head 1.109; access; symbols pkgsrc-2023Q4:1.109.0.2 pkgsrc-2023Q4-base:1.109 pkgsrc-2023Q3:1.108.0.10 pkgsrc-2023Q3-base:1.108 pkgsrc-2023Q2:1.108.0.8 pkgsrc-2023Q2-base:1.108 pkgsrc-2023Q1:1.108.0.6 pkgsrc-2023Q1-base:1.108 pkgsrc-2022Q4:1.108.0.4 pkgsrc-2022Q4-base:1.108 pkgsrc-2022Q3:1.108.0.2 pkgsrc-2022Q3-base:1.108 pkgsrc-2022Q2:1.107.0.10 pkgsrc-2022Q2-base:1.107 pkgsrc-2022Q1:1.107.0.8 pkgsrc-2022Q1-base:1.107 pkgsrc-2021Q4:1.107.0.6 pkgsrc-2021Q4-base:1.107 pkgsrc-2021Q3:1.107.0.4 pkgsrc-2021Q3-base:1.107 pkgsrc-2021Q2:1.107.0.2 pkgsrc-2021Q2-base:1.107 pkgsrc-2021Q1:1.106.0.6 pkgsrc-2021Q1-base:1.106 pkgsrc-2020Q4:1.106.0.4 pkgsrc-2020Q4-base:1.106 pkgsrc-2020Q3:1.106.0.2 pkgsrc-2020Q3-base:1.106 pkgsrc-2020Q2:1.104.0.2 pkgsrc-2020Q2-base:1.104 pkgsrc-2020Q1:1.103.0.2 pkgsrc-2020Q1-base:1.103 pkgsrc-2019Q4:1.102.0.4 pkgsrc-2019Q4-base:1.102 pkgsrc-2019Q3:1.101.0.2 pkgsrc-2019Q3-base:1.101 pkgsrc-2019Q2:1.100.0.4 pkgsrc-2019Q2-base:1.100 pkgsrc-2019Q1:1.100.0.2 pkgsrc-2019Q1-base:1.100 pkgsrc-2018Q4:1.99.0.4 pkgsrc-2018Q4-base:1.99 pkgsrc-2018Q3:1.99.0.2 pkgsrc-2018Q3-base:1.99 pkgsrc-2018Q2:1.98.0.14 pkgsrc-2018Q2-base:1.98 pkgsrc-2018Q1:1.98.0.12 pkgsrc-2018Q1-base:1.98 pkgsrc-2017Q4:1.98.0.10 pkgsrc-2017Q4-base:1.98 pkgsrc-2017Q3:1.98.0.8 pkgsrc-2017Q3-base:1.98 pkgsrc-2017Q2:1.98.0.4 pkgsrc-2017Q2-base:1.98 pkgsrc-2017Q1:1.98.0.2 pkgsrc-2017Q1-base:1.98 pkgsrc-2016Q4:1.97.0.2 pkgsrc-2016Q4-base:1.97 pkgsrc-2016Q3:1.96.0.2 pkgsrc-2016Q3-base:1.96 pkgsrc-2016Q2:1.95.0.2 pkgsrc-2016Q2-base:1.95 pkgsrc-2016Q1:1.91.0.2 pkgsrc-2016Q1-base:1.91 pkgsrc-2015Q4:1.89.0.2 pkgsrc-2015Q4-base:1.89 pkgsrc-2015Q3:1.87.0.2 pkgsrc-2015Q3-base:1.87 pkgsrc-2015Q2:1.86.0.2 pkgsrc-2015Q2-base:1.86 pkgsrc-2015Q1:1.84.0.2 pkgsrc-2015Q1-base:1.84 pkgsrc-2014Q4:1.82.0.2 pkgsrc-2014Q4-base:1.82 pkgsrc-2014Q3:1.79.0.4 pkgsrc-2014Q3-base:1.79 pkgsrc-2014Q2:1.79.0.2 pkgsrc-2014Q2-base:1.79 pkgsrc-2014Q1:1.78.0.2 pkgsrc-2014Q1-base:1.78 pkgsrc-2013Q4:1.74.0.4 pkgsrc-2013Q4-base:1.74 pkgsrc-2013Q3:1.74.0.2 pkgsrc-2013Q3-base:1.74 pkgsrc-2013Q2:1.73.0.2 pkgsrc-2013Q2-base:1.73 pkgsrc-2013Q1:1.72.0.2 pkgsrc-2013Q1-base:1.72 pkgsrc-2012Q4:1.71.0.2 pkgsrc-2012Q4-base:1.71 pkgsrc-2012Q3:1.69.0.4 pkgsrc-2012Q3-base:1.69 pkgsrc-2012Q2:1.69.0.2 pkgsrc-2012Q2-base:1.69 pkgsrc-2012Q1:1.68.0.4 pkgsrc-2012Q1-base:1.68 pkgsrc-2011Q4:1.68.0.2 pkgsrc-2011Q4-base:1.68 pkgsrc-2011Q3:1.67.0.14 pkgsrc-2011Q3-base:1.67 pkgsrc-2011Q2:1.67.0.12 pkgsrc-2011Q2-base:1.67 pkgsrc-2011Q1:1.67.0.10 pkgsrc-2011Q1-base:1.67 pkgsrc-2010Q4:1.67.0.8 pkgsrc-2010Q4-base:1.67 pkgsrc-2010Q3:1.67.0.6 pkgsrc-2010Q3-base:1.67 pkgsrc-2010Q2:1.67.0.4 pkgsrc-2010Q2-base:1.67 pkgsrc-2010Q1:1.67.0.2 pkgsrc-2010Q1-base:1.67 pkgsrc-2009Q4:1.66.0.2 pkgsrc-2009Q4-base:1.66 pkgsrc-2009Q3:1.64.0.2 pkgsrc-2009Q3-base:1.64 pkgsrc-2009Q2:1.59.0.4 pkgsrc-2009Q2-base:1.59 pkgsrc-2009Q1:1.59.0.2 pkgsrc-2009Q1-base:1.59 pkgsrc-2008Q4:1.58.0.10 pkgsrc-2008Q4-base:1.58 pkgsrc-2008Q3:1.58.0.8 pkgsrc-2008Q3-base:1.58 cube-native-xorg:1.58.0.6 cube-native-xorg-base:1.58 pkgsrc-2008Q2:1.58.0.4 pkgsrc-2008Q2-base:1.58 cwrapper:1.58.0.2 pkgsrc-2008Q1:1.53.0.2 pkgsrc-2008Q1-base:1.53 pkgsrc-2007Q4:1.51.0.2 pkgsrc-2007Q4-base:1.51 pkgsrc-2007Q3:1.50.0.8 pkgsrc-2007Q3-base:1.50 pkgsrc-2007Q2:1.50.0.6 pkgsrc-2007Q2-base:1.50 pkgsrc-2007Q1:1.50.0.4 pkgsrc-2007Q1-base:1.50 pkgsrc-2006Q4:1.50.0.2 pkgsrc-2006Q4-base:1.50 pkgsrc-2006Q3:1.49.0.2 pkgsrc-2006Q3-base:1.49 pkgsrc-2006Q2:1.48.0.4 pkgsrc-2006Q2-base:1.48 pkgsrc-2006Q1:1.48.0.2 pkgsrc-2006Q1-base:1.48 pkgsrc-2005Q4:1.47.0.2 pkgsrc-2005Q4-base:1.47 pkgsrc-2005Q3:1.43.0.2 pkgsrc-2005Q3-base:1.43 pkgsrc-2005Q2:1.41.0.2 pkgsrc-2005Q2-base:1.41 pkgsrc-2005Q1:1.39.0.2 pkgsrc-2005Q1-base:1.39 pkgsrc-2004Q4:1.37.0.2 pkgsrc-2004Q4-base:1.37 pkgsrc-2004Q3:1.36.0.2 pkgsrc-2004Q3-base:1.36 pkgsrc-2004Q2:1.35.0.2 pkgsrc-2004Q2-base:1.35 pkgsrc-2004Q1:1.33.0.2 pkgsrc-2004Q1-base:1.33 pkgsrc-2003Q4:1.30.0.2 pkgsrc-2003Q4-base:1.30 netbsd-1-6-1:1.21.0.4 netbsd-1-6-1-base:1.21 netbsd-1-6:1.21.0.6 netbsd-1-6-RELEASE-base:1.21 pkgviews:1.21.0.2 pkgviews-base:1.21 buildlink2:1.20.0.2 buildlink2-base:1.20 netbsd-1-5-PATCH003:1.20 netbsd-1-5-PATCH001:1.15 netbsd-1-5-RELEASE:1.13 netbsd-1-4-PATCH003:1.13 netbsd-1-4-PATCH002:1.12 comdex-fall-1999:1.9 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.109 date 2023.10.24.22.10.28; author wiz; state Exp; branches; next 1.108; commitid MTsrqKm6aGrQAVJE; 1.108 date 2022.06.28.11.35.04; author wiz; state Exp; branches; next 1.107; commitid D2UoJrTHpoHEANJD; 1.107 date 2021.05.24.19.53.22; author wiz; state Exp; branches; next 1.106; commitid qokaiStTApGMcrUC; 1.106 date 2020.08.31.18.10.37; author wiz; state Exp; branches; next 1.105; commitid 7zxRbfOkDOoxbfmC; 1.105 date 2020.08.15.02.09.25; author tnn; state Exp; branches; next 1.104; commitid f78CQFBdKJaCp6kC; 1.104 date 2020.06.21.15.10.47; author taca; state Exp; branches; next 1.103; commitid qGo5iTmE719iv6dC; 1.103 date 2020.01.18.21.50.21; author jperkin; state Exp; branches; next 1.102; commitid JW4hJgY8ZdoTFdTB; 1.102 date 2019.11.03.11.45.45; author rillig; state Exp; branches; next 1.101; commitid llzTCvoTAgLcNoJB; 1.101 date 2019.08.11.13.22.13; author wiz; state Exp; branches; next 1.100; commitid Ifet9Pg6Qt99ZByB; 1.100 date 2019.03.25.17.19.59; author tnn; state Exp; branches; next 1.99; commitid ONAW5uKvbeKVNLgB; 1.99 date 2018.08.22.09.45.56; author wiz; state Exp; branches; next 1.98; commitid YLub8g3ofvFGb6PA; 1.98 date 2017.03.24.03.41.08; author taca; state Exp; branches; next 1.97; commitid FEujqBq0M0U6MKKz; 1.97 date 2016.12.05.15.49.59; author taca; state Exp; branches; next 1.96; commitid VAR5t6JVDM87iOwz; 1.96 date 2016.07.09.06.38.44; author wiz; state Exp; branches; next 1.95; commitid dlqnocGpOoXV2Cdz; 1.95 date 2016.06.03.09.45.08; author taca; state Exp; branches; next 1.94; commitid Y1w49EkAablYe09z; 1.94 date 2016.05.14.08.13.49; author bsiegert; state Exp; branches; next 1.93; commitid EeQPXH6XLG3tnq6z; 1.93 date 2016.05.13.15.50.13; author bsiegert; state Exp; branches; next 1.92; commitid b9lsvxesrdgOVk6z; 1.92 date 2016.04.27.15.59.19; author wen; state Exp; branches; next 1.91; commitid CCFWXVmBSzSYuh4z; 1.91 date 2016.03.05.11.29.09; author jperkin; state Exp; branches 1.91.2.1; next 1.90; commitid 1LoxeQftu903HrXy; 1.90 date 2016.01.09.15.49.26; author taca; state Exp; branches; next 1.89; commitid TkyLTkmlw4dPWgQy; 1.89 date 2015.10.29.11.28.44; author christos; state Exp; branches 1.89.2.1; next 1.88; commitid 9J3SF6aXA594PZGy; 1.88 date 2015.10.23.03.43.31; author taca; state Exp; branches; next 1.87; commitid bE8tuUj0volSqbGy; 1.87 date 2015.06.30.16.08.21; author taca; state Exp; branches 1.87.2.1; next 1.86; commitid yfSH8sU9hfjqftry; 1.86 date 2015.06.12.10.50.43; author wiz; state Exp; branches 1.86.2.1; next 1.85; commitid B4JmCfaVUbiY38py; 1.85 date 2015.04.08.03.31.33; author taca; state Exp; branches; next 1.84; commitid TiamVyeAI4bPJJgy; 1.84 date 2015.03.21.20.49.28; author bsiegert; state Exp; branches 1.84.2.1; next 1.83; commitid YZcp3zBsoGt03wey; 1.83 date 2015.02.28.23.44.56; author joerg; state Exp; branches; next 1.82; commitid lp1SsWGqIE9UHPby; 1.82 date 2014.12.27.02.48.27; author taca; state Exp; branches 1.82.2.1; next 1.81; commitid ghdtHRuXoWuaMC3y; 1.81 date 2014.12.20.09.45.46; author taca; state Exp; branches; next 1.80; commitid GqADPr2oZqikjL2y; 1.80 date 2014.10.09.14.06.45; author wiz; state Exp; branches; next 1.79; commitid fBDATFVmQ3454xTx; 1.79 date 2014.05.29.23.37.05; author wiz; state Exp; branches; next 1.78; commitid laryHfkCalgYtuCx; 1.78 date 2014.03.20.19.01.45; author asau; state Exp; branches; next 1.77; commitid Kog949IH1mFlettx; 1.77 date 2014.03.05.12.35.09; author obache; state Exp; branches; next 1.76; commitid 607Fu8B5S7xlxvrx; 1.76 date 2014.02.12.23.18.24; author tron; state Exp; branches; next 1.75; commitid dfJj7CwMMWJzNRox; 1.75 date 2014.01.12.17.01.02; author spz; state Exp; branches; next 1.74; commitid CxhPBewaB7fqHQkx; 1.74 date 2013.07.15.02.02.27; author ryoon; state Exp; branches; next 1.73; commitid aGblgSa9xp3HyvXw; 1.73 date 2013.05.31.12.41.35; author wiz; state Exp; branches; next 1.72; commitid hIeXGcx6VfKHwMRw; 1.72 date 2013.02.06.23.23.20; author jperkin; state Exp; branches; next 1.71; 1.71 date 2012.10.23.17.18.43; author asau; state Exp; branches; next 1.70; 1.70 date 2012.10.03.21.56.57; author wiz; state Exp; branches; next 1.69; 1.69 date 2012.04.08.16.58.05; author bsiegert; state Exp; branches; next 1.68; 1.68 date 2011.11.16.08.23.49; author sbd; state Exp; branches; next 1.67; 1.67 date 2010.01.17.12.02.34; author wiz; state Exp; branches; next 1.66; 1.66 date 2009.12.15.10.53.20; author tnn; state Exp; branches; next 1.65; 1.65 date 2009.10.11.16.35.27; author zafer; state Exp; branches; next 1.64; 1.64 date 2009.09.08.11.34.02; author tnn; state Exp; branches 1.64.2.1; next 1.63; 1.63 date 2009.09.08.10.06.50; author tnn; state Exp; branches; next 1.62; 1.62 date 2009.09.08.08.40.26; author tnn; state Exp; branches; next 1.61; 1.61 date 2009.09.06.11.13.50; author tnn; state Exp; branches; next 1.60; 1.60 date 2009.09.06.10.20.21; author tnn; state Exp; branches; next 1.59; 1.59 date 2009.01.26.20.06.15; author kefren; state Exp; branches; next 1.58; 1.58 date 2008.06.24.13.57.09; author obache; state Exp; branches 1.58.10.1; next 1.57; 1.57 date 2008.06.24.11.47.13; author obache; state Exp; branches; next 1.56; 1.56 date 2008.06.08.04.53.27; author obache; state Exp; branches; next 1.55; 1.55 date 2008.05.26.02.13.22; author joerg; state Exp; branches; next 1.54; 1.54 date 2008.04.12.22.43.08; author jlam; state Exp; branches; next 1.53; 1.53 date 2008.01.24.11.55.42; author is; state Exp; branches; next 1.52; 1.52 date 2008.01.18.05.08.47; author tnn; state Exp; branches; next 1.51; 1.51 date 2007.12.12.20.42.32; author wiz; state Exp; branches; next 1.50; 1.50 date 2006.11.22.23.07.39; author reed; state Exp; branches; next 1.49; 1.49 date 2006.07.12.17.41.54; author rillig; state Exp; branches; next 1.48; 1.48 date 2005.12.29.06.22.00; author jlam; state Exp; branches; next 1.47; 1.47 date 2005.12.08.09.52.16; author rillig; state Exp; branches; next 1.46; 1.46 date 2005.12.08.09.19.22; author rillig; state Exp; branches; next 1.45; 1.45 date 2005.12.05.23.55.14; author rillig; state Exp; branches; next 1.44; 1.44 date 2005.12.05.20.50.47; author rillig; state Exp; branches; next 1.43; 1.43 date 2005.09.10.10.43.42; author adrianp; state Exp; branches; next 1.42; 1.42 date 2005.07.16.01.19.16; author jlam; state Exp; branches; next 1.41; 1.41 date 2005.06.01.19.07.34; author jlam; state Exp; branches; next 1.40; 1.40 date 2005.04.11.21.46.52; author tv; state Exp; branches; next 1.39; 1.39 date 2005.03.19.03.03.56; author wiz; state Exp; branches; next 1.38; 1.38 date 2004.12.28.02.47.47; author reed; state Exp; branches; next 1.37; 1.37 date 2004.10.03.00.17.56; author tv; state Exp; branches; next 1.36; 1.36 date 2004.07.23.19.59.41; author xtraeme; state Exp; branches; next 1.35; 1.35 date 2004.06.10.20.03.11; author jschauma; state Exp; branches; next 1.34; 1.34 date 2004.05.08.07.37.40; author snj; state Exp; branches; next 1.33; 1.33 date 2004.03.28.06.35.03; author xtraeme; state Exp; branches; next 1.32; 1.32 date 2004.03.11.20.39.40; author reed; state Exp; branches; next 1.31; 1.31 date 2004.02.03.23.04.41; author reed; state Exp; branches; next 1.30; 1.30 date 2003.11.21.01.02.24; author fredb; state Exp; branches; next 1.29; 1.29 date 2003.11.20.12.09.09; author fredb; state Exp; branches; next 1.28; 1.28 date 2003.11.12.03.39.41; author jschauma; state Exp; branches; next 1.27; 1.27 date 2003.11.06.20.32.57; author fredb; state Exp; branches; next 1.26; 1.26 date 2003.11.01.00.52.50; author kristerw; state Exp; branches; next 1.25; 1.25 date 2003.10.24.04.52.26; author fredb; state Exp; branches; next 1.24; 1.24 date 