Changes:
20050523
- (dtucker) [configure.ac defines.h] Add flags to allow ntpd to build on
AIX, mostly from tomwilliams14 at comcast.net.
- (dtucker) [contrib/redhat/openntpd.spec] Specfile update from Bernhard
Weisshuhn (bkw at weisshuhn de):
- Use 'ntp' (not _ntp) with id 38 as privsep user
- Add openssl-devel to Build-Requires
- mkdir -p /var/empty/ntpd
- Added ChangeLog, README LICENCE and CREDITS as docfiles
- removed fluff, use %{_variables} where appropriate
- (dtucker) [configure.ac] Fall back to builtin arc4random if we don't find
a usable OpenSSL.
- (dtucker) [README] Update known-working platforms and misc info.
- (dtucker) [README] Add CVS Id.
- (dtucker) [configure.ac includes.h] Check for and include arpa/nameser.h,
fixes build on Solaris 2.5.1.
- (dtucker) [version.h contrib/redhat/openntpd.spec] Enter 3.7p1.
20050313
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/01/27 15:44:00
[client.c ntp.c ntpd.h]
Scale query interval by the overall offset not per-peer offset, so we
don't query outliers more often than any other server. ok henning@
- dtucker@cvs.openbsd.org 2005/01/28 13:01:32
[client.c server.c]
Make network unreachable errors non-fatal; ok henning@
- henning@cvs.openbsd.org 2005/01/28 13:32:24
[ntpd.c]
fatal() if daemon() fails, Alexander von Gernler <grunk@pestilenz.org>
- dtucker@cvs.openbsd.org 2005/01/28 13:37:20
[client.c ntp.c ntpd.h]
Simplify interval scaling and randomize query intervals; ok henning@
- henning@cvs.openbsd.org 2005/02/02 19:52:32
[ntpd.c]
usage() is __dead
pt out by Alexander v Gernler
- henning@cvs.openbsd.org 2005/02/02 19:57:09
[buffer.c ntpd.h]
buffer structs and API ssize_t -> size_t; from bgpd
- henning@cvs.openbsd.org 2005/02/02 20:03:52
[ntp.c]
KNF
- dtucker@cvs.openbsd.org 2005/02/03 11:53:33
[client.c ntpd.h]
Implement simple duplicate suppression of peer errors; ok henning@
- henning@cvs.openbsd.org 2005/02/21 18:58:43
[client.c]
fix an error message
- henning@cvs.openbsd.org 2005/02/22 13:03:24
[ntp.c]
when sending a query already returns a failure, we're not going to see
a reply to that query.
if we get errors for all queries and the initial settime() is still due
and thus the parent process still waits (not yet daemonized!), send an
IMSG_SETTIME with offset 0.
shortens the delay dramatically when you boot without network
idea from a discussion with theo
- henning@cvs.openbsd.org 2005/03/06 19:36:52
[imsg.c]
fix error message, Benedikt Steinbusch <bsteinb@hamazone.de>
- henning@cvs.openbsd.org 2005/03/08 13:31:40
[client.c]
let client_query return 0 if it requested dns resolution
- henning@cvs.openbsd.org 2005/03/08 15:28:55
[ntpd.c]
from the "shut the fuck up, ntpd" department:
move log_debug call to tell about skipping the settime due to lack of
answers down slightly below the 2nd (and final) log_init call so it becomes
a -d only thing. tested by dlg and me
- deraadt@cvs.openbsd.org 2005/03/08 15:37:16
[ntp.c]
missing break spotted by lint
- henning@cvs.openbsd.org 2005/03/08 15:59:36
[config.c]
from the "shut the fuck up, ntpd" department:
don't whine about temporary dns errors
- deraadt@cvs.openbsd.org 2005/03/08 17:27:14
[ntp.c]
knf
- henning@cvs.openbsd.org 2005/03/08 17:33:43
[ntp.c]
when trying short-circuit the wait for the first reply for -s, only
do so when
-we tried to send at least one query (that is the change)
-we could not send ou a single one without failure (this was already in
place but catched too much)
problem independently noticed by nick and danh, ok mickey danh, testing by
many
- henning@cvs.openbsd.org 2005/03/09 15:07:00
[imsg.c]
when, after processing all complete imsgs we found in the buffer,
there are some bytes left (less than an imsg header, or less than the
imsg header len field says) we copy it to the very beginning of the buffer.
use memmove instead of memcpy since it is not guaranteed that there's no
overlap. while memcpy on OpenBSD is safe, it might not elsewhere, and
we want our code to be correct anyways.
funny enough theo and I talked at length about that last week in dublin,
and I said I believe I had no memcpys with the chance of overlap in ntpd/
bgpd - well, here is one, and Alexander von Gernler <grunk@pestilenz.org>
pointed me to it.
