Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 043947A3DA
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed, 27 Apr 2016 15:59:21 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id A858785F1A; Wed, 27 Apr 2016 15:59:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 366B985F19
	for <pkgsrc-changes@NetBSD.org>; Wed, 27 Apr 2016 15:59:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id rbuO2Envq8p3 for <pkgsrc-changes@netbsd.org>;
	Wed, 27 Apr 2016 15:59:19 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 59DEA84CEA
	for <pkgsrc-changes@NetBSD.org>; Wed, 27 Apr 2016 15:59:19 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 4F354FBBA; Wed, 27 Apr 2016 15:59:19 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Wed, 27 Apr 2016 15:59:19 +0000
From: "Wen Heping" <wen@netbsd.org>
Subject: CVS commit: pkgsrc/net/ntp4
To: pkgsrc-changes@NetBSD.org
Reply-To: wen@netbsd.org
X-Mailer: log_accum
Message-Id: <20160427155919.4F354FBBA@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	wen
Date:		Wed Apr 27 15:59:19 UTC 2016

Modified Files:
	pkgsrc/net/ntp4: Makefile PLIST distinfo

Log Message:
Update to 4.2.8p7

Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
  time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks.  HStenn.
* [Sec 2978] Interleave can be partially triggered.  HStenn.
* [Sec 3007] Validate crypto-NAKs.  Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
  - initial work by HStenn
  - Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
   - added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
  are not properly validated. perlinger@ntp.org
  - sidekick: Ignore keys that have an unsupported MAC algorithm
    but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
  - graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation.  HStenn.
* [Bug 2831]  Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
  - fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
  - integrated patches by Loganaden Velvidron <logan@ntp.org>
    with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
  Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
  - Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
  - A change related to [Bug 2853] forbids trailing white space in
    remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
  - report and patch from Aleksandr Kostikov.
  - Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
  - fixed memory leak in access list (auth[read]keys.c)
  - refactored handling of key access lists (auth[read]keys.c)
  - reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format.  HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
             when the time of server changed. perlinger@ntp.org
  - Check the initial delay calculation and reject/unpeer the broadcast
    server if the delay exceeds 50ms. Retry again after the next
    broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.
* Update html/xleave.html documentation.  Harlan Stenn.
* Update ntp.conf documentation.  Harlan Stenn.
* Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
* Fix typo in html/monopt.html.  Harlan Stenn.
* Add README.pullrequests.  Harlan Stenn.
* Cleanup to include/ntp.h.  Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
  in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference.  perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
  list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
  - applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
             IPv6 is disabled in the build. perlinger@ntp.org
  - Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
  - added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
  - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
  - integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
  - implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose.  Harlan Stenn.
* Disable incomplete t-ntp_signd.c test.  Harlan Stenn.


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/ntp4/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/ntp4/PLIST
cvs rdiff -u -r1.25 -r1.26 pkgsrc/net/ntp4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.