Update to 6.8p1. This is a large catch-up release.

Configuration changes:
* Servers can be marked as "trusted" to skip constraints processing.
* The -s and -S options are no-ops and will be removed in the future.

http://www.openntpd.org/txt/release-6.8p1.txt

8 files changed, 14 insertions, 233 deletions

diff --git a/net/openntpd/Makefile b/net/openntpd/Makefile
index 43799a095813..aba1313bda28 100644
--- a/net/openntpd/Makefile
+++ b/net/openntpd/Makefile
@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	openntpd
-PORTVERSION=	6.2p3
-PORTREVISION=	8
+PORTVERSION=	6.8p1
 PORTEPOCH=	2
 CATEGORIES=	net
 MASTER_SITES=	OPENBSD/OpenNTPD
diff --git a/net/openntpd/distinfo b/net/openntpd/distinfo
index 337c298dc52e..dcbc144420fd 100644
--- a/net/openntpd/distinfo
+++ b/net/openntpd/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1510519480
-SHA256 (openntpd-6.2p3.tar.gz) = 7b02691524197e01ba6b1b4b7595b33956e657ba6d5c4cf2fc20ea3f4914c13a
-SIZE (openntpd-6.2p3.tar.gz) = 447586
+TIMESTAMP = 1607439518
+SHA256 (openntpd-6.8p1.tar.gz) = 8582db838a399153d4a17f2a76518b638cc3020f58028575bf54127518f55a46
+SIZE (openntpd-6.8p1.tar.gz) = 443997
diff --git a/net/openntpd/files/patch-src_client.c b/net/openntpd/files/patch-src_client.c
deleted file mode 100644
index c8deecae0e25..000000000000
--- a/net/openntpd/files/patch-src_client.c
+++ /dev/null
@@ -1,92 +0,0 @@
---- src/client.c.orig	2017-10-30 08:57:40 UTC
-+++ src/client.c
-@@ -1,4 +1,4 @@
--/*	$OpenBSD: client.c,v 1.105 2017/05/30 23:30:48 benno Exp $ */
-+/*	$OpenBSD: client.c,v 1.114 2020/09/11 07:09:41 otto Exp $ */
- 
- /*
-  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
-@@ -215,6 +215,12 @@ client_query(struct ntp_peer *p)
- 	return (0);
- }
- 
-+
-+/*
-+ * -1: Not processed, not an NTP message (e.g. icmp induced  ECONNREFUSED)
-+ *  0: Not prrocessed due to validation issues
-+ *  1: NTP message validated and processed
-+ */
- int
- client_dispatch(struct ntp_peer *p, u_int8_t settime)
- {
-@@ -231,7 +237,7 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
- 	struct cmsghdr		*cmsg;
- #endif
- 	ssize_t			 size;
--	double			 T1, T2, T3, T4;
-+	double			 T1, T2, T3, T4, offset, delay;
- 	time_t			 interval;
- 
- 	memset(&somsg, 0, sizeof(somsg));
-@@ -249,7 +255,7 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
- 		    errno == ENOPROTOOPT || errno == ENOENT) {
- 			client_log_error(p, "recvmsg", errno);
- 			set_next(p, error_interval());
--			return (0);
-+			return (-1);
- 		} else
- 			fatal("recvfrom");
- 	}
-@@ -391,14 +397,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
- 	} else
- 		p->reply[p->shift].status.send_refid = msg.xmttime.fractionl;
- 
--	if (p->trustlevel < TRUSTLEVEL_PATHETIC)
--		interval = scale_interval(INTERVAL_QUERY_PATHETIC);
--	else if (p->trustlevel < TRUSTLEVEL_AGGRESSIVE)
--		interval = scale_interval(INTERVAL_QUERY_AGGRESSIVE);
--	else
--		interval = scale_interval(INTERVAL_QUERY_NORMAL);
--
--	set_next(p, interval);
- 	p->state = STATE_REPLY_RECEIVED;
- 
- 	/* every received reply which we do not discard increases trust */
-@@ -410,20 +408,32 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
- 		p->trustlevel++;
- 	}
- 
-+	offset = p->reply[p->shift].offset;
-+	delay = p->reply[p->shift].delay;
-+
-+	client_update(p);
