net/ntp4: update to 4.2.8p14

Updaet ntp4 to 4.2.8p14.

pkgsrc changes:
* Incorporate several changes from NetBSD base.
* few pkglint fixes.


Quote from release announce:

NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03)

Focus: Security, Bug fixes, enhancements.

Severity: MEDIUM

This release fixes three vulnerabilities: a bug that causes causes an ntpd
instance that is explicitly configured to override the default and allow
ntpdc (mode 7) connections to be made to a server to read some uninitialized
memory; fixes the case where an unmonitored ntpd using an unauthenticated
association to its servers may be susceptible to a forged packet DoS attack;
and fixes an attack against a client instance that uses a single
unauthenticated time source.  It also fixes 46 other bugs and addresses
4 other issues.

net/ntp4/Makefile

@@ -1,9 +1,7 @@
-# $NetBSD: Makefile,v 1.103 2020/01/18 21:50:21 jperkin Exp $
+# $NetBSD: Makefile,v 1.104 2020/06/21 15:10:47 taca Exp $
 #
 
-DISTNAME=	ntp-4.2.8p13
-PKGNAME=	${DISTNAME:S/-dev-/-/}
-PKGREVISION=	2
+DISTNAME=	ntp-4.2.8p14
 CATEGORIES=	net time
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/
 
@@ -42,7 +40,7 @@ post-install:
 .include "../../mk/bsd.prefs.mk"
 .include "options.mk"
 
-PLIST_VARS+=	ntpsnmpd ntptime tickadj timetrim
+PLIST_VARS+=	ntptime tickadj timetrim
 
 .if ${OPSYS} == "NetBSD" || ${OPSYS} == "FreeBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "Linux" || ${OPSYS} == "SunOS"
 PLIST.ntptime=		yes

net/ntp4/distinfo

@@ -1,8 +1,41 @@
-$NetBSD: distinfo,v 1.30 2019/03/25 17:19:59 tnn Exp $
+$NetBSD: distinfo,v 1.31 2020/06/21 15:10:47 taca Exp $
 
-SHA1 (ntp-4.2.8p13.tar.gz) = cff200a987d64e891fb349a22313ecb0feaea090
-RMD160 (ntp-4.2.8p13.tar.gz) = 5d85e2a01bafa0bb755ab49e462f6dd7f96ce3d0
-SHA512 (ntp-4.2.8p13.tar.gz) = afbdbb8a37b8f4040a8a6939a3a85ad0350d359c153c297b32b8a013c7b7061fd925fa3e6e103671c5901e169156e22497813c654195ba50f890a7170b2f2075
-Size (ntp-4.2.8p13.tar.gz) = 6949363 bytes
-SHA1 (patch-include-ntp__syscall.h) = b247569339d09a88f2e143e355033ce7635ffe92
+SHA1 (ntp-4.2.8p14.tar.gz) = c6f353278cd5b7c8aa11e1189d3ac80985370b8f
+RMD160 (ntp-4.2.8p14.tar.gz) = c49cb8138678b246661cc1afe68d38f255756a7e
+SHA512 (ntp-4.2.8p14.tar.gz) = b0183b4b2f2c6ea0a49d0aca1fa28a7b5cd21e20696a2f633f5afa37c4ea2c59fa7769af82a55c626db49b9eb5a531608710dc1977c4d518583577ef95940ae8
+Size (ntp-4.2.8p14.tar.gz) = 7007263 bytes
+SHA1 (patch-configure) = cd2b6d9353282b574eea117b4b6e391a39a6267b
+SHA1 (patch-include-ntp__syscall.h) = b0587655e707b9a2e0eb9c937be47fd27e8d5435
+SHA1 (patch-include_ntp__md5.h) = 1bde85704e539ab40133f498409294d071df0cc8
+SHA1 (patch-include_ntp__request.h) = f76caeaaed595d32f249d493571f24410170e7bd
+SHA1 (patch-include_refclock__atom.h) = 72ab4f018356a006c41d041ed064072d99e75bbb
+SHA1 (patch-lib_isc_inet__ntop.c) = 8feef4a19e7762d0739345fa45aecea5b68c834a
+SHA1 (patch-lib_isc_unix_net.c) = abbe0dbc424666ef4c564870a65155cf5d355504
+SHA1 (patch-libntp_ntp__calendar.c) = f7e6a1cd37026a51288825a8a41d6337e0e10d86
+SHA1 (patch-libntp_socktoa.c) = ff469782951666834b753a55993fdd6a2f1f4f74
+SHA1 (patch-libntp_timexsup.c) = 385461d1049611921e19e7c75b94ed2788f7b1b7
+SHA1 (patch-libntp_work__fork.c) = f46501017291a0764db2240e258ae511a55baba7
+SHA1 (patch-ntpd_ntp__config.c) = 5b2107ab8ea5cac590b897b1e6709c47bce5b5d8
+SHA1 (patch-ntpd_ntp__control.c) = 3c6267aa5c36bd1d2e0fa729be86875436812783
+SHA1 (patch-ntpd_ntp__io.c) = 0ad70fe53d3c0f779842fb71ba60b8c2cbb1e456
+SHA1 (patch-ntpd_ntp__keyword.h) = 158f7e93459ea30bbf87830b939a81071fa13eaa
+SHA1 (patch-ntpd_ntp__loopfilter.c) = 381e44622a25351c470dbc7bfaef353e47370d79
+SHA1 (patch-ntpd_ntp__proto.c) = 5e5629cc5b8dc785427bc9b267d0cac6fc7b1b39
+SHA1 (patch-ntpd_ntp__restrict.c) = b659db3d7913a72f3a36c3a33ef47cfaf4545095
+SHA1 (patch-ntpd_refclock__jjy.c) = 592d010d2e19bb47beefdcb3fe5645271e2645bb
+SHA1 (patch-ntpd_refclock__jupiter.c) = bb248d2766cadddacdf9cb56bf9b29cbc538bbcb
+SHA1 (patch-ntpd_refclock__neoclock4x.c) = 66c38ba21572cb8804a39766f3b32d1b65cb0946
+SHA1 (patch-ntpd_refclock__oncore.c) = d93efa11cadc37fd9e600f80f2cbf0280be969c6
+SHA1 (patch-ntpd_refclock__ulink.c) = 55003f758fd71621db60ffad8a1880588098389e
+SHA1 (patch-ntpd_refclock__wwvb.c) = e1a7fc80df6dba9595788a8b8c56729619048ee4
+SHA1 (patch-ntpdate_ntpdate.c) = 17e2534ab7a54e5af16059ca8c02c9995d79d83c
+SHA1 (patch-ntpdc_Makefile.in) = 6afaf915ee8c6b244f94d3733545231e69dfd14d
+SHA1 (patch-ntpq_ntpq.c) = 0776827a712e2f6636b9d322ae7445d184f3709f
+SHA1 (patch-sntp_libevent_build-aux_config.guess) = 5f5fff42d04daef5fcbba2bc09b015fb4489ca59
+SHA1 (patch-sntp_libevent_build-aux_config.sub) = 178e8b39138e49db7702c4bb84fe92550d14a978
+SHA1 (patch-sntp_libopts_autoopts.h) = d4cbaa31df97e04f3637349a3d5eb1addfa847db
+SHA1 (patch-sntp_libopts_enum.c) = 7d6624ed84a6ea6f85b4de4c37480041a7603252
+SHA1 (patch-sntp_libopts_usage.c) = ec77942c98965c13de625b930db3458d5b81d28b
 SHA1 (patch-sntp_loc_pkgsrc) = 6e46ffc0cc2afcfdc1d01297cbe04cb80d103575
+SHA1 (patch-util_ntp-keygen.c) = e66348e2fcf7da4bf9ee35e66e3f891cb436f338
+SHA1 (patch-util_ntptime.c) = 897c3986661a9e655eeb7a7eeb10816996c31301

