summaryrefslogtreecommitdiff
path: root/net/ntp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* net/ntp: Restore previous behaviourCy Schubert2022-02-182-16/+40
| | | | | | | | | | | | | | | | | | | | | | | | Restore ntp to prior to the ASLR mitigations applied. When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd would segfault due to insufficient stack. This was because stack gap was not taken into account by applications requesting stack and/or memory limits. (BTW, this problem also affected firefox and thunderbird.) This subsequently caused disabling of rlimit memlock, which could not be avoided under the previous implementation of ASLR: Cannot set RLIMIT_MEMLOCK: Operation not permitted Since then a number of improvments to ASLR stack gap implementation have rendered the mitigations unnecessary. The mitigations initially developed here at FreeBSD were subsequently upstreamed (noticed by the folks at nwtime.org and automatically upstreamed). The mitigations have been reversed in the base system. This patch reverses the ASLR mitigations in the port as well. PR: 262031 Reported by: p5B2E9A8F@t-online.de
* net/ntp: Fix build on older FreeBSDCy Schubert2022-01-261-3/+5
| | | | | | | | Fix stackgap build on older FreeBSD. PR: 261491 Reported by: tomasz.sowinski@nucleus.malbork.pl MFH: 2022Q1
* net/ntp: Fix stable/12 buildCy Schubert2022-01-191-2/+2
| | | | | | | | There should be no minimum to 1300524. Reported by: Scott Allendorf <scott-allendorf@uiowa.edu> Fixes: a6e356e8f50f92acbdec6156c068e768d1835591 MFH: 2022Q1
* net/ntp: Reverse "Disable ntpd stack gap" for stable/13Cy Schubert2022-01-192-5/+7
| | | | | | | As stack gap mitigations have been MFCed to stable/13, reverse "Disable ntpd stack gap" for __FreeBSD_version < 1300524 too. MFH: 2022Q1
* net/ntp: Use __FreeBSD_version < 1400038Cy Schubert2021-10-182-2/+2
| | | | | | | __FreeBSD_version < 1400038 is more appropriate as it follows the commit to resolve setrlimit(2) segfaults. MFH: 2021Q4
* net/ntp: Implement 8dc43f07dc6 only for 14-CURRENT for nowCy Schubert2021-10-162-31/+12
| | | | | | | | Only Reverse "Disable ntpd stack gap" for __FreeBSD_version < 1400037 for now until the next __FreeBSD_version bump. Reported by: kevans MFH: 2021Q4
* net/ntp: Reverse "Disable ntpd stack gap"Cy Schubert2021-10-152-0/+40
| | | | | | | | | | | | 120137c822c9697c19cf94461f436f8ccc372d24 (svn r517694) disabled ntpd ASLR stack gap, which caused ntpd to segfault. (The patch in 120137c822c9697c19cf94461f436f8ccc372d24 was subsequently submitted to nwtime.org for inclusion into upstream ntp.) src commit 889b56c8cd84c9a9f2d9e3b019c154d6f14d9021 addressed the underlying cause for the setrlimit segfault negating the need for this workaround. This commit removes the workaround. MFH: 2021Q4 (after a month)
* net/ntp: Fix stage when devel/bitkeeper is installedCy Schubert2021-10-151-0/+20
| | | | | | | | | | | | NTP is developed using the bitkeeper VCS. checkHtmlFileDates, uses bitkeeper metadata to alter dates in html files. This results in a bunch of *.old files installed in ${STAGEDIR}. As the distribution tarball contains no bitkeeper metadata, no dates are updated at the cost of failed build. This patch teaches scripts/build/checkHtmlFileDates to act as if bitkeeper is not installed regardless of bitkeeper's installatikon status. MFH: 2021Q4
* Remove # $FreeBSD$ from Makefiles.Mathieu Arnold2021-04-062-3/+0
|
* Update 4.2.8p14 --> 4.2.8p15Cy Schubert2020-06-244-30/+4
| | | | | | | | | | | Summary: Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby the CMAC data structure was no longer completely removed. MFH: 2020Q3 Security: NTP Bug 3661
* net/ntpsec: Add CONFLICTS between net/{ntp,ntp-devel,openntpd,ntpsec} ↵Yuri Victorovich2020-05-191-1/+1
| | | | | | | | | | because they all install sbin/ntpd Also remove -* for versions because this isn't needed. PR: 246553 Reported by: naddy Approved by: portmgr (port compliance, infrastructure)
* ntpd: fix build with -fno-commonCy Schubert2020-04-072-0/+26
| | | | | | | | | | Only a small nit here: psl should be declared extern and defined exactly once. -fno-common will become the default in GCC10/LLVM11. Obtained from: src r359676 (kevans) MFH: 2020Q2
* Update ntp-4.2.8p13 --> 4.2.8p14.Cy Schubert2020-03-045-68/+8
| | | | | | | | | | | | | The advisory can be found at: http://support.ntp.org/bin/view/Main/SecurityNotice#\ March_2020_ntp_4_2_8p14_NTP_Rele No CVEs have been documented yet. MFH: 2020Q2 Security: http://support.ntp.org/bin/view/Main/NtpBug3610 http://support.ntp.org/bin/view/Main/NtpBug3596 http://support.ntp.org/bin/view/Main/NtpBug3592
* Chase r512433, (also chasing src r355388) document that rlimit memlockCy Schubert2019-12-043-9/+30
| | | | is disabled by default.