-+	if (settime)
-+		priv_settime(p->reply[p->shift].offset);
-+
-+	if (p->trustlevel < TRUSTLEVEL_PATHETIC)
-+		interval = scale_interval(INTERVAL_QUERY_PATHETIC);
-+	else if (p->trustlevel < TRUSTLEVEL_AGGRESSIVE)
-+		interval = scale_interval(INTERVAL_QUERY_AGGRESSIVE);
-+	else
-+		interval = scale_interval(INTERVAL_QUERY_NORMAL);
-+
- 	log_debug("reply from %s: offset %f delay %f, "
- 	    "next query %llds",
- 	    log_sockaddr((struct sockaddr *)&p->addr->ss),
--	    p->reply[p->shift].offset, p->reply[p->shift].delay,
-+	    offset, delay,
- 	    (long long)interval);
- 
--	client_update(p);
--	if (settime)
--		priv_settime(p->reply[p->shift].offset);
-+	set_next(p, interval);
- 
- 	if (++p->shift >= OFFSET_ARRAY_SIZE)
- 		p->shift = 0;
- 
--	return (0);
-+	return (1);
- }
- 
- int
diff --git a/net/openntpd/files/patch-src_ntp.c b/net/openntpd/files/patch-src_ntp.c
deleted file mode 100644
index dcbcbbd65cf7..000000000000
--- a/net/openntpd/files/patch-src_ntp.c
+++ /dev/null
@@ -1,93 +0,0 @@
---- src/ntp.c.orig	2017-06-19 13:23:10 UTC
-+++ src/ntp.c
-@@ -1,4 +1,4 @@
--/*	$OpenBSD: ntp.c,v 1.146 2017/05/30 23:30:48 benno Exp $ */
-+/*	$OpenBSD: ntp.c,v 1.167 2020/09/11 07:09:41 otto Exp $ */
- 
- /*
-  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
-@@ -42,7 +42,7 @@
- 
- volatile sig_atomic_t	 ntp_quit = 0;
- struct imsgbuf		*ibuf_main;
--struct imsgbuf		*ibuf_dns;
-+static struct imsgbuf	*ibuf_dns;
- struct ntpd_conf	*conf;
- struct ctl_conns	 ctl_conns;
- u_int			 peer_cnt;
-@@ -87,6 +87,7 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, i
- 	struct stat		 stb;
- 	struct ctl_conn		*cc;
- 	time_t			 nextaction, last_sensor_scan = 0, now;
-+	time_t			 last_action = 0, interval;
- 	void			*newp;
- 
- 	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC,
-@@ -395,11 +396,28 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, i
- 
- 		for (; nfds > 0 && j < idx_clients; j++) {
- 			if (pfd[j].revents & (POLLIN|POLLERR)) {
-+				struct ntp_peer *pp = idx2peer[j - idx_peers];
-+
- 				nfds--;
--				if (client_dispatch(idx2peer[j - idx_peers],
--				    conf->settime) == -1) {
--					log_warn("pipe write error (settime)");
--					ntp_quit = 1;
-+				switch (client_dispatch(pp, conf->settime)) {
-+				case -1:
-+					log_debug("no reply from %s "
-+					    "received", log_sockaddr(
-+					    (struct sockaddr *) &pp->addr->ss));
-+					if (pp->trustlevel >=
-+					    TRUSTLEVEL_BADPEER &&
-+					    (pp->trustlevel /= 2) <
-+					    TRUSTLEVEL_BADPEER)
-+						log_info("peer %s now invalid",
-+						    log_sockaddr(
-+						    (struct sockaddr *)
-+						    &pp->addr->ss));
-+					break;
-+				case 0: /* invalid replies are ignored */
-+					break;
-+				case 1:
-+					last_action = now;
-+					break;
- 				}
- 			}
- 		}
-@@ -411,9 +429,24 @@ ntp_main(struct ntpd_conf *nconf, struct passwd *pw, i
- 		for (s = TAILQ_FIRST(&conf->ntp_sensors); s != NULL;
- 		    s = next_s) {
- 			next_s = TAILQ_NEXT(s, entry);
--			if (s->next <= getmonotime())
-+			if (s->next <= now) {
-+				last_action = now;
- 				sensor_query(s);
-+			}
- 		}
-+
-+		/*
-+		 * Compute maximum of scale_interval(INTERVAL_QUERY_NORMAL),
-+		 * if we did not process a time message for three times that
-+		 * interval, stop advertising we're synced.
