net/ntp: Another patch to address IPv6 pool regression

43537eb9c3e5 circumvented an upstream patch which caused an IPv6
pool regression. This patch, discussed in
https://bugs.ntp.org/show_bug.cgi?id=3958, addresses another
unworkable combination of link-local local address with
non-link-local server.

Obtained from:	src c1767cf87cb6
MFH:		2025Q1

net/ntp: Replace the workaround from 98e34e8e2557 with a patch from upstream

43537eb9c3e5 circumvented an upstream patch which caused an IPv6
pool regresson. This patch removes the circumvention and replaces
it with an upstream patch planned for the new release of ntp.

Obtained from:	src bc02e6558720
MFH:		2025Q1

net/ntp: ntpd does not connect to NTP server with link local IPv6 address

Upstream bug 3943 (https://bugs.ntp.org/show_bug.cgi?id=3943) discusses:

Starting with 4.2.8p18 ntp does not synchronize or even connect to the
configured NTP server any more. ntp stays in .INIT. state indefinitely
and checking the network traffic shows that ntp does not attempt to
contact the NTP server.

This is regression introduced by the fix for upstream bug 3913. This
is a similar bug I reported upstream (ntp bug 3841).

Obtained from: 	src 381956e26756
MFH:		2025Q1

net/ntp: Undo upstream (ntp.org) fix for upstream Bug 3851

The patch for upstream (ntp.org) fix for upstream Bug 3851 may have
fixed a Linux bug but it caused a regression when ntpd is run on
FreeBSD.

PR:             283116
MFH:            2024Q4

Revert "ntp: Improve descriptions in manual pages"

This results in the following error:

env: autogen: No such file or directory
*** [./sntp-opts.c] Error code 127

This reverts commit c9d07ce2a970644c4e78a0e12e32753e19c16c5c.

ntp: Improve descriptions in manual pages

+ ntpd added to ntp.conf(5) description (search keywords)
+ expand NTP so these pages are shown when `apropos time`
+ "standard" => "reference" for increased consistency
- removed redundant or duplicated search keywords

freebsd-src:	c7a33fe3 (ntp: Improve descriptions)
ntp.org bug:    https://bugs.ntp.org/show_bug.cgi?id=3936
Reviewed by:    Harlan Stenn <stenn@nwtime.org>
Reviewed by:    Cy Schubert <cy@nwtime.org, cy@FreeBSD.org>

net/ntp: Fix build w/o autogen preinstalled

Previously, the port would not build complaining about no autogen.
With this patch, the port builds and installs.

MFH:			2024Q4
Differential Revision:	https://reviews.freebsd.org/D47345

net/ntp: Update to 4.2.8p18

MFH:	2024Q2

net/ntp: move man pages

net/ntp: Remove extraneous sentence suggesting a WWW

fb16dfecae4a removed WWW lines without considering the context.
Remove the sentence that eludes to a WWW line that no longer exists.

PR:		272773
Fixes:		fb16dfecae4a
MFH:		2023Q3

net/ntp: Fix two reference clock builds

Fix build for hopf6021 and wharton reference clocks.

No PORTREVISION bump is needed since both reference clocks are not
built by default.

Fixes:	de4864bd361e
MFH:	2023Q2

net/ntp: Update 4.2.8p16 --> 4.2.8p17

Fixes two small bugs including one regression.

MFH:		2023Q2

net/ntp: Remove defunct distfile site

MFH:		2023Q2

net/ntp: Update 4.2.8p15 --> 4.2.8p16

MFH:		2023Q2
Security:	NtpBug3767, NtpBug3808, NtpBug3807 (CVE-2023-26555)

net/ntp: Remove reference to defunct port

net/ntp-devel was removed long ago.

MFH:		2023Q2

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

net: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Straup Cope <ascope@cpan.org>
  *  Aaron Zauner <az_mail@gmx.at>
  *  Adam Jette <jettea46@yahoo.com>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Alan Eldridge <alane@geeksrus.net>
  *  Alex Bakhtin <Alex.Bakhtin@gmail.com>
  *  Alex Deiter <Alex.Deiter@Gmail.COM>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Dupre <sysadmin@alexdupre.com>

net/ntp: Restore previous behaviour

Restore ntp to prior to the ASLR mitigations applied.

When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd
would segfault due to insufficient stack. This was because stack gap was
not taken into account by applications requesting stack and/or memory
limits. (BTW, this problem also affected firefox and thunderbird.)

This subsequently caused disabling of rlimit memlock, which could not be
avoided under the previous implementation of ASLR:

	Cannot set RLