ntp: ignore truncation beyond api sizes, and ignore wrongly
guessed underflow
tmux: ignore maybe uninitialised warning for impossible case
libbfd: signed/unsigned variables assigned in the same statement
dri/gallium: -Wno-builtin-declaration-mismatch for u_atomic.c as
it implements backend functions with different in-C-machine but
same-in-real-machine types
libXfont/libXfont2: signed/unsigned variables assigned in the same
statement
i915drm: ignore impossible maybe uninitialised warnings
sysinst: ignore an invalid string truncation issue
While here stop caring about RTM_LOSING as that's purely informational.
If routing does change then we get RTM_ADD/DEL/CHANGE.
Also stop caring about RTM_IFANNOUNCE as we really only want addresses
and interface flag updates which we get by RTM_NEWADDR/DELADDR/CHGADDR and
RTM_IFINFO.
While here, disable periodic scanning by default on NetBSD as it's
no longer needed.
The user can still enable it though with a positive number to the -U
option.
kardel@ So far I see no other issues from the pitfalls I know of
Cherry-picked from upstream:
https://git.savannah.gnu.org/gitweb/?p=config.git;a=commit;h=1c4398015583eb77bc043234f5734be055e64bea
Everything except external/apache2/llvm/dist/llvm/cmake/config.guess
is patched, which is under vendor tag and cannot be modified. I expect
that this file is not actually used as we use hand-crafted version of
configure script instead of cmake for building LLVM.
Note that external/apache2/llvm/autoconf/autoconf/config.guess has
already been committed on Oct. 20, but commit message disappeared as
cvs aborted due to "permission denied" when trying to modify the file
mentioned above. Sorry for confusing you.
Also note that GMP uses its own config.guess Patch for
external/lgpl3/gmp/dist/config.guess is provided by ryo@. Thanks!
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
- Reported by Miroslav Lichvar
* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
- Reported by Miroslav Lichvar
* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
- implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
- integrated patch by Cy Schubert
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
- integrated patch by Richard Steedman
* [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
- Reported by Martin Burnicki
* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
- Reported by Philippe Antoine
* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
- officially document new "trust date" mode bit for NMEA driver
- restore the (previously undocumented) "trust date" feature lost with [bug 3577]
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
- mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
ntp_io.c <perlinger@ntp.org>
- fixed byte and paramter order as suggested by wei6410@sina.com
* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
- added padding as suggested by John Paul Adrian Glaubitz
* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
- stdout+stderr are set to line buffered during test setup now
* [Bug 3583] synchronization error <perlinger@ntp.org>
- set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
- Reported by Paulo Neves
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
- also updates for refclock_nmea.c and refclock_jupiter.c
* [Bug 3576] New GPS date function API <perlinger@ntp.org>
* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
- sidekick: service port resolution in 'ntpdate'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
- applied patch by Douglas Royds
* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
- try to harden 'decodenetnum()' against 'getaddrinfo()' errors
- fix wrong cond-compile tests in unit tests
* [Bug 3517] Reducing build noise <perlinger@ntp.org>
* [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
- partial application of patch by Philipp Prindeville
* [Bug 3491] Signed values of LFP datatypes should always display a sign
- applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
- applied (modified) patch by Richard Steedman
* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
- applied patch by Gerry Garvey (with minor formatting changes)
* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
<perlinger@ntp.org>
* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user
is specified with -u <perlinger@ntp.org>
- monitor daemon child startup & propagate exit codes
* [Bug 1433] runtime check whether the kernel really supports capabilities
- (modified) patch by Kurt Roeckx <perlinger@ntp.org>
* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
* Startup log improvements. <stenn@ntp.org>
* Update the copyright year.
* html/confopt.html: cleanup. <stenn@ntp.org>
---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io
Add GCC_NO_STRINGOP_TRUNCATION to refclock_jjy.c to prevent build failure.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
- file has looks bogus maybe-uninitialized
- llvm triggers an attribute violation:
ScheduleDAGInstrs.cpp:1430:14: error: declaration of
'llvm::raw_ostream& llvm::operator<<(llvm::raw_ostream&, const llvm::ILPValue&)'
with attribute 'noinline' follows inline declaration [-Werror=attributes]
- ntp and pkg_install have obvious restrict violations, should be
fixed but i'm avoiding patching upstream code in this pass
- tftp has an array bounds that doesn't seem real issue
- sysinst's partman.c has major problem with passing the same
string as source and dest in snprintf, as a way to strcat
with formatting which trip restrict violations. non trivial
to fix so for now the warning is elided.
- Xext's XEVI.c has similar issue as partman.c
everyone and GCC 8 gets these warnings turned off for now:
-Wno-format-truncation
-Wno-stringop-overflow
-Wno-stringop-truncation
-Wno-cast-function-type
as they trip a large amount of code. most of them should be
investigated, but the few i looked at were not finding actually
real bugs, vs instances of poor coding, so skipping for now.
messages.
Between ASLR and stack clash random-sized padding, we can't make small
stacks reliably. Not doing so isn't a problem, so don't warn users about
it on every boot.
PR bin/51118
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>
mrg