97 Commits

Author SHA1 Message Date
sthen
6780b15bfc use AC_LANG_SOURCE instead of AC_LANG_PROGRAM to avoid a nested function
definition
2017-09-25 12:41:07 +00:00
bluhm
f36e4f7d4d Update ntp to 4.2.8p10.
CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455,
CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462,
CVE-2017-6463, CVE-2017-6464
Adapt OpenSSL #ifdef for LibreSSL.
Fix regression tests, prevent them from crashing.
OK deraadt@
2017-03-27 11:33:40 +00:00
naddy
441624ce8b Security update to 4.2.8p9:
CVE-2016-9311: Trap crash
CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector
CVE-2016-7427: Broadcast Mode Replay Prevention DoS
CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS
CVE-2016-9312: Windows: ntpd DoS by oversized UDP packet
CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass
CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal()
CVE-2016-7429: Interface selection attack
CVE-2016-7426: Client rate limiting and server responses
CVE-2016-7433: Reboot sync calculation problem
2016-12-14 20:05:37 +00:00
naddy
d349951b8c Update to 4.2.8p8 for the latest round of security fixes:
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
2016-06-18 20:19:11 +00:00
naddy
5cb1920e9a Update to 4.2.8p7 for the latest round of security fixes:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
2016-04-27 09:16:55 +00:00
naddy
02b7008896 Security update to 4.2.8p6. This addresses numerous security issues. 2016-02-04 19:55:13 +00:00
jca
6c5ee4742c SECURITY update to ntp-4.2.8p4
Per upstream, only low and medium-severity vulns:
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner

Diff from Daniel Jakots
2015-11-10 18:33:02 +00:00
sthen
691c83f9b2 Bump some ports which reference if_msghdr in their source, so that package
updates are triggered. This is following the struct if_data ABI change a few
days ago; if_msghdr has an embedded if_data.  Some may be unnecessary, but
some are definitely needed and bumps are cheaper than debugging.
Problem reported with wpa_supplicant by Mikolaj Kucharski.
2015-10-08 21:19:21 +00:00
sthen
63615cc9a1 add a second MASTER_SITES, archive.ntp.org seems unhappy 2015-07-01 11:59:24 +00:00
sthen
7be59d8512 update to ntp-4.2.8p3, various fixes including a remote crash in some
(uncommon) conditions; if:

- remote configuration of ntpd is enabled (it's disabled by default),
- and an attacker knows the remote configuration password,
- and has access to a computer that is allowed to send remote configuration
requests to ntpd,

the attacker can send a carefully-crafted packet to ntpd that will cause ntpd
to crash.
2015-07-01 10:35:29 +00:00
sthen
c770bd3cf6 disable ntpd's audio support for now (it's used for feeding audio from a
radio receiver tuned to WWV or CHU time signal stations, but doesn't build
with recent changes to audio support)
2015-06-26 20:21:07 +00:00
sthen
d237b6cb3b security update to ntp-4.2.8p2
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

CVE-2015-1798 "When ntpd is configured to use a symmetric key to authenticate a
remote NTP server/peer, it checks if the NTP message authentication code (MAC)
in received packets is valid, but not if there actually is any MAC included."

CVE-2015-1799 "An attacker knowing that NTP hosts A and B are peering with each
other (symmetric association) can send a packet to host A with source address
of B which will set the NTP state variables on A to the values sent by the
attacker. Host A will then send on its next poll to B a packet with originate
timestamp that doesn't match the transmit timestamp of B and the packet will be
dropped. If the attacker does this periodically for both hosts, they won't be
able to synchronize to each other."
2015-04-08 14:12:44 +00:00
jca
4617bc3b59 A PLIST change got lost in previous borked commit.
Bump REVISION since people might have started builds since.
2014-12-24 16:35:12 +00:00
jca
b26c4cef49 Update to ntp-4.2.8, fixes for several CVEs.
- Weak default key in config_auth() - CVE-2014-9293
- non-cryptographic random number generator with weak seed used by
  ntp-keygen to generate symmetric keys - CVE-2014-9294
- Buffer overflow in crypto_recv() - CVE-2014-9295
- Buffer overflow in ctl_putdata() - CVE-2014-9295
- Buffer overflow in configure() - CVE-2014-9295
- receive(): missing return on error - CVE-2014-9296

ok naddy@
2014-12-24 14:05:25 +00:00
jca
dcbb7fb25c Update to ntp-4.2.8, fixes for several CVEs.
- Weak default key in config_auth() - CVE-2014-9293
- non-cryptographic random number generator with weak seed used by
  ntp-keygen to generate symmetric keys - CVE-2014-9294
- Buffer overflow in crypto_recv() - CVE-2014-9295
- Buffer overflow in ctl_putdata() - CVE-2014-9295
- Buffer overflow in configure() - CVE-2014-9295
- receive(): missing return on error - CVE-2014-9296

ok naddy@
2014-12-24 13:10:20 +00:00
sthen
8178f9fa56 Update ports/net/ntp to 4.2.7p418. This is ntp.org's ntp daemon, *not*
the base system's openntpd.

Update removes a reflected unauthenticated DoS attack vector that has
been hit a lot in the wild recently, see http://www.openntpproject.org/
UDP traffic amplification 19x.