net/ntp4/options.mk

@@ -1,9 +1,11 @@
-# $NetBSD: options.mk,v 1.3 2016/05/14 08:13:49 bsiegert Exp $
+# $NetBSD: options.mk,v 1.4 2020/06/21 15:10:47 taca Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.ntp4
 PKG_SUPPORTED_OPTIONS=	inet6 snmp
 PKG_SUGGESTED_OPTIONS=
 
+PLIST_VARS+=	ntpsnmpd
+
 .if empty(MISSING_FEATURES:Minet6)
 PKG_SUGGESTED_OPTIONS+=	inet6
 .endif
@@ -19,6 +21,7 @@ CONFIGURE_ARGS+=	--disable-ipv6
 .if !empty(PKG_OPTIONS:Msnmp)
 CONFIGURE_ARGS+=	--with-ntpsnmpd
 PLIST.ntpsnmpd=		yes
+USE_TOOLS+=		perl
 .  include "../../net/net-snmp/buildlink3.mk"
 .else
 CONFIGURE_ARGS+=	--without-ntpsnmpd

net/ntp4/patches/patch-configure

@@ -0,0 +1,15 @@
+$NetBSD: patch-configure,v 1.4 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base; add support for setproctitle(3).
+
+--- configure.orig	2020-03-04 01:40:14.000000000 +0000
++++ configure
+@@ -27148,7 +27148,7 @@ fi
+ done
+ 
+ 
+-for ac_func in fnmatch getbootfile getuid getrusage nanosleep strsignal
++for ac_func in fnmatch getbootfile getuid getrusage nanosleep strsignal setproctitle
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

net/ntp4/patches/patch-include-ntp__syscall.h

@@ -1,4 +1,6 @@
-$NetBSD: patch-include-ntp__syscall.h,v 1.1 2015/10/29 11:23:47 christos Exp $
+$NetBSD: patch-include-ntp__syscall.h,v 1.2 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
 
 --- include/ntp_syscall.h.orig	2011-03-31 10:03:53.000000000 +0000
 +++ include/ntp_syscall.h

net/ntp4/patches/patch-include_ntp__md5.h

@@ -0,0 +1,17 @@
+$NetBSD: patch-include_ntp__md5.h,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- include/ntp_md5.h.orig	2018-08-14 11:51:07.000000000 +0000
++++ include/ntp_md5.h
+@@ -36,8 +36,8 @@
+ # define EVP_md5()			NULL
+ # define EVP_MD_CTX_init(c)
+ # define EVP_MD_CTX_set_flags(c, f)
+-# define EVP_DigestInit(c, dt)		(MD5Init(c), 1)
+-# define EVP_DigestInit_ex(c, dt, i)	(MD5Init(c), 1)
++# define EVP_DigestInit(c, dt)		(MD5Init(c), (dt ? 1 : 1))
++# define EVP_DigestInit_ex(c, dt, i)	(MD5Init(c), (dt ? 1 : 1))
+ # define EVP_DigestUpdate(c, p, s)	MD5Update(c, (const void *)(p), \
+ 						  s)
+ # define EVP_DigestFinal(c, d, pdl)	\

