# HG changeset patch # User Brian Utterback # Date 1419451233 28800 # Node ID 7e043dae7c72780cec1bc1b03f15d14bf9b909d8 # Parent ec4e7d7baea696d167063b06b3f16fd865de66a1 20248611 Update ntp to 4.2.8 15608765 SUNBT6908332 ntpd(v4) fails with link local IPv6 addresses. 15797761 SUNBT7176468 ntpd(1m) man page contains typos 17626608 There There is is a typo in SmfValueNTP.html 19365356 buffer overrun in tokenize() 20231654 ntp fails to build, bad arc4random 20244925 problem in SERVICE/NTP diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/Makefile --- a/components/ntp/Makefile Mon Dec 22 15:12:09 2014 -0800 +++ b/components/ntp/Makefile Wed Dec 24 12:00:33 2014 -0800 @@ -26,20 +26,19 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= ntp -COMPONENT_PATCH_VERSION= 381 -COMPONENT_VERSION= 4.2.7 -HUMAN_VERSION= $(COMPONENT_VERSION)p$(COMPONENT_PATCH_VERSION) -IPS_COMPONENT_VERSION= $(COMPONENT_VERSION).$(COMPONENT_PATCH_VERSION) +COMPONENT_VERSION= 4.2.8 +HUMAN_VERSION= $(COMPONENT_VERSION) +IPS_COMPONENT_VERSION= $(COMPONENT_VERSION) COMPONENT_PROJECT_URL= http://www.ntp.org/ -COMPONENT_SRC_NAME= ntp-dev +COMPONENT_SRC_NAME= ntp COMPONENT_SRC= $(COMPONENT_SRC_NAME)-$(HUMAN_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:169e56bde7df2822c48e5dc8c3cebc6033a47fd278c8783aaf32770ca295fdcc -COMPONENT_ARCHIVE_URL= http://archive.ntp.org/ntp4/ntp-dev/$(COMPONENT_ARCHIVE) + sha256:2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee +COMPONENT_ARCHIVE_URL= http://archive.ntp.org/ntp4/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= service/ntp -TPNO= 18350 +TPNO= 20866 PATCH_LEVEL = 0 diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/Solaris/SmfValueNTP.html --- a/components/ntp/Solaris/SmfValueNTP.html Mon Dec 22 15:12:09 2014 -0800 +++ b/components/ntp/Solaris/SmfValueNTP.html Wed Dec 24 12:00:33 2014 -0800 @@ -19,14 +19,14 @@ CDDL HEADER END - Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. --> When Value NTP Properties is in the Authorizations Included -column, it grants the the authorization to change NTP service property values. +column, it grants the authorization to change NTP service property values.

If Value NTP Properties is grayed, then you are not entitled to Add or Remove this authorization. diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/manpages/ntpd.1m --- a/components/ntp/manpages/ntpd.1m Mon Dec 22 15:12:09 2014 -0800 +++ b/components/ntp/manpages/ntpd.1m Wed Dec 24 12:00:33 2014 -0800 @@ -18,7 +18,7 @@ .\" .\" CDDL HEADER END .\" -.\" Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. +.\" Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. .\" .TH "ntpd" "1M" "" "" "System Administration Commands" .SH NAME @@ -37,7 +37,7 @@ .SS How \fBNTP\fR Operates The \fBntpd\fR program operates by exchanging messages with one or more configured servers at designated intervals ranging from about one minute to about 17 minutes. When started, the program requires several exchanges while the algorithms accumulate and groom the data before setting the clock. The initial delay to set the clock can be reduced using options as described in the server options page at file:///usr/share/doc/ntp/confopt.html. .LP -When the machine is booted, the hardware time of day (TOD) chip is used to initialize the operating system time. After the machine has synchronized to a \fBNTP\fR server, the operating system corrects the chip from time to time. During the course of operation if for some reason the system time is more than 1000s offset from the server time, \fBntpd\fR assumes something must