head 1.6; access; symbols pkgsrc-2015Q1:1.5.0.14 pkgsrc-2015Q1-base:1.5 pkgsrc-2014Q4:1.5.0.12 pkgsrc-2014Q4-base:1.5 pkgsrc-2014Q3:1.5.0.10 pkgsrc-2014Q3-base:1.5 pkgsrc-2014Q2:1.5.0.8 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.6 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.4 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.5.0.2 pkgsrc-2013Q3-base:1.5 pkgsrc-2013Q2:1.4.0.28 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.26 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.24 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.22 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.20 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.18 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.16 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.14 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.12 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.10 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.8 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.6 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.4 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.2 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.3.0.36 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.34 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.32 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.30 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.28 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.26 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.24 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.22 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.20 pkgsrc-2008Q1:1.3.0.18 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.16 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.14 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.12 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.10 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.1.1.0.16 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-2004Q2:1.1.1.1.0.14 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.12 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-2003Q4:1.1.1.1.0.10 pkgsrc-2003Q4-base:1.1.1.1 netbsd-1-6-1:1.1.1.1.0.6 netbsd-1-6-1-base:1.1.1.1 netbsd-1-6:1.1.1.1.0.8 netbsd-1-6-RELEASE-base:1.1.1.1 pkgviews:1.1.1.1.0.4 pkgviews-base:1.1.1.1 buildlink2:1.1.1.1.0.2 buildlink2-base:1.1.1.1 netbsd-1-5-PATCH003:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.6 date 2015.04.13.10.03.21; author hannken; state dead; branches; next 1.5; commitid IuL2k6RpvzO8Kphy; 1.5 date 2013.08.16.08.30.20; author hannken; state Exp; branches 1.5.14.1; next 1.4; commitid tgZhVYY2a0TKFE1x; 1.4 date 2010.02.26.09.27.43; author hannken; state Exp; branches 1.4.28.1; next 1.3; 1.3 date 2006.01.08.13.27.53; author joerg; state Exp; branches 1.3.36.1; next 1.2; 1.2 date 2004.11.30.11.26.59; author hannken; state Exp; branches; next 1.1; 1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches 1.1.1.1; next ; 1.5.14.1 date 2015.04.15.21.13.51; author tron; state dead; branches; next ; commitid AW5RGtmDJRqroJhy; 1.4.28.1 date 2013.08.21.12.59.44; author tron; state Exp; branches; next ; commitid kWsWzSH6WV8F0k2x; 1.3.36.1 date 2010.03.07.00.10.17; author tron; state Exp; branches; next ; 1.1.1.1 date 2002.03.22.23.01.52; author tron; state Exp; branches; next ; desc @@ 1.6 log @Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @$NetBSD: patch-ae,v 1.5 2013/08/16 08:30:20 hannken Exp $ Prepare for SUBST, not processed by configure. --- examples/chrony.conf.example.orig 2013-08-08 13:58:07.000000000 +0000 +++ examples/chrony.conf.example @@@@ -1,7 +1,7 @@@@ ####################################################################### # # This is an example chrony configuration file. You should copy it to -# /etc/chrony.conf after uncommenting and editing the options that you +# @@PKG_SYSCONFDIR@@/chrony.conf after uncommenting and editing the options that you # want to enable. The more obscure options are not included. Refer # to the documentation for these. # @@@@ -89,7 +89,7 @@@@ # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. -driftfile /var/lib/chrony/drift +driftfile @@VARBASE@@/lib/chrony/chrony.drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link @@@@ -98,7 +98,7 @@@@ driftfile /var/lib/chrony/drift # exchanges between cooperating machines.) Again, this option is # assumed by default. -keyfile /etc/chrony.keys +keyfile @@PKG_SYSCONFDIR@@/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a @@@@ -129,7 +129,7 @@@@ commandkey 1 # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. -! pidfile /var/run/chronyd.pid +! pidfile @@VARBASE@@/run/chronyd.pid ####################################################################### ### INITIAL CLOCK CORRECTION @ 1.5 log @Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ @ 1.5.14.1 log @Pullup ticket #4660 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.30 - net/chrony/distinfo 1.10 - net/chrony/patches/patch-Makefile.in 1.1 - net/chrony/patches/patch-aa deleted - net/chrony/patches/patch-ab deleted - net/chrony/patches/patch-ac deleted - net/chrony/patches/patch-ad deleted - net/chrony/patches/patch-ae deleted - net/chrony/patches/patch-af deleted - net/chrony/patches/patch-ag deleted - net/chrony/patches/patch-conf.c 1.1 - net/chrony/patches/patch-examples_chrony.conf.example 1.1 - net/chrony/patches/patch-examples_chrony.keys.example 1.1 - net/chrony/patches/patch-ntp__io.c 1.2 --- Module Name: pkgsrc Committed By: hannken Date: Mon Apr 13 10:03:21 UTC 2015 Modified Files: pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-ntp__io.c Added Files: pkgsrc/net/chrony/patches: patch-Makefile.in patch-conf.c patch-examples_chrony.conf.example patch-examples_chrony.keys.example Removed Files: pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2013/08/16 08:30:20 hannken Exp $ @ 1.4 log @Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2006/01/08 13:27:53 joerg Exp $ d3 6 a8 3 --- examples/chrony.conf.example.orig 2010-02-04 13:07:19.000000000 +0100 +++ examples/chrony.conf.example 2010-02-26 09:06:48.000000000 +0100 @@@@ -2,5 +2,5 @@@@ d15 3 a17 1 @@@@ -90,5 +90,5 @@@@ d20 2 a21 2 -driftfile /etc/chrony.drift +driftfile @@VARBASE@@/db/chrony.drift d24 3 a26 1 @@@@ -99,5 +99,5 @@@@ d33 3 a35 1 @@@@ -130,5 +130,5 @@@@ d42 1 @ 1.4.28.1 log @Pullup ticket #4215 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.29 - net/chrony/PLIST 1.5 - net/chrony/distinfo 1.8 - net/chrony/files/chronyd.sh 1.5 - net/chrony/patches/patch-aa 1.5 - net/chrony/patches/patch-ab 1.5 - net/chrony/patches/patch-ac 1.5 - net/chrony/patches/patch-ad 1.4 - net/chrony/patches/patch-ae 1.5 - net/chrony/patches/patch-af 1.4 - net/chrony/patches/patch-ag 1.4 --- Module Name: pkgsrc Committed By: hannken Date: Fri Aug 16 08:30:20 UTC 2013 Modified Files: pkgsrc/net/chrony: Makefile PLIST distinfo pkgsrc/net/chrony/files: chronyd.sh pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Added Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 6 Prepare for SUBST, not processed by configure. --- examples/chrony.conf.example.orig 2013-08-08 13:58:07.000000000 +0000 +++ examples/chrony.conf.example @@@@ -1,7 +1,7 @@@@ ####################################################################### d12 1 a12 3 # @@@@ -89,7 +89,7 @@@@ # immediately so that it doesn't gain or lose any more time. You d15 2 a16 2 -driftfile /var/lib/chrony/drift +driftfile @@VARBASE@@/lib/chrony/chrony.drift d19 1 a19 3 # chronyd's operation once it is running (e.g. tell it the Internet link @@@@ -98,7 +98,7 @@@@ driftfile /var/lib/chrony/drift # exchanges between cooperating machines.) Again, this option is d26 1 a26 3 # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a @@@@ -129,7 +129,7 @@@@ commandkey 1 # still running and bail out. If you want to change the path to the PID a32 1 ### INITIAL CLOCK CORRECTION @ 1.3 log @Use SUBST framework, add man pages to the list of files in need of substituation. Use PKG_SYSCONFDIR instead of PREFIX/etc, it can be different. Bump revision. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2004/11/30 11:26:59 hannken Exp $ d3 3 a5 3 --- examples/chrony.conf.example.orig 2002-02-03 22:46:29.000000000 +0100 +++ examples/chrony.conf.example @@@@ -3,5 +3,5 @@@@ d10 1 a10 1 # want to enable. I have not included the more obscure options. Refer d12 1 a12 1 @@@@ -91,5 +91,5 @@@@ d16 1 a16 1 +driftfile /var/db/chrony.drift d19 1 a19 1 @@@@ -100,5 +100,5 @@@@ driftfile /etc/chrony.drift d26 7 @ 1.3.36.1 log @Pullup ticket #3041 - requested by hannken chrony: security update Revisions pulled up: - net/chrony/Makefile 1.26 - net/chrony/distinfo 1.7 - net/chrony/patches/patch-aa 1.4 - net/chrony/patches/patch-ab 1.4 - net/chrony/patches/patch-ac 1.4 - net/chrony/patches/patch-ad 1.3 - net/chrony/patches/patch-ae 1.4 - net/chrony/patches/patch-ag delete --- Module Name: pkgsrc Committed By: hannken Date: Fri Feb 26 09:27:43 UTC 2010 Modified Files: pkgsrc/doc: TODO pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Removed Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- examples/chrony.conf.example.orig 2010-02-04 13:07:19.000000000 +0100 +++ examples/chrony.conf.example 2010-02-26 09:06:48.000000000 +0100 @@@@ -2,5 +2,5 @@@@ d10 1 a10 1 # want to enable. The more obscure options are not included. Refer d12 1 a12 1 @@@@ -90,5 +90,5 @@@@ d16 1 a16 1 +driftfile @@VARBASE@@/db/chrony.drift d19 1 a19 1 @@@@ -99,5 +99,5 @@@@ a25 7 @@@@ -130,5 +130,5 @@@@ # file, uncomment this line and edit it. The default path is shown. -! pidfile /var/run/chronyd.pid +! pidfile @@VARBASE@@/run/chronyd.pid ####################################################################### @ 1.2 log @Update to version 1.20 - Many small tidy-ups and security improvements. - Merge support for 64bit architectures. - Generate more informative syslog messages before exiting on failed assertions. - Fix bugs in clamping code for the tick value used when slewing a large offset. @ text @d1 1 a1 1 $NetBSD$ d9 1 a9 1 +# @@PREFIX@@/etc/chrony.conf after uncommenting and editing the options that you d23 1 a23 1 +keyfile @@PREFIX@@/etc/chrony.keys @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- examples/chrony.conf.example.orig Sun Feb 17 23:23:19 2002 d19 1 a19 1 @@@@ -100,5 +100,5 @@@@ @ 1.1.1.1 log @Import new "chrony" package: Daemon for maintaining the accuracy of computer clocks This packages was supplied by Juergen Hannken-Illjes in PR pkg/15729. @ text @@