net/ntp4/patches/patch-include_ntp__request.h

@@ -0,0 +1,69 @@
+$NetBSD: patch-include_ntp__request.h,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- include/ntp_request.h.orig	2020-03-03 23:41:29.000000000 +0000
++++ include/ntp_request.h
+@@ -129,6 +129,25 @@ typedef union req_data_u_tag {
+ } req_data_u;				/* struct conf_peer must fit */
+ 
+ /*
++ * Structure for carrying system flags.
++ */
++struct conf_sys_flags {
++	u_int32 flags;
++};
++
++/*
++ * System flags we can set/clear
++ */
++#define	SYS_FLAG_BCLIENT	0x01
++#define	SYS_FLAG_PPS		0x02
++#define SYS_FLAG_NTP		0x04
++#define SYS_FLAG_KERNEL		0x08
++#define SYS_FLAG_MONITOR	0x10
++#define SYS_FLAG_FILEGEN	0x20
++#define SYS_FLAG_AUTH		0x40
++#define SYS_FLAG_CAL		0x80
++
++/*
+  * A request packet.  These are almost a fixed length.
+  */
+ struct req_pkt {
+@@ -226,8 +245,8 @@ struct resp_pkt {
+ 
+ #define	INFO_ERR(err_nitems)	((u_short)((ntohs(err_nitems)>>12)&0xf))
+ #define	INFO_NITEMS(err_nitems)	((u_short)(ntohs(err_nitems)&0xfff))
+-#define	ERR_NITEMS(err, nitems)	(htons((u_short)((((u_short)(err)<<12)&0xf000)\
+-				|((u_short)(nitems)&0xfff))))
++#define _ERR_EN(err)		((u_short)(((err)&0xf)<<12))
++#define	ERR_NITEMS(err, nitems)	((u_short)htons(_ERR_EN(err)|(nitems&0xfff)))
+ 
+ #define	INFO_MBZ(mbz_itemsize)	((ntohs(mbz_itemsize)>>12)&0xf)
+ #define	INFO_ITEMSIZE(mbz_itemsize)	((u_short)(ntohs(mbz_itemsize)&0xfff))
+@@ -629,25 +648,6 @@ struct conf_unpeer {
+ };
+ 
+ /*
+- * Structure for carrying system flags.
+- */
+-struct conf_sys_flags {
+-	u_int32 flags;
+-};
+-
+-/*
+- * System flags we can set/clear
+- */
+-#define	SYS_FLAG_BCLIENT	0x01
+-#define	SYS_FLAG_PPS		0x02
+-#define SYS_FLAG_NTP		0x04
+-#define SYS_FLAG_KERNEL		0x08
+-#define SYS_FLAG_MONITOR	0x10
+-#define SYS_FLAG_FILEGEN	0x20
+-#define SYS_FLAG_AUTH		0x40
+-#define SYS_FLAG_CAL		0x80
+-
+-/*
+  * Structure used for returning restrict entries
+  */
+ struct info_restrict {

net/ntp4/patches/patch-include_refclock__atom.h

@@ -0,0 +1,18 @@
+$NetBSD: patch-include_refclock__atom.h,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- include/refclock_atom.h.orig	2011-10-09 05:08:20.000000000 +0000
++++ include/refclock_atom.h
+@@ -1,8 +1,10 @@
+ /*
+  * Definitions for the atom driver and its friends
+  */
+-#undef NANOSECOND	/* some systems define it differently */
++#ifndef NANOSECOND
+ #define NANOSECOND	1000000000 /* one second (ns) */
++#endif
++#define RANGEGATE	500000  /* range gate (ns) */
+ 
+ struct refclock_atom {
+ 	pps_handle_t handle;

net/ntp4/patches/patch-lib_isc_inet__ntop.c

@@ -0,0 +1,20 @@
+$NetBSD: patch-lib_isc_inet__ntop.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- lib/isc/inet_ntop.c.orig	2015-02-28 09:44:07.000000000 +0000
++++ lib/isc/inet_ntop.c
+@@ -88,11 +88,11 @@ isc_net_ntop(int af, const void *src, ch
+ static const char *
+ inet_ntop4(const unsigned char *src, char *dst, size_t size)
+ {
+-	static const char *fmt = "%u.%u.%u.%u";
++#define	FMT "%u.%u.%u.%u"
+ 	char tmp[sizeof("255.255.255.255")];
+ 	int len;
+ 
+-	len = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
++	len = snprintf(tmp, sizeof(tmp), FMT, src[0], src[1], src[2], src[3]);
+ 	if (len < 0 || (size_t)len >= size)
+ 	{
+ 		errno = ENOSPC;

net/ntp4/patches/patch-lib_isc_unix_net.c

@@ -0,0 +1,20 @@
+$NetBSD: patch-lib_isc_unix_net.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- lib/isc/unix/net.c.orig	2015-02-21 10:33:37.000000000 +0000
++++ lib/isc/unix/net.c
+@@ -104,12 +104,12 @@ const struct in6_addr isc_net_in6addrloo
+ 
+ # if defined(WANT_IPV6)
+ static isc_once_t 	once_ipv6only = ISC_ONCE_INIT;
+-# endif
+ 
+ # if defined(ISC_PLATFORM_HAVEIPV6) && \
+      defined(WANT_IPV6) && defined(ISC_PLATFORM_HAVEIN6PKTINFO)
+ static isc_once_t 	once_ipv6pktinfo = ISC_ONCE_INIT;
+ # endif
++# endif
+ #endif /* ISC_PLATFORM_HAVEIPV6 */
+ 
+ static isc_once_t 	once = ISC_ONCE_INIT;

net/ntp4/patches/patch-libntp_ntp__calendar.c

@@ -0,0 +1,19 @@
+$NetBSD: patch-libntp_ntp__calendar.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- libntp/ntp_calendar.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ libntp/ntp_calendar.c
+@@ -2223,10 +2223,10 @@ ntpcal_iso8601std(
+ 		len = LIB_BUFLENGTH;
+ 	}
+ 	if (len) {
+-		len = snprintf(buf, len, "%04u-%02u-%02uT%02u:%02u:%02u",
++		int slen = snprintf(buf, len, "%04u-%02u-%02uT%02u:%02u:%02u",
+ 			       cdp->year, cdp->month, cdp->monthday,
+ 			       cdp->hour, cdp->minute, cdp->second);
+-		if (len < 0)
++		if (slen < 0)
+ 			*buf = '\0';
+ 	}
+ 	return buf;