This is a devel version from upstream, they have decided not to fix it in
the stable branch. Users running older versions should add "disable monitor"
to their config and restart, then verify that "monlist" in ntpdc does not
return a list.

ok aja@, missing build dep spotted by naddy
2014-02-09 21:36:46 +00:00
sthen
27f03b1c52 bump REVISION for any ports using route messages. regen some distinfos and
remove unnecessary USE_GROFFs while there.
2013-10-31 21:12:12 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00
espie
eae66e4a7b PERMIT_* / REGRESS->TEST sweep 2013-03-11 11:35:43 +00:00
ajacoutot
0691c69586 Use RCDIR instead of /etc/rc.d when refering to packages rc scripts.
discussed with espie and sthen
ok sthen@
2012-04-22 11:41:55 +00:00
gonzalo
465cab857a remove patches/patch-ntpd_ntp_intres_c 2012-04-10 15:27:30 +00:00
gonzalo
4cf7f8dabb Update for ntp:
* I remove the patch patch-ntpd_ntp_intres_c because is applied upstream.
* We doesn't need USE_GROFF here.

OK naddy@, aja@
2012-04-10 15:06:29 +00:00
landry
54066adc97 Rename 'Reference NTP' rc script to xntpd to avoid conflict with the
basesystem's ntpd rc script. Adjust PLIST and bump.
Previous diff looked ok to aja@, rename to xntpd instead of isc_ntpd
prodded by naddy@.
2011-07-11 17:43:14 +00:00
ajacoutot
70ac96c395 rc_scripts -> pkg_scripts 2011-07-08 02:14:58 +00:00
ajacoutot
f982995f2b Add a consistent header that substitutes FULLPKGNAME for the READMEs.
ok jasper@ sthen@
2011-06-02 13:41:36 +00:00
ajacoutot
4ec44530ca Simplify after recent rc.subr change.
The framework is now stable and we will start documenting it (at last).
2010-12-27 14:50:22 +00:00
ajacoutot
b28452a489 Cope with recent rc.subr changes. 2010-12-24 10:40:04 +00:00
ajacoutot
8a39ef78ea Move these to rc_reload=NO. 2010-12-11 12:57:37 +00:00
ajacoutot
8aecbc8dd1 Fix crazy indent. 2010-11-10 23:37:32 +00:00
jasper
a409254459 - switch to pkg-readmes
- add an rc script

looks good to sthen@
2010-11-10 21:21:26 +00:00
espie
47ff75aa46 USE_GROFF=Yes 2010-10-18 18:36:45 +00:00
naddy
1f6f6d3a51 update to 4.2.6p2, which incorporates most of our patches 2010-07-10 19:48:32 +00:00
naddy
87b33f29ca update to 4.2.6p1 and remove a lot of cruft 2010-07-03 02:49:43 +00:00
naddy
f31431be18 SECURITY:
Fix a DoS attack from certain NTP mode 7 packets.  If an attacker
spoofed a source address, ntpd hosts could be made to endlessly
send responses to each other or to themselves.  CVE-2009-3563.
2010-01-20 20:43:59 +00:00
naddy
18b76430e6 SECURITY update to 4.2.4p7:
Fix remote exploit if autokey is enabled (CVE-2009-1252).
2009-05-23 16:32:29 +00:00
naddy
8150ccb354 Security:
Prevent a buffer overflow in ntpq.  (CVE-2009-0159)
From upstream via FreeBSD.
2009-04-20 15:32:38 +00:00
naddy
36f67b8060 properly substitute paths in README.OpenBSD 2009-02-11 19:36:27 +00:00
naddy
51543f59bd Update to 4.2.4p6.
Kill the multi-packaging.  xntpd is useless without documentation and
if you want a simple NTP server on a tiny machine, use OpenNTPD.
2009-01-27 10:21:38 +00:00
naddy
f954712cb7 update to 4.2.4p5; based on a submission by Wim Lewis <wiml@hhhh.org> 2009-01-26 23:26:02 +00:00
ajacoutot
95e343fe4c - remove Dan Harnett from MAINTAINER per his request
- bump
2008-07-01 16:41:19 +00:00
ajacoutot
051d194d03 - it's -> its
from Alex J. Avriette <avriette at gmail dot com>
2007-09-17 17:20:44 +00:00
merdely
241b722760 Remove surrounding quotes in COMMENT*/PERMIT_*/BROKEN/ERRORS
Add $OpenBSD$ to p5-SNMP-Info/Makefile (ok kili@, simon@)
2007-09-15 22:36:51 +00:00
espie
9eafbbfb35 base64 checksums. 2007-04-05 16:19:55 +00:00
steven
dd03bc9488 new MULTI_PACKAGES 2006-11-24 21:23:19 +00:00
sturm
3fcc829ef4 SECURITY:
fix gid confusion when starting ntpd with -u groupname
CAN-2005-2496
2006-01-24 19:58:58 +00:00
danh
047cf81c04 update to the latest stable tarball, ntp-stable-4.2.0a-20050303 2005-03-08 04:16:42 +00:00
alek
35bd1e3919 Fix WANTLIB marker 2005-02-26 12:34:22 +00:00
naddy
fedfc3867f SIZE 2005-01-05 17:14:37 +00:00
espie
3472699ddc remove shit 2004-12-20 14:38:27 +00:00
alek
2344f6d18c Add WANTLIB markers 2004-12-16 00:31:20 +00:00