Update to 5.7p4, provided by Paul B. Henson in PR 49930:

Changes since OpenNTPD 5.7p3 ============================ * Added support for using HTTPS time constraints to validate NTP responses. * Workaround a bug in the Solaris adjtime call that caused the olddelta to never reach 0, leading to continual sync/unsync messages from ntpd. * Workaround an overflow on systems with 32-bit time_t. This can result in a failure to set the time if the initial clock is set later than early 2036. Systems with a 32-bit time_t should upgrade well in advance of this date, but today this helps with systems that boot with an invalid initial time. Note:the HTTPS time constraints feature is not currently available in pkgsrc due to the lack of libtls.
2015-07-03 12:31:12 +00:00 · 2015-07-03 12:31:12 +00:00 · 4ec1950447
commit 4ec1950447
parent 18ec24e0e9
5 changed files with 75 additions and 13 deletions
--- a/net/openntpd/Makefile
+++ b/net/openntpd/Makefile
@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.41 2015/02/16 11:03:20 jperkin Exp $
+# $NetBSD: Makefile,v 1.42 2015/07/03 12:31:12 wiz Exp $

-DISTNAME=		openntpd-5.7p3
+DISTNAME=		openntpd-5.7p4
 CATEGORIES=		net
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenNTPD/}

@ -14,17 +14,16 @@ CONFLICTS+=		ntp-[0-9]*
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
-CONFIGURE_ARGS+=	--with-privsep-path=path=${VARBASE}/chroot/ntpd

 SUBST_CLASSES+=		ntpd_m
 SUBST_STAGE.ntpd_m=	pre-build
-SUBST_FILES.ntpd_m=	ntpd.8 ntpctl.8
+SUBST_FILES.ntpd_m=	src/ntpd.8 src/ntpctl.8
 SUBST_SED.ntpd_m+=	-e 's,/var/db/,${VARBASE}/db/openntpd/,g'
 SUBST_SED.ntpd_m+=	-e 's,/var/run/,${VARBASE}/run/,g'

 SUBST_CLASSES+=		ntpd_h
 SUBST_STAGE.ntpd_h=	pre-build
-SUBST_FILES.ntpd_h=	ntpd.h
+SUBST_FILES.ntpd_h=	src/ntpd.h
 SUBST_SED.ntpd_h+=	-e 's,/db/ntpd.drift,/db/openntpd/ntpd.drift,g'

 EGDIR=			${PREFIX}/share/examples/openntpd
@ -43,11 +42,11 @@ AUTO_MKDIRS=		yes
 INSTALLATION_DIRS+=	sbin ${PKGMANDIR}/man5 ${PKGMANDIR}/man8 ${EGDIR}

 do-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/ntpd ${DESTDIR}${PREFIX}/sbin/ntpd
+	${INSTALL_PROGRAM} ${WRKSRC}/src/ntpd ${DESTDIR}${PREFIX}/sbin/ntpd
 	ln ${DESTDIR}${PREFIX}/sbin/ntpd ${DESTDIR}${PREFIX}/sbin/ntpctl
-	${INSTALL_MAN} ${WRKSRC}/ntpd.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpd.8
-	${INSTALL_MAN} ${WRKSRC}/ntpctl.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpctl.8
-	${INSTALL_MAN} ${WRKSRC}/ntpd.conf.5 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/ntpd.conf.5
+	${INSTALL_MAN} ${WRKSRC}/src/ntpd.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpd.8
+	${INSTALL_MAN} ${WRKSRC}/src/ntpctl.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpctl.8
+	${INSTALL_MAN} ${WRKSRC}/src/ntpd.conf.5 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/ntpd.conf.5
 	${INSTALL_DATA} ${WRKSRC}/ntpd.conf ${DESTDIR}${EGDIR}/ntpd.conf

 .include "../../mk/bsd.pkg.mk"
--- a/net/openntpd/distinfo
+++ b/net/openntpd/distinfo
@ -1,5 +1,8 @@
-$NetBSD: distinfo,v 1.9 2015/02/01 01:47:27 wiz Exp $
+$NetBSD: distinfo,v 1.10 2015/07/03 12:31:12 wiz Exp $