net/ntp4/patches/patch-libntp_socktoa.c

@@ -0,0 +1,17 @@
+$NetBSD: patch-libntp_socktoa.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- libntp/socktoa.c.orig	2011-11-03 10:46:37.000000000 +0000
++++ libntp/socktoa.c
+@@ -91,8 +91,8 @@ sockporttoa(
+ 	LIB_GETBUF(buf);
+ 	snprintf(buf, LIB_BUFLENGTH,
+ 		 (IS_IPV6(sock))
+-		     ? "[%s]:%hu"
+-		     : "%s:%hu",
++		     ? "[%s]:%u"
++		     : "%s:%u",
+ 		 atext, SRCPORT(sock));
+ 	errno = saved_errno;
+ 

net/ntp4/patches/patch-libntp_timexsup.c

@@ -0,0 +1,14 @@
+$NetBSD: patch-libntp_timexsup.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- libntp/timexsup.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ libntp/timexsup.c
+@@ -11,6 +11,7 @@
+ #include <math.h>
+ 
+ #ifdef HAVE_SYS_TIMEX_H
++# include <time.h>
+ # include <sys/timex.h>
+ #endif
+ 

net/ntp4/patches/patch-libntp_work__fork.c

@@ -0,0 +1,58 @@
+$NetBSD: patch-libntp_work__fork.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base; add support for setproctitle(3).
+
+--- libntp/work_fork.c.orig	2019-03-09 08:15:34.000000000 +0000
++++ libntp/work_fork.c
+@@ -434,6 +434,32 @@ fork_deferred_worker(void)
+ }
+ #endif
+ 
++#if HAVE_SETPROCTITLE == 0
++static void
++setproctitle(const char *fmt, ...)
++{
++	va_list ap;
++	char b1[128];
++	int argcc, argvlen, l;
++
++	if (saved_argc == 0)
++		return;
++
++	va_start(ap, fmt);
++	vsnprintf(b1, sizeof(b1), fmt, ap);
++	va_end(ap);
++
++	/* Clear argv */
++	for (argvlen = 0, argcc = 0; argcc < saved_argc; argcc++) {
++		l = strlen(saved_argv[argcc]);
++		argvlen += l + 1;
++		memset(saved_argv[argcc], 0, l);
++	}
++	l = snprintf(saved_argv[0], argvlen, "ntpd: %s", b1);
++	for (argcc = 1; argcc < saved_argc; argcc++)
++		saved_argv[argcc] = &saved_argv[0][l];
++}
++#endif
+ 
+ static void
+ fork_blocking_child(
+@@ -545,17 +571,7 @@ fork_blocking_child(
+ 	 * Change the process name of the child to avoid confusion
+ 	 * about ntpd trunning twice.
+ 	 */
+-	if (saved_argc != 0) {
+-		int argcc;
+-		int argvlen = 0;
+-		/* Clear argv */
+-		for (argcc = 0; argcc < saved_argc; argcc++) {
+-			int l = strlen(saved_argv[argcc]);
+-			argvlen += l + 1;
+-			memset(saved_argv[argcc], 0, l);
+-		}
+-		strlcpy(saved_argv[0], "ntpd: asynchronous dns resolver", argvlen);
+-	}
++	setproctitle("asynchronous dns resolver");
+ 
+ 	/*
+ 	 * In the child, close all files except stdin, stdout, stderr,

net/ntp4/patches/patch-ntpd_ntp__config.c

@@ -0,0 +1,58 @@
+$NetBSD: patch-ntpd_ntp__config.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_config.c.orig	2020-03-04 01:38:14.000000000 +0000
++++ ntpd/ntp_config.c
+@@ -2986,7 +2986,7 @@ void
+ attrtopsl(int poll, attr_val *avp)
+ {
+ 
+-	DEBUG_INSIST((poll - 3) < sizeof psl);
++	DEBUG_INSIST((size_t)(poll - 3) < sizeof psl);
+ 	if (poll < 3 || poll > 17) {
+ 		msyslog(LOG_ERR, "attrtopsl(%d, ...): Poll value is out of range - ignoring", poll);
+ 	} else {
+@@ -3836,6 +3836,7 @@ config_fudge(
+ 	address_node *addr_node;
+ 	struct refclockstat clock_stat;
+ 	int err_flag;
++	size_t len;
+ 
+ 	curr_fudge = HEAD_PFIFO(ptree->fudge);
+ 	for (; curr_fudge != NULL; curr_fudge = curr_fudge->link) {
+@@ -3889,9 +3890,13 @@ config_fudge(
+ 
+ 			case T_Refid:
+ 				clock_stat.haveflags |= CLK_HAVEVAL2;
+-				/* strncpy() does exactly what we want here: */
+-				strncpy((char*)&clock_stat.fudgeval2,
+-					curr_opt->value.s, 4);
++				/* avoid using strncpy because gcc warns */
++				len = strlen(curr_opt->value.s);
++				if (len > sizeof(clock_stat.fudgeval2))
++					len = sizeof(clock_stat.fudgeval2);
++				clock_stat.fudgeval2 = 0;
++				memcpy(&clock_stat.fudgeval2,
++				    curr_opt->value.s, len);
+ 				break;
+ 
+ 			case T_Flag1:
+@@ -4998,7 +5003,7 @@ getconfig(
+ 
+ 
+ 	/*** BULK OF THE PARSER ***/
+-#ifdef DEBUG
++#if defined(DEBUG) && defined(YYDEBUG)
+ 	yydebug = !!(debug >= 5);
+ #endif
+ 	yyparse();
+@@ -5461,7 +5466,7 @@ ntp_rlimit(
+ 			(int)(rl_value / rl_scale), rl_sstr));
+ 		rl.rlim_cur = rl.rlim_max = rl_value;
+ 		if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1)
+-			msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
++			msyslog(LOG_DEBUG, "Cannot set RLIMIT_MEMLOCK: %m");
+ 		break;
+ # endif /* RLIMIT_MEMLOCK */
+ 