* Disable ntpd stack gap. When ASLR with STACK GAP != 0 ntpd suffers SIGSEGV.Cy Schubert2019-11-152-3/+40
| | | | | | | | | PR: 241421, 241960 Reported by: Vladimir Zakharov <zakharov.vv@gmail.com>, dewayne@heuristicsystems.com.au Reviewed by: kib, imp (previous version), ian (suggestion) MFH: 2019Q4 Differential Revision: https://reviews.freebsd.org/D22358
* patch-ntpd_ntp.c should really be named patch-ntpd_ntpd.c as it patchesCy Schubert2019-10-281-0/+0
| | | | ntpd/ntpd.c.
* Drop the ipv6 virtual category for n* category as it is not relevant anymoreBaptiste Daroussin2019-10-091-1/+1
|
* Chase src r352540:Cy Schubert2019-09-202-1/+12
| | | | | | | | | | Follow up on ports r511987 (base r352304) which disabled default mlockall() at startup. Unfortunately though the original tarball supports this in ./configure (for Linux), to fully support disabling of mlockall() by default requires a little extra help otherwise the following is logged in syslog: Cannot set RLIMIT_MEMLOCK: Operation not permitted
* Chase base r352518:Cy Schubert2019-09-191-1/+4
| | | | | | | Reduce calls to close(2) at startup through the use of closefrom(2). Submitted by: pawel.biernacki@gmail.com (based on) Obtained from: base r352518
* Sync with base r352304, no longer locking ntpd in memory. Users whoCy Schubert2019-09-132-2/+14
| | | | | | | | | | wish to restore historic BSD behaviour can add the following to ntp.conf: rlimit memlock 32 Discussed on: freebsd-current@ between Sept 6-9, 2019 Mentioned in Differential Revision: https://reviews.freebsd.org/D21581
* TrustedBSD-MAC has been accepted upstream.Cy Schubert2019-09-101-1/+0
|
* Convert to UCL & cleanup pkg-message (categories n)Mathieu Arnold2019-08-141-0/+6
| | | | (and missed 3 missed files from previous categories.)
* devel/libevent2: update to 2.1.11Jan Beich2019-08-021-0/+1
| | | | | | | | | | Changes: https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable ABI: https://abi-laboratory.pro/tracker/timeline/libevent/ PR: 239599 Reported by: GitHub (watch releases) Approved by: zeising (maintainer) MFH: 2019Q3 (maybe security, partially restores 2.1.8 ABI) Differential Revision: https://reviews.freebsd.org/D21133
* 4.2.8p12 --> 4.2.8p13Cy Schubert2019-03-073-13/+12
|
* Fix build on armv6.Cy Schubert2018-10-161-1/+2
| | | | | Submitted by: garga@ MFH: 2018Q4
* Also tell people how to enable ntpd and ntpdate from ports usingCy Schubert2018-09-062-3/+7
| | | | | | | | | | sysrc. mat@ suggested this however as I'm not enamoured with sysrc, it has been added as annother approach to add/edit rc.conf variables. Reported by: mat@ MFH: 2018Q3
* Fix a typo.Cy Schubert2018-09-032-2/+2
| | | | | Reported by: Herbert J. Skuhra <herbert@gojira.at> MFH: 2018Q3
* Add a package message instructing the user how to use ports ntpCy Schubert2018-08-312-0/+10
| | | | | | | instead of base ntp. Reported by: adamw MFH: 2018Q3
* Update 4.2.8p11 --> 4.2.8p12Cy Schubert2018-08-214-82/+4
| | | | MFH: 2018Q3
* Add TrustedBSD MAC(4) support to ntpd.Ian Lepore2018-07-233-2/+80
| | | | | | | | | | | | These changes add support for running ntpd as non-root, and improve support for the --jaildir (chroot) option when running on freebsd. These correspond to the changes made in the base system with r336525. The new patches in this change are exactly what was submitted upstream in https://bugs.ntp.org/show_bug.cgi?id=3509 Approved by: cy@ Differential Revision: https://reviews.freebsd.org/D16396
* www/libwww: Update to 5.4.2, Fix security vulnerabilitiesDanilo G. Baio2018-07-051-0/+1
