ntp: Vendor import of ntp-4.2.8p18

MFC: 3 days

Merge commit '1f833b3fc9968c3dd7ed79ccf0525ebf16c891ad' into main

ntp: import ntp-4.2.8p16

Security: NtpBUg3767, NtpBug3808, NtpBug3807 (CVE-2023-26555)
MFC after: immediately

MFV r344878:

4.2.8p12 --> 4.2.8p13

MFC after: immediately
Security: CVE-2019-8936
VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from: nwtime.org

MFV r330102: ntp 4.2.8p11

MFV r315791: ntp 4.2.8p10.

MFV r308954:

ntp 4.2.8p9.

Approved by: so

MFV r294491: ntp 4.2.8p6.

Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security: CVE-2015-8140, CVE-2015-8158
With hat: so

MFV r293415:

ntp 4.2.8p5

Reviewed by: cy, roberto
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4828

MFV ntp-4.2.8p4 (r289715)

Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.

MFV ntp-4.2.8p3 (r284990).

Approved by: roberto, delphij
Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security: http://bugs.ntp.org/show_bug.cgi?id=2853
Security: https://www.kb.cert.org/vuls/id/668167
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

MFV ntp 4.2.8p2 (r281348)

Reviewed by: delphij (suggested MFC)
Approved by: roberto
Security: CVE-2015-1798, CVE-2015-1799
Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
MFC after: 1 month

Fix merge error.

Submitted by: jkim

MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)

Thanks to roberto for providing pointers to wedge this into HEAD.

Approved by: roberto

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

Merge 4.2.4p8 into contrib (r200452 & r200454).

Subversion is being difficult here so take a hammer and get it in.

MFC after: 2 weeks
Security: CVE-2009-3563

Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by: so (cperciva)
Approved by: re (not really, but SVN wants this...)
Security: FreeBSD-SA-09:09.pipe
Security: FreeBSD-SA-09:10.ipv6
Security: FreeBSD-SA-09:11.ntpd

Correct ntpd(8) cryptographic signature bypass [SA-09:04].

Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].

Security: FreeBSD-SA-09:03.ntpd
Security: FreeBSD-SA-09:04.bind
Obtained from: ISC [SA-09:04]
Approved by: so (simon)

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit
will update usr.sbin/ntp to match this.

MFC after: 2 weeks

Flatten the dist and various 4.n.n trees in preparation of future ntp imports.

Virgin import of ntpd 4.2.0

Virgin import of ntpd 4.1.1a

Virgin import of ntpd 4.1.0

ntp: import ntp-4.2.8p16

Security: NtpBUg3767, NtpBug3808, NtpBug3807 (CVE-2023-26555)
MFC after: immediately

MFV r344878:

4.2.8p12 --> 4.2.8p13

MFC after: immediately
Security: CVE-2019-8936
VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from: nwtime.org

MFV r330102: ntp 4.2.8p11

MFV r315791: ntp 4.2.8p10.

MFV r308954:

ntp 4.2.8p9.

Approved by: so

MFV r294491: ntp 4.2.8p6.

Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security: CVE-2015-8140, CVE-2015-8158
With hat: so

MFV r293415:

ntp 4.2.8p5

Reviewed by: cy, roberto
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4828

MFV ntp-4.2.8p4 (r289715)

Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.

MFV ntp-4.2.8p3 (r284990).

Approved by: roberto, delphij
Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security: http://bugs.ntp.org/show_bug.cgi?id=2853
Security: https://www.kb.cert.org/vuls/id/668167
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

MFV ntp 4.2.8p2 (r281348)

Reviewed by: delphij (suggested MFC)
Approved by: roberto
Security: CVE-2015-1798, CVE-2015-1799
Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
MFC after: 1 month

Fix merge error.

Submitted by: jkim

MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)

Thanks to roberto for providing pointers to wedge this into HEAD.

Approved by: roberto

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

Merge 4.2.4p8 into contrib (r200452 & r200454).

Subversion is being difficult here so take a hammer and get it in.

MFC after: 2 weeks
Security: CVE-2009-3563

Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by: so (cperciva)
Approved by: re (not really, but SVN wants this...)
Security: FreeBSD-SA-09:09.pipe
Security: FreeBSD-SA-09:10.ipv6
Security: FreeBSD-SA-09:11.ntpd

Correct ntpd(8) cryptographic signature bypass [SA-09:04].

Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].

Security: FreeBSD-SA-09:03.ntpd
Security: FreeBSD-SA-09:04.bind
Obtained from: ISC [SA-09:04]
Approved by: so (simon)

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit
will update usr.sbin/ntp to match this.

MFC after: 2 weeks

Flatten the dist and various 4.n.n trees in preparation of future ntp imports.

Virgin import of ntpd 4.2.0

Virgin import of ntpd 4.1.1a

Virgin import of ntpd 4.1.0

Fix merge error.

Submitted by: jkim

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by: so (cperciva)
Approved by: re (not really, but SVN wants this...)
Security: FreeBSD-SA-09:09.pipe
Security: FreeBSD-SA-09:10.ipv6
Security: FreeBSD-SA-09:11.ntpd

Correct ntpd(8) cryptographic signature bypass [SA-09:04].

Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].

Security: FreeBSD-SA-09:03.ntpd
Security: FreeBSD-SA-09:04.bind
Obtained from: ISC [SA-09:04]
Approved by: so (simon)

- Import the HEAD csup code which is the basis for the cvsmode work.

Virgin import of ntpd 4.2.0

Virgin import of ntpd 4.1.1a

Virgin import of ntpd 4.1.0