ntp/configure.ac Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/configure.ac Wed Mar 7 05:58:24 2018 (r330567) @@ -528,6 +528,8 @@ AC_CHECK_HEADERS([sys/timex.h], [], [], [ #endif ]) +NTP_AF_UNSPEC + AC_TYPE_SIGNAL AC_TYPE_OFF_T AC_STRUCT_TM dnl defines TM_IN_SYS_TIME used by refclock_parse.c Modified: releng/10.3/contrib/ntp/html/access.html ============================================================================== --- releng/10.3/contrib/ntp/html/access.html Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/html/access.html Wed Mar 7 05:58:24 2018 (r330567) @@ -19,7 +19,7 @@ color: #FF0000; <p><img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a></p> <p>The skunk watches for intruders and sprays.</p> <p>Last update: - <!-- #BeginDate format:En2m -->11-Sep-2010 05:53<!-- #EndDate --> + <!-- #BeginDate format:En2m -->26-Jul-2017 20:10<!-- #EndDate --> UTC</p> <br clear="left"> <h4>Related Links</h4> @@ -32,7 +32,7 @@ color: #FF0000; <p>The ACL is specified as a list of <tt>restrict</tt> commands in the following format:</p> <p><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></p> <p>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.</p> -<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p> +<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p> <p>An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:</p> <pre> restrict default nopeer # deny new associations Modified: releng/10.3/contrib/ntp/html/accopt.html ============================================================================== --- releng/10.3/contrib/ntp/html/accopt.html Wed Mar 7 05:53:35 2018 (r330566) +++ releng/10.3/contrib/ntp/html/accopt.html Wed Mar 7 05:58:24 2018 (r330567) @@ -3,89 +3,185 @@ <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> <meta name="generator" content="HTML Tidy, see www.w3.org"> -<title>Access Control Commands and Options</title> -<!-- Changed by: Harlan &, 13-Nov-2014 --> +<title>Access Control Commands and Options</title> <!-- Changed by: Harlan +&, 13-Nov-2014 --> <link href="scripts/style.css" type="text/css" rel="stylesheet"> <style type="text/css"> <!-- <style1 { -color: #FF0000; - font-weight: bold; -} ---> +color: #FF0000; font-weight: bold; } --> </style> </head> <body> <h3>Access Control Commands and Options</h3> -<img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a> +<img src="pic/pogo6.gif" alt="gif" +align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, +Walt Kelly</a> <p>The skunk watches for intruders and sprays.</p> -<p>Last update: - <!-- #BeginDate format:En2m -->13-Nov-2014 03:00<!-- #EndDate --> - UTC</p> +<p>Last update: <!-- #BeginDate format:En2m -->7-Jan-2018 23:56<!-- #EndDate + --> UTC</p> <br clear="left"> <h4>Related Links</h4> -<script type="text/javascript" language="javascript" src="scripts/command.txt"></script> -<script type="text/javascript" language="javascript" src="scripts/accopt.txt"></script> +<script type="text/javascript" language="javascript" +src="scripts/command.txt"></script> +<script type="text/javascript" language="javascript" +src="scripts/accopt.txt"></script> <hr> <h4>Commands and Options</h4> -<p>Unless noted otherwise, further information about these ccommands is on the <a href="accopt.html">Access Control Support</a> page.</p> +<p>Unless noted otherwise, further information about these ccommands is on +the <a href="accopt.html">Access Control Support</a> page.</p> <dl> - <dt id="discard"><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ] [ monitor <i>prob</i> ]</tt></dt> - <dd>Set the parameters of the rate control facility which protects the server from client abuse. If the <tt>limited</tt> flag is present in the ACL, packets that violate these limits are discarded. If, in addition, the <tt>kod</tt> flag is present, a kiss-o'-death packet is returned. See the <a href="rate.html">Rate Management</a> page for further information. The options are: + <dt id="discard"><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ] + [ monitor <i>prob</i> ]</tt></dt> + <dd>Set the parameters of the rate control facility which protects the + server from client abuse. If the <tt>limited</tt> flag is present in the + ACL, packets that violate these limits are discarded. If, in addition, + the <tt>kod</tt> flag is present, a kiss-o'-death packet is + returned. See the <a href="rate.html">Rate Management</a> page for + further information. The options are: <dl> <dt><tt>average <i>avg</i></tt></dt> - <dd>Specify the minimum average interpacket spacing (minimum average headway - time) in log<sub>2</sub> s with default 3.</dd> + <dd>Specify the minimum average interpacket spacing (minimum average + headway time) in log<sub>2</sub> s with default 3.</dd> <dt><tt>minimum <i>min</i></tt></dt> - <dd>Specify the minimum interpacket spacing (guard time) in seconds with default 2.</dd> + <dd>Specify the minimum interpacket spacing (guard time) in seconds + with default 2.