2003.10.24.04.35.16; author fredb; state Exp; branches; next 1.23; 1.23 date 2003.07.17.22.51.30; author grant; state Exp; branches; next 1.22; 1.22 date 2003.04.10.01.28.22; author grant; state Exp; branches; next 1.21; 1.21 date 2002.07.16.14.57.08; author fredb; state Exp; branches; next 1.20; 1.20 date 2002.02.28.13.51.23; author fredb; state Exp; branches; next 1.19; 1.19 date 2001.08.14.06.10.41; author fredb; state Exp; branches; next 1.18; 1.18 date 2001.07.12.17.38.18; author fredb; state Exp; branches; next 1.17; 1.17 date 2001.07.12.16.24.58; author fredb; state Exp; branches; next 1.16; 1.16 date 2001.06.12.20.33.06; author jlam; state Exp; branches; next 1.15; 1.15 date 2001.02.17.18.19.19; author wiz; state Exp; branches; next 1.14; 1.14 date 2001.01.29.11.34.37; author wiz; state Exp; branches; next 1.13; 1.13 date 2000.08.18.19.39.53; author fredb; state Exp; branches; next 1.12; 1.12 date 2000.02.08.12.18.15; author fredb; state Exp; branches; next 1.11; 1.11 date 2000.01.10.00.57.16; author wiz; state Exp; branches; next 1.10; 1.10 date 99.11.14.05.23.26; author fredb; state Exp; branches; next 1.9; 1.9 date 99.08.30.11.15.13; author fredb; state Exp; branches; next 1.8; 1.8 date 99.08.19.08.52.57; author fredb; state Exp; branches; next 1.7; 1.7 date 99.08.13.08.54.28; author fredb; state Exp; branches; next 1.6; 1.6 date 99.07.29.19.06.05; author fredb; state Exp; branches; next 1.5; 1.5 date 99.07.28.08.55.12; author fredb; state Exp; branches; next 1.4; 1.4 date 99.07.27.17.45.15; author fredb; state Exp; branches; next 1.3; 1.3 date 99.07.24.21.23.52; author tron; state Exp; branches; next 1.2; 1.2 date 99.07.24.19.02.40; author fredb; state Exp; branches; next 1.1; 1.1 date 99.07.24.18.29.34; author fredb; state Exp; branches 1.1.1.1; next ; 1.91.2.1 date 2016.05.13.12.33.51; author bsiegert; state Exp; branches; next 1.91.2.2; commitid 8idRZash02CQQj6z; 1.91.2.2 date 2016.06.06.18.29.05; author spz; state Exp; branches; next 1.91.2.3; commitid y5j26AfJqv9T2r9z; 1.91.2.3 date 2016.06.06.18.34.31; author spz; state Exp; branches; next ; commitid BTyLtYvW6QxK4r9z; 1.89.2.1 date 2016.01.18.20.38.25; author bsiegert; state Exp; branches; next ; commitid nGOfgWCJvR8ggsRy; 1.87.2.1 date 2015.10.27.19.07.02; author bsiegert; state Exp; branches; next 1.87.2.2; commitid 2ETjHD2rbFqkqMGy; 1.87.2.2 date 2015.11.24.18.25.38; author bsiegert; state Exp; branches; next ; commitid sJKgr8P3BkgjinKy; 1.86.2.1 date 2015.07.12.08.58.43; author tron; state Exp; branches; next ; commitid W0RfcXGL3LoSuYsy; 1.84.2.1 date 2015.04.21.21.44.22; author tron; state Exp; branches; next ; commitid 65VGwotIuXeXmviy; 1.82.2.1 date 2015.04.01.18.11.56; author hiramatsu; state Exp; branches; next ; commitid Rrp14Jg7xFrcPUfy; 1.64.2.1 date 2009.12.15.21.37.54; author spz; state Exp; branches; next ; 1.58.10.1 date 2009.01.27.13.29.18; author tron; state Exp; branches; next ; 1.1.1.1 date 99.07.24.18.29.34; author fredb; state Exp; branches; next ; desc @@ 1.109 log @*: bump for openssl 3 @ text @# $NetBSD: Makefile,v 1.108 2022/06/28 11:35:04 wiz Exp $ # DISTNAME= ntp-4.2.8p15 PKGREVISION= 4 CATEGORIES= net time MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= http://www.ntp.org/ COMMENT= Network Time Protocol Version 4 CONFLICTS+= openntpd-[0-9]* GNU_CONFIGURE= YES USE_LIBTOOL= YES USE_TOOLS+= pax perl:run CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --with-locfile=loc/pkgsrc CONFIGURE_ENV+= PATH_PERL=${PERL5} OVERRIDE_DIRDEPTH= 4 DOCS+= COPYRIGHT ChangeLog NEWS README* TODO DOCDIR= share/doc/ntp EXAMPLESDIR= share/examples/ntp4 ALL_NTP_DOCS= ${DESTDIR}${PREFIX}/${DOCDIR} ${DESTDIR}${PREFIX}/${EXAMPLESDIR} INSTALLATION_DIRS= ${DOCDIR} ${EXAMPLESDIR} RCD_SCRIPTS= ntpd ntpdate post-install: cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DESTDIR}${PREFIX}/${DOCDIR} cd ${WRKSRC}/conf && pax -rw -pm . ${DESTDIR}${PREFIX}/${EXAMPLESDIR} ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${ALL_NTP_DOCS} ${FIND} ${ALL_NTP_DOCS} -type d -print | ${XARGS} ${CHMOD} ${PKGDIRMODE} ${FIND} ${ALL_NTP_DOCS} -type f -print | ${XARGS} ${CHMOD} ${SHAREMODE} .include "../../mk/bsd.prefs.mk" .include "options.mk" PLIST_VARS+= ntptime tickadj timetrim .if ${OPSYS} == "NetBSD" || ${OPSYS} == "FreeBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "Linux" || ${OPSYS} == "SunOS" PLIST.ntptime= yes PLIST.tickadj= yes .elif ${OPSYS} == "IRIX" PLIST.timetrim= yes .elif ${OPSYS} == "Darwin" PLIST.tickadj= yes .endif # chroot jail support .if ${OPSYS} == "NetBSD" CONFIGURE_ARGS+= --enable-clockctl .elif ${OPSYS} == "Linux" && exists(/usr/include/sys/capability.h) CONFIGURE_ARGS+= --enable-linuxcaps .else # no chroot/privilege drop supported .endif CPPFLAGS.Linux+= -D_GNU_SOURCE # for struct in6_pktinfo .include "../../security/openssl/buildlink3.mk" CONFIGURE_ARGS+= --with-openssl-incdir=${SSLBASE}/include CONFIGURE_ARGS+= --with-openssl-libdir=${SSLBASE}/lib CONFIGURE_ARGS+= --with-crypto=openssl .include "../../mk/readline.buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.108 log @*: recursive bump for perl 5.36 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.107 2021/05/24 19:53:22 wiz Exp $ d5 1 a5 1 PKGREVISION= 3 @ 1.107 log @*: recursive bump for perl 5.34 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.106 2020/08/31 18:10:37 wiz Exp $ d5 1 a5 1 PKGREVISION= 2 @ 1.106 log @*: bump PKGREVISION for perl-5.32. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.105 2020/08/15 02:09:25 tnn Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.105 log @net/ntp4: update to ntp-4.2.8p15 Fixes Sec 3661: Memory leak with CMAC keys + additional 13 bugfixes. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.104 2020/06/21 15:10:47 taca Exp $ d5 1 @ 1.104 log @net/ntp4: update to 4.2.8p14 Updaet ntp4 to 4.2.8p14. pkgsrc changes: * Incorporate several changes from NetBSD base. * few pkglint fixes. Quote from release announce: NTP 4.2.8p14 (Harlan Stenn , 2020 Mar 03) Focus: Security, Bug fixes, enhancements. Severity: MEDIUM This release fixes three vulnerabilities: a bug that causes causes an ntpd instance that is explicitly configured to override the default and allow ntpdc (mode 7) connections to be made to a server to read some uninitialized memory; fixes the case where an unmonitored ntpd using an unauthenticated association to its servers may be susceptible to a forged packet DoS attack; and fixes an attack against a client instance that uses a single unauthenticated time source. It also fixes 46 other bugs and addresses 4 other issues. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.103 2020/01/18 21:50:21 jperkin Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p14 @ 1.103 log @*: Recursive revision bump for openssl 1.1.1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.102 2019/11/03 11:45:45 rillig Exp $ d4 1 a4 3 DISTNAME= ntp-4.2.8p13 PKGNAME= ${DISTNAME:S/-dev-/-/} PKGREVISION= 2 d43 1 a43 1 PLIST_VARS+= ntpsnmpd ntptime tickadj timetrim @ 1.102 log @net: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.101 2019/08/11 13:22:13 wiz Exp $ d6 1 a6 1 PKGREVISION= 1 @ 1.101 log @Bump PKGREVISIONs for perl 5.30.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.100 2019/03/25 17:19:59 tnn Exp $ d20 3 a22 3 CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+=--with-locfile=loc/pkgsrc CONFIGURE_ENV+= PATH_PERL=${PERL5} @ 1.100 log @ntp4: update to ntp-4.2.8p13 NTP 4.2.8p13 2019-03-07 This release fixes a bug that allows an attacker with access to an explicitly trusted source to send a crafted malicious mode 6 (ntpq) packet that can trigger a NULL pointer dereference, crashing ntpd. It also provides 17 other bugfixes and 1 other improvement. NTP 4.2.8p12 2018-04-09 This release fixes a "hole" in the noepeer capability introduced to ntpd in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements. NTP 4.2.8p11 2018-02-27 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and provides 65 other non-security fixes and improvements. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.99 2018/08/22 09:45:56 wiz Exp $ d6 1 @ 1.99 log @Recursive bump for perl5-5.28.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.98 2017/03/24 03:41:08 taca Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p10 a5 1 PKGREVISION= 1 @ 1.98 log @Update ntp4 to 4.2.8p10 including security fixes. NTF's NTP Project is releasing ntp-4.2.8p10, which addresses: * 6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL) * 5 LOW severity vulnerabilities (2 are in the Windows Installer) * 4 Informational-level vulnerabilities * 15 other non-security fixes and improvements All of the security issues in this release are listed in VU#633849. ntp-4.2.8p10 was released on 21 March 2017. * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017) - Reported by Cure53. * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017) - Reported by Cure53. * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) - Reported by Cure53. * Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) - Reported by Cure53. * Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017) - Reported by Cure53. * Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017) - Reported by Cure53. * Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017) - Reported by Cure53. * Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017) - Reported by Cure53. * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017) - Reported by Cure53. * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) - Reported by Cure53. * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017) - Reported by Cure53. * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) - Reported by Cure53. * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) - Reported by Cure53. * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017) - Reported by Cure53. * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin - Reported by Matthew Van Gundy of Cisco ASIG. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.97 2016/12/05 15:49:59 taca Exp $ d6 1 @ 1.97 log @Update ntp4 to 4.2.8p9. Here is quote from NEWS file and please refer it in detail. --- NTP 4.2.8p9 (Harlan Stenn , 2016/11/21) Focus: Security, Bug fixes, enhancements. Severity: HIGH In addition to bug fixes and enhancements, this release fixes the following 1 high- (Windows only), 2 medium-, 2 medium-/low, and 5 low-severity vulnerabilities, and provides 28 other non-security fixes and improvements: @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.96 2016/07/09 06:38:44 wiz Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p9 @ 1.96 log @Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.95 2016/06/03 09:45:08 taca Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p8 a5 1 PKGREVISION= 1 @ 1.95 log @Update ntp4 package to 4.2.8p8, security fix. (4.2.8p8) 2016/06/02 Released by Harlan Stenn * [Sec 3042] Broadcast Interleave. HStenn. * [Sec 3043] Autokey association reset. perlinger@@ntp.org, stenn@@ntp.org - validate origin timestamps on bad MACs, too. stenn@@ntp.org * [Sec 3044] Spoofed server packets are partially processed. HStenn. * [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger. * [Sec 3046] CRYPTO_NAK crash. stenn@@ntp.org * [Bug 3038] NTP fails to build in VS2015. perlinger@@ntp.org - provide build environment - 'wint_t' and 'struct timespec' defined by VS2015 - fixed print()/scanf() format issues * [Bug 3052] Add a .gitignore file. Edmund Wong. * [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite. * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn. * Update the NEWS file for 4.2.8p8. HStenn. * Fix typo in ntp-wait and plot_summary. HStenn. * Make sure we have an "author" file for git imports. HStenn. * Update the sntp problem tests for MacOS. HStenn. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.94 2016/05/14 08:13:49 bsiegert Exp $ d6 1 @ 1.94 log @Do SNMP support properly, as a package option, default disabled. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.93 2016/05/13 15:50:13 bsiegert Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p7 a5 1 PKGREVISION= 1 @ 1.93 log @Fix package installation for Darwin, which installs tickadj and ntpsnmpd. Not sure what the snmp thing is about; is it picking up a dependency from the base system? Why does no other OS build it? @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.92 2016/04/27 15:59:19 wen Exp $ d6 1 a52 1 PLIST.ntpsnmpd= yes @ 1.92 log @Update to 4.2.8p7 Upstream changes: (4.2.8p7) 2016/04/26 Released by Harlan Stenn * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@@ntp.org - integrated patches by Loganaden Velvidron with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@@ntp.org - applied patch by shenpeng11@@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@@ntp.org * [Bug 2980] reduce number of warnings. perlinger@@ntp.org - integrated several patches from Havard Eidnes (he@@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.91 2016/03/05 11:29:09 jperkin Exp $ d44 1 a44 1 PLIST_VARS+= ntptime tickadj timetrim d51 3 @ 1.91 log @Bump PKGREVISION for security/openssl ABI bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.90 2016/01/09 15:49:26 taca Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p5 a5 1 PKGREVISION= 1 @ 1.91.2.1 log @Pullup ticket #5010 - requested by taca net/ntp4: security fix Revisions pulled up: - net/ntp4/Makefile 1.92 - net/ntp4/PLIST 1.21 - net/ntp4/distinfo 1.26 --- Module Name: pkgsrc Committed By: wen Date: Wed Apr 27 15:59:19 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Log Message: Update to 4.2.8p7 Upstream changes: (4.2.8p7) 2016/04/26 Released by Harlan Stenn * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@@ntp.org - integrated patches by Loganaden Velvidron with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@@ntp.org - applied patch by shenpeng11@@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@@ntp.org * [Bug 2980] reduce number of warnings. perlinger@@ntp.org - integrated several patches from Havard Eidnes (he@@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.91 2016/03/05 11:29:09 jperkin Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p7 d6 1 @ 1.91.2.2 log @Pullup ticket #5037 - requested by bsiegert net/ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.95 - net/ntp4/distinfo 1.27 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Fri Jun 3 09:45:09 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: Update ntp4 package to 4.2.8p8, security fix. (4.2.8p8) 2016/06/02 Released by Harlan Stenn * [Sec 3042] Broadcast Interleave. HStenn. * [Sec 3043] Autokey association reset. perlinger@@ntp.org, = stenn@@ntp.org - validate origin timestamps on bad MACs, too. stenn@@ntp.org * [Sec 3044] Spoofed server packets are partially processed. HStenn. * [Sec 3045] Bad authentication demobilizes ephemeral associations. = JPerlinger. * [Sec 3046] CRYPTO_NAK crash. stenn@@ntp.org * [Bug 3038] NTP fails to build in VS2015. perlinger@@ntp.org - provide build environment - 'wint_t' and 'struct timespec' defined by VS2015 - fixed print()/scanf() format issues * [Bug 3052] Add a .gitignore file. Edmund Wong. * [Bug 3054] miscopt.html documents the allan intercept in seconds. = SWhite. * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian = Utterback, JPerlinger, HStenn. * Update the NEWS file for 4.2.8p8. HStenn. * Fix typo in ntp-wait and plot_summary. HStenn. * Make sure we have an "author" file for git imports. HStenn. * Update the sntp problem tests for MacOS. HStenn. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/ntp4/distinfo @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 DISTNAME= ntp-4.2.8p8 @ 1.91.2.3 log @Pullup ticket #5040 - requested by taca net/ntp4: package build fixes Revisions pulled up: - net/ntp4/Makefile 1.93-1.94 - net/ntp4/PLIST 1.22 - net/ntp4/options.mk 1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bsiegert Date: Fri May 13 15:50:13 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile PLIST Log Message: Fix package installation for Darwin, which installs tickadj and ntpsnmpd. Not sure what the snmp thing is about; is it picking up a dependency from the base system? Why does no other OS build it? To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/ntp4/PLIST ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bsiegert Date: Sat May 14 08:13:49 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile options.mk Log Message: Do SNMP support properly, as a package option, default disabled. To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/ntp4/options.mk @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.91.2.2 2016/06/06 18:29:05 spz Exp $ a5 1 #PKGREVISION= 0 d44 1 a44 1 PLIST_VARS+= ntpsnmpd ntptime tickadj timetrim a50 2 .elif ${OPSYS} == "Darwin" PLIST.tickadj= yes @ 1.90 log @Update ntp4 to 4.2.8p5. NTP 4.2.8p5 Focus: Security, Bug fixes, enhancements. Severity: MEDIUM In addition to bug fixes and enhancements, this release fixes the following medium-severity vulnerability: * Small-step/big-step. Close the panic gate earlier. References: Sec 2956, CVE-2015-5300 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and 4.3.0 up to, but not including 4.3.78 CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM Summary: If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd to set the time to an arbitrary value. Similarly, if an attacker is able to respond to enough requests from enough sources trusted by the target, the attacker can cause ntpd to abort and restart, at which point it can tell the target to set the time to an arbitrary value if and only if ntpd was re-started against long-standing recommendation with the -g flag, or if ntpd was not given the -g flag, the attacker can move the target system's time by at most 900 seconds' time per attack. Mitigation: Configure ntpd to get time from multiple sources. Upgrade to 4.2.8p5, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page As we've long documented, only use the -g option to ntpd in cold-start situations. Monitor your ntpd instances. Credit: This weakness was discovered by Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg at Boston University. NOTE WELL: The -g flag disables the limit check on the panic_gate in ntpd, which is 900 seconds by default. The bug identified by the researchers at Boston University is that the panic_gate check was only re-enabled after the first change to the system clock that was greater than 128 milliseconds, by default. The correct behavior is that the panic_gate check should be re-enabled after any initial time correction. If an attacker is able to inject consistent but erroneous time responses to your systems via the network or "over the air", perhaps by spoofing radio, cellphone, or navigation satellite transmissions, they are in a great position to affect your system's clock. There comes a point where your very best defenses include: Configure ntpd to get time from multiple sources. Monitor your ntpd instances. Other fixes: * Coverity submission process updated from Coverity 5 to Coverity 7. The NTP codebase has been undergoing regular Coverity scans on an ongoing basis since 2006. As part of our recent upgrade from Coverity 5 to Coverity 7, Coverity identified 16 nits in some of the newly-written Unity test programs. These were fixed. * [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@@ntp.org * [Bug 2887] stratum -1 config results as showing value 99 - fudge stratum should only accept values [0..16]. perlinger@@ntp.org * [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn. * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray * [Bug 2944] errno is not preserved properly in ntpdate after sendto call. - applied patch by Christos Zoulas. perlinger@@ntp.org * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704. * [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes. - fixed data race conditions in threaded DNS worker. perlinger@@ntp.org - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@@ntp.org * [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@@ntp.org - accept key file only if there are no parsing errors - fixed size_t/u_int format clash - fixed wrong use of 'strlcpy' * [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres. * [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@@ntp.org - fixed several other warnings (cast-alignment, missing const, missing prototypes) - promote use of 'size_t' for values that express a size - use ptr-to-const for read-only arguments - make sure SOCKET values are not truncated (win32-specific) - format string fixes * [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki. * [Bug 2967] ntpdate command suffers an assertion failure - fixed ntp_rfc2553.c to return proper address length. perlinger@@ntp.org * [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients. perlinger@@ntp.org * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@@ntp.org * Unity cleanup for FreeBSD-6.4. Harlan Stenn. * Unity test cleanup. Harlan Stenn. * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. * Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn. * Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn. * Quiet a warning from clang. Harlan Stenn. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.89 2015/10/29 11:28:44 christos Exp $ d6 1 @ 1.89 log @update checksum and bump revision @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.88 2015/10/23 03:43:31 taca Exp $ d4 1 a4 2 DISTNAME= ntp-4.2.8p4 PKGREVISION= 1 @ 1.89.2.1 log @Pullup ticket #4895 - requested by taca net/ntp4: security fix Revisions pulled up: - net/ntp4/Makefile 1.90 - net/ntp4/distinfo 1.25 - net/ntp4/patches/patch-ntpd-ntpd.c deleted --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 9 15:49:27 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Removed Files: pkgsrc/net/ntp4/patches: patch-ntpd-ntpd.c Log Message: Update ntp4 to 4.2.8p5. NTP 4.2.8p5 Focus: Security, Bug fixes, enhancements. Severity: MEDIUM In addition to bug fixes and enhancements, this release fixes the following medium-severity vulnerability: * Small-step/big-step. Close the panic gate earlier. References: Sec 2956, CVE-2015-5300 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and 4.3.0 up to, but not including 4.3.78 CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM Summary: If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd to set the time to an arbitrary value. Similarly, if an attacker is able to respond to enough requests from enough sources trusted by the target, the attacker can cause ntpd to abort and restart, at which point it can tell the target to set the time to an arbitrary value if and only if ntpd was re-started against long-standing recommendation with the -g flag, or if ntpd was not given the -g flag, the attacker can move the target system's time by at most 900 seconds' time per attack. Mitigation: Configure ntpd to get time from multiple sources. Upgrade to 4.2.8p5, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page As we've long documented, only use the -g option to ntpd in cold-start situations. Monitor your ntpd instances. Credit: This weakness was discovered by Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg at Boston University. NOTE WELL: The -g flag disables the limit check on the panic_gate in ntpd, which is 900 seconds by default. The bug identified by the researchers at Boston University is that the panic_gate check was only re-enabled after the first change to the system clock that was greater than 128 milliseconds, by default. The correct behavior is that the panic_gate check should be re-enabled after any initial time correction. If an attacker is able to inject consistent but erroneous time responses to your systems via the network or "over the air", perhaps by spoofing