head 1.5; access; symbols pkgsrc-2015Q1:1.4.0.14 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.12 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.10 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.8 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.6 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.4 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.2 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.3.0.8 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.6 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.2.0.14 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.12 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.10 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.8 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.6 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.4 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.2 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.1.0.32 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.30 pkgsrc-2008Q1:1.1.0.28 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.26 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.24 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.22 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.20 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.18 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.16 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.14 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.12 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.10 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.8 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2 pkgsrc-2004Q4-base:1.1; locks; strict; comment @# @; 1.5 date 2015.04.13.10.03.21; author hannken; state dead; branches; next 1.4; commitid IuL2k6RpvzO8Kphy; 1.4 date 2013.08.16.08.30.20; author hannken; state Exp; branches 1.4.14.1; next 1.3; commitid tgZhVYY2a0TKFE1x; 1.3 date 2010.02.26.09.27.43; author hannken; state dead; branches 1.3.8.1; next 1.2; 1.2 date 2008.08.12.16.37.32; author sborrill; state Exp; branches 1.2.14.1; next 1.1; 1.1 date 2004.11.30.11.26.59; author hannken; state Exp; branches 1.1.32.1; next ; 1.4.14.1 date 2015.04.15.21.13.51; author tron; state dead; branches; next ; commitid AW5RGtmDJRqroJhy; 1.3.8.1 date 2013.08.21.12.59.44; author tron; state Exp; branches; next ; commitid kWsWzSH6WV8F0k2x; 1.2.14.1 date 2010.03.07.00.10.17; author tron; state dead; branches; next ; 1.1.32.1 date 2008.08.14.08.19.29; author rtr; state Exp; branches; next ; desc @@ 1.5 log @Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @$NetBSD: patch-ag,v 1.4 2013/08/16 08:30:20 hannken Exp $ The ctype functions work on integers. --- getdate.c.orig 2013-08-08 13:58:07.000000000 +0000 +++ getdate.c @@@@ -2547,7 +2547,7 @@@@ LookupWord (buff) /* Make it lowercase. */ for (p = buff; *p; p++) if (ISUPPER ((unsigned char) *p)) - *p = tolower (*p); + *p = tolower ((unsigned char)(*p)); if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0) { @ 1.4 log @Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ @ 1.4.14.1 log @Pullup ticket #4660 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.30 - net/chrony/distinfo 1.10 - net/chrony/patches/patch-Makefile.in 1.1 - net/chrony/patches/patch-aa deleted - net/chrony/patches/patch-ab deleted - net/chrony/patches/patch-ac deleted - net/chrony/patches/patch-ad deleted - net/chrony/patches/patch-ae deleted - net/chrony/patches/patch-af deleted - net/chrony/patches/patch-ag deleted - net/chrony/patches/patch-conf.c 1.1 - net/chrony/patches/patch-examples_chrony.conf.example 1.1 - net/chrony/patches/patch-examples_chrony.keys.example 1.1 - net/chrony/patches/patch-ntp__io.c 1.2 --- Module Name: pkgsrc Committed By: hannken Date: Mon Apr 13 10:03:21 UTC 2015 Modified Files: pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-ntp__io.c Added Files: pkgsrc/net/chrony/patches: patch-Makefile.in patch-conf.c patch-examples_chrony.conf.example patch-examples_chrony.keys.example Removed Files: pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Update chrony to version 1.31.1. For a full list of changes since 1.29 see file NEWS in the distfile. Security fixes since 1.29: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) * Protect authenticated symmetric NTP associations against DoS attacks (CVE-2015-1799) * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) * Fix initialization of reply slots for authenticated commands (CVE-2015-1822) @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.4 2013/08/16 08:30:20 hannken Exp $ @ 1.3 log @Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.2 2008/08/12 16:37:32 sborrill Exp $ d3 10 a12 18 --- sys_netbsd.c.orig 2007-12-02 14:53:09.000000000 +0000 +++ sys_netbsd.c 2008-08-12 17:26:28.000000000 +0100 @@@@ -285,7 +285,7 @@@@ kvm_t *kt; FILE *fp; - kt = kvm_open(NULL, NULL, NULL, O_RDWR, NULL); + kt = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); if (!kt) { CROAK("Cannot open kvm\n"); } @@@@ -299,7 +299,7 @@@@ } if (kvm_read(kt, nl[1].n_value, (char *)(&kern_bigadj), sizeof(long)) < 0) { - CROAK("Cannot read from _bigadj\n"); + kern_bigadj = 1000000; } d14 2 a15 1 kvm_close(kt); @ 1.3.8.1 log @Pullup ticket #4215 - requested by hannken net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.29 - net/chrony/PLIST 1.5 - net/chrony/distinfo 1.8 - net/chrony/files/chronyd.sh 1.5 - net/chrony/patches/patch-aa 1.5 - net/chrony/patches/patch-ab 1.5 - net/chrony/patches/patch-ac 1.5 - net/chrony/patches/patch-ad 1.4 - net/chrony/patches/patch-ae 1.5 - net/chrony/patches/patch-af 1.4 - net/chrony/patches/patch-ag 1.4 --- Module Name: pkgsrc Committed