head 1.5; access; symbols pkgsrc-2015Q1:1.4.0.14 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.12 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.10 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.8 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.6 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.4 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.2 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.3.0.28 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.26 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.24 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.22 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.20 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.18 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.16 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.14 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.12 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.10 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.8 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.6 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.4 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.2 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.2.0.46 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.44 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.42 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.40 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.38 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.36 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.34 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.32 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.30 pkgsrc-2008Q1:1.2.0.28 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.26 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.24 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.22 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.20 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.18 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.16 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.14 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.12 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.1.1.0.16 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-2004Q2:1.1.1.1.0.14 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.12 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-2003Q4:1.1.1.1.0.10 pkgsrc-2003Q4-base:1.1.1.1 netbsd-1-6-1:1.1.1.1.0.6 netbsd-1-6-1-base:1.1.1.1 netbsd-1-6:1.1.1.1.0.8 netbsd-1-6-RELEASE-base:1.1.1.1 pkgviews:1.1.1.1.0.4 pkgviews-base:1.1.1.1 buildlink2:1.1.1.1.0.2 buildlink2-base:1.1.1.1 netbsd-1-5-PATCH003:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.5 date 2015.04.13.10.03.21; author hannken; state dead; branches; next 1.4; commitid IuL2k6RpvzO8Kphy; 1.4 date 2013.08.16.08.30.20; author hannken; state Exp; branches 1.4.14.1; next 1.3; commitid tgZhVYY2a0TKFE1x; 1.3 date 2010.02.26.09.27.43; author hannken; state Exp; branches 1.3.28.1; next 1.2; 1.2 date 2004.11.30.11.26.59; author hannken; state Exp; branches 1.2.46.1; next 1.1; 1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches 1.1.1.1; next ; 1.4.14.1 date 2015.04.15.21.13.51; author tron; state dead; branches; next ; commitid AW5RGtmDJRqroJhy; 1.3.28.1 date 2013.08.21.12.59.44; author tron; state Exp; branches; next ; commitid kWsWzSH6WV8F0k2x; 1.2.46.1 date 2010.03.07.00.10.17; author tron; state Exp; branches; next ; 1.1.1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches; next ; desc @@ 1.5 log @Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @$NetBSD: patch-ad,v 1.4 2013/08/16 08:30:20 hannken Exp $ Prepare for SUBST, not processed by configure. --- conf.c.orig 2013-08-08 13:58:07.000000000 +0000 +++ conf.c @@@@ -197,7 +197,7 @@@@ static IPAddr bind_cmd_address4, bind_cm /* Filename to use for storing pid of running chronyd, to prevent multiple * chronyds being started. */ -static char *pidfile = "/var/run/chronyd.pid"; +static char *pidfile = "@@VARBASE@@/run/chronyd.pid"; /* Temperature sensor, update interval and compensation coefficients */ static char *tempcomp_file = NULL; @ 1.4 log @Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ @ 1.4.14.1 log @Pullup ticket #4660 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.30 - net/chrony/distinfo 1.10 - net/chrony/patches/patch-Makefile.in 1.1 - net/chrony/patches/patch-aa deleted - net/chrony/patches/patch-ab deleted - net/chrony/patches/patch-ac deleted - net/chrony/patches/patch-ad deleted - net/chrony/patches/patch-ae deleted - net/chrony/patches/patch-af deleted - net/chrony/patches/patch-ag deleted - net/chrony/patches/patch-conf.c 1.1 - net/chrony/patches/patch-examples_chrony.conf.example 1.1 - net/chrony/patches/patch-examples_chrony.keys.example 1.1 - net/chrony/patches/patch-ntp__io.c 1.2 --- Module Name: pkgsrc Committed By: hannken Date: Mon Apr 13 10:03:21 UTC 2015 Modified Files: pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-ntp__io.c Added Files: pkgsrc/net/chrony/patches: patch-Makefile.in patch-conf.c patch-examples_chrony.conf.example patch-examples_chrony.keys.example Removed Files: pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.4 2013/08/16 08:30:20 hannken Exp $ @ 1.3 log @Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.2 2004/11/30 11:26:59 hannken Exp $ d3 3 a5 1 --- conf.c.orig 2010-02-04 13:07:19.000000000 +0100 d7 2 a8 1 @@@@ -177,5 +177,5 @@@@ d14 2 a15 1 /* Boolean for whether the Linux HZ value has been overridden, and the @ 1.3.28.1 log @Pullup ticket #4215 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.29 - net/chrony/PLIST 1.5 - net/chrony/distinfo 1.8 - net/chrony/files/chronyd.sh 1.5 - net/chrony/patches/patch-aa 1.5 - net/chrony/patches/patch-ab 1.5 - net/chrony/patches/patch-ac 1.5 - net/chrony/patches/patch-ad 1.4 - net/chrony/patches/patch-ae 1.5 - net/chrony/patches/patch-af 1.4 - net/chrony/patches/patch-ag 1.4 --- Module Name: pkgsrc Committed By: hannken Date: Fri Aug 16 08:30:20 UTC 2013 Modified Files: pkgsrc/net/chrony: Makefile PLIST distinfo pkgsrc/net/chrony/files: chronyd.sh pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Added Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 3 Prepare for SUBST, not processed by configure. --- conf.c.orig 2013-08-08 13:58:07.000000000 +0000 d5 1 a5 2 @@@@ -197,7 +197,7 @@@@ static IPAddr bind_cmd_address4, bind_cm d11 1 a11 2 /* Temperature sensor, update interval and compensation coefficients */ static char *tempcomp_file = NULL; @ 1.2 log @Update to version 1.20 - Many small tidy-ups and security improvements. - Merge support for 64bit architectures. - Generate more informative syslog messages before exiting on failed assertions. - Fix bugs in clamping code for the tick value used when slewing a large offset. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- conf.c.orig 2003-09-22 23:22:30.000000000 +0200 d5 5 a9 1 @@@@ -55,7 +55,9 @@@@ d11 1 a11 8 /* ================================================== */ +#ifndef DEFAULT_CONF_FILE #define DEFAULT_CONF_FILE "/etc/chrony.conf" +#endif /* ================================================== */ /* Forward prototypes */ @ 1.2.46.1 log @Pullup ticket #3041 - requested by hannken chrony: security update Revisions pulled up: - net/chrony/Makefile 1.26 - net/chrony/distinfo 1.7 - net/chrony/patches/patch-aa 1.4 - net/chrony/patches/patch-ab 1.4 - net/chrony/patches/patch-ac 1.4 - net/chrony/patches/patch-ad 1.3 - net/chrony/patches/patch-ae 1.4 - net/chrony/patches/patch-ag delete --- Module Name: pkgsrc Committed By: hannken Date: Fri Feb 26 09:27:43 UTC 2010 Modified Files: pkgsrc/doc: TODO pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Removed Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d3 1 a3 1 --- conf.c.orig 2010-02-04 13:07:19.000000000 +0100 d5 1 a5 5 @@@@ -177,5 +177,5 @@@@ /* Filename to use for storing pid of running chronyd, to prevent multiple * chronyds being started. */ -static char *pidfile = "/var/run/chronyd.pid"; +static char *pidfile = "@@VARBASE@@/run/chronyd.pid"; d7 8 a14 1 /* Boolean for whether the Linux HZ value has been overridden, and the @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- conf.c.orig Sun Feb 17 23:23:15 2002 d5 1 a5 1 @@@@ -45,7 +45,9 @@@@ @ 1.1.1.1 log @Import new "chrony" package: Daemon for maintaining the accuracy of computer clocks This packages was supplied by Juergen Hannken-Illjes in PR pkg/15729. @ text @@