be terribly wrong and exits with a panic message to the system log. If it was started via SMF, the ntp service is placed into maintainance mode and must be cleared manually. The -g option overrides this check at startup and allows \fBntpd\fR to set the clock to the server time regardless of the chip time, but only once. +When the machine is booted, the hardware time of day (TOD) chip is used to initialize the operating system time. After the machine has synchronized to a \fBNTP\fR server, the operating system corrects the chip from time to time. During the course of operation if for some reason the system time is more than 1000s offset from the server time, \fBntpd\fR assumes something must be terribly wrong and exits with a panic message to the system log. If it was started via SMF, the ntp service is placed into maintenance mode and must be cleared manually. The -g option overrides this check at startup and allows \fBntpd\fR to set the clock to the server time regardless of the chip time, but only once. .LP Under ordinary conditions, \fBntpd\fR slews the clock so that the time is effectively continuous and never runs backwards. If due to extreme network congestion an error spike exceeds the \fIstep threshold\fR (128ms by default), the spike is discarded. However, if the error persists for more than the \fIstepout threshold\fR (900s by default) the system clock is stepped to the correct value. In practice the need for a step is extremely rare and almost always the result of a hardware failure. With the -x option the step threshold is increased to 600s. Other options are available using the \fItinker\fR command as described in the miscellaneous options page at file:///usr/share/doc/ntp/miscopt.html. .LP @@ -249,7 +249,7 @@ variable. .SH AUTOMATIC SERVICE MANAGEMENT (SMF) \fBNTP\fR on Solaris is managed via the service management facility described in - \fBsmf\fR(5). There are several options controlled by services properties which +\fBsmf\fR(5). There are several options controlled by services properties which can be set by the system administrator. The available options can be listed by executing the following command: .nf diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/ntp.p5m --- a/components/ntp/ntp.p5m Mon Dec 22 15:12:09 2014 -0800 +++ b/components/ntp/ntp.p5m Wed Dec 24 12:00:33 2014 -0800 @@ -321,6 +321,7 @@ file path=usr/share/doc/ntp/tickadj.html file path=usr/share/doc/ntp/warp.html file path=usr/share/doc/ntp/xleave.html +file scripts/lib/NTP/Util.pm path=usr/share/ntp/lib/NTP/Util.pm file manpages/ntp-keygen.1m path=usr/share/man/man1m/ntp-keygen.1m file manpages/ntpd.1m path=usr/share/man/man1m/ntpd.1m file manpages/ntpdate.1m path=usr/share/man/man1m/ntpdate.1m mangler.man.stability="uncommitted obsolete" diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/patches/40-ntpwait.patch --- a/components/ntp/patches/40-ntpwait.patch Mon Dec 22 15:12:09 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,18 +0,0 @@ -This change allows ntp-wait to work with more versions -of NTP, since the format changed slightly. It can be removed -at the next upgrade since there will be no possibility -of running an older ntp with the old format. - ---- scripts/ntp-wait.in -+++ scripts/ntp-wait.in -@@ -20,8 +20,8 @@ - while() { - chomp; - # the first line should be similar to: -- # associd=0 status=0645 leap_none, sync_ntp, ... -- if (/^asso?c?id=0 status=(\S{4}) (\S+), (\S+),/i) { -+ # status=0645 leap_none, sync_ntp, ... -+ if (/status=(\S{4}) (\S+), (\S+),/i) { - my $status = $1; - my $leap = $2; - my $sync = $3; diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/patches/70-refresh.patch --- a/components/ntp/patches/70-refresh.patch Mon Dec 22 15:12:09 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,122 +0,0 @@ -Patch to restore the period refreshing of the interface list -and to re-resolve the peers source addresses. This is needed -because the interfaces are not done coming online when ntpd -starts due to delays from DAD. - -This patch can be removed when NTP is upgraded to 4.2.7p396 -or later - - ---- ntpd/ntp_io.c -+++ ntpd/ntp_io.c -@@ -1704,7 +1704,6 @@ update_interfaces( - isc_result_t result; - isc_interface_t isc_if; - int new_interface_found; -- int refresh_peers; - unsigned int family; - endpt enumep; - endpt * ep; -@@ -1719,7 +1718,6 @@ update_interfaces( - */ - - new_interface_found = FALSE; -- refresh_peers = FALSE; - iter = NULL; - result = isc_interfaceiter_create(mctx, &iter); - -@@ -1755,6 +1753,8 @@ update_interfaces( - - convert_isc_if(&isc_if, &enumep, port); - -+ DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); -+ - /* - * Check if and how we are going to use the interface. - */ -@@ -1762,19 +1762,23 @@ update_interfaces( - enumep.flags)) { - - case ACTION_IGNORE: -+ DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", -+ enumep.name, stoa(&enumep.sin))); - continue; - - case ACTION_LISTEN: -+ DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", -+ enumep.name, stoa(&enumep.sin))); - enumep.ignore_packets = ISC_FALSE; - break; - - case ACTION_DROP: -+ DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", -+ enumep.name, stoa(&enumep.sin))); - enumep.ignore_packets = ISC_TRUE; - break; - } - -- DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); -- - /* interfaces must be UP to be usable */ - if (!(enumep.flags & INT_UP)) { - DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", -@@ -1817,15 +1821,7 @@ update_interfaces( - */ - strlcpy(ep->name, enumep.name, - sizeof(ep->name)); -- if (ep->ignore_packets != -- enumep.ignore_packets) { -- ep->ignore_packets = -- enumep.ignore_packets; -- refresh_peers = TRUE; -- DPRINTF(4, ("refreshing peers due to %s ignore_packets change to %d\n", -- stoa(&ep->sin), -- ep->ignore_packets)); -- } -+ ep->ignore_packets = enumep.ignore_packets; - } else { - /* name collision - rename interface */ - strlcpy(ep->name, "*multiple*", -@@ -1890,9 +1886,6 @@ update_interfaces( - (*receiver)(data, &ifi); - - new_interface_found = TRUE; -- refresh_peers = TRUE; -- DPRINTF(4, ("refreshing peers due to new addr %s\n", -- stoa(&ep->sin))); - DPRINT_INTERFACE(3, - (ep, "updating ", - " new - created\n")); -@@ -1932,9 +1925,6 @@ update_interfaces( - DPRINT_INTERFACE(3, (ep, "updating ", - "GONE - deleting\n")); - remove_interface(ep); -- refresh_peers = TRUE; -- DPRINTF(4, ("refreshing peers due to deleted addr %s\n", -- stoa(&ep->sin))); - - ifi.action = IFS_DELETED; - ifi.ep = ep; -@@ -1956,17 +1946,16 @@ update_interfaces( - } - - /* -- * phase 3 - re-configure as the world has changed if necessary -+ * phase 3 - re-configure as the world has probably changed -+ * -+ * never ever make this conditional again - it is needed to track -+ * routing updates. see bug #2506 - */ -+ refresh_all_peerinterfaces(); - - if (broadcast_client_enabled) - io_setbclient(); - -- if (refresh_peers) { -- refresh_all_peerinterfaces(); -- msyslog(LOG_INFO, "peers refreshed"); -- } -- - return new_interface_found; - } - diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/patches/82-nametoindex.patch --- a/components/ntp/patches/82-nametoindex.patch Mon Dec 22 