head 1.5; access; symbols pkgsrc-2026Q1:1.5.0.8 pkgsrc-2026Q1-base:1.5 pkgsrc-2025Q4:1.5.0.6 pkgsrc-2025Q4-base:1.5 pkgsrc-2025Q3:1.5.0.4 pkgsrc-2025Q3-base:1.5 pkgsrc-2025Q2:1.5.0.2 pkgsrc-2025Q2-base:1.5 pkgsrc-2025Q1:1.4.0.10 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.8 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.6 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.4 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.2 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.3.0.12 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.10 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.8 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.6 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.4 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.2 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.2.0.16 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.14 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.12 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.10 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.8 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.6 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.4 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.2 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.1.0.12 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.8 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.10 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.6 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.4 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.2 pkgsrc-2019Q1-base:1.1; locks; strict; comment @# @; 1.5 date 2025.05.30.22.29.20; author tnn; state Exp; branches; next 1.4; commitid J5B4EX3dwbNyWYWF; 1.4 date 2024.01.13.12.08.18; author adam; state Exp; branches; next 1.3; commitid vORZjO3GlicNFhUE; 1.3 date 2022.07.30.01.22.07; author tnn; state Exp; branches; next 1.2; commitid hYeOMZFCKOHtcRND; 1.2 date 2020.08.15.02.31.28; author tnn; state Exp; branches; next 1.1; commitid PbsPm2BjkN2Xw6kC; 1.1 date 2019.03.25.15.40.35; author tnn; state Exp; branches; next ; commitid X78B1JkVb0olgLgB; desc @@ 1.5 log @ntpsec: update to 1.2.4 * waf has been upgraded to version 2.1.4 * Fix ntpviz's skewness and kurtosis formulas * Clock fuzzing is gone * ntpd can now listen on a second port * Add a ntpdig option to bind to a specific address * Use ntp_gettime not than ntp_adjtime for local refclcock * Remove unused holdover, LOOP_KERN_CLEAR and timetoa from ntpd * Add and revise exponential timing decay and MS-SNTP testing tools @ text @$NetBSD: patch-wscript,v 1.4 2024/01/13 12:08:18 adam Exp $ Don't hardcode PREFIX. --- wscript.orig 2025-04-18 19:54:14.000000000 +0000 +++ wscript @@@@ -512,36 +512,12 @@@@ int main(int argc, char **argv) { # XXX: hack if ctx.env.DEST_OS in ["freebsd"]: - ctx.env.INCLUDES = ["/usr/local/include"] - ctx.env.LIBPATH = ["/usr/local/lib"] - if os.path.isdir("/usr/local/ssl/"): - # This assumes OpenSSL is the only thing that was in /usr/local/ - ctx.env.INCLUDES = ["/usr/local/ssl/include"] - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] + pass elif ctx.env.DEST_OS == "netbsd" and os.path.isdir("/usr/pkg/include"): - ctx.env.INCLUDES = ["/usr/pkg/include"] - ctx.env.LIBPATH = ["/usr/pkg/lib"] - ctx.env.LDFLAGS += ["-rpath=/usr/pkg/lib"] - if os.path.isdir("/usr/local/ssl/"): - # This assumes OpenSSL is the only thing that was in /usr/pkg/ - ctx.env.INCLUDES = ["/usr/local/ssl/include"] - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] + pass elif ctx.env.DEST_OS == "linux" and os.path.isdir("/usr/local/ssl/"): - # This supports building OpenSSL from source - # That allows using