-+		 */
-+		interval = INTERVAL_QUERY_NORMAL * conf->scale;
-+		interval += SCALE_INTERVAL(interval) - 1;
-+		if (conf->status.synced && last_action + 3 * interval < now) {
-+			log_info("clock is now unsynced due to lack of replies");
-+			conf->status.synced = 0;
-+			conf->scale = 1;
-+		}
- 	}
- 
- 	msgbuf_write(&ibuf_main->w);
-@@ -760,7 +793,7 @@ scale_interval(time_t requested)
- 	time_t interval, r;
- 
- 	interval = requested * conf->scale;
--	r = arc4random_uniform(MAXIMUM(5, interval / 10));
-+	r = arc4random_uniform(SCALE_INTERVAL(interval));
- 	return (interval + r);
- }
- 
diff --git a/net/openntpd/files/patch-src_ntp__dns.c b/net/openntpd/files/patch-src_ntp__dns.c
deleted file mode 100644
index 9b3f7d770055..000000000000
--- a/net/openntpd/files/patch-src_ntp__dns.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/ntp_dns.c.orig	2017-06-19 13:23:10 UTC
-+++ src/ntp_dns.c
-@@ -33,7 +33,7 @@
- #include "ntpd.h"
- 
- volatile sig_atomic_t	 quit_dns = 0;
--struct imsgbuf		*ibuf_dns;
-+static struct imsgbuf	*ibuf_dns;
- 
- void	sighdlr_dns(int);
- int	dns_dispatch_imsg(void);
diff --git a/net/openntpd/files/patch-src_ntpd.conf.5 b/net/openntpd/files/patch-src_ntpd.conf.5
index 50c3133823b3..18e68a470117 100644
--- a/net/openntpd/files/patch-src_ntpd.conf.5
+++ b/net/openntpd/files/patch-src_ntpd.conf.5
@@ -1,13 +1,18 @@
---- src/ntpd.conf.5.orig	2017-10-30 08:57:40 UTC
+--- src/ntpd.conf.5.orig	2020-12-07 08:20:35 UTC
 +++ src/ntpd.conf.5
-@@ -232,8 +232,8 @@ constraints from "https://www.google.com/"
+@@ -258,13 +258,11 @@ constraints from "https://www.google.com/"
  .Ed
  .El
  .Sh FILES
--.Bl -tag -width "/etc/ntpd.confXXX" -compact
+-.Bl -tag -width /etc/examples/ntpd.conf -compact
 -.It Pa /etc/ntpd.conf
 +.Bl -tag -width "%%PREFIX%%/etc/ntpd.confXXX" -compact
 +.It Pa %%PREFIX%%/etc/ntpd.conf
- default
+ Default
  .Xr ntpd 8
- configuration file
+ configuration file.
+-.It Pa /etc/examples/ntpd.conf
+-Example configuration file.
+ .El
+ .Sh SEE ALSO
+ .Xr ntpctl 8 ,
diff --git a/net/openntpd/files/patch-src_ntpd.h b/net/openntpd/files/patch-src_ntpd.h
deleted file mode 100644
index 8e26e4991fcc..000000000000
--- a/net/openntpd/files/patch-src_ntpd.h
+++ /dev/null
@@ -1,17 +0,0 @@
---- src/ntpd.h.orig	2017-10-30 08:57:40 UTC
-+++ src/ntpd.h
-@@ -1,4 +1,4 @@
--/*	$OpenBSD: ntpd.h,v 1.135 2017/05/30 23:30:48 benno Exp $ */
-+/*	$OpenBSD: ntpd.h,v 1.150 2020/08/30 16:21:29 otto Exp $ */
- 
- /*
-  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
-@@ -341,6 +341,8 @@ time_t	 scale_interval(time_t);
- time_t	 error_interval(void);
- extern struct ntpd_conf *conf;
- extern struct ctl_conns  ctl_conns;
-+
-+#define  SCALE_INTERVAL(x)	 MAXIMUM(5, (x) / 10)
- 
- /* parse.y */
- int	 parse_config(const char *, struct ntpd_conf *);
diff --git a/net/openntpd/files/patch-src_parse.y b/net/openntpd/files/patch-src_parse.y
deleted file mode 100644
index 79da2ead2f49..000000000000
--- a/net/openntpd/files/patch-src_parse.y
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/parse.y.orig	2020-08-23 20:10:30 UTC
-+++ src/parse.y
-@@ -57,7 +57,6 @@ int		 lgetc(int);
- int		 lungetc(int);
- int		 findeol(void);
- 
--struct ntpd_conf		*conf;
- struct sockaddr_in		 query_addr4;
- struct sockaddr_in6		 query_addr6;
-