net/ntp4/patches/patch-ntpd_ntp__control.c

@@ -0,0 +1,18 @@
+$NetBSD: patch-ntpd_ntp__control.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_control.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/ntp_control.c
+@@ -1910,7 +1910,11 @@ ctl_putsys(
+ 	)
+ {
+ 	l_fp tmp;
++#ifndef HAVE_UNAME
+ 	char str[256];
++#else
++	char str[sizeof utsnamebuf.sysname + sizeof utsnamebuf.release];
++#endif
+ 	u_int u;
+ 	double kb;
+ 	double dtemp;

net/ntp4/patches/patch-ntpd_ntp__io.c

@@ -0,0 +1,69 @@
+$NetBSD: patch-ntpd_ntp__io.c,v 1.3 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_io.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/ntp_io.c
+@@ -4836,6 +4836,50 @@ init_async_notifications()
+ #else
+ 	int fd = socket(PF_ROUTE, SOCK_RAW, 0);
+ #endif
++#ifdef RO_MSGFILTER
++	unsigned char msgfilter[] = {
++#ifdef RTM_NEWADDR
++		RTM_NEWADDR,
++#endif
++#ifdef RTM_DELADDR
++		RTM_DELADDR,
++#endif
++#ifdef RTM_ADD
++		RTM_ADD,
++#endif
++#ifdef RTM_DELETE
++		RTM_DELETE,
++#endif
++#ifdef RTM_REDIRECT
++		RTM_REDIRECT,
++#endif
++#ifdef RTM_CHANGE
++		RTM_CHANGE,
++#endif
++#ifdef RTM_LOSING
++		RTM_LOSING,
++#endif
++#ifdef RTM_IFINFO
++		RTM_IFINFO,
++#endif
++#ifdef RTM_IFANNOUNCE
++		RTM_IFANNOUNCE,
++#endif
++#ifdef RTM_NEWLINK
++		RTM_NEWLINK,
++#endif
++#ifdef RTM_DELLINK
++		RTM_DELLINK,
++#endif
++#ifdef RTM_NEWROUTE
++		RTM_NEWROUTE,
++#endif
++#ifdef RTM_DELROUTE
++		RTM_DELROUTE,
++#endif
++	};
++#endif /* !RO_MSGFILTER */
++
+ 	if (fd < 0) {
+ 		msyslog(LOG_ERR,
+ 			"unable to open routing socket (%m) - using polled interface update");
+@@ -4856,6 +4900,11 @@ init_async_notifications()
+ 		return;
+ 	}
+ #endif
++#ifdef RO_MSGFILTER
++	if (setsockopt(fd, PF_ROUTE, RO_MSGFILTER,
++	    &msgfilter, sizeof(msgfilter)) == -1)
++		msyslog(LOG_ERR, "RO_MSGFILTER: %m");
++#endif
+ 	make_socket_nonblocking(fd);
+ #if defined(HAVE_SIGNALED_IO)
+ 	init_socket_sig(fd);

net/ntp4/patches/patch-ntpd_ntp__loopfilter.c

@@ -0,0 +1,24 @@
+$NetBSD: patch-ntpd_ntp__loopfilter.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_loopfilter.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/ntp_loopfilter.c
+@@ -603,7 +603,7 @@ local_clock(
+ 
+ 			clock_frequency = direct_freq(fp_offset);
+ 
+-			/* fall through to EVNT_SPIK */
++			/*FALLTHROUGH*/
+ 
+ 		/*
+ 		 * In SPIK state we ignore succeeding outliers until
+@@ -614,7 +614,7 @@ local_clock(
+ 			if (mu < clock_minstep)
+ 				return (0);
+ 
+-			/* fall through to default */
++			/*FALLTHROUGH*/
+ 
+ 		/*
+ 		 * We get here by default in NSET and FSET states and

net/ntp4/patches/patch-ntpd_ntp__proto.c

@@ -0,0 +1,24 @@
+$NetBSD: patch-ntpd_ntp__proto.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_proto.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/ntp_proto.c
+@@ -717,7 +717,7 @@ receive(
+ 	 * items from the packet once we can be sure they are indeed
+ 	 * there.
+ 	 */
+-	if (rbufp->recv_length < LEN_PKT_NOMAC) {
++	if ((size_t)rbufp->recv_length < LEN_PKT_NOMAC) {
+ 		sys_badlength++;
+ 		return;				/* bogus length */
+ 	}
+@@ -4680,7 +4680,7 @@ fast_xmit(
+ 	 * packet is not authenticated.
+ 	 */
+ 	sendlen = LEN_PKT_NOMAC;
+-	if (rbufp->recv_length == sendlen) {
++	if ((size_t)rbufp->recv_length == sendlen) {
+ 		sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt,
+ 		    sendlen);
+ 		DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d len %lu\n",

net/ntp4/patches/patch-ntpd_ntp__restrict.c

@@ -0,0 +1,24 @@
+$NetBSD: patch-ntpd_ntp__restrict.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/ntp_restrict.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/ntp_restrict.c
+@@ -114,7 +114,7 @@ static restrict_u *	match_restrict6_addr
+ static restrict_u *	match_restrict_entry(const restrict_u *, int);
+ static int		res_sorts_before4(restrict_u *, restrict_u *);
+ static int		res_sorts_before6(restrict_u *, restrict_u *);
+-static char *		roptoa(restrict_op op);
++static const char *	roptoa(restrict_op op);
+ 
+ 
+ void	dump_restricts(void);
+@@ -576,7 +576,7 @@ restrictions(
+ /*
+  * roptoa - convert a restrict_op to a string
+  */
+-char *
++const char *
+ roptoa(restrict_op op) {
+ 	static char sb[30];
+ 