| | | | | | | | | | | | | | | | | | This a security release for libwww to take into account security advisories CVE-2016-9063 and CVE-2017-9233. In order to take into account current and future expat security advisories, the expat source code was removed from the libwww tree. The makefiles were modified so that libwww dynamically links against the system's expat library. Patches removed were incorporated upstream. Bump PORTREVISION of dependent ports due shlib change. Changes: https://raw.githubusercontent.com/w3c/libwww/5.4.2/ChangeLog MFH: 2018Q3 Security: e375ff3f-7fec-11e8-8088-28d244aee256
* Security update 4.2.8p10 --> 4.2.8p11.Xin LI2018-02-282-5/+4
| | | | MFH: 2018Q1
* Fix RIPENCC TRIMBLE driver compile error.Cy Schubert2018-02-022-1/+39
| | | | PR: 223819
* Register conflict with openntpd.Cy Schubert2017-10-051-1/+1
| | | | Reported by: rodrigo
* r436859 removed a bunch of refclock drivers that were enabled byCy Schubert2017-03-252-55/+43
| | | | | | | | | | | | | | | | | | | | default. (New patch from ian@.) While here ian@ and I discussed the www/libwww libmd5 dependency. It turns out that if the sntp configure script finds libmd5, it uses it. This is now an option to include the dependency. While working on the libmd5 dependency it was discovered that the sntp build requires SSL only if it finds libmd5. This is now an IMPLIES. Thanks to ian@ for the additional patch and for discovering the libmd5 check, pointing me in the right direction to solve the without SSL breakage. PR: 218078 Submitted by: ian@ (default driver options) Discussed with: ian@ (libmd5 dependency)
* Remove autogen dependency added by r426923. This version of ntp noCy Schubert2017-03-241-1/+1
| | | | longer needs it.
* Use CONFIGURE_ENABLE instead of CONFIGURE_ON.Cy Schubert2017-03-241-1/+1
| | | | | | | | | | | | | The current use of CONFIGURE_ON to handle refclock options allows adding a refclock that is off by default, but doesn't allow a user to eliminate refclocks that ntpd includes by default. Using CONFIGURE_ENABLE instead of CONFIGURE_ON will add the proper --disable-REFCLOCKNAME to the args when the user disables default-on options. PR: 218078 Submitted by: ian@
* Update 4.2.8p9 --> 4.2.8p10Cy Schubert2017-03-234-25/+27
|
* Enable DEBUG option which enables debugging code in ntp viaCy Schubert2017-03-152-0/+3
| | | | --enable-debug. This enables -d and -D options within ntpd.
* Correct the specification of ssl. This doesn't fix the brokennessCy Schubert2017-03-151-1/+2
| | | | | of this port when ssl is not specified but corrects the incorrect specification regerdless.
* Remove extraneous arguments and options, which don't make sense forCy Schubert2017-03-082-3/+16
| | | | a file documented in volume 5.
* OpenSSL includes are configured even though option is not selectedCy Schubert2017-02-221-0/+1
| | | | resulting in a build failure.
* Same as r311005 in base, Fix up grammar.Cy Schubert2017-02-222-0/+22
|
* devel/libevent2: drop historical suffix after r362796Jan Beich2017-02-201-2/+2
| | | | | PR: 216777 Approved by: mm (maintainer)
* devel/libevent2: update to 2.1.8 and cleanupJan Beich2017-02-041-1/+1
| | | | | | | | | | | - DEFAULT_VERSIONS += ssl=openssl-devel is now supported - devel/py-event and devel/p5-Event-Lib are marked BROKEN Changes: https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt Changes: https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog PR: 216527 Exp-run by: antoine Approved by: mm (maintainer)
* Cleanup BROKEN/IGNORE for 10.3-Mathieu Arnold2017-01-031-4/+0
| | | | Sponsored by: Absolight
* Fix build with LibreSSL.Cy Schubert2016-12-153-4/+22
| | | | | PR: 215323 Submitted by: naddy
* Flag ntp and ntp-devel ignore if libressl is installed due to md5Cy Schubert2016-12-131-0/+4
| | | | | | symbol conflicts. PR: 215093
* Unbreak Makefile, set up appropriate support for BROKEN.Cy Schubert2016-11-241-5/+7
| | | | As suggested by koobs, describe error in BROKEN=.
* Document that net/ntp does not build under FreeBSD-9.Cy Schubert2016-11-241-0/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 07:22:34 +0000