OpenSSL 1.1.1 on older CentOS - # or testing pre-release versions of OpenSSL - # see HOWTO-OpenSSL - ctx.env.INCLUDES = ["/usr/local/ssl/include"] - if os.path.isdir("/usr/local/ssl/lib64/"): - ctx.env.LIBPATH = ["/usr/local/ssl/lib64"] - else: - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] + pass elif ctx.env.DEST_OS == "darwin": - # macports location - if os.path.isdir("/opt/local/include"): - ctx.env.INCLUDES = ["/opt/local/include"] - if os.path.isdir("/opt/local/lib"): - ctx.env.LIBPATH = ["/opt/local/lib"] # OS X needs this for IPv6 ctx.define("__APPLE_USE_RFC_3542", 1, comment="Needed for IPv6 support") @ 1.4 log @ntpsec: updated to 1.2.3 1.2.3 * Change mode6 alignment to four, which may break some compatibility with classic NTP. * Seccomp should now also yield invalid syscall names when dying. * Make ntpq stop dropping output timestamp leading zeroes. * Update documents in quite a few places. * Reset some stats hourly, even when not logged into files. * Add error logging, and stats for ms-sntp. * Add spacing between multiple peer views in ntpq. * We think we have fixed ms-sntp but we can't test it. If you can test it, please let us know if it does/doesn't work. * ntpd and ntpq both treat SHA-1 as an alias for SHA1 NIST uses SHA-1. The crypto package from OpenSSL uses SHA1. * The default crypto type for ntpq is now AES. RFC 8573 deprecated MD5. * There are now log files with hourly statistics for NTS and NTS-KE traffic: filegen ntsstats and filegen ntskestats, * Update ntpsnmpd to use python built-in to get uname information. * Update license file names for REUSE compliance. * Fix ntploggps issue where count_used_satellites checked before it is initialized. * Print out OpenSSL version at configure time. * Enable debug symbols by default, with only an option to disable. * Add support for ecdhcurves list. * Fix build on platforms where `-fstack-protector` relies on libssp, like musl. * Fix ntpdig crash when using 2.ntp.pool.org with a host without IPv6 support. * Do not install libaes_siv test anymore. * Add update option to buildprep. * ntpdig shows packet delay in JSON output. @ text @d1 1 a1 1 $NetBSD: patch-wscript,v 1.3 2022/07/30 01:22:07 tnn Exp $ d5 1 a5 1 --- wscript.orig 2023-12-29 04:53:56.000000000 +0000 d7 1 a7 1 @@@@ -521,36 +521,12 @@@@ int main(int argc, char **argv) { d14 3 a16 3 - # This assumes OpenSSL is the only thing that was in /usr/local/ - ctx.env.INCLUDES = ["/usr/local/ssl/include"] - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] d23 3 a25 3 - # This assumes OpenSSL is the only thing that was in /usr/pkg/ - ctx.env.INCLUDES = ["/usr/local/ssl/include"] - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] d34 1 a34 1 - ctx.env.LIBPATH = ["/usr/local/ssl/lib64"] d36 1 a36 1 - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] @ 1.3 log @ntpsec: update to 1.2.1 2021-06-06: 1.2.1 Update ntpkeygen/keygone to properly filter # characters. (CVE-2021-22212) Add dextral peers mode in ntpq and ntpmon. Drop NTPv1 as the support was not RFC compliant, maybe v2 except mode 6 next. Fix argument P for ntpd parsing fixed and ntpdate improvements. Fix crash for raw ntpq readvar. Add processor usage to NTS-KE logging except on NetBSD. The build epoch has been replaced with a hardcoded timestamp which will be manually updated every nine years or so (approx 512w). This makes the binaries reproducible by default. Compare versions of ntp.ntpc and libntpc printing a warning if mismatched. Fix libntpc install path if using it. Reduce maxclocks default to 5 to reduce the NTP pool load. Print LIBDIR during ./waf configure. Add documentation, new GPG key, and other cleanups. 