net/ntp4/patches/patch-ntpd_refclock__jjy.c

@@ -0,0 +1,60 @@
+$NetBSD: patch-ntpd_refclock__jjy.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_jjy.c.orig	2018-02-27 15:15:27.000000000 +0000
++++ ntpd/refclock_jjy.c
+@@ -1010,7 +1010,7 @@ static void
+ jjy_synctime ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
+ {
+ 
+-	char	sLog [ 80 ], cStatus ;
++	char	sLog [ 192 ], cStatus ;
+ 	const char	*pStatus ;
+ 
+ 	pp->year   = up->year ;
+@@ -1165,7 +1165,7 @@ jjy_receive_tristate_jjy01 ( struct recv
+ 	struct peer	    *peer;
+ 
+ 	char *		pBuf ;
+-	char		sLog [ 100 ] ;
++	char		sLog [ 192 ] ;
+ 	int 		iLen ;
+ 	int 		rc ;
+ 
+@@ -1461,7 +1461,7 @@ jjy_receive_cdex_jst2000 ( struct recvbu
+ 	struct refclockproc *pp ;
+ 	struct peer         *peer ;
+ 
+-	char	*pBuf, sLog [ 100 ] ;
++	char	*pBuf, sLog [ 192 ] ;
+ 	int 	iLen ;
+ 	int 	rc ;
+ 
+@@ -2344,7 +2344,7 @@ jjy_receive_seiko_tsys_tdc_300 ( struct 
+ 	struct refclockproc	*pp ;
+ 	struct jjyunit		*up ;
+ 
+-	char	*pBuf, sLog [ 100 ] ;
++	char	*pBuf, sLog [ 192 ] ;
+ 	int	iLen, i ;
+ 	int	rc, iWeekday ;
+ 	time_t	now ;
+@@ -2693,7 +2693,7 @@ static int
+ jjy_start_telephone ( int unit, struct peer *peer, struct jjyunit *up )
+ {
+ 
+-	char	sLog [ 80 ], sFirstThreeDigits [ 4 ] ;
++	char	sLog [ 192 ], sFirstThreeDigits [ 4 ] ;
+ 	int	iNumberOfDigitsOfPhoneNumber, iCommaCount, iCommaPosition ;
+ 	size_t  i ;
+ 	size_t	iFirstThreeDigitsCount ;
+@@ -3402,7 +3402,7 @@ teljjy_conn_data ( struct peer *peer, st
+ 
+ 	char	*pBuf ;
+ 	int	iLen, rc ;
+-	char	sLog [ 80 ] ;
++	char	sLog [ 192 ] ;
+ 	char	bAdjustment ;
+ 
+ 

net/ntp4/patches/patch-ntpd_refclock__jupiter.c

@@ -0,0 +1,17 @@
+$NetBSD: patch-ntpd_refclock__jupiter.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_jupiter.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/refclock_jupiter.c
+@@ -186,8 +186,8 @@ jupiter_start(
+ 	snprintf(gpsdev, sizeof(gpsdev), DEVICE, unit);
+ 	fd = refclock_open(gpsdev, SPEED232, LDISC_RAW);
+ 	if (fd <= 0) {
+-		jupiter_debug(peer, "jupiter_start", "open %s: %m",
+-			      gpsdev);
++		jupiter_debug(peer, "jupiter_start", "open %s: %s",
++			      gpsdev, strerror(errno));
+ 		return (0);
+ 	}
+ 

net/ntp4/patches/patch-ntpd_refclock__neoclock4x.c

@@ -0,0 +1,35 @@
+$NetBSD: patch-ntpd_refclock__neoclock4x.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_neoclock4x.c.orig	2014-12-29 06:26:52.000000000 +0000
++++ ntpd/refclock_neoclock4x.c
+@@ -725,7 +725,8 @@ neoclock4x_control(int unit,
+   if(NULL != out)
+     {
+       char *tt;
+-      char tmpbuf[80];
++      /* the 199 here is almost 2x the max string */
++      char tmpbuf[199];
+ 
+       out->kv_list = (struct ctl_var *)0;
+       out->type    = REFCLK_NEOCLOCK4X;
+@@ -765,14 +766,15 @@ neoclock4x_control(int unit,
+         snprintf(tt, 39, "dststatus=\"winter\"");
+       else
+         snprintf(tt, 39, "dststatus=\"unknown\"");
++      /* the 99 below is greater than 80 the max string */
+       tt = add_var(&out->kv_list, 80, RO|DEF);
+-      snprintf(tt, 79, "firmware=\"%s\"", up->firmware);
++      snprintf(tt, 99, "firmware=\"%s\"", up->firmware);
+       tt = add_var(&out->kv_list, 40, RO|DEF);
+       snprintf(tt, 39, "firmwaretag=\"%c\"", up->firmwaretag);
+       tt = add_var(&out->kv_list, 80, RO|DEF);
+-      snprintf(tt, 79, "driver version=\"%s\"", NEOCLOCK4X_DRIVER_VERSION);
++      snprintf(tt, 99, "driver version=\"%s\"", NEOCLOCK4X_DRIVER_VERSION);
+       tt = add_var(&out->kv_list, 80, RO|DEF);
+-      snprintf(tt, 79, "serialnumber=\"%s\"", up->serial);
++      snprintf(tt, 99, "serialnumber=\"%s\"", up->serial);
+     }
+ }
+ 