- henning@cvs.openbsd.org 2005/03/09 21:31:11
[config.c ntpd.c]
nasty: host_dns used to run before forking and chrooting etc, so it was
guaranteed that its res_init() call was done once before fork etc...
that is no longer the case. call res_init() in main() early.
- dtucker@cvs.openbsd.org 2005/03/13 11:06:27
[ntpd.c]
Fixes in ntpd_settime (ie ntpd -s):
- Handle errors from syscalls better
- Prevent curtime.tv_usec from being negative for negative offsets.
- Don't claim to have done settimeofday if it fails.
ok henning@
(brought to my attention by holger at wizards.de)
- (dtucker) [defines.h] defined __dead if the system doesn't.
20050211
- (dtucker) [defines.h] Fix SA_LEN macro for platforms that have different
sized sockaddr_in and sockaddr_in6 structs but don't define their own
SA_LEN. Patch from Leonardo C. Filho <leonardo at fesppr br>.
20050127
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/12/22 17:04:11
[ntpd.c]
d can be negative, take that into account when comparing to the logging
threshold. spotted by Constantine Murenin <mureninc@gmail.com>, mickey ok
- henning@cvs.openbsd.org 2004/12/23 17:10:10
[ntp.c]
KNF
- dtucker@cvs.openbsd.org 2005/01/27 11:32:29
[client.c ntp.c ntpd.h]
Delay before retrying a query on timeout; ok henning@
20050109
- (dtucker) [LICENCE] Fix typos and omissions, tidy up formatting.
- (dtucker) [LICENCE] Add CVS Id.
20050107
- (dtucker) [LICENCE] Add an OpenSSH-style licence summary.
20041222
- (dtucker) OpenBSD CVS Sync
- moritz@cvs.openbsd.org 2004/12/20 16:10:05
[ntpd.c]
some typos in log messages.
- henning@cvs.openbsd.org 2004/12/22 06:34:52
[ntp.c]
if our first getpwnam(), testing for NTPD_USER, succeeded, but the second
returns NULL, we don't need loooong explanations, but at least some
indicator what went wrong, From: Michael Knudsen <e@molioner.dk>
- dtucker@cvs.openbsd.org 2004/12/22 06:36:11
[server.c]
Save original value returned by getifaddrs to free later; ok henning@
- (dtucker) [openbsd-compat/uidswap.c] Include includes.h
20041220
- (dtucker) [README] Queries and bug reports to me.
- (dtucker) [configure.ac defines.h] on QNX, socklen_t is really size_t.
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/port-qnx.c]
Add an adjtime() function for QNX, written by Anthony O.Zabelin.
20041219
- (dtucker) [includes.h openbsd-compat/Makefile.in openbsd-compat/atomicio.c
openbsd-compat/atomicio.h openbsd-compat/bsd-arc4random.c
openbsd-compat/openbsd-compat.h]: Add atomicio from OpenSSH and use for
reading entropy sources to ensure complete reads.
- (dtucker) [defines.h] Remove some dead code.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Use atomicio for write too.
20041218
- (dtucker) [configure.ac ntp.c ntpd.c openbsd-compat/Makefile.in
openbsd-compat/bsd-poll.c openbsd-compat/bsd-poll.h
openbsd-compat/openbsd-compat.h] Add a poll() replacement built around
select() and enable for platforms that don't have poll (eg QNX4). Poll
header file from OpenBSD, function written by me, tested on QNX4 by
Anthony O.Zabelin.
- (dtucker) [configure.ac] Alphabetize system-specific case block.
- (dtucker) [configure.ac bsd-misc.c] Add a dummy setgroups() function for
platforms that don't have it; from Anthony O.Zabelin.
- (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Make "long long"
support optional. From Anthony O.Zabelin.
- (dtucker) [configure.ac defines.h] Define __func__ macro as required,
stolen from OpenSSH.
- (dtucker) [configure.ac] Add configure-time settings for QNX4. From
Anthony O.Zabelin.
- (dtucker) [config.c] Add includes.h
- (dtucker) [configure.ac includes.h] Check for sys/timers.h and include.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Add support for using EGD/PRNGD
sockets directly when configured --with-builtin-arc4random.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Remove debugging messages.