2020-10-06: 1.2.0 The minor version bump is to indicate official official support of RFC8915 "Network Time Security for the Network Time Protocol" which was released 2020-09-30. NTS-KE client now defaults to port 4460. NTS-KE server now listens on port 4460. (Listening on port 123 has been removed.) The shebang of installed Python scripts can now be customized with: waf configure --pyshebang="..." NTP clients now use a shared library with Python instead of an extension. Add flakiness option to ntpq and fixed limit=1 in mrulist. Fixed a minor formatting issue in rate page. @ text @d1 1 a1 1 $NetBSD: patch-wscript,v 1.2 2020/08/15 02:31:28 tnn Exp $ d3 1 a3 1 - don't hardcode PREFIX d5 1 a5 1 --- wscript.orig 2021-06-07 04:03:11.000000000 +0000 d7 1 a7 1 @@@@ -507,25 +507,12 @@@@ int main(int argc, char **argv) { d13 4 d22 4 d33 4 a36 1 - ctx.env.LIBPATH = ["/usr/local/ssl/lib"] @ 1.2 log @ntpsec: update to 1.1.9 == 2020-05-23: 1.1.9 == Correctly parse ntpq :config output on Python 3 and check return MACs. Add AES and other algorithm support to ntpq and ntpdig, from OpenSSL. Remove support for NetInfo. NetInfo was last supported in Mac OS X v10.4 The configure step now supports --disable-nts for running on systems with older versions of OpenSSL. The default restrictions now start with noquery and limited to reduce the opportunities for being used for DDoS-ing. The draft RFC for NTS has dropped support for TLSv1.2 We now need OpenSSL with TLSv1.3 support (version 1.1.1 or newer). The config keyword +tlsciphers+ has been removed. Additional filtering and sort options have been added to ntpq/mrulist Details are in the man page. Rate limiting has been cleaned up. With "restrict limited", traffic is now limited to an average of 1 packet per second with bursts of 20. (needs doc and maybe config) SIGHUP and hourly checks have been unified. Both now check for a new log file check for a new certificate file check for a new leap file SIGHUP also restarts all pending DNS and NTS probes. NTS client now requires ALPN on TLSv1.3. asciidoctor (1.5.8 or newer) is now supported and is the preferred AsciiDoc processor. asciidoc is still supported, but the minimum supported version has been raised from 8.6.0 to 8.6.8. asciidoc3 (3.0.2 or newer) is also supported. HTML docs are now built by default if an AsciiDoc processor is installed. If you do not want HTML docs, configure with --disable-doc. (Note: Man pages are controlled by a separate --disable-manpage.) Analysis shows that CVE-2020-11868, affecting NTP Classic, cannot affect us, as the peer mode involved has been removed. == 2019-11-17: 1.1.8 == Fix bug in NTS-KE client so that NTP server names work. Fix/tweak several NTS logging messages. == 2019-09-02: 1.1.7 == The numeric literal argument of the 'time1' fudge option on a clock can now have one or more letter suffixes that compensate for era rollover in a GPS device. Each "g" adds the number of seconds in a 1024-week (10-bit) GPS era. Each "G" adds the number of seconds in a 8192-week (13-bit) GPS era. The neoclock4x driver has been removed, due to the hardware and the vendor having utterly vanished from the face of the earth. The NTS ALPN negotiation sequence has been modified for improved interoperability with other NTS implementations. NTS key rotation now happens every 24 hours. It used to rotate every hour to enable testing of recovery from stale cookies. == 2019-07-10: 1.1.6 == Fixes to code quality checks. Fixes to NTS server list. Fix to bug #600. == 2019-06-30: 1.1.5 == Add ALPN for the NTS server, as required by the NTP draft. Revert some ntpq behavior. == 2019-06-21: 1.1.4 == NTS is now implemented. See .../devel/nts.adoc https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp We thank Cisco for sponsoring the NTS development. Lots of fixes and cleanups to PPS, both implementation and documentation. Pthread support is now required. --disable-dns-lookup is gone. NIST lockclock mode is now a runtime option set by the (previously unused) flag1 mode bit of the local-clock driver. As always, lots of minor fixups and cleanups everywhere. See the git log. @ text @d1 1 a1 1 $NetBSD: patch-wscript,v 1.1 2019/03/25 15:40:35 tnn Exp $ d5 1 a5 1 --- wscript.orig 2020-05-24 03:00:19.000000000 +0000 d7 1 a7 1 @@@@ -497,18 +497,10 @@@@ int main(int argc, char **argv) { d19 8 @ 1.1 log @ntpsec: import ntpsec-1.1.3 A secure, hardened, and improved implementation of Network Time Protocol derived from NTP Classic, Dave Mills's original. @ text @d1 1 a1 1 $NetBSD$ a3 2 - waf-2.x support from upstream: https://gitlab.com/NTPsec/ntpsec/commit/ff6f50b1ce7d7c2a552b27c6e8fb19639a7bf82a d5 1 a5 1 --- wscript.orig 2019-01-14 05:40:59.000000000 +0000 d7 1 a7 1 @@@@ -536,20 +536,12 @@@@ int main(int argc, char **argv) { d10 3 a12 3 if ctx.env.DEST_OS in ["freebsd", "openbsd"]: - ctx.env.PLATFORM_INCLUDES = ["/usr/local/include"] - ctx.env.PLATFORM_LIBPATH = ["/usr/local/lib"] d14 4 a17 3 elif ctx.env.DEST_OS == "netbsd": - ctx.env.PLATFORM_INCLUDES = ["/usr/pkg/include"] - ctx.env.PLATFORM_LIBPATH = ["/usr/lib", "/usr/pkg/lib"] a18 2 elif ctx.env.DEST_OS == "win32": ctx.load("msvc") d22 1 a22 1 - ctx.env.PLATFORM_INCLUDES = ["/opt/local/include"] d24 2 a25 2 - ctx.env.PLATFORM_LIBPATH = ["/opt/local/lib"] - # OS X needs this for IPv6 a27 66 elif ctx.env.DEST_OS == "sunos": @@@@ -558,6 +550,29 @@@@ int main(int argc, char **argv) { ctx.define("_POSIX_C_SOURCE", "200112L", quote=False) ctx.define("__EXTENSIONS__", "1", quote=False) + # Borrowed from waf-1.9, when type_name and field_name were valid keywords + SNIP_TYPE = ''' + int main(int argc, char **argv) { + (void)argc; (void)argv; + if ((%(type_name)s *) 0) return 0; + if (sizeof (%(type_name)s)) return 0; + return 1; + } + ''' + + SNIP_FIELD = ''' + #include + int main(int argc, char **argv) { + char *off; + (void)argc; (void)argv; + off = (char*) &((%(type_name)s*)0)->%(field_name)s; + return (size_t) off < sizeof(%(type_name)s); + } + ''' + + def to_header(header_name): + return ''.join(['#include <%s>\n' % x for x in Utils.to_list(header_name)]) + structures = ( ("struct if_laddrconf", ["sys/types.h", "net/if6.h"], False), ("struct if_laddrreq", ["sys/types.h", "net/if6.h"], False), @@@@ -565,14 +580,12 @@@@ int main(int argc, char **argv) { ("struct ntptimeval", ["sys/time.h", "sys/timex.h"], False), ) for (s, h, r) in structures: - ctx.check_cc(type_name=s, header_name=h, mandatory=r) - - # waf's SNIP_FIELD should likely include this header itself - # This is needed on some systems to get size_t for following checks - ctx.check_cc(auto_add_header_name=True, - header_name="stddef.h", - define_name="", # omit from config.h - mandatory=False) + ctx.check_cc( + fragment=to_header(h) + SNIP_TYPE % {'type_name': s}, + msg='Checking for type %s' % s, + define_name=ctx.have_define(s.upper()), + mandatory=r, + ) structure_fields = ( ("struct timex", "time_tick", ["sys/time.h", "sys/timex.h"]), @@@@ -582,7 +595,12 @@@@ int main(int argc, char **argv) { # first in glibc 2.12 ) for (s, f, h) in structure_fields: - ctx.check_cc(type_name=s, field_name=f, header_name=h, mandatory=False) + ctx.check_cc( + fragment=to_header(h) + SNIP_FIELD % {'type_name': s, 'field_name': f}, + msg='Checking for field %s in %s' % (f, s), + define_name=ctx.have_define((s + '_' + f).upper()), + mandatory=False, + ) # mostly used by timetoa.h and timespecops.h sizeofs = [ @