| Age | Commit message (Collapse) | Author |
|---|
|
partly checked by millert@
|
|
ok tb@
|
|
cannot be resolved, don't spam syslog like crazy. Change the
"DNS lookup tmpfail" message into a log_debug()
ok millert
|
|
found by "'&a->sin6_addr' too small (16 vs 28)" smatch error
ok jca@
|
|
pointer deref in constraint.c reported by bluhm@; ok millert@
|
|
to reply; ok florian@
|
|
OK tb@
|
|
and vice-versa; ok tb@
|
|
|
|
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
|
|
ok tb@
|
|
|
|
|
|
innocent -n;
noticed by indivc on misc@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
|
|
leaked; ok florian@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.
With help from millert@
ok benno@ deraadt@
|
|
chroot (and privdrop) in the child procs at this point are all set and done so
pledge("inet id") promises are not required anymore.
analysis and OK @kn
|
|
priv_constraint_child() which is called before we reach pledge(2), therefore we
we don't need to unveil(2) that file nor having pledge("rpath") since it was
only required to read that same file.
OK kn@
|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove the tls_init() call to not give the impression of it being needed.
Feedback tb
OK Tests mestre
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
"shift" consistently. Merge the two offset loops in client_update()
into one. Use a simple assignment for the best value instead of
memcpy(). Use the same mechanism to loop over the offset array
everywhere to avoid an invalid best value.
tested by weerd@; OK claudio@
|
|
|
|
returned by adjtime(2) from the kernel. T1 is local time when the
NTP packet is sent and T4 when the response is received. If between
these events a NTP reply from another server is received, it may
change the kernel offset with adjtime(2). Then the calulation of
the client offset was done with different bases, the result was
wrong and the system time started moving around.
So instead of correcting T1 and T4 individually at different events,
correct their sum once.
Error handling was missing if there is no timestamp in the response.
As this should not happen in our kernel, fatal() is appropriate.
tested by weerd@; OK claudio@
|
|
|
|
incoming icmp) do not register them as replies. Also, fix a bug
introduced in the previous commit: first recompute scale, then
recompute interval, so that when the offset increases and thus the
scale is lowered both the poll interval and the check interval use
the same scale.
First issue spotted by naddy@ second one by and ok semarie@
|
|
go into unsynced mode. The existing code to check if we're unsycned
is only done on receiving an ntp packet which does not happen if
there are connectivity issues. Prodded by naddy@ ok @florian
|
|
Move log level to debug for that case and while there correct the
string, we're reding, not writing.
|
|
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
|
|
|
definition; from Michael Forney
|
|
|
|
does not work. Make that more clear in the log and ntpdctl -s status.
report by and ok benno@
|
|
similar to what deraadt@ recently did in other manual pages.
|
|
manual pages that document the corresponding configuration files;
OK jmc@, and general direction discussed with many
|
|
the ntp timestamp wrapping in 2036.
|
|
|
|
|
|
|
|
|
|
for these. ok deraadt@
|
|
more clearly
ok ingo schwarze
|
|
any MITM protection checks. We've had constraint checks for MITM protection
for some time. Recent work changed the default mode to rapidly check NTP packets against constraint validation, as the default mode.
In environments where https traffic doesn't work, ethernet-near servers can
be labelled as "trusted". trusted sensor support is also coming.
We have reasons to immediately move people away from the -s mode.
ok otto
|
|
server is wired up such that non MITM attacks are possible, and NTP
packets can be trusted. Therefore constraint validity is not required,
and during boot ntpd can spin-up correct time faster.
with otto, ok jmc schwarze
|
|
used in situations where https constraints cannot be used and we still want
auto settime. Result of discussion with and ok deraadt@
|
|
more similar
ok jmc schwarze
|
|
|