By: hannken Date: Fri Aug 16 08:30:20 UTC 2013 Modified Files: pkgsrc/net/chrony: Makefile PLIST distinfo pkgsrc/net/chrony/files: chronyd.sh pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Added Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD$ d3 18 a20 10 The ctype functions work on integers. --- getdate.c.orig 2013-08-08 13:58:07.000000000 +0000 +++ getdate.c @@@@ -2547,7 +2547,7 @@@@ LookupWord (buff) /* Make it lowercase. */ for (p = buff; *p; p++) if (ISUPPER ((unsigned char) *p)) - *p = tolower (*p); + *p = tolower ((unsigned char)(*p)); d22 1 a22 2 if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0) { @ 1.2 log @Update to 1.23 and fix coredump on NetBSD 4.0 and later. The changes in version 1.23 are * Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD * Fix serious sign-extension error in handling IP addresses * RTC support can be excluded at compile time * Make sources gcc-4 compatible * Fix various compiler warnings * Handle fluctuations in peer distance better. * Fixed handling of stratum zero. * Fix various problems for 64-bit systems * Flush chronyc output streams after each command, to allow it to be driven through pipes * Manpage improvements The changes in version 1.21 are * Don't include Linux kernel header files any longer : allows chrony to compile on recent distros. * Stop trying to use RTC if continuous streams of error messages would occur (Linux with HPET). @ text @d1 1 a1 1 $NetBSD$ @ 1.2.14.1 log @Pullup ticket #3041 - requested by hannken chrony: security update Revisions pulled up: - net/chrony/Makefile 1.26 - net/chrony/distinfo 1.7 - net/chrony/patches/patch-aa 1.4 - net/chrony/patches/patch-ab 1.4 - net/chrony/patches/patch-ac 1.4 - net/chrony/patches/patch-ad 1.3 - net/chrony/patches/patch-ae 1.4 - net/chrony/patches/patch-ag delete --- Module Name: pkgsrc Committed By: hannken Date: Fri Feb 26 09:27:43 UTC 2010 Modified Files: pkgsrc/doc: TODO pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Removed Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update to 1.24. The changes in version 1.24 are Security fixes -------------- * Don't reply to invalid cmdmon packets (CVE-2010-0292) * Limit client log memory size (CVE-2010-0293) * Limit rate of syslog messages (CVE-2010-0294) Bug fixes/Enhancements ---------------------- * Support for reference clocks (SHM, SOCK, PPS drivers) * IPv6 support * Linux capabilities support (to drop root privileges) * Memory locking support on Linux * Real-time scheduler support on Linux * Leap second support on Linux * Support for editline library * Support for new Linux readonly adjtime * NTP client support for KoD RATE * Read kernel timestamps for received NTP packets * Reply to NTP requests with correct address on multihomed hosts * Retry name resolving after temporary failure * Fix makestep command, make it available on all systems * Add makestep directive for automatic clock stepping * Don't require _bigadj kernel symbol on NetBSD * Avoid blocking read in Linux RTC driver * Support for Linux on S/390 and PowerPC * Fix various bugs on 64-bit systems * Fix valgrind errors and compiler warnings * Improve configure to support common options and variables * Improve status checking and printing in chronyc * Return non-zero exit code on errors in chronyc * Reduce request timeout in chronyc * Print estimated offset in sourcestats * Changed chronyc protocol, incompatible with older versions Reviewed by: Joerg Sonnenberger @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.2 2008/08/12 16:37:32 sborrill Exp $ @ 1.1 log @Update to version 1.20 - Many small tidy-ups and security improvements. - Merge support for 64bit architectures. - Generate more informative syslog messages before exiting on failed assertions. - Fix bugs in clamping code for the tick value used when slewing a large offset. @ text @d3 3 a5 3 --- sys_netbsd.c.orig 2002-02-17 23:13:49.000000000 +0100 +++ sys_netbsd.c @@@@ -285,7 +285,7 @@@@ SYS_NetBSD_Initialise(void) d14 9 @ 1.1.32.1 log @pullup ticket #2483 - requested by sborrill chrony: update package for fixes revisions pulled up: pkgsrc/net/chrony/Makefile 1.24 pkgsrc/net/chrony/distinfo 1.6 pkgsrc/net/chrony/patches/patch-ag 1.2 pkgsrc/net/chrony/patches/patch-ah 0 Module Name: pkgsrc Committed By: sborrill Date: Tue Aug 12 16:37:32 UTC 2008 Modified Files: pkgsrc/net/chrony: Makefile distinfo pkgsrc/net/chrony/patches: patch-ag Removed Files: pkgsrc/net/chrony/patches: patch-ah Log Message: Update to 1.23 and fix coredump on NetBSD 4.0 and later. The changes in version 1.23 are * Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD * Fix serious sign-extension error in handling IP addresses * RTC support can be excluded at compile time * Make sources gcc-4 compatible * Fix various compiler warnings * Handle fluctuations in peer distance better. * Fixed handling of stratum zero. * Fix various problems for 64-bit systems * Flush chronyc output streams after each command, to allow it to be driven through pipes * Manpage improvements The changes in version 1.21 are * Don't include Linux kernel header files any longer : allows chrony to compile on recent distros. * Stop trying to use RTC if continuous streams of error messages would occur (Linux with HPET). @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.1 2004/11/30 11:26:59 hannken Exp $ d3 3 a5 3 --- sys_netbsd.c.orig 2007-12-02 14:53:09.000000000 +0000 +++ sys_netbsd.c 2008-08-12 17:26:28.000000000 +0100 @@@@ -285,7 +285,7 @@@@ a13 9 @@@@ -299,7 +299,7 @@@@ } if (kvm_read(kt, nl[1].n_value, (char *)(&kern_bigadj), sizeof(long)) < 0) { - CROAK("Cannot read from _bigadj\n"); + kern_bigadj = 1000000; } kvm_close(kt); @