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/12/15 00:44:20
[client.c]
If polling a server results in an error, drop that server to the maximum
poll interval; ok henning@
- dtucker@cvs.openbsd.org 2004/12/15 13:24:21
[client.c]
Factor out interval scaling code; ok henning@
- dtucker@cvs.openbsd.org 2004/12/15 13:29:25
[client.c]
Poll unsynchronized servers at the maximum interval and log a message about
them when in debug mode; ok henning@
- dtucker@cvs.openbsd.org 2004/12/16 01:38:59
[config.c ntpd.h]
Limit the number of addresses used by the 'servers' directive to 8;
ok henning@
20041215
- (dtucker) [includes.h ntpd.c] Fix warnings for RCSID from picky compilers
and user RCSID for the release string. Pointed out by Jason Mader.
- (dtucker) [includes.h] Undef sa_len macro if it's defined, to prevent
name collisions on IRIX. With Jason Mader.
- (dtucker) [Makefile.in] Zap a GNUmake-ism, spotted by Jason Mader.
- (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/openbsd-compat.h]
Tweak again to prevent warnings.
20041214
- (dtucker) [configure.ac] On IRIX, determine IOV_MAX from sysconf(8), based
on info from Jason Mader.
- (dtucker) [configure.ac] Move __need_IOV_MAX define into the Linux-specific
block, suggested by Jason Mader.
- (dtucker) [openbsd-compat/bsd-misc.c] Cast argv0 to char * to keep IRIX's
compiler happy. From Jason Mader.
- (dtucker) [Makefile.in] Add rules to ensure openbsd-compat gets rebuilt
properly.
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/12/07 11:06:12
[ntpd.8]
tweaks;
- mickey@cvs.openbsd.org 2004/12/08 16:47:38
[client.c ntp.h ntp_msg.c server.c util.c]
uniquely name members of s_fixedpt and l_fixedpt; henning@ ok
- mickey@cvs.openbsd.org 2004/12/08 18:35:16
[ntp_msg.c]
use two tiny macros for copying fields out to simplify reading; henning@ ok
- mickey@cvs.openbsd.org 2004/12/09 21:24:46
[client.c ntpd.h]
define TRUSTLEVEL_MAX for the trustedlevel value of 10; henning@ ok
- jaredy@cvs.openbsd.org 2004/12/10 04:54:18
[ntpd.8]
typos, then -> than, from Michael Knudsen
- dtucker@cvs.openbsd.org 2004/12/13 13:22:52
[client.c ntp.h]
Discard replies with alarm flag set or invalid stratum; ok henning@
- dtucker@cvs.openbsd.org 2004/12/13 13:36:02
[ntp.c]
Check for error status from poll() too; ok henning@
- dtucker@cvs.openbsd.org 2004/12/14 07:27:13
[ntp_msg.c]
sendto() takes socklen_t as an argument; ok henning@
20041213
- (dtucker) [openbsd-compat/asprintf.c] unsigned char -> char, silences
warning from IRIX's compiler. From Jason Mader (jason at ncac gwu edu).
20041212
- (dtucker) [ntpd.8] Remove some OpenBSD-specific references from the man
page. From Christian Gut (cycloon at is-root org).
- (dtucker) [configure.ac] Add defines needed for uid swapping functions
to work on IRIX. From Jason Mader (jason at ncac gwu edu).
Changes since 0.3.10:
- Changes include bug fixes to the tracker and to btlaunchmany[curses],
the Windows installers' being built using older versions of Python
and wxPython to fix the problem with the client sticking in the task
list, and the addition of a little sneakiness to help keep ISPs from
killing connections to seed clients.
- Today's release should fix the problem with clients hanging in the
task manager. It should also fix problems on 64-bit processors.
0.88 Jun 21 2005
- Change maintainer back to paul@seamons.com (Paul Seamons)
- Add run_n_children_hook to prefork servers (At suggestion of
James Fitzgibbon and Paul B. Henson)
- Make delete child only delete children it knows about.
Fixes ancient bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168784
filed by Christian Mock and worked on by Lucas Filipozzi.
- Store $ENV{PWD} as part of script name for HUP'ing (Russel Pettway)
- Allow PreFork and PreForkSimple to have child mark
explicitly as done the same as other server types via
the ->done(1) call. (Idea from Marc Martinec)
- After numerous requests, the CHLD SIGNAL is now
set to DEFAULT in the child process of PreFork and
PreForkSimple servers. This should allow grand child processes to
run without affecting the child process (or parent).