net/ntp4/patches/patch-ntpd_refclock__oncore.c

@@ -0,0 +1,48 @@
+$NetBSD: patch-ntpd_refclock__oncore.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_oncore.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpd/refclock_oncore.c
+@@ -1804,7 +1804,7 @@ oncore_get_timestamp(
+ 		Rsm = ((instance->BEHa[129]<<8) | instance->BEHa[130]);
+ 
+ 	if (instance->chan == 6 || instance->chan == 8) {
+-		char	f1[5], f2[5], f3[5], f4[5];
++		char	f1[6], f2[6], f3[6], f4[6];
+ 		if (instance->traim) {
+ 			snprintf(f1, sizeof(f1), "%d",
+ 				 instance->BEHn[21]);
+@@ -1837,7 +1837,7 @@ oncore_get_timestamp(
+ 		    instance->BEHa[57], instance->BEHa[61], instance->BEHa[65], instance->BEHa[69]
+ 		    );					/* will be 0 for 6 chan */
+ 	} else if (instance->chan == 12) {
+-		char	f1[5], f2[5], f3[5], f4[5];
++		char	f1[6], f2[6], f3[6], f4[6];
+ 		if (instance->traim) {
+ 			snprintf(f1, sizeof(f1), "%d",
+ 				 instance->BEHn[6]);
+@@ -3429,9 +3429,10 @@ oncore_check_leap_sec(
+ 		instance->Bj_day = instance->BEHa[5];
+ 
+ 		if (instance->saw_Gj < 0) {	/* -1 DONT have Gj use Bj */
+-			if ((instance->BEHa[4] == 6) || (instance->BEHa[4] == 12))
++			if ((instance->BEHa[4] == 6) || (instance->BEHa[4] == 12)) {
+ 				oncore_sendmsg(instance, oncore_cmd_Bj, sizeof(oncore_cmd_Bj));
+ 				oncore_sendmsg(instance, oncore_cmd_Bl, sizeof(oncore_cmd_Bl));
++			}
+ 			return;
+ 		}
+ 
+@@ -3872,9 +3873,10 @@ oncore_set_traim(
+ 			oncore_sendmsg(instance, oncore_cmd_Bnx, sizeof(oncore_cmd_Bnx));
+ 		else if (instance->chan == 8)
+ 			oncore_sendmsg(instance, oncore_cmd_Enx, sizeof(oncore_cmd_Enx));
+-		else	/* chan == 12 */
++		else {	/* chan == 12 */
+ 			oncore_sendmsg(instance, oncore_cmd_Ge0, sizeof(oncore_cmd_Ge0));
+ 			oncore_sendmsg(instance, oncore_cmd_Hn0, sizeof(oncore_cmd_Hn0));
++		}
+ 	}
+ }
+ 

net/ntp4/patches/patch-ntpd_refclock__ulink.c

@@ -0,0 +1,22 @@
+$NetBSD: patch-ntpd_refclock__ulink.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_ulink.c.orig	2012-06-28 06:37:06.000000000 +0000
++++ ntpd/refclock_ulink.c
+@@ -389,6 +389,7 @@ ulink_receive(
+                     }
+ 		    break;
+ 		}
++		/*FALLTHROUGH*/
+ 
+ 		case LEN320:
+ 
+@@ -433,6 +434,7 @@ ulink_receive(
+ 		}
+ 
+ 		default:
++		/*FALLTHROUGH*/
+ 		refclock_report(peer, CEVNT_BADREPLY);
+ 		return;
+ 	}

net/ntp4/patches/patch-ntpd_refclock__wwvb.c

@@ -0,0 +1,16 @@
+$NetBSD: patch-ntpd_refclock__wwvb.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpd/refclock_wwvb.c.orig	2014-12-30 00:29:38.000000000 +0000
++++ ntpd/refclock_wwvb.c
+@@ -154,7 +154,8 @@ static	void	wwvb_control	(int, const str
+ 				 struct refclockstat *, struct peer *);
+ #define		WWVB_CONTROL	wwvb_control
+ #else
+-#define		WWVB_CONTROL	noentry
++#define		WWVB_CONTROL	(void)(*)
++noentry
+ #endif /* HAVE_PPSAPI */
+ 
+ /*

net/ntp4/patches/patch-ntpdate_ntpdate.c

@@ -0,0 +1,32 @@
+$NetBSD: patch-ntpdate_ntpdate.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpdate/ntpdate.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ ntpdate/ntpdate.c
+@@ -435,6 +435,7 @@ ntpdatemain (
+ 	    }
+ 
+ 	if (errflg) {
++usage:
+ 		(void) fprintf(stderr,
+ 		    "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n",
+ 		    progname);
+@@ -511,7 +512,7 @@ ntpdatemain (
+ 
+ 	if (sys_numservers == 0) {
+ 		msyslog(LOG_ERR, "no servers can be used, exiting");
+-		exit(1);
++		goto usage;
+ 	}
+ 
+ 	/*
+@@ -2175,7 +2176,7 @@ print_server(
+ 	if (REFID_ISTEXT(pp->stratum)) {
+ 		str = (char *) &pp->refid;
+ 		for (i=0; i<4 && str[i]; i++) {
+-			junk[i] = (isprint(str[i]) ? str[i] : '.');
++			junk[i] = (isprint((unsigned char)str[i]) ? str[i] : '.');
+ 		}
+ 		junk[i] = 0; // force terminating 0
+ 		str = junk;

net/ntp4/patches/patch-ntpdc_Makefile.in

@@ -0,0 +1,17 @@
+$NetBSD: patch-ntpdc_Makefile.in,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpdc/Makefile.in.orig	2020-03-04 01:40:11.000000000 +0000
++++ ntpdc/Makefile.in
+@@ -1207,8 +1207,8 @@ ntpdc-layout.o: nl.c
+ layout.here: ntpdc-layout
+ 	./ntpdc-layout > $@
+ 
+-check-layout: ntpdc-layout $(srcdir)/layout.std layout.here
+-	cmp $(srcdir)/layout.std layout.here && echo stamp > $@
++check-layout: # ntpdc-layout $(srcdir)/layout.std layout.here
++#	cmp $(srcdir)/layout.std layout.here && echo stamp > $@
+ 
+ $(PROGRAMS): version.o
+ 