radio, cellphone, or navigation satellite transmissions, they are in a great position to affect your system's clock. There comes a point where your very best defenses include: Configure ntpd to get time from multiple sources. Monitor your ntpd instances. Other fixes: * Coverity submission process updated from Coverity 5 to Coverity 7. The NTP codebase has been undergoing regular Coverity scans on an ongoing basis since 2006. As part of our recent upgrade from Coverity 5 to Coverity 7, Coverity identified 16 nits in some of the newly-written Unity test programs. These were fixed. * [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@@ntp.org * [Bug 2887] stratum -1 config results as showing value 99 - fudge stratum should only accept values [0..16]. perlinger@@ntp.org * [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn. * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray * [Bug 2944] errno is not preserved properly in ntpdate after sendto call. - applied patch by Christos Zoulas. perlinger@@ntp.org * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704. * [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes. - fixed data race conditions in threaded DNS worker. perlinger@@ntp.org - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@@ntp.org * [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@@ntp.org - accept key file only if there are no parsing errors - fixed size_t/u_int format clash - fixed wrong use of 'strlcpy' * [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres. * [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@@ntp.org - fixed several other warnings (cast-alignment, missing const, missing prototypes) - promote use of 'size_t' for values that express a size - use ptr-to-const for read-only arguments - make sure SOCKET values are not truncated (win32-specific) - format string fixes * [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki. * [Bug 2967] ntpdate command suffers an assertion failure - fixed ntp_rfc2553.c to return proper address length. perlinger@@ntp.org * [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients. perlinger@@ntp.org * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@@ntp.org * Unity cleanup for FreeBSD-6.4. Harlan Stenn. * Unity test cleanup. Harlan Stenn. * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. * Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn. * Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn. * Quiet a warning from clang. Harlan Stenn. @ text @d1 1 a1 1 # $NetBSD$ d4 2 a5 1 DISTNAME= ntp-4.2.8p5 @ 1.88 log @Update ntp4 to 4.2.8p4. pkgsrc change: * Remove duplicated HTML documents. * Install some addtional documents. Changes are too many to write here, please refer NEWS files and this release fixes security problems. October 2015 NTP Security Vulnerability Announcement (Medium) NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: * Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG) * Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA) * Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS) * Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS) * Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS) * Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS) * Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS) * Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable) * Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat) * Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University) * Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable) The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4. Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here: * Bug 2382 : Peer precision < -31 gives division by zero * Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL * Bug 1593 : ntpd abort in free() with logconfig syntax error @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.87 2015/06/30 16:08:21 taca Exp $ d5 1 @ 1.87 log @Update ntp4 to 4.2.8p3. Please refer NEWS and ChangeLog for full changes. NTP 4.2.8p3 (Harlan Stenn , 2015/06/29) Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements. Severity: MEDIUM Security Fix: * [Sec 2853] Crafted remote config packet can crash some versions of ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn. Under specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: 1) ntpd set up to allow remote configuration (not allowed by default), and 2) knowledge of the configuration password, and 3) access to a computer entrusted to perform remote configuration. This vulnerability is considered low-risk. New features in this release: Optional (disabled by default) support to have ntpd provide smeared leap second time. A specially built and configured ntpd will only offer smeared time in response to client packets. These response packets will also contain a "refid" of 254.a.b.c, where the 24 bits of a, b, and c encode the amount of smear in a 2:22 integer:fraction format. See README.leapsmear and http://bugs.ntp.org/2855 for more information. *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME* *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.* We've imported the Unity test framework, and have begun converting the existing google-test items to this new framework. If you want to write new tests or change old ones, you'll need to have ruby installed. You don't need ruby to run the test suite. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.86 2015/06/12 10:50:43 wiz Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p3 d25 6 a30 3 DOCDIR= ${DESTDIR}${PREFIX}/share/doc/ntp EXAMPLESDIR= ${DESTDIR}${PREFIX}/share/examples/ntp4 ALL_NTP_DOCS= ${DOCDIR} ${EXAMPLESDIR} d35 2 a36 4 ${MKDIR} ${DOCDIR} ${MKDIR} ${EXAMPLESDIR} cd ${WRKSRC}/html && pax -rw -pm . ${DOCDIR} cd ${WRKSRC}/conf && pax -rw -pm . ${EXAMPLESDIR} @ 1.87.2.1 log @Pullup ticket #4846 - requested by taca net/ntp4: security fix Revisions pulled up: - net/ntp4/Makefile 1.88 - net/ntp4/PLIST 1.20 - net/ntp4/distinfo 1.23 - net/ntp4/patches/patch-configure deleted - net/ntp4/patches/patch-sntp_configure deleted --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 23 03:43:31 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Removed Files: pkgsrc/net/ntp4/patches: patch-configure patch-sntp_configure Log Message: Update ntp4 to 4.2.8p4. pkgsrc change: * Remove duplicated HTML documents. * Install some addtional documents. Changes are too many to write here, please refer NEWS files and this release fixes security problems. October 2015 NTP Security Vulnerability Announcement (Medium) NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: * Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG) * Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA) * Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS) * Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS) * Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS) * Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS) * Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS) * Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable) * Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat) * Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University) * Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable) The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4. Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here: * Bug 2382 : Peer precision < -31 gives division by zero * Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL * Bug 1593 : ntpd abort in free() with logconfig syntax error @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 DISTNAME= ntp-4.2.8p4 d25 3 a27 6 DOCS+= COPYRIGHT ChangeLog NEWS README* TODO DOCDIR= share/doc/ntp EXAMPLESDIR= share/examples/ntp4 ALL_NTP_DOCS= ${DESTDIR}${PREFIX}/${DOCDIR} ${DESTDIR}${PREFIX}/${EXAMPLESDIR} INSTALLATION_DIRS= ${DOCDIR} ${EXAMPLESDIR} d32 4 a35 2 cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DESTDIR}${PREFIX}/${DOCDIR} cd ${WRKSRC}/conf && pax -rw -pm . ${DESTDIR}${PREFIX}/${EXAMPLESDIR} @ 1.87.2.2 log @Pullup ticket #4861 - requested by taca net/ntp4: build fix Revisions pulled up: - net/ntp4/Makefile 1.89 - net/ntp4/distinfo 1.24 - net/ntp4/patches/patch-aa deleted - net/ntp4/patches/patch-include-ntp__syscall.h 1.1 - net/ntp4/patches/patch-ntpd-ntpd.c 1.1 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:23:47 UTC 2015 Added Files: pkgsrc/net/ntp4/patches: patch-include-ntp__syscall.h patch-ntpd-ntpd.c Removed Files: pkgsrc/net/ntp4/patches: patch-aa Log Message: - rename patch-aa to follow not so new anymore convention - apply the "warmup" patch only on linux. should fix the build on netbsd-6 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:28:44 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: update checksum and bump revision @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.87.2.1 2015/10/27 19:07:02 bsiegert Exp $ a4 1 PKGREVISION= 1 @ 1.86 log @Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.85 2015/04/08 03:31:33 taca Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p2 a5 1 PKGREVISION= 1 @ 1.86.2.1 log @Pullup ticket #4764 - requested by taca net/ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.87 - net/ntp4/PLIST 1.19 - net/ntp4/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 30 16:08:21 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Log Message: Update ntp4 to 4.2.8p3. Please refer NEWS and ChangeLog for full changes. NTP 4.2.8p3 (Harlan Stenn , 2015/06/29) Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements. Severity: MEDIUM Security Fix: * [Sec 2853] Crafted remote config packet can crash some versions of ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn. Under specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: 1) ntpd set up to allow remote configuration (not allowed by default), and 2) knowledge of the configuration password, and 3) access to a computer entrusted to perform remote configuration. This vulnerability is considered low-risk. New features in this release: Optional (disabled by default) support to have ntpd provide smeared leap second time. A specially built and configured ntpd will only offer smeared time in response to client packets. These response packets will also contain a "refid" of 254.a.b.c, where the 24 bits of a, b, and c encode the amount of smear in a 2:22 integer:fraction format. See README.leapsmear and http://bugs.ntp.org/2855 for more information. *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME* *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.* We've imported the Unity test framework, and have begun converting the existing google-test items to this new framework. If you want to write new tests or change old ones, you'll need to have ruby installed. You don't need ruby to run the test suite. @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 DISTNAME= ntp-4.2.8p3 d6 1 @ 1.85 log @Update ntp4 package to 4.2.8p2. NTP 4.2.8p2 (Harlan Stenn , 2015/04/xx) Focus: Security and Bug fixes, enhancements. Severity: MEDIUM In addition to bug fixes and enhancements, this release fixes the following medium-severity vulnerabilities involving private key authentication: * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. References: Sec 2779 / CVE-2015-1798 / VU#374268 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not including ntp-4.2.8p2 where the installation uses symmetric keys to authenticate remote associations. CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 Date Resolved: Stable (4.2.8p2) 07 Apr 2015 Summary: When ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not if there actually is any MAC included. Packets without a MAC are accepted as if they had a valid MAC. This allows a MITM attacker to send false packets that are accepted by the client/peer without having to know the symmetric key. The attacker needs to know the transmit timestamp of the client to match it in the forged reply and the false reply needs to reach the client before the genuine reply from the server. The attacker doesn't necessarily need to be relaying the packets between the client and the server. Authentication using autokey doesn't have this problem as there is a check that requires the key ID to be larger than NTP_MAXKEY, which fails for packets without a MAC. Mitigation: Upgrade to 4.2.8p2, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Configure ntpd with enough time sources and monitor it properly. Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. * [Sec 2781] Authentication doesn't protect symmetric associations against DoS attacks. References: Sec 2781 / CVE-2015-1799 / VU#374268 Affects: All NTP releases starting with at least xntp3.3wy up to but not including ntp-4.2.8p2 where the installation uses symmetric key authentication. CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 Note: the CVSS base Score for this issue could be 4.3 or lower, and it could be higher than 5.4. Date Resolved: Stable (4.2.8p2) 07 Apr 2015 Summary: An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other. This is a known denial-of-service attack, described at https://www.eecis.udel.edu/~mills/onwire.html . According to the document the NTP authentication is supposed to protect symmetric associations against this attack, but that doesn't seem to be the case. The state variables are updated even when authentication fails and the peers are sending packets with originate timestamps that don't match the transmit timestamps on the receiving side. This seems to be a very old problem, dating back to at least xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905) specifications, so other NTP implementations with support for symmetric associations and authentication may be vulnerable too. An update to the NTP RFC to correct this error is in-process. Mitigation: Upgrade to 4.2.8p2, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Note that for users of autokey, this specific style of MITM attack is simply a long-known potential problem. Configure ntpd with appropriate time sources and monitor ntpd. Alert your staff if problems are detected. Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. * New script: update-leap The update-leap script will verify and if necessary, update the leap-second definition file. It requires the following commands in order to work: wget logger tr sed shasum Some may choose to run this from cron. It needs more portability testing. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.84 2015/03/21 20:49:28 bsiegert Exp $ d6 1 @ 1.84 log @SECURITY: Update ntpd to 4.2.8p1. * [Sec 2671] vallen in extension fields are not validated. * [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.83 2015/02/28 23:44:56 joerg Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p1 @ 1.84.2.1 log @Pullup ticket #4678 - requested by taca net/ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.85 - net/ntp4/PLIST 1.18 - net/ntp4/distinfo 1.21 --- Module Name: pkgsrc Committed By: taca Date: Wed Apr 8 03:31:34 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Log Message: Update ntp4 package to 4.2.8p2. NTP 4.2.8p2 (Harlan Stenn , 2015/04/xx) Focus: Security and Bug fixes, enhancements. Severity: MEDIUM In addition to bug fixes and enhancements, this release fixes the following medium-severity vulnerabilities involving private key authentication: * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. References: Sec 2779 / CVE-2015-1798 / VU#374268 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not including ntp-4.2.8p2 where the installation uses symmetric keys to authenticate remote associations. CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 Date Resolved: Stable (4.2.8p2) 07 Apr 2015 Summary: When ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not if there actually is any MAC included. Packets without a MAC are accepted as if they had a valid MAC. This allows a MITM attacker to send false packets that are accepted by the client/peer without having to know the symmetric key. The attacker needs to know the transmit timestamp of the client to match it in the forged reply and the false reply needs to reach the client before the genuine reply from the server. The attacker doesn't necessarily need to be relaying the packets between the client and the server. Authentication using autokey doesn't have this problem as there is a check that requires the key ID to be larger than NTP_MAXKEY, which fails for packets without a MAC. Mitigation: Upgrade to 4.2.8p2, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Configure ntpd with enough time sources and monitor it properly. Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. * [Sec 2781] Authentication doesn't protect symmetric associations against DoS attacks. References: Sec 2781 / CVE-2015-1799 / VU#374268 Affects: All NTP releases starting with at least xntp3.3wy up to but not including ntp-4.2.8p2 where the installation uses symmetric key authentication. CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 Note: the CVSS base Score for this issue could be 4.3 or lower, and it could be higher than 5.4. Date Resolved: Stable (4.2.8p2) 07 Apr 2015 Summary: An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other. This is a known denial-of-service attack, described at https://www.eecis.udel.edu/~mills/onwire.html . According to the document the NTP authentication is supposed to protect symmetric associations against this attack, but that doesn't seem to be the case. The state variables are updated even when authentication fails and the peers are sending packets with originate timestamps that don't match the transmit timestamps on the receiving side. This seems to be a very old problem, dating back to at least xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905) specifications, so other NTP implementations with support for symmetric associations and authentication may be vulnerable too. An update to the NTP RFC to correct this error is in-process. Mitigation: Upgrade to 4.2.8p2, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Note that for users of autokey, this specific style of MITM attack is simply a long-known potential problem. Configure ntpd with appropriate time sources and monitor ntpd. Alert your staff if problems are detected. Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. * New script: update-leap The update-leap script will verify and if necessary, update the leap-second definition file. It requires the following commands in order to work: wget logger tr sed shasum Some may choose to run this from cron. It needs more portability testing. @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 DISTNAME= ntp-4.2.8p2 @ 1.83 log @Look deeper for config.guess/config.sub. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.82 2014/12/27 02:48:27 taca Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8 a5 1 PKGREVISION= 1 d25 1 a25 1 DOCDIR= ${DESTDIR}${PREFIX}/share/doc/ntp4 @ 1.82 log @Create minimum services files on chroot environment as recent NetBSD current. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.81 2014/12/20 09:45:46 taca Exp $ d24 2 @ 1.82.2.1 log @Pullup ticket #4649 - requested by bsiegert net/ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.84 - net/ntp4/PLIST 1.17 - net/ntp4/distinfo 1.20 - net/ntp4/patches/patch-ntpd_ntp__io.c deleted --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Mar 21 20:49:28 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Removed Files: pkgsrc/net/ntp4/patches: patch-ntpd_ntp__io.c Log Message: SECURITY: Update ntpd to 4.2.8p1. * [Sec 2671] vallen in extension fields are not validated. * [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.84 2015/03/21 20:49:28 bsiegert Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.8p1 d6 1 d24 1 a24 3 OVERRIDE_DIRDEPTH= 4 DOCDIR= ${DESTDIR}${PREFIX}/share/doc/ntp @ 1.81 log @Update ntpd4 pacakge to 4.2.8, here is summary for security related fixes. NTP 4.2.8 (Harlan Stenn , 2014/12/18) Focus: Security and Bug fixes, enhancements. Severity: HIGH In addition to bug fixes and enhancements, this release fixes the following high-severity vulnerabilities: * Weak default key in config_auth(). References: [Sec 2665] / CVE-2014-9293 / VU#852879 CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 Vulnerable Versions: all releases prior to 4.2.7p11 Date Resolved: 28 Jan 2010 Summary: If no 'auth' key is set in the configuration file, ntpd would generate a random key on the fly. There were two problems with this: 1) the generated key was 31 bits in size, and 2) it used the (now weak) ntp_random() function, which was seeded with a 32-bit value and could only provide 32 bits of entropy. This was sufficient back in the late 1990s when the code was written. Not today. Mitigation: Upgrade to 4.2.7p11 or later. Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta of the Google Security Team. * Non-cryptographic random number generator with weak seed used by ntp-keygen to generate symmetric keys. References: [Sec 2666] / CVE-2014-9294 / VU#852879 CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 Vulnerable Versions: All NTP4 releases before 4.2.7p230 Date Resolved: Dev (4.2.7p230) 01 Nov 2011 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to prepare a random number generator that was of good quality back in the late 1990s. The random numbers produced was then used to generate symmetric keys. In ntp-4.2.8 we use a current-technology cryptographic random number generator, either RAND_bytes from OpenSSL, or arc4random(). Mitigation: Upgrade to 4.2.7p230 or later. Credit: This vulnerability was discovered in ntp-4.2.6 by Stephen Roettger of the Google Security Team. * Buffer overflow in crypto_recv() References: Sec 2667 / CVE-2014-9295 / VU#852879 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Versions: All releases before 4.2.8 Date Resolved: Stable (4.2.8) 18 Dec 2014 Summary: When Autokey Authentication is enabled (i.e. the ntp.conf file contains a 'crypto pw ...' directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. Mitigation: Upgrade to 4.2.8, or later, or Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the crypto keyword in your ntp.conf file. Credit: This vulnerability was discovered by Stephen Roettger of the Google Security Team. * Buffer overflow in ctl_putdata() References: Sec 2668 / CVE-2014-9295 / VU#852879 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Versions: All NTP4 releases before 4.2.8 Date Resolved: Stable (4.2.8) 18 Dec 2014 Summary: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. Mitigation: Upgrade to 4.2.8, or later. Credit: This vulnerability was discovered by Stephen Roettger of the Google Security Team. * Buffer overflow in configure() References: Sec 2669 / CVE-2014-9295 / VU#852879 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Versions: All NTP4 releases before 4.2.8 Date Resolved: Stable (4.2.8) 18 Dec 2014 Summary: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. Mitigation: Upgrade to 4.2.8, or later. Credit: This vulnerability was discovered by Stephen Roettger of the Google Security Team. * receive(): missing return on error References: Sec 2670 / CVE-2014-9296 / VU#852879 CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0 Versions: All NTP4 releases before 4.2.8 Date Resolved: Stable (4.2.8) 18 Dec 2014 Summary: Code in ntp_proto.c:receive() was missing a 'return;' in the code path where an error was detected, which meant processing did not stop when a specific rare error occurred. We haven't found a way for this bug to affect system integrity. If there is no way to affect system integrity the base CVSS score for this bug is 0. If there is one avenue through which system integrity can be partially affected, the base score becomes a 5. If system integrity can be partially affected via all three integrity metrics, the CVSS base score become 7.5. Mitigation: Upgrade to 4.2.8, or later, or Remove or comment out all configuration directives beginning with the crypto keyword in your ntp.conf file. Credit: This vulnerability was discovered by Stephen Roettger of the Google Security Team. See http://support.ntp.org/security for more information. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.80 2014/10/09 14:06:45 wiz Exp $ d6 1 @ 1.80 log @Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.79 2014/05/29 23:37:05 wiz Exp $ d4 1 a4 1 DISTNAME= ntp-dev-4.2.7p410 a5 1 PKGREVISION= 2 d7 1 a7 1 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ @ 1.79 log @Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.78 2014/03/20 19:01:45 asau Exp $ a13 2 PKG_INSTALLATION_TYPES= overwrite pkgviews @ 1.78 log @More files observed on FreeBSD. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.77 2014/03/05 12:35:09 obache Exp $ d6 1 a6 1 PKGREVISION= 1 @ 1.77 log @Fixes PKGNAME, '-dev-' should not be there. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.76 2014/02/12 23:18:24 tron Exp $ d46 1 a46 1 .if ${OPSYS} == "NetBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "Linux" || ${OPSYS} == "SunOS" @ 1.76 log @Recursive PKGREVISION bump for OpenSSL API version bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.75 2014/01/12 17:01:02 spz Exp $ d5 1 @ 1.75 log @update to ntp latest dev version to deal with CVE-2013-5211 (amplification attacks using monlist queries) tickadj for Solaris is a guess (and probably version dependent) the bulk builds will tell :) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.74 2013/07/15 02:02:27 ryoon Exp $ d5 1 @ 1.74 log @* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes are replaced with .include "../../devel/readline/buildlink3.mk", and USE_GNU_READLINE are removed, * .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE are replaced with .include "../../mk/readline.buildlink3.mk". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.73 2013/05/31 12:41:35 wiz Exp $ d4 1 a4 2 DISTNAME= ntp-4.2.4p8 PKGREVISION= 5 d6 1 a6 1 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ d21 1 d44 1 a44 1 .if ${OPSYS} == "NetBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "Linux" a48 2 .elif ${OPSYS} == "SunOS" PLIST.ntptime= yes @ 1.73 log @Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.72 2013/02/06 23:23:20 jperkin Exp $ d70 1 a70 1 .include "../../devel/readline/buildlink3.mk" @ 1.72 log @PKGREVISION bumps for the security/openssl 1.0.1d update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.71 2012/10/23 17:18:43 asau Exp $ d5 1 a5 1 PKGREVISION= 4 @ 1.71 log @Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.70 2012/10/03 21:56:57 wiz Exp $ d5 1 a5 1 PKGREVISION= 3 @ 1.70 log @Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.69 2012/04/08 16:58:05 bsiegert Exp $ a13 1 PKG_DESTDIR_SUPPORT= user-destdir @ 1.69 log @POSIX says that the target directory for "pax -rw" must exist. The pax implementation in MirBSD enforces this. Use ${MKDIR} to create the target directory before running pax. This does not actually fix the build on MirBSD (it needs some more work in the configure), it is at least a start. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.68 2011/11/16 08:23:49 sbd Exp $ d5 1 a5 1 PKGREVISION= 2 @ 1.68 log @Add missing devel/readline buildlinks. Bump PKGREVISIONs @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.67 2010/01/17 12:02:34 wiz Exp $ d32 2 @ 1.67 log @Recursive PKGREVISION bump for jpeg update to 8. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.66 2009/12/15 10:53:20 tnn Exp $ d5 1 a5 1 PKGREVISION= 1 d69 1 @ 1.66 log @Update to ntp-4.2.4p8. Security fix for CVE-2009-3563 DoS vulnerability. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.65 2009/10/11 16:35:27 zafer Exp $ d5 1 @ 1.65 log @update master_sites. ftp.udel.edu has been suspended. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.64 2009/09/08 11:34:02 tnn Exp $ d4 1 a4 2 DISTNAME= ntp-4.2.4p7 PKGREVISION= 2 @ 1.64 log @needs -D_GNU_SOURCE on Linux for struct in6_pktinfo @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.63 2009/09/08 10:06:50 tnn Exp $ d7 1 a7 2 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ ftp://ftp.udel.edu/pub/ntp/ntp4/ @ 1.64.2.1 log @Pullup ticket 2949 - requested by tnn security update Revisions pulled up: - pkgsrc/net/ntp4/Makefile 1.66 - pkgsrc/net/ntp4/distinfo 1.14 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tnn Date: Tue Dec 15 10:53:21 UTC 2009 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: Update to ntp-4.2.4p8. Security fix for CVE-2009-3563 DoS vulnerability. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/ntp4/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/ntp4/distinfo @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.66 2009/12/15 10:53:20 tnn Exp $ d4 2 a5 1 DISTNAME= ntp-4.2.4p8 @ 1.63 log @Build with chroot jail support on platforms that support it. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.62 2009/09/08 08:40:26 tnn Exp $ d62 2 @ 1.62 log @make net/ntp4 properly IPv6 aware @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.61 2009/09/06 11:13:50 tnn Exp $ d5 1 a5 1 PKGREVISION= 1 d53 9 @ 1.61 log @fix PLIST breakage on Linux @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.60 2009/09/06 10:20:21 tnn Exp $ d5 1 d40 1 @ 1.60 log @NTP 4.2.4p7, 2009/05/04 Focus: Security and Bug Fixes Severity: HIGH This release fixes the following high-severity vulnerability: * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 See http://support.ntp.org/security for more information. If autokey is enabled (if ntp.conf contains a "crypto pw whatever" line) then a carefully crafted packet sent to the machine will cause a buffer overflow and possible execution of injected code, running with the privileges of the ntpd process (often root). Credit for finding this vulnerability goes to Chris Ries of CMU. This release fixes the following low-severity vulnerabilities: * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 Credit for finding this vulnerability goes to Geoff Keating of Apple. * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows Credit for finding this issue goes to Dave Hart. This release fixes a number of bugs and adds some improvements: * Improved logging * Fix many compiler warnings * Many fixes and improvements for Windows * Adds support for AIX 6.1 * Resolves some issues under MacOS X and Solaris @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.59 2009/01/26 20:06:15 kefren Exp $ d42 1 a42 1 .if ${OPSYS} == "NetBSD" || ${OPSYS} == "DragonFly" @ 1.59 log @Update to 4.2.4p6. Highlights from 4.2.4p4: * fix CVE-2009-0021 * fix build against latest OpenSSL versions * obsolete "dynamic" keyword * fix memory leak when fetching system messages * several fixes in ntpdate @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.58 2008/06/24 13:57:09 obache Exp $ d4 1 a4 1 DISTNAME= ntp-4.2.4p6 @ 1.58 log @Fixed PLIST for Solaris, installs ntptime but not tickadj. Noticed by John Heasley in PR 39033. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.57 2008/06/24 11:47:13 obache Exp $ d4 1 a4 2 DISTNAME= ntp-4.2.4p4 PKGREVISION= 1 @ 1.58.10.1 log @Pullup ticket #2657 - requested by ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.59 - net/ntp4/distinfo 1.12 --- Module Name: pkgsrc Committed By: kefren Date: Mon Jan 26 20:06:15 UTC 2009 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: Update to 4.2.4p6. Highlights from 4.2.4p4: * fix CVE-2009-0021 * fix build against latest OpenSSL versions * obsolete "dynamic" keyword * fix memory leak when fetching system messages * several fixes in ntpdate @ text @d1 1 a1 1 # $NetBSD$ d4 2 a5 1 DISTNAME= ntp-4.2.4p6 @ 1.57 log @Fixes some problems noticed by Hasso Tepper in PR 39032. * Fix perl path in scripts, add runtime dependency on perl. * Fix unwanted PLIST subst. * DragonFly also support ntptime. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.56 2008/06/08 04:53:27 obache Exp $ d41 1 a41 1 PLIST_VARS+= ntptime timetrim d45 1 d48 2 @ 1.56 log @Update ntp to 4.2.4p4. --- (4.2.4p4) Released by Harlan Stenn * [Bug 902] Fix problems with the -6 flag. * Updated include/copyright.def (owner and year). * [Bug 878] Avoid ntpdc use of refid value as unterminated string. * [Bug 881] Corrected display of pll offset on 64bit systems. * [Bug 886] Corrected sign handling on 64bit in ntpdc loopinfo command. * [Bug 889] avoid malloc() interrupted by SIGIO risk * ntpd/refclock_parse.c: cleanup shutdown while the file descriptor is still open. * [Bug 885] use emalloc() to get a message at the end of the memory unsigned types cannot be less than 0 default_ai_family is a short lose trailing , from enum list clarify ntp_restrict.c for easier automated analysis * [Bug 884] don't access recv buffers after having them passed to the free list. * [Bug 882] allow loopback interfaces to share addresses with other interfaces. --- (4.2.4p3) Released by Harlan Stenn * [Bug 863] unable to stop ntpd on Windows as the handle reference for events changed --- (4.2.4p2) Released by Harlan Stenn * [Bug 854] Broadcast address was not correctly set for interface addresses * [Bug 829] reduce syslog noise, while there fix Enabled/Disable logging to reflect the actual configuration. * [Bug 795] Moved declaration of variable to top of function. * [Bug 789] Fix multicast client crypto authentication and make sure arriving multicast packets do not disturb the autokey dance. * [Bug 785] improve handling of multicast interfaces (multicast routers still need to run a multicast routing software/daemon) * [Bug 527] Don't write from source address length to wrong location * Upgraded autogen and libopts. * [Bug 811] ntpd should not read a .ntprc file. --- (4.2.4p1) (skipped) --- (4.2.4p0) Released by Harlan Stenn * [Bug 793] Update Hans Lambermont's email address in ntpsweep. * [Bug 776] Remove unimplemented "rate" flag from ntpdate. * [Bug 586] Avoid lookups if AI_NUMERICHOST is set. * [Bug 770] Fix numeric parameters to ntp-keygen (Alain Guibert). * [Bug 768] Fix io_setbclient() error message. * [Bug 765] Use net_bind_service capability on linux. * [Bug 760] The background resolver must be aware of the 'dynamic' keyword. * [Bug 753] make union timestamp anonymous (Philip Prindeville). * confopt.html: move description for "dynamic" keyword into the right section. * pick the right type for the recv*() length argument. --- (4.2.4) Released by Harlan Stenn * monopt.html fixes from Dave Mills. * [Bug 452] Do not report kernel PLL/FLL flips. * [Bug 746] Expert mouseCLOCK USB v2.0 support added.' * driver8.html updates. * [Bug 747] Drop tags from ntpdc.html. * sntp now uses the returned precision to control decimal places. * sntp -u will use an unprivileged port for its queries. * [Bug 741] "burst" doesn't work with !unfit peers. * [Bug 735] Fix a make/gmake VPATH issue on Solaris. * [Bug 739] ntpd -x should not take an argument. * [Bug 737] Some systems need help providing struct iovec. * [Bug 717] Fix libopts compile problem. * [Bug 728] parse documentation fixes. * [Bug 734] setsockopt(..., IP_MULTICAST_IF, ...) fails on 64-bit platforms. * [Bug 732] C-DEX JST2000 patch from Hideo Kuramatsu. * [Bug 721] check for __ss_family and __ss_len separately. * [Bug 666] ntpq opeers displays jitter rather than dispersion. * [Bug 718] Use the recommended type for the saddrlen arg to getsockname(). * [Bug 715] Fix a multicast issue under Linux. * [Bug 690] Fix a Windows DNS lookup buffer overflow. * [Bug 670] Resolved a Windows issue with the dynamic interface rescan code. * K&R C support is being deprecated. * [Bug 714] ntpq -p should conflict with -i, not -c. * WWV refclock improvements from Dave Mills. * [Bug 708] Use thread affinity only for the clock interpolation thread. * [Bug 706] ntpd can be running several times in parallel. * [Bug 