- Fix parent/child communication channel buffering issue (Matt Sergeant)
- Check for child's sock before closing with
child_communication enabled (Alexander Hlawenka)
- Documentation fix (Mark Morgan)
- Allow 'stream' option for syslog_logsock property (Daniel Matuschek)
- Fix syslog format vulnerability. (Carlos Velasco) This has
potential to break some log implementations that were
planning on ->log passing all of @_ to syslog. Now only the
first item from @_ is passed as the message.
- Allow for '-' in group names. (Corey Minyard)
- Prevent locking caused by interupt of flock (Dietmar Maurer [cpan #11693])
- Finally fix UID/GID bugs during daemonization. This is the
biggest bug winner. The new model Calls POSIX::setuid and
setgid and tests for success by checking the values of $<
and $( and not by checking the response of the setuid/setgid functions.
- Add CIDR style lookups for allow/deny using cidr_allow and
cidr_deny (Carsten Wolff)
- Allow for port configured in perl to not have to be arrayref.
This bug was introduced in revision 1.7 where bind was determined to
be built-in only if libbind.* existed on the system, which isn't
necessarily true on systems where the resolver routines are incorporated
into libc, e.g. NetBSD.
We now consider bind to be built-in if BUILTIN_VERSION.bind is defined,
and we define BUILTIN_VERSION.bind only if /usr/sbin/named exists on
the system. We also improve the derivation of the version number of
BIND by parsing the named output, so we can now also detect bind-4.x
and bind-8.x.
Package changes:
Use PKG_OPTIONS_GROUP framework
Add package option 'python' to support the new python scripts flow-rpt2rrd,
flow-log2rrd and flow-rptfmt.
Changes since last packaged version (0.67):
* 5-11-2005 flow-tools 0.68 released.
* added flow-rpt2rrd - post process flow-report into RRD's.
* added flow-log2rrd - post process logs from
* added flow-rptfmt - post process flow-report into readable and HTML.
* ftstat.c s/psizr256/psize256/ - uebelacker@tuhh.de
* rec_v5->engine_id not set properly in ftdecode.c
- baldwinL@mynetwatchman.com
* --enable-lfs set flags for large file support - alexbrennen@gmail.com
* Added CryptoPAn support to flow-xlate
req by Abilene
* mailing list archive is available at mail-archive.com
req by spork@bway.net
* flow-cat.c: progress debug output - weinhold@berbee.com
* portability: gcc no longer supports goto label which label is at the
end of a compound statement - Andreas Jochens <aj@andaco.de>
* flow-stat.c: protect from divize by zero - should only happen on invalid
flows - - Espen.Breivik@uninett.no
* flow-filter.c: exaddr filter - Espen.Breivik@uninett.no
* ftxlate.c: tag-mask eval_tag_mask() not using correct offsets
- Cougar <cougar@random.ee> & kgraham@valueclick.com
* flow-send: default tx_delay to 0 like flow-fanout - rjd@merit.edu
* flow-export: debug should be global - dwatanab@uci.edu
* flow-report: path will accept spaces, ie |flow-rpt2rrd -p rrd -k 25
* flow-report: records is in rec1
* flow-fanout: did not set address family for receive fd - noted by
fingers@fingers.co.za
* docs: add FILES section to man pages
* flow-report: -hh to list available reports
* flow-report, flow-tag, flow-xlate, flow-nfilter. Run-time variable
expansion of the form @VAR or @{VAR:default} for config files.
* flow-receive: dropped inline tagging and nfilter support
* fix warnings produced by pkglint
* fix portname math in indexmaker
* accept extreme networks switches for ifAlias in cfgmaker
* set unknown values to 0 for threshold checking if unknonwnaszero is set
* updated NetWare integration
Changes:
Bugfixes on 0.0.9.x (backported from 0.1.0.10):
- Refuse relay cells that claim to have a length larger than the
maximum allowed. This prevents a potential attack that could read
arbitrary memory (e.g. keys) from an exit server's process.
Bugfixes on 0.0.9.x:
- If unofficial Tor clients connect and send weird TLS certs, our
Tor server triggers an assert. This release contains a minimal
backport from the broader fix that we put into 0.1.0.4-rc.
Approved by <jlam>
at any directories starting with ${WRKDIR}. This fixes the various
netsaint plugin scripts that had hardcoded ${WRKDIR} paths to tools.
Bump the PKGREVISION to 8.