net/ntp4/patches/patch-ntpq_ntpq.c

@@ -0,0 +1,34 @@
+$NetBSD: patch-ntpq_ntpq.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- ntpq/ntpq.c.orig	2020-03-04 01:38:15.000000000 +0000
++++ ntpq/ntpq.c
+@@ -445,7 +445,9 @@ chost chosts[MAXHOSTS];
+ # define SETJMP(x)	setjmp((x))
+ # define LONGJMP(x, v)	longjmp((x),(v))
+ #endif
++#ifndef BUILD_AS_LIB
+ static	JMP_BUF		interrupt_buf;
++#endif
+ static	volatile int	jump = 0;
+ 
+ /*
+@@ -3736,7 +3738,7 @@ cookedprint(
+ 		case SN:
+ 			if (!value)
+ 				output_raw = '?';
+-			else if (isdigit(*value)) {	/* number without sign */
++			else if (isdigit(*(const unsigned char *)value)) {	/* number without sign */
+ 				bv[0] = '+';
+ 				atoascii (value, MAXVALLEN, bv+1, sizeof(bv)-1);
+ 				output(fp, name, bv);
+@@ -3894,7 +3896,7 @@ list_md_fn(const EVP_MD *m, const char *
+ 
+ 	/* Discard MACs that NTP won't accept. */
+ 	/* Keep this consistent with keytype_from_text() in ssl_init.c. */
+-	if (EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t)))
++	if (EVP_MD_size(m) > (int)(MAX_MAC_LEN - sizeof(keyid_t)))
+ 		return;
+ 	
+ 	name = EVP_MD_name(m);

net/ntp4/patches/patch-sntp_libopts_autoopts.h

@@ -0,0 +1,27 @@
+$NetBSD: patch-sntp_libopts_autoopts.h,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- sntp/libopts/autoopts.h.orig	2015-04-26 18:43:14.000000000 +0000
++++ sntp/libopts/autoopts.h
+@@ -32,7 +32,11 @@
+ 
+ #ifndef AUTOGEN_AUTOOPTS_H
+ #define AUTOGEN_AUTOOPTS_H
++#if 0
+ #include <stdnoreturn.h>
++#else
++#define noreturn __dead
++#endif
+ 
+ #define AO_NAME_LIMIT           127
+ #define AO_NAME_SIZE            ((size_t)(AO_NAME_LIMIT + 1))
+@@ -452,7 +456,7 @@ typedef enum { AOFLAG_TABLE } ao_flags_t
+ #undef  _aof_
+ 
+ static char const   zNil[] = "";
+-static arg_types_t  argTypes             = { NULL };
++static arg_types_t  argTypes             = { .pzStr = NULL };
+ static char         line_fmt_buf[32];
+ static bool         displayEnum          = false;
+ static char const   pkgdatadir_default[] = PKGDATADIR;

net/ntp4/patches/patch-sntp_libopts_enum.c

@@ -0,0 +1,15 @@
+$NetBSD: patch-sntp_libopts_enum.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- sntp/libopts/enum.c.orig	2015-12-05 20:28:17.000000000 +0000
++++ sntp/libopts/enum.c
+@@ -253,7 +253,7 @@ find_name(char const * name, tOptions * 
+ char const *
+ optionKeywordName(tOptDesc * pOD, unsigned int enum_val)
+ {
+-    tOptDesc od = { 0 };
++    tOptDesc od = { .optIndex = 0 };
+     od.optArg.argEnum = enum_val;
+ 
+     (*(pOD->pOptProc))(OPTPROC_RETURN_VALNAME, &od );

net/ntp4/patches/patch-sntp_libopts_usage.c

@@ -0,0 +1,15 @@
+$NetBSD: patch-sntp_libopts_usage.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- sntp/libopts/usage.c.orig	2015-04-26 18:43:15.000000000 +0000
++++ sntp/libopts/usage.c
+@@ -762,7 +762,7 @@ prt_vendor_opts(tOptions * opts, char co
+         OPTST_NO_USAGE_MASK | OPTST_DOCUMENT;
+ 
+     static char const vfmtfmt[] = "%%-%us %%s\n";
+-    char vfmt[sizeof(vfmtfmt)];
++    char vfmt[sizeof(vfmtfmt)+10]; /* strlen(UINT_MAX) */
+ 
+     /*
+      *  Only handle client specified options.  The "vendor option" follows

net/ntp4/patches/patch-util_ntp-keygen.c

@@ -0,0 +1,29 @@
+$NetBSD: patch-util_ntp-keygen.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- util/ntp-keygen.c.orig	2020-03-04 01:38:15.000000000 +0000
++++ util/ntp-keygen.c
+@@ -275,17 +275,19 @@ followlink(
+ 	)
+ {
+ 	int len;
++	char result[2048];
+ 
+ 	REQUIRE(bufsiz > 0);
+ 
+-	len = readlink(fname, fname, (int)bufsiz);
+-	if (len < 0 ) {
++	len = readlink(fname, result, sizeof(result));
++	if (len < 0) {
+ 		fname[0] = '\0';
+ 		return;
+ 	}
+ 	if (len > (int)bufsiz - 1)
+ 		len = (int)bufsiz - 1;
+-	fname[len] = '\0';
++	result[len] = '\0';
++	strcpy(fname, result);
+ }
+ 
+ 

net/ntp4/patches/patch-util_ntptime.c

@@ -0,0 +1,15 @@
+$NetBSD: patch-util_ntptime.c,v 1.1 2020/06/21 15:10:47 taca Exp $
+
+* Changes from NetBSD base.
+
+--- util/ntptime.c.orig	2020-03-03 23:41:29.000000000 +0000
++++ util/ntptime.c
+@@ -98,7 +98,7 @@ main(
+ 	struct timex ntx, _ntx;
+ 	int	times[20] = { 0 };
+ 	double ftemp, gtemp, htemp;
+-	double nscale = 1.0;			/* assume usec scale for now */
++	volatile double nscale = 1.0;			/* assume usec scale for now */
+ 	long time_frac;				/* ntv.time.tv_frac_sec (us/ns) */
+ 	l_fp ts;
+ 	volatile unsigned ts_mask = TS_MASK_US;		/* defaults to 20 bits (us) */