704] Documentation typos. * [Bug 701] coverity: NULL dereference in ntp_peer.c * [Bug 695] libopts does not protect against macro collisions. * [Bug 693] __adjtimex is independent of ntp_{adj,get}time. * [Bug 692] sys_limitrejected was not being incremented. * [Bug 691] restrictions() assumption not always valid. * [Bug 689] Deprecate HEATH GC-1001 II; the driver never worked. * [Bug 688] Fix documentation typos. * [Bug 686] Handle leap seconds better under Windows. * [Bug 685] Use the Windows multimedia timer. * [Bug 684] Only allow debug options if debugging is enabled. * [Bug 683] Use the right version string. * [Bug 680] Fix the generated version string on Windows. * [Bug 678] Use the correct size for control messages. * [Bug 677] Do not check uint_t in configure.ac. * [Bug 676] Use the right value for msg_namelen. * [Bug 675] Make sure ntpd builds without debugging. * [Bug 672] Fix cross-platform structure padding/size differences. * [Bug 660] New TIMESTAMP code fails tp build on Solaris Express. * [Bug 659] libopts does not build under Windows. * [Bug 658] HP-UX with cc needs -Wp,-H8166 in CFLAGS. * [Bug 656] ntpdate doesn't work with multicast address. * [Bug 638] STREAMS_TLI is deprecated - remove it. * [Bug 635] Fix tOptions definition. * [Bug 628] Fallback to ntp discipline not working for large offsets. * [Bug 622] Dynamic interface tracking for ntpd. * [Bug 603] Don't link with libelf if it's not needed. * [Bug 523] ntpd service under Windows does't shut down properly. * [Bug 500] sntp should always be built. * [Bug 479] Fix the -P option. * [Bug 421] Support the bc637PCI-U card. * [Bug 342] Deprecate broken TRAK refclock driver. * [Bug 340] Deprecate broken MSF EES refclock driver. * [Bug 153] Don't do DNS lookups on address masks. * [Bug 143] Fix interrupted system call on HP-UX. * [Bug 42] Distribution tarballs should be signed. * Support separate PPS devices for PARSE refclocks. * [Bug 637, 51?] Dynamic interface scanning can now be done. * Options processing now uses GNU AutoGen. --- (4.2.2p4) Released by Harlan Stenn * [Bug 710] compat getnameinfo() has off-by-one error * [Bug 690] Buffer overflow in Windows when doing DNS Lookups --- (4.2.2p3) Released by Harlan Stenn * Make the ChangeLog file cleaner and easier to read * [Bug 601] ntpq's decodeint uses an extra level of indirection * [Bug 657] Different OSes need different sized args for IP_MULTICAST_LOOP * release engineering/build changes * Documentation fixes * Get sntp working under AIX-5 --- (4.2.2p2) (broken) * Get sntp working under AIX-5 --- (4.2.2p1) * [Bug 661] Use environment variable to specify the base path to openssl. * Resolve an ambiguity in the copyright notice * Added some new documentation files * URL cleanup in the documentation * [Bug 657]: IP_MULTICAST_LOOP uses a u_char value/size * quiet gcc4 complaints * more Coverity fixes * [Bug 614] manage file descriptors better * [Bug 632] update kernel PPS offsets when PPS offset is re-configured * [Bug 637] Ignore UP in*addr_any interfaces * [Bug 633] Avoid writing files in srcdir * release engineering/build changes --- (4.2.2) * SNTP * Many bugfixes * Implements the current "goal state" of NTPv4 * Autokey improvements * Much better IPv6 support * [Bug 360] ntpd loses handles with LAN connection disabled. * [Bug 239] Fix intermittent autokey failure with multicast clients. * Rewrite of the multicast code * New version numbering scheme @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.55 2008/05/26 02:13:22 joerg Exp $ d5 1 d21 1 a21 1 USE_TOOLS+= pax perl d24 1 d43 1 a43 1 .if ${OPSYS} == "NetBSD" @ 1.55 log @Second round of explicit pax dependencies. As reminded by tnn@@, many packages used to use ${PAX}. Use the common way of directly calling pax, it is created as tool after all. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.54 2008/04/12 22:43:08 jlam Exp $ d4 1 a4 2 DISTNAME= ntp-4.2.0 PKGREVISION= 11 d6 2 a7 2 MASTER_SITES= ftp://ftp.udel.edu/pub/ntp/ntp4/ \ http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ d14 1 d19 1 d22 1 a22 1 CONFIGURE_ENV+= PATH_PERL=${PERL5:Q} ac_cv_header_sys_soundcard_h=no d24 2 a25 4 CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR:Q} DOCDIR= ${PREFIX}/share/doc/ntp4 EXAMPLESDIR= ${PREFIX}/share/examples/ntp4 d31 2 a32 2 cd ${WRKSRC}/html && pax -rw . ${DOCDIR} cd ${WRKSRC}/conf && pax -rw . ${EXAMPLESDIR} a41 14 # # Use POSIX nanosecond timers when available, but not otherwise. # LOWER_OPSYS_VERSUFFIX= 1 MACHINE_GNU_PLATFORM= ${LOWER_ARCH}--${LOWER_OPSYS}${LOWER_OPSYS_VERSUFFIX} . for __wildcard__ in 1.6[N-Z]* 2* . if ${OS_VERSION:M${__wildcard__}} != "" LOWER_OPSYS_VERSUFFIX= 2 . endif . endfor # # Don't pick up libwww's -lmd5, until buildlink can be fixed. # CONFIGURE_ENV+= ac_cv_lib_md5_MD5Init=no @ 1.54 log @Convert to use PLIST_VARS instead of manually passing "@@comment " through PLIST_SUBST to the plist module. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.53 2008/01/24 11:55:42 is Exp $ d19 1 a19 1 USE_TOOLS+= perl d32 2 a33 2 cd ${WRKSRC}/html && ${PAX} -rw . ${DOCDIR} cd ${WRKSRC}/conf && ${PAX} -rw . ${EXAMPLESDIR} @ 1.53 log @Correct PLIST on Solaris (From PR 33259 by spz@@). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.52 2008/01/18 05:08:47 tnn Exp $ d40 1 a40 2 TIMETRIM= "" NO_TIMETRIM= "@@comment " d57 1 d59 1 a59 4 TIMETRIM= "@@comment " NO_TIMETRIM= "" .elif ${OPSYS} == "SunOS" && ${LOWER_OPSYS} == "solaris" TIMETRIM= "@@comment " a61 2 PLIST_SUBST+= TIMETRIM=${TIMETRIM} NO_TIMETRIM=${NO_TIMETRIM} @ 1.52 log @Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@@ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.51 2007/12/12 20:42:32 wiz Exp $ d61 2 @ 1.51 log @Reset maintainer on his request. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.50 2006/11/22 23:07:39 reed Exp $ d5 1 a5 1 PKGREVISION= 10 @ 1.50 log @Fix path to docs in MESSAGE. This is PR #35096. It was changed in Makefile revision 1.49 in July 2006. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.49 2006/07/12 17:41:54 rillig Exp $ d10 1 a10 1 MAINTAINER= fredb@@NetBSD.org @ 1.49 log @Moved documentation to share/doc/ntp4. Bumped PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.48 2005/12/29 06:22:00 jlam Exp $ d5 1 a5 1 PKGREVISION= 9 @ 1.48 log @Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.47 2005/12/08 09:52:16 rillig Exp $ d5 1 a5 1 PKGREVISION= 8 d25 3 a27 3 DOCDIR= ${PREFIX}/share/doc/html EXAMPLESDIR= ${PREFIX}/share/examples ALL_NTP_DOCS= ${DOCDIR}/ntp4 ${EXAMPLESDIR}/ntp4 d32 5 a36 6 (cd ${WRKSRC} && \ ${PAX} -rw -pe -s "/html/ntp4/" html ${DOCDIR}; \ ${PAX} -rw -pe -s "/conf/ntp4/" conf ${EXAMPLESDIR}); \ ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${ALL_NTP_DOCS}; \ ${FIND} ${ALL_NTP_DOCS} -type d -print | ${XARGS} ${CHMOD} ${PKGDIRMODE}; \ ${FIND} ${ALL_NTP_DOCS} -type f -print | ${XARGS} ${CHMOD} ${SHAREMODE}; @ 1.47 log @Bumped the PKGREVISION of the packages that have been broken by the recent "pkglint --autofix" change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.46 2005/12/08 09:19:22 rillig Exp $ a19 1 USE_PKGINSTALL= YES @ 1.46 log @Fixed PLIST quoting issue introduced by the recent "pkglint --autofix" change. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.45 2005/12/05 23:55:14 rillig Exp $ d5 1 a5 1 PKGREVISION= 7 @ 1.45 log @Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.44 2005/12/05 20:50:47 rillig Exp $ d65 1 a65 1 PLIST_SUBST+= TIMETRIM=${TIMETRIM:Q} NO_TIMETRIM=${NO_TIMETRIM:Q} @ 1.44 log @Fixed pkglint warnings. The warnings are mostly quoting issues, for example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2005/09/10 10:43:42 adrianp Exp $ d24 1 a24 1 CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR} @ 1.43 log @Update nb6->nb7 for security fix: http://secunia.com/advisories/16602/ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.42 2005/07/16 01:19:16 jlam Exp $ d22 1 a22 1 CONFIGURE_ENV+= PATH_PERL="${PERL5}" ac_cv_header_sys_soundcard_h=no d65 1 a65 1 PLIST_SUBST+= TIMETRIM=${TIMETRIM} NO_TIMETRIM=${NO_TIMETRIM} @ 1.42 log @Get rid of USE_PERL5. The new way to express needing the Perl executable around at either build-time or at run-time is: USE_TOOLS+= perl # build-time USE_TOOLS+= perl:run # run-time Also remove some places where perl5/buildlink3.mk was being included by a package Makefile, but all that the package wanted was the Perl executable. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.41 2005/06/01 19:07:34 jlam Exp $ d5 1 a5 1 PKGREVISION= 6 @ 1.41 log @We can always specify where the OpenSSL libraries & headers are, regardless of whether we use the built-in or pkgsrc version of openssl. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2005/04/11 21:46:52 tv Exp $ d19 1 a19 1 USE_PERL5= build @ 1.40 log @Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2005/03/19 03:03:56 wiz Exp $ a67 1 .include "../../mk/buildlink3/bsd.builtin.mk" a68 1 .if !empty(USE_BUILTIN.openssl:M[nN][oO]) a71 1 .endif @ 1.39 log @Add time to categories. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2004/12/28 02:47:47 reed Exp $ a19 1 USE_BUILDLINK3= YES @ 1.38 log @The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2004/10/03 00:17:56 tv Exp $ d6 1 a6 1 CATEGORIES= net @ 1.37 log @Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2004/07/23 19:59:41 xtraeme Exp $ d5 1 a5 1 PKGREVISION= 5 @ 1.36 log @* Enable pkgviews installation. * Conflicts with openntpd. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2004/06/10 20:03:11 jschauma Exp $ d5 1 a5 1 PKGREVISION= 4 @ 1.35 log @Address PR pkg/24607 by Georg Schwarz to make this build and install under IRIX: - add flexibility to PLIST - add configure arguments to point to openssl if not builtin - don't use '-print0' to find(1). IRIX' find does not have this capability, and since we know for a fact that it will not be needed, we can leave it out in this case. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2004/05/08 07:37:40 snj Exp $ d5 1 a5 1 PKGREVISION= 3 d14 4 @ 1.34 log @Convert to buildlink3. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2004/03/28 06:35:03 xtraeme Exp $ d30 6 a35 6 (cd ${WRKSRC} && \ ${PAX} -rw -pe -s "/html/ntp4/" html ${DOCDIR}; \ ${PAX} -rw -pe -s "/conf/ntp4/" conf ${EXAMPLESDIR}); \ ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${ALL_NTP_DOCS}; \ ${FIND} ${ALL_NTP_DOCS} -type d -print0 | ${XARGS} -0 ${CHMOD} ${PKGDIRMODE}; \ ${FIND} ${ALL_NTP_DOCS} -type f -print0 | ${XARGS} -0 ${CHMOD} ${SHAREMODE}; d39 3 d57 3 d62 2 d65 8 @ 1.33 log @Fix ntpd PATH in ntpd rc.d script, reported by Mirko Thiesen in PR pkg/24947; bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2004/03/11 20:39:40 reed Exp $ d16 1 a16 1 #USE_BUILDLINK2=YES ***FIXME: Causes lots of "missing prototype" warnings.*** d56 1 a56 1 .include "../../security/openssl/buildlink2.mk" @ 1.32 log @This adds rc.d scripts. The ntp.conf is example from official NetBSD. The rc.d scripts are based on official NetBSD scripts. This also adds: CONFIGURE_ARGS+=--sysconfdir=${PKG_SYSCONFDIR} This was discussed and okayed with maintainer, fredb, in February, Currently, the ntpd.sh rc.d script has a note about the ntpd_chrootdir is only for NetBSD at this time. (Because I haven't tested under other operating systems.) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2003/11/21 01:02:24 fredb Exp $ d5 1 a5 1 PKGREVISION= 2 @ 1.31 log @Use more portable find -print0 (instead of -printx). Okay'd by maintainer, fredb. @ text @d5 1 a5 1 PKGREVISION= 1 d17 1 d21 2 d27 2 @ 1.30 log @Don't change the permissions of files in the work directory, so that "make clean" after just-in-time "su" works. Closes PR pkg/23477 by Adrian Portelli. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2003/11/20 12:09:09 fredb Exp $ d29 2 a30 2 ${FIND} ${ALL_NTP_DOCS} -type d -printx | ${XARGS} ${CHMOD} ${PKGDIRMODE}; \ ${FIND} ${ALL_NTP_DOCS} -type f -printx | ${XARGS} ${CHMOD} ${SHAREMODE}; @ 1.29 log @Disable detection of , to let this build on very current systems (NetBSD 1.6ZF). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2003/11/12 03:39:41 jschauma Exp $ d22 1 d25 1 a25 4 cd ${WRKSRC} && \ ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} conf html; \ ${FIND} conf html -type d -printx | ${XARGS} ${CHMOD} ${PKGDIRMODE}; \ ${FIND} conf html -type f -printx | ${XARGS} ${CHMOD} ${SHAREMODE}; \ d27 4 a30 1 ${PAX} -rw -pe -s "/conf/ntp4/" conf ${EXAMPLESDIR} @ 1.28 log @PKGREVISION++ after openssl update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2003/11/06 20:32:57 fredb Exp $ d18 1 a18 1 CONFIGURE_ENV+= PATH_PERL="${PERL5}" @ 1.27 log @Update post-install target and MESSAGE for churn in the documentation, and especially fix permissions on the new directories. Should close PR pkg/23378, by Wolfgang S. Rupprecht. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2003/11/01 00:52:50 kristerw Exp $ d5 1 @ 1.26 log @Add USE_PERL5=build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2003/10/24 04:52:26 fredb Exp $ d23 6 a28 9 cd ${WRKSRC} && \ ${RM} conf/.cvsignore* 2> /dev/null || ${TRUE}; \ ${RM} html/.cvsignore* 2> /dev/null || ${TRUE}; \ ${PAX} -rw -s "/html/ntp4/" html ${DOCDIR}; \ ${PAX} -rw -s "/conf/ntp4/" conf ${EXAMPLESDIR} ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${DOCDIR}/ntp4 ${EXAMPLESDIR}/ntp4 ${CHMOD} -R ${SHAREMODE} ${DOCDIR}/ntp4 ${EXAMPLESDIR}/ntp4 ${CHMOD} a+x ${DOCDIR}/ntp4 ${DOCDIR}/ntp4/hints ${DOCDIR}/ntp4/pic ${CHMOD} a+x ${EXAMPLESDIR}/ntp4 @ 1.25 log @Update to ntp 4.2.0. All platforms: Autokey, using OpenSSL. IPv6 support. Bugfixes in loopfilter and refclocks. NetBSD: Support for editline command line editing in "ntpq" and "ntpdc". NetBSD-current: Use nanosecond resolution POSIX timers. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2003/07/17 22:51:30 grant Exp $ d14 1 @ 1.24 log @Whitespace cleanup. @ text @d4 1 a4 1 DISTNAME= ntp-4.1.1a d14 1 a16 1 CONFIGURE_ENV+= ac_cv_lib_readline_readline=no a20 7 pre-configure: cd ${WRKSRC} && \ ${TOUCH} stamp-h.in COPYRIGHT \ `${FIND} . -name aclocal.m4 -print` \ `${FIND} . -name configure -print` \ `${FIND} . -name Makefile.in -print` d32 20 @ 1.23 log @s/netbsd.org/NetBSD.org/ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2003/04/10 01:28:22 grant Exp $ d6 1 a6 1 MASTER_SITES= ftp://ftp.udel.edu/pub/ntp/ntp4/ \ d32 1 a32 1 ${PAX} -rw -s "/html/ntp4/" html ${DOCDIR}; \ @ 1.22 log @make ${PAX} usage consistent: - group 'zrw' and 'p' args, -s last - use the && operator consistently - strip unneeded parens - some whitespace cleanup @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2002/07/16 14:57:08 fredb Exp $ d9 1 a9 1 MAINTAINER= fredb@@netbsd.org @ 1.21 log @Update to 4.1.1a. Add drivers for TrueTime 560 IRIG-B decoder and Zyfer GPStarplus, minor documentation updates. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2002/02/28 13:51:23 fredb Exp $ d32 2 a33 2 ${PAX} -r -w -s "/html/ntp4/" html ${DOCDIR}; \ ${PAX} -r -w -s "/conf/ntp4/" conf ${EXAMPLESDIR} @ 1.20 log @Update to ntp-4.1.1. From the "NEWS" file: * Lose the source port check on incoming packets * (x)ntpdc compatibility patch * Virtual IP improvements * ntp_loopfilter fixes and improvements * ntpdc improvements * GOES refclock fix * JJY driver * bsdi port fixes * HP MPE/iX port * Win/NT port upgrade * Dynix PTX port fixes * Document conversion from CVS to BK * readline support for ntpq @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2001/08/14 06:10:41 fredb Exp $ d4 1 a4 1 DISTNAME= ntp-4.1.1 @ 1.19 log @Finally! NTP 4.1.0 is released. Very few changes from 4.0.99m-rc3 (excerpts from the "ChangeLog" file below). Also, this NetBSD package now installs the HTML docs into "/usr/pkg/share/doc/html". * ntpd/refclock_oncore.c (oncore_start): Set pps_enable=1, just like the atom driver does. From: reg@@dwf.com * ntpd/refclock_nmea.c (nmea_ppsapi): Set pps_enable=1, just like the atom driver does. From: Scott Allendorf * ntpd/ntp_config.c (getconfig): CONF_CLOCK_PANIC was using the wrong config flag. From: @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2001/07/12 17:38:18 fredb Exp $ d4 1 a4 1 DISTNAME= ntp-4.1.0 @ 1.18 log @Don't try to build against -lreadline on NetBSD-1.4.x, either. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2001/07/12 16:24:58 fredb Exp $ d4 1 a4 2 DISTNAME= ntp-4.0.99m-rc3 PKGNAME= ntp-4.0.99.13.3 d18 1 a18 1 DOCDIR= ${PREFIX}/share/doc @ 1.17 log @Update to latest release candidate, ntp-4.0.99m-rc3. Continued refinements since 4.0.99k, a new feature -- an experimental "huff-n-puff" filter (optionally enabled in /etc/ntp.conf) -- which discards samples with the highest delays, and new drivers for: Forum Graphic GPS, WWV/H, Heath GC-100 II, HOPF serial and PCI, ONCORE, ulink331. Drop the packages's requirement for GNU readline. It turns out that command line editing in "ntpq" is not all that useful, as you can alway let your shell recall "ntpq -c ". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2001/06/12 20:33:06 jlam Exp $ d17 1 @ 1.16 log @LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if GNU_CONFIGURE is defined, so simply set LIBS to the appropriate value. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2001/02/17 18:19:19 wiz Exp $ d4 2 a5 1 DISTNAME= ntp-4.0.99k d10 1 a10 1 MAINTAINER= fb@@enteract.com a13 2 DEPENDS+= readline-4.*:../../devel/readline d16 1 a16 1 LIBS= -ltermcap # for ntpdc d21 7 d29 4 a32 3 cd ${WRKSRC}; \ ${RM} html/.cvsignore* 2> /dev/null || ${TRUE}; \ ${PAX} -r -w -s "/html/ntp4/" html ${DOCDIR}; \ @ 1.15 log @Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2001/01/29 11:34:37 wiz Exp $ d17 1 a17 1 CONFIGURE_ENV+= "LIBS=-ltermcap" # for ntpdc @ 1.14 log @Add automatic ${VARIABLE} handling for MESSAGE files. Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced, not @@VARIABLE@@, nor @@@@VARIABLE@@@@). By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX, X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST. Clean up some packages while I'm there; add RCS tags to most MESSAGEs. Remove some uninteresting MESSAGEs. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2000/08/18 19:39:53 fredb Exp $ d11 1 @ 1.13 log @Update to version 4.0.99k. Continuing algorithmic improvements, bug fixes; adds readline support to "ntpq" and "ntpdc". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2000/02/08 12:18:15 fredb Exp $ a19 4 MESSAGE_FILE= ${WRKDIR}/MESSAGE post-build: ${SED} 's|@@PREFIX@@|${PREFIX}|g' < ${PKGDIR}/MESSAGE > ${WRKDIR}/MESSAGE @ 1.12 log @Update to ntp-4.0.99d. From the NEWS file: * algorithmic improvements, bugfixes * Solaris dosynctodr info update * html/pic/* is *lots* smaller * New drivers: Forum Graphic GPS, WWV/H * Rewrite of the audio drivers * Driver updates: CHU, DCF, GPS/VME, Oncore, PCF, Ulink, WWVB, burst If you use the ONCORE driver with a HARDPPS kernel module, you *must* have a properly specified: pps [assert/clear] [hardpps] line in the /etc/ntp.conf file. * PARSE cleanup * PPS cleanup * ntpd, ntpq, ntpdate cleanup and fixes * NT port improvements * AIX, BSDI, DEC OSF, FreeBSD, NetBSD, Reliant, SCO, Solaris port improvements (4.0.98) * Solaris kernel FLL bug is fixed in 106541-07 * Bug/lint cleanup * PPS cleanup * ReliantUNIX patches * NetInfo support * Ultralink driver * Trimble OEM Ace-II support * DCF77 power choices * Oncore improvements @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2000/01/10 00:57:16 wiz Exp $ d4 1 a4 1 DISTNAME= ntp-4.0.99d d6 2 a7 1 MASTER_SITES= ftp://ftp.udel.edu/pub/ntp/ntp4/ d12 2 d15 2 @ 1.11 log @replaced a whole lot more commands with ${COMMAND} @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 1999/11/14 05:23:26 fredb Exp $ d4 1 a4 1 DISTNAME= ntp-4.0.98f d6 1 a6 4 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/testing/ \ http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ \ ftp://ftp.udel.edu/pub/ntp/testing/ \ ftp://ftp.udel.edu/pub/ntp/ntp4/ d18 1 a18 1 ${SED} 's#@@PREFIX@@#${PREFIX}#g' < ${PKGDIR}/MESSAGE > ${WRKDIR}/MESSAGE @ 1.10 log @Update ntp4 to 4.0.98f. Extensive clean ups, bug fixes in reference clock drivers and in burst mode operation. Clean ups to and additional documentation. - - Package builds cleanly (including ntptime) for NetBSD-1.4.1, now that HAVE_PPSAPI depends on finding PPS_API_VERS_1 in sys/timepps.h, rather than simply checking for the presence of sys/timpepps.h. - - Remove dependencies on gmake and autoconf. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 1999/08/30 11:15:13 fredb Exp $ d25 1 a25 1 ${RM} html/.cvsignore* 2> /dev/null || true; \ @ 1.9 log @Update ntp4 to 4.0.97d. Highlights since 4.0.97: - -Adds listen_to_virtual_ips support (-L flag) - -Adds support for Trimble OEM Ace-II receiver - -Patch to run Oncore on systems w/o hardpps() - -Permit RTS to power a DCF77 - -Assorted lint clean-ups @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 1999/08/19 08:52:57 fredb Exp $ d4 1 a4 2 DISTNAME= ntp-4.0.95 PKGNAME= ntp-4.0.97d a10 10 PATCH_SITES= ${MASTER_SITES} PATCHFILES= ntp-4.0.95-4.0.96.diff.gz \ ntp-4.0.96-4.0.96p1.diff.gz \ ntp-4.0.96p1-4.0.97.diff.gz \ ntp-4.0.97-4.0.97a.diff.gz \ ntp-4.0.97a-4.0.97b.diff.gz \ ntp-4.0.97b-4.0.97c.diff.gz \ ntp-4.0.97c-4.0.97d.diff.gz PATCH_DIST_STRIP= -p1 a13 5 BUILD_DEPENDS+= autoconf:../../devel/autoconf BUILD_DEPENDS+= automake:../../devel/automake # gmake, automake, autoconf are only required for patch releases a14 1 USE_GMAKE= YES a19 6 post-configure: cd ${WRKSRC}; \ ${SED} /ac_cv_make_ntptime/s/no/yes/ < config.cache > config.cache~; \ ${MV} config.cache~ config.cache @@${MAKE} do-configure d25 3 a27 3 ${PAX} -r -w -s "/html/ntp4/" html ${DOCDIR}; \ ${PAX} -r -w -s "/conf/ntp4/" conf ${EXAMPLESDIR} -${RM} ${DOCDIR}/ntp4/.cvs* ${DOCDIR}/ntp4/*.orig ${DOCDIR}/ntp4/hints/*.orig @ 1.8 log @Update to ntp-4.0.97 Portability fixes, plus new utility "ntptimeset" @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 1999/08/13 08:54:28 fredb Exp $ d5 1 a5 1 PKGNAME= ntp-4.0.97 d15 5 a19 1 ntp-4.0.96p1-4.0.97.diff.gz @ 1.7 log @Update ntp4 to 4.0.96p1 Highlights: - - Y2K patches from AT&T: readme, test results, in source directory - - various portability and configuration patches for Linux, WinNT This version of the package now requires "gmake", "autoconf", and "automake" as a consequence of its use of distribution patches. This requirement is expected to go away with the pending release. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 1999/07/29 19:06:05 fredb Exp $ d5 1 a5 1 PKGNAME= ntp-4.0.96p1 d13 3 a15 1 PATCHFILES= ntp-4.0.95-4.0.96.diff.gz ntp-4.0.96-4.0.96p1.diff.gz @ 1.6 log @Eliminate absolute paths in MESSAGE file. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 1999/07/28 08:55:12 fredb Exp $ d5 1 d12 4 d19 5 d25 1 d28 1 d42 5 a46 4 ${PAX} -r -w -s "/html/ntp4/" html ${DOCDIR} -${RM} -R ${DOCDIR}/ntp4/.cvs* ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${DOCDIR}/ntp4 ${CHMOD} -R ${SHAREMODE} ${DOCDIR}/ntp4 d48 1 @ 1.5 log @Update ntp4 to version 4.0.95 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 1999/07/27 17:45:15 fredb Exp $ d17 1 d24 3 @ 1.4 log @Update package to ntp-4.0.94b. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 1999/07/24 21:23:52 tron Exp $ d4 1 a4 1 DISTNAME= ntp-4.0.94b @ 1.3 log @Fix typo in home page URL. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 1999/07/24 19:02:40 fredb Exp $ d4 1 a4 1 DISTNAME= ntp-4.0.94a d6 3 a8 1 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ \ a15 1 WRKSRC= ${WRKDIR}/ntp-4.0.94 @ 1.2 log @Fix category for "ntp4" package @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.1.1 1999/07/24 18:29:34 fredb Exp $ d10 1 a10 1 HOMEPAGE= http:/www.ntp.org/ @ 1.1 log @Initial revision @ text @d1 1 a1 1 # $NetBSD$ d5 1 a5 1 CATEGORIES= sysutils @ 1.1.1.1 log @Import new "ntp4" package: Network Time Protocol Version 4 @ text @@