-SHA1 (openntpd-5.7p3.tar.gz) = 02ad9ae80f2dfd6cfbcc642d35f73093d167a067
-RMD160 (openntpd-5.7p3.tar.gz) = 7996771b7041add8f8c3233f30b9dfaab027eb7b
-Size (openntpd-5.7p3.tar.gz) = 409734 bytes
+SHA1 (openntpd-5.7p4.tar.gz) = ba885dc7cf599161b351cd90af2af175071e3a9d
+RMD160 (openntpd-5.7p4.tar.gz) = d99d0058ce67272e5dff3cd945f0beaaf564591c
+Size (openntpd-5.7p4.tar.gz) = 427900 bytes
+SHA1 (patch-src_config.c) = baffc96d29a1d4c8482add8a2f89e7c42bbacf96
+SHA1 (patch-src_ntp.c) = 12fa52fae73f97ed6f49794ef964519ac70ddc5c
+SHA1 (patch-src_ntpd.conf.5) = c5ca38a046ad68f1997c0d8b5aaa6cee171b17b1
--- a/net/openntpd/patches/patch-src_config.c
+++ b/net/openntpd/patches/patch-src_config.c
@ -0,0 +1,17 @@
+$NetBSD: patch-src_config.c,v 1.1 2015/07/03 12:31:12 wiz Exp $
+
+Abort if configuration specifies tls constraints and ntpd not compiled with
+tls support; accepted upstream.
+
+--- src/config.c.orig	2015-03-25 01:18:56.000000000 +0000
+++ src/config.c
+@@ -218,6 +218,9 @@ new_constraint(void)
+ 		fatal("new_constraint calloc");
+ 	p->id = ++constraint_maxid;
+ 
+#ifndef HAVE_LIBTLS
+	fatal("constraint configured without libtls support");
+#endif
+ 	return (p);
+ }
+ 
--- a/net/openntpd/patches/patch-src_ntp.c
+++ b/net/openntpd/patches/patch-src_ntp.c
@ -0,0 +1,22 @@
+$NetBSD: patch-src_ntp.c,v 1.1 2015/07/03 12:31:12 wiz Exp $
+
+Abort if configuration specifies tls constraints and ntpd not compiled with
+tls support; accepted upstream.
+
+--- src/ntp.c.orig	2015-03-12 02:15:36.000000000 +0000
+++ src/ntp.c
+@@ -110,12 +110,14 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
+ 		return (pid);
+ 	}
+ 
+#ifdef HAVE_LIBTLS
+ 	tls_init();
+ 
+ 	/* Verification will be turned off if CA is not found */
+ 	if ((conf->ca = tls_load_file(CONSTRAINT_CA,
+ 	    &conf->ca_len, NULL)) == NULL)
+ 		log_warnx("constraint certificate verification turned off");
+#endif
+ 
+ 	/* in this case the parent didn't init logging and didn't daemonize */
+ 	if (nconf->settime && !nconf->debug) {
--- a/net/openntpd/patches/patch-src_ntpd.conf.5
+++ b/net/openntpd/patches/patch-src_ntpd.conf.5
@ -0,0 +1,21 @@
+$NetBSD: patch-src_ntpd.conf.5,v 1.1 2015/07/03 12:31:12 wiz Exp $
+
+Abort if configuration specifies tls constraints and ntpd not compiled with
+tls support; accepted upstream.
+
+--- src/ntpd.conf.5.orig	2015-03-25 01:18:56.000000000 +0000
+++ src/ntpd.conf.5
+@@ -192,8 +192,11 @@ thereby reducing the impact of unauthent
+ .Sq Man-In-The-Middle
+ attacks.
+ Received NTP packets with time information falling outside of a range
+-near the constraint will be discarded and such NTP servers
+-will be marked as invalid.
+near the constraint will be discarded and such NTP servers will be marked as
+invalid. Contraints are only available if
+.Xr ntpd 8
+has been compiled with libtls support. Configuring a constraint without libtls
+support will result in a fatal error.
+ .Bl -tag -width Ds
+ .It Ic constraint from Ar url
+ Specify the URL, IP address or the hostname of an HTTPS server to