- Fix security problem up fixed by 2.2.12 and recent problem reported
by CAN-2004-1154.
- pkgsrc changes:
* Overhaul pkgsrc structure (as net/samba).
* Adapt PKG_OPTIONS frame work.
* Add support for winbind (not tested).
* Add SAMBA_USER/SAMBA_GROUP for default user.
* move codepages directory from share/samba to lib/samba.
pkgsrc imake-handling already causes gmake to be used on Linux, remove
USE_TOOLS+=gmake from the package Makefile. This correctly fixes
PR pkg/23078 and PR pkg/29656.
as devel/lwp, but devel/rx is a regular expression library, not an rpc library.
And arla, of course, is another implementation of AFS. I'll work on making it
not conflict eventually.
- 1.8 (christos)
Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
- 1.9 (bouyer)
call (ifp->if_input) at splnet(). ifp->if_input points to ether_input()
which doesn't raise the IPL itself in all cases.
Should also fix PR 29546 (the pkgsrc kernel module needs to be updated).
Bump version to 20050610.
Notable changes (see files/ChangeLog for full details):
* Convert to use getline() instead of fgets() whenever reading user input to
ensure that an overly long input line doesn't leave excess characters for
the next input operation to accidentally use as input.
Should fix PR 23953.
* Improve method used in fileindir() to determine if `file' is in or under
`dir': realpath(3) on non-NetBSD systems may fail if the target filename
doesn't exist, so instead use realpath(3) on the parent directory of `file'.
(The previous code was over-aggressive in preventing transfers on systems
with a realpath(3) that had different semantics to NetBSD.)
* Various portability fixes.
Security-related bug fixes:
* Convert to use getline() instead of fgets() whenever reading user input to
ensure that an overly long input line doesn't leave excess characters for
the next input operation to accidentally use as input.
* Zero out the password & account after we've finished with it.
* Consistently use getpass(3) (i.e, character echo suppressed) when reading
the account data. For some reason, historically the "login" code
suppressed echo for Account: yet the "user" command did not!
* Improve method used in fileindir() to determine if `file' is in or under
`dir': realpath(3) on non-NetBSD systems may fail if the target filename
doesn't exist, so instead use realpath(3) on the parent directory of `file'.
(The previous code was over-aggressive in preventing transfers on systems
with a realpath(3) that had different semantics to NetBSD.)
Bug fixes:
* Display the hostname in the "getaddrinfo failed" warning.
* Only print the "Trying <address>..." message if verbose and there's more
than one struct addrinfo in the getaddrinfo() result.
* formatbuf(): fix %m and %M to use the hostname, not the username.
* fetch_ftp(): preserve 'anonftp' across a disconnect() so that multiple ftp
auto-fetches on the same command line login automatically.
* Improve bounds checking.
* Update various copyright notices.
Portability fixes:
* Look for dirname(3), which may be in -lgen on IRIX, and replace it if not
found.
* Don't use non-standard: u_char, u_short, u_int, or uint.
* Use uint32_t instead of u_int32_t.
* Don't use register.
* Helps if the definition of xconnect() matches its declaration....
* Fix some cast issues highlighted by gcc 4 on OSX.4
* Use size_t instead of int where appropriate.
* Make this compile on sparc64 (size_t != int).
* Printf field widths and size_t don't always mix well, so cast to int.
Fixes build problem for alpha.
* auto_fetch(): use an initialized volatile int to appease IRIX cc.
* Don't abuse unconstify'ing a string and writing to it, because you'll core
dump. Also remove extra const that gives pain to the irix compiler.
* Make sure we flush after we prepare when we are unbuffered otherwise the
prompt will not appear immediately.
* Terminate the arglist with a NULL instead of 0. (Shuts up gcc4.x)
* Use malloc(3) instead of alloca(3).
* Include "src/progressbar.h" for xsignal_restart() prototype.
* Ensure that fallback #define of __attribute__ is available.
Fixes build problem on HP-UX with cc.
* Pull in <poll.h> or <sys/poll.h> if they exist even if we're not using poll,
as struct pollfd might exist in those. Fixes build problem on OSX.3.
* Use NS_INADDRSZ, NS_IN6ADDRSZ and NS_INT16SZ instead of
equivalents without NS_ prefix.
* Use socklen_t instead of size_t where appropriate.
* Separate CPPFLAGS from CFLAGS.
* Use "long long" instead of "quad" in various comments & constants.
* Prefer poll over select when implementing replacement usleep().