15:12:09 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -This patch modifies the configure script to correctly detect the -if_nametoindex function. This fix is integrated in ntp-dev-4.2.7p394. -This patch may be removed when upgrading NTP to a later version. -See NTP bug 2256 for details. - ---- configure -+++ configure -@@ -35243,6 +35670,8 @@ - fi - - esac -+SAVED_LIBS="$LIBS" -+LIBS="$LDADD_LIBNTP $LIBS" - for ac_func in if_nametoindex - do : - ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex" -@@ -35254,6 +35683,8 @@ - fi - done - -+LIBS="$SAVED_LIBS" -+{ SAVED_LIBS=; unset SAVED_LIBS;} - case "$ac_cv_func_if_nametoindex" in - yes) - - diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/patches/85-getif-eintr.patch --- a/components/ntp/patches/85-getif-eintr.patch Mon Dec 22 15:12:09 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,47 +0,0 @@ -If getifaddrs blocks on a lock and a SIGALRM happens to fire while it -is block, it will return with EINTR. WE need to detect that and just -try again. - -This is NTP bug 2565. Remove this patch when upgrading to a version that -has bug 2565 fixed in it. - ---- lib/isc/unix/ifiter_getifaddrs.c -+++ lib/isc/unix/ifiter_getifaddrs.c -@@ -55,6 +55,8 @@ isc_interfaceiter_create(isc_mem_t *mctx - isc_interfaceiter_t *iter; - isc_result_t result; - char strbuf[ISC_STRERRORSIZE]; -+ int trys; -+ int ret; - - REQUIRE(mctx != NULL); - REQUIRE(iterp != NULL); -@@ -86,15 +88,21 @@ isc_interfaceiter_create(isc_mem_t *mctx - iter->valid = ISC_R_FAILURE; - #endif - -- if (getifaddrs(&iter->ifaddrs) < 0) { -+ for (trys = 0; trys < 3; trys++) { -+ if ((ret = getifaddrs(&iter->ifaddrs)) >= 0) -+ break; -+ if (errno != EINTR) -+ break; -+ } -+ if (ret < 0) { - isc__strerror(errno, strbuf, sizeof(strbuf)); - UNEXPECTED_ERROR(__FILE__, __LINE__, -- isc_msgcat_get(isc_msgcat, -- ISC_MSGSET_IFITERGETIFADDRS, -- ISC_MSG_GETIFADDRS, -- "getting interface " -- "addresses: getifaddrs: %s"), -- strbuf); -+ isc_msgcat_get(isc_msgcat, -+ ISC_MSGSET_IFITERGETIFADDRS, -+ ISC_MSG_GETIFADDRS, -+ "getting interface " -+ "addresses: getifaddrs: %s"), -+ strbuf); - result = ISC_R_UNEXPECTED; - goto failure; - } diff -r ec4e7d7baea6 -r 7e043dae7c72 components/ntp/patches/92-in6.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/ntp/patches/92-in6.patch Wed Dec 24 12:00:33 2014 -0800 @@ -0,0 +1,38 @@ +The bug for this issue is NTP community bug 2707. This patch has been +submitted to the community. This patch may be removed when NTP is +upgraded to any version that has bug 2702 fixed in it. + +--- ntpd/ntp_io.c ++++ ntpd/ntp_io.c +@@ -3450,19 +3450,18 @@ read_network_packet( + */ + + // temporary hack... +-#ifndef HAVE_SOLARIS_PRIVS + if (AF_INET6 == itf->family) { + DPRINTF(1, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", + stoa(&rb->recv_srcadr), +- IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr), ++ IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr), + stoa(&itf->sin), +- !IN6_IS_ADDR_LOOPBACK(&itf->sin) ++ !IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr) + )); + } + + if ( AF_INET6 == itf->family +- && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr) +- && !IN6_IS_ADDR_LOOPBACK(&itf->sin) ++ && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr) ++ && !IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr) + ) { + packets_dropped++; + DPRINTF(1, ("DROPPING that packet\n")); +@@ -3470,7 +3469,6 @@ read_network_packet( + return buflen; + } + DPRINTF(1, ("processing that packet\n")); +-#endif + + /* + * Got one. Mark how and when it got here,