head 1.2; access; symbols pkgsrc-2016Q1:1.1.0.6 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @.\" @; 1.2 date 2016.05.14.14.55.34; author bsiegert; state dead; branches; next 1.1; commitid UC7tTbLEWPz1Bs6z; 1.1 date 2015.07.03.12.31.12; author wiz; state Exp; branches; next ; commitid wWonw78y58WBXPry; desc @@ 1.2 log @Update openntpd to 5.9p1, from Paul B. Henson in PR pkg/51092. Changes since OpenNTPD 5.7p4 ============================ * When a single "constraint" is specified, try all returned addresses until one succeeds, rather than the first returned address. * Relaxed the constraint error margin to be proportional to the number of NTP peers, avoid constant reconnections when there is a bad NTP peer. * Removed disabled hotplug sensor support. * Added support for detecting crashes in constraint subprocesses. * Moved the execution of constraints from the ntp process to the parent process, allowing for better privilege separation since the ntp process can be further restricted. * Added pledge(2) support. * Updated to require LibreSSL 2.3.2 or greater. * Fixed high CPU usage when the network is down. * Fixed various memory leaks. * Switched to RMS for jitter calculations. * Unified logging functions with other OpenBSD base programs. OpenNTPD portable-specific changes: * Added support for syncing time with the Realtime Clock (RTC) on OSes that require it. * CFLAGS is no longer overridden by the build system. * FreeBSD RTABLE support is disabled * FreeBSD is no longer linked with -lmd to avoid hash function collisions, causing failures in constraint certificate loading. * Fixed crashes due to __progname being used before initialized. * Added Solaris 10 compatibility. * Added --disable-https-constraint build option for explicitly disabling constraint support. * Synced build system files with LibreSSL Note that HTTPS TLS constraints are currently disabled in pkgsrc pending evaluation of how best to deal with libressl. @ text @$NetBSD: patch-src_ntpd.conf.5,v 1.1 2015/07/03 12:31:12 wiz Exp $ Abort if configuration specifies tls constraints and ntpd not compiled with tls support; accepted upstream. --- src/ntpd.conf.5.orig 2015-03-25 01:18:56.000000000 +0000 +++ src/ntpd.conf.5 @@@@ -192,8 +192,11 @@@@ thereby reducing the impact of unauthent .Sq Man-In-The-Middle attacks. Received NTP packets with time information falling outside of a range -near the constraint will be discarded and such NTP servers -will be marked as invalid. +near the constraint will be discarded and such NTP servers will be marked as +invalid. Contraints are only available if +.Xr ntpd 8 +has been compiled with libtls support. Configuring a constraint without libtls +support will result in a fatal error. .Bl -tag -width Ds .It Ic constraint from Ar url Specify the URL, IP address or the hostname of an HTTPS server to @ 1.1 log @Update to 5.7p4, provided by Paul B. Henson in PR 49930: Changes since OpenNTPD 5.7p3 ============================ * Added support for using HTTPS time constraints to validate NTP responses. * Workaround a bug in the Solaris adjtime call that caused the olddelta to never reach 0, leading to continual sync/unsync messages from ntpd. * Workaround an overflow on systems with 32-bit time_t. This can result in a failure to set the time if the initial clock is set later than early 2036. Systems with a 32-bit time_t should upgrade well in advance of this date, but today this helps with systems that boot with an invalid initial time. Note:the HTTPS time constraints feature is not currently available in pkgsrc due to the lack of libtls. @ text @d1 1 a1 1 $NetBSD$ @