head 1.6; access; symbols pkgsrc-2015Q1:1.5.0.14 pkgsrc-2015Q1-base:1.5 pkgsrc-2014Q4:1.5.0.12 pkgsrc-2014Q4-base:1.5 pkgsrc-2014Q3:1.5.0.10 pkgsrc-2014Q3-base:1.5 pkgsrc-2014Q2:1.5.0.8 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.6 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.4 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.5.0.2 pkgsrc-2013Q3-base:1.5 pkgsrc-2013Q2:1.4.0.28 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.26 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.24 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.22 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.20 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.18 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.16 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.14 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.12 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.10 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.8 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.6 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.4 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.2 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.3.0.36 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.34 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.32 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.30 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.28 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.26 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.24 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.22 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.20 pkgsrc-2008Q1:1.3.0.18 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.16 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.14 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.12 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.10 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.1.1.0.16 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-2004Q2:1.1.1.1.0.14 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.12 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-2003Q4:1.1.1.1.0.10 pkgsrc-2003Q4-base:1.1.1.1 netbsd-1-6-1:1.1.1.1.0.6 netbsd-1-6-1-base:1.1.1.1 netbsd-1-6:1.1.1.1.0.8 netbsd-1-6-RELEASE-base:1.1.1.1 pkgviews:1.1.1.1.0.4 pkgviews-base:1.1.1.1 buildlink2:1.1.1.1.0.2 buildlink2-base:1.1.1.1 netbsd-1-5-PATCH003:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.6 date 2015.04.13.10.03.21; author hannken; state dead; branches; next 1.5; commitid IuL2k6RpvzO8Kphy; 1.5 date 2013.08.16.08.30.20; author hannken; state Exp; branches 1.5.14.1; next 1.4; commitid tgZhVYY2a0TKFE1x; 1.4 date 2010.02.26.09.27.43; author hannken; state Exp; branches 1.4.28.1; next 1.3; 1.3 date 2006.01.08.13.27.53; author joerg; state Exp; branches 1.3.36.1; next 1.2; 1.2 date 2004.11.30.11.26.59; author hannken; state Exp; branches; next 1.1; 1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches 1.1.1.1; next ; 1.5.14.1 date 2015.04.15.21.13.51; author tron; state dead; branches; next ; commitid AW5RGtmDJRqroJhy; 1.4.28.1 date 2013.08.21.12.59.44; author tron; state Exp; branches; next ; commitid kWsWzSH6WV8F0k2x; 1.3.36.1 date 2010.03.07.00.10.17; author tron; state Exp; branches; next ; 1.1.1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches; next ; desc @@ 1.6 log @Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @$NetBSD: patch-ab,v 1.5 2013/08/16 08:30:20 hannken Exp $ The ctype functions work on integers. --- cmdparse.c.orig 2013-08-08 13:58:07.000000000 +0000 +++ cmdparse.c @@@@ -203,7 +203,7 @@@@ CPS_NormalizeLine(char *line) /* Remove white-space at beginning and replace white-spaces with space char */ for (p = q = line; *p; p++) { - if (isspace(*p)) { + if (isspace((unsigned char)(*p))) { if (!space) *q++ = ' '; space = 1; @@@@ -233,15 +233,15 @@@@ CPS_SplitWord(char *line) char *p = line, *q = line; /* Skip white-space before the word */ - while (*q && isspace(*q)) + while (*q && isspace((unsigned char)(*q))) q++; /* Move the word to the beginning */ - while (*q && !isspace(*q)) + while (*q && !isspace((unsigned char)(*q))) *p++ = *q++; /* Find the next word */ - while (*q && isspace(*q)) + while (*q && isspace((unsigned char)(*q))) q++; *p = '\0'; @ 1.5 log @Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ @ 1.5.14.1 log @Pullup ticket #4660 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.30 - net/chrony/distinfo 1.10 - net/chrony/patches/patch-Makefile.in 1.1 - net/chrony/patches/patch-aa deleted - net/chrony/patches/patch-ab deleted - net/chrony/patches/patch-ac deleted - net/chrony/patches/patch-ad deleted - net/chrony/patches/patch-ae deleted - net/chrony/patches/patch-af deleted - net/chrony/patches/patch-ag deleted - net/chrony/patches/patch-conf.c 1.1 - net/chrony/patches/patch-examples_chrony.conf.example 1.1 - net/chrony/patches/patch-examples_chrony.keys.example 1.1 - net/chrony/patches/patch-ntp__io.c 1.2 --- Module Name: pkgsrc Committed By: hannken Date: Mon Apr 13 10:03:21 UTC 2015 Modified Files: pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-ntp__io.c Added Files: pkgsrc/net/chrony/patches: patch-Makefile.in patch-conf.c patch-examples_chrony.conf.example patch-examples_chrony.keys.example Removed Files: pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.5 2013/08/16 08:30:20 hannken Exp $ @ 1.4 log @Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2006/01/08 13:27:53 joerg Exp $ d3 15 a17 3 --- chrony.conf.5.orig 2010-02-04 13:07:19.000000000 +0100 +++ chrony.conf.5 @@@@ -4,5 +4,5 @@@@ d19 4 a22 3 .SH SYNOPSIS -.B /etc/chrony.conf +.B @@PKG_SYSCONFDIR@@/chrony.conf d24 4 a27 16 .SH DESCRIPTION @@@@ -13,5 +13,5 @@@@ Assuming that you have found some servers, you need to set up a configuration file to run \fIchrony\fR. The (compiled-in) default location -for this file is \fB/etc/chrony.conf\fR. Assuming that your ntp servers +for this file is \fB@@PKG_SYSCONFDIR@@/chrony.conf\fR. Assuming that your ntp servers are called `a.b.c' and `d.e.f', your \fBchrony.conf\fR file could contain as a minimum @@@@ -30,7 +30,7 @@@@ server d.e.f server g.h.i - keyfile /etc/chrony.keys + keyfile @@PKG_SYSCONFDIR@@/chrony.keys commandkey 1 - driftfile /etc/chrony.drift + driftfile @@VARBASE@@/db/chrony.drift d29 4 d34 1 @ 1.4.28.1 log @Pullup ticket #4215 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.29 - net/chrony/PLIST 1.5 - net/chrony/distinfo 1.8 - net/chrony/files/chronyd.sh 1.5 - net/chrony/patches/patch-aa 1.5 - net/chrony/patches/patch-ab 1.5 - net/chrony/patches/patch-ac 1.5 - net/chrony/patches/patch-ad 1.4 - net/chrony/patches/patch-ae 1.5 - net/chrony/patches/patch-af 1.4 - net/chrony/patches/patch-ag 1.4 --- Module Name: pkgsrc Committed By: hannken Date: Fri Aug 16 08:30:20 UTC 2013 Modified Files: pkgsrc/net/chrony: Makefile PLIST distinfo pkgsrc/net/chrony/files: chronyd.sh pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Added Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 15 The ctype functions work on integers. --- cmdparse.c.orig 2013-08-08 13:58:07.000000000 +0000 +++ cmdparse.c @@@@ -203,7 +203,7 @@@@ CPS_NormalizeLine(char *line) /* Remove white-space at beginning and replace white-spaces with space char */ for (p = q = line; *p; p++) { - if (isspace(*p)) { + if (isspace((unsigned char)(*p))) { if (!space) *q++ = ' '; space = 1; @@@@ -233,15 +233,15 @@@@ CPS_SplitWord(char *line) char *p = line, *q = line; d7 3 a9 4 /* Skip white-space before the word */ - while (*q && isspace(*q)) + while (*q && isspace((unsigned char)(*q))) q++; d11 16 a26 4 /* Move the word to the beginning */ - while (*q && !isspace(*q)) + while (*q && !isspace((unsigned char)(*q))) *p++ = *q++; a27 4 /* Find the next word */ - while (*q && isspace(*q)) + while (*q && isspace((unsigned char)(*q))) q++; a28 1 *p = '\0'; @ 1.3 log @Use SUBST framework, add man pages to the list of files in need of substituation. Use PKG_SYSCONFDIR instead of PREFIX/etc, it can be different. Bump revision. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.2 2004/11/30 11:26:59 hannken Exp $ d3 1 a3 1 --- chrony.conf.5.orig 2002-11-04 00:32:08.000000000 +0100 d5 1 a5 2 @@@@ -3,7 +3,7 @@@@ chrony.conf \- chronyd configuration file d12 1 a12 3 \fIchrony\fR is a pair of programs for maintaining the accuracy of computer @@@@ -12,7 +12,7 @@@@ boot time. d19 1 a19 3 @@@@ -29,9 +29,9 @@@@ useful configuration file would look som server a.b.c d26 1 a26 1 + driftfile /var/db/chrony.drift a28 1 .SH "SEE ALSO" @ 1.3.36.1 log @Pullup ticket #3041 - requested by hannken chrony: security update Revisions pulled up: - net/chrony/Makefile 1.26 - net/chrony/distinfo 1.7 - net/chrony/patches/patch-aa 1.4 - net/chrony/patches/patch-ab 1.4 - net/chrony/patches/patch-ac 1.4 - net/chrony/patches/patch-ad 1.3 - net/chrony/patches/patch-ae 1.4 - net/chrony/patches/patch-ag delete --- Module Name: pkgsrc Committed By: hannken Date: Fri Feb 26 09:27:43 UTC 2010 Modified Files: pkgsrc/doc: TODO pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Removed Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- chrony.conf.5.orig 2010-02-04 13:07:19.000000000 +0100 d5 2 a6 1 @@@@ -4,5 +4,5 @@@@ d13 3 a15 1 @@@@ -13,5 +13,5 @@@@ d22 3 a24 1 @@@@ -30,7 +30,7 @@@@ d31 1 a31 1 + driftfile @@VARBASE@@/db/chrony.drift d34 1 @ 1.2 log @Update to version 1.20 - Many small tidy-ups and security improvements. - Merge support for 64bit architectures. - Generate more informative syslog messages before exiting on failed assertions. - Fix bugs in clamping code for the tick value used when slewing a large offset. @ text @d1 1 a1 1 $NetBSD$ d10 1 a10 1 +.B @@PREFIX@@/etc/chrony.conf d19 1 a19 1 +for this file is \fB@@PREFIX@@/etc/chrony.conf\fR. Assuming that your ntp servers d28 1 a28 1 + keyfile @@PREFIX@@/etc/chrony.keys @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- chrony.conf.5.orig Sun Feb 17 23:23:12 2002 d14 1 a14 1 @@@@ -12,7 +12,7 @@@@ d23 1 a23 1 @@@@ -29,9 +29,9 @@@@ @ 1.1.1.1 log @Import new "chrony" package: Daemon for maintaining the accuracy of computer clocks This packages was supplied by Juergen Hannken-Illjes in PR pkg/15729. @ text @@