</dd> <dt><tt>monitor</tt></dt> - <dd>Specify the probability of being recorded for packets that overflow the MRU list size limit set by <tt>mru maxmem</tt> or <tt>mru maxdepth</tt>. This is a performance optimization for servers with aggregate arrivals of 1000 packets per second or more.</dd> + <dd>Specify the probability of being recorded for packets that + overflow the MRU list size limit set by <tt>mru maxmem</tt> + or <tt>mru maxdepth</tt>. This is a performance optimization for + servers with aggregate arrivals of 1000 packets per second or + more.</dd> </dl> </dd> - <dt id="restrict"><tt>restrict default [<i>flag</i>][...]<br> - restrict source [<i>flag</i>][...]<br> - restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></dt> - <dd>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptible, and removed when the association is demobilized.</dd> - <dd>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:</dd> + <dt id="restrict"><tt>restrict [-4 | -6] default [ippeerlimit <i>num</i>] + [<i>flag</i>][...]<br> restrict source [ippeerlimit <i>num</i>] + [<i>flag</i>][...]<br> restrict <i>address</i> [mask <i>mask</i>] + [ippeerlimit <i>num</i>] [<i>flag</i>][...]</tt></dt> + <dd>The <tt><i>address</i></tt> argument expressed in IPv4 or IPv6 numeric + address form is the address of a host or network. Alternatively, + the <tt><i>address</i></tt> argument can be a valid host DNS + name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 + numeric address form defaults to all mask bits on, meaning that + the <tt><i>address</i></tt> is treated as the address of an individual + host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and + address :: mask :: for IPv6) is always the first entry in the + list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 + and IPv6 default entries. <tt>restrict source</tt> configures a template + restriction automatically added at runtime for each association, whether + configured, ephemeral, or preemptible, and removed when the association + is demobilized.</dd> + <dd>The optional <tt>ippeerlimit</tt> takes a numeric argument that + indicates how many incoming (at present) peer requests will be permitted + for each IP, regardless of whether or not the request comes from an + authenticated source. A value of -1 means "unlimited", which is the + current default. A value of 0 means "none". Ordinarily one would + expect at most 1 of these sessions to exist per IP, however if the + remote side is operating thru a proxy there would be one association for + each remote peer at that IP.</dd> + <dd>Some flags have the effect to deny service, some have the effect to + enable service and some are conditioned by other flags. The flags are + not orthogonal, in that more restrictive flags will often make less + restrictive ones redundant. The flags that deny service are classed in + two categories, those that restrict time service and those that restrict + informational queries and attempts to do run-time reconfiguration of the + server. One or more of the following flags may be specified:</dd> <dd> <dl> <dt><tt>flake</tt></dt> - <dd>Discard received NTP packets with probability 0.1; that is, on average drop one packet in ten. This is for testing and amusement. The name comes from Bob Braden's <i>flakeway</i>, which once did a similar thing for early Internet testing.</dd> + <dd>Discard received NTP packets with probability 0.1; that is, on + average drop one packet in ten. This is for testing and + amusement. The name comes from Bob Braden's <i>flakeway</i>, which + once did a similar thing for early Internet testing.</dd> <dt><tt>ignore</tt></dt> - <dd>Deny packets of all kinds, including <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd> + <dd>Deny packets of all kinds, including <tt>ntpq</tt> + and <tt>ntpdc</tt> queries.</dd> <dt><tt>kod</tt></dt> - <dd>Send a kiss-o'-death (KoD) packet if the <tt>limited</tt> flag is present and a packet violates the rate limits established by the <tt>discard</tt> command. KoD packets are themselves rate limited for each source address separately. If the <tt>kod</tt> flag is used in a restriction which does not have the <tt>limited</tt> flag, no KoD responses will result.</dd> + <dd>Send a kiss-o'-death (KoD) packet if the <tt>limited</tt> flag is + present and a packet violates the rate limits established by + the <tt>discard</tt> command. KoD packets are themselves rate + limited for each source address separately. If the <tt>kod</tt> flag + is used in a restriction which does not have the <tt>limited</tt> + flag, no KoD responses will result.</dd> <dt id="limited"><tt>limited</tt></dt> - <dd>Deny time service if the packet violates the rate limits established by the <tt>discard</tt> command. This does not apply to <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd> + <dd>Deny time service if the packet violates the rate limits + established by the <tt>discard</tt> command. This does not apply + to <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd> <dt><tt>lowpriotrap</tt></dt> - <dd>Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps.</dd> + <dd>Declare traps set by matching hosts to be low priority. The number + of traps a server can maintain is limited (the current limit is + 3). Traps are usually assigned on a first come, first served basis, + with later trap requestors being denied service. This flag modifies + the assignment algorithm by allowing low priority traps to be + overridden by later requests for normal priority traps.</dd> <dt><tt>mssntp</tt></dt> - <dd>Enable Microsoft Windows MS-SNTP authentication using Active Directory services. <span class="style1"><b>Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</b></span></dd> + <dd>Enable Microsoft Windows MS-SNTP authentication using Active + Directory services. <span class="style1"><b>Note: Potential users + should be aware that these services involve a TCP connection to + another process that could potentially block, denying services to + other users. Therefore, this flag should be used only for a + dedicated server with no clients other than MS-SNTP.</b></span></dd> + <dt><tt>noepeer</tt></dt> + <dd>Deny packets that would mobilize an ephemeral peering association, + even if authenticated.</dd> <dt><tt>nomodify</tt></dt> - <dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.</dd> + <dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to + modify the state of the server (i.e., run time + reconfiguration). Queries which return information are + permitted.</dd> <dt><tt>noquery</tt></dt> - <dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not affected.</dd> + <dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not + affected.</dd> <dt><tt>nopeer</tt></dt> - <dd>Deny packets that might mobilize an association unless authenticated. This includes broadcast, symmetric-active and manycast server packets when a configured association does not exist. It also includes <tt>pool</tt> associations, so if you want to use servers from a <tt>pool</tt> directive and also want to use <tt>nopeer</tt> by default, you'll want a <tt>"restrict source ..."</tt> line as well that does <i>not</i> include the <tt>nopeer</tt> directive. Note that this flag does not apply to packets that do not attempt to mobilize an association. </dd> + <dd>Deny packets that might mobilize an association unless + authenticated. This includes broadcast, symmetric-active and + manycast server packets when a configured association does not + exist. It also includes <tt>pool</tt> associations, so if you want + to use servers from a <tt>pool</tt> directive and also want to + use <tt>nopeer</tt> by default, you'll want a <tt>"restrict source + ..."</tt> line as well that does <i>not</i> include + the <tt>nopeer</tt> directive. Note that this flag does not apply + to packets that do not attempt to mobilize an association. </dd> <dt><tt>noserve</tt></dt> - <dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd> + <dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> + queries.</dd> <dt><tt>notrap</tt></dt> - <dd>Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the <tt>ntpdc</tt> control message protocol which is intended for use by remote event logging programs.</dd> + <dd>Decline to provide mode 6 control message trap service to matching + hosts. The trap service is a subsystem of the <tt>ntpdc</tt> control + message protocol which is intended for use by remote event logging + programs.</dd> <dt><tt>notrust</tt></dt> - <dd>Deny packets that are not cryptographically authenticated. Note carefully how this flag interacts with the <tt>auth</tt> option of the <tt>enable</tt> and <tt>disable</tt> commands. If <tt>auth</tt> is enabled, which is the default, authentication is required for all packets that might mobilize an association. If <tt>auth</tt> is disabled, but the <tt>notrust</tt> flag is not present, an association can be mobilized whether or not authenticated. If <tt>auth</tt> is disabled, but the <tt>notrust</tt> flag is present, authentication is required only for the specified address/mask range. </dd> + <dd>Deny packets that are not cryptographically authenticated. Note + carefully how this flag interacts with the <tt>auth</tt> option of + the <tt>enable</tt> and <tt>disable</tt> commands. If <tt>auth</tt> + is enabled, which is the default, authentication is required for all + packets that might mobilize an association. If <tt>auth</tt> is + disabled, but the <tt>notrust</tt> flag is not present, an + association can be mobilized whether or not + authenticated. If <tt>auth</tt> is disabled, but + the <tt>notrust</tt> flag is present, authentication is required + only for the specified address/mask range. </dd> <dt><tt>ntpport</tt></dt> - <dd>This is actually a match algorithm modifier, rather than a restriction - flag. Its presence causes the restriction entry to be matched only if the - source port in the packet is the standard NTP UDP port (123). A restrict line - containing <tt>ntpport</tt> is considered more specific than one with the *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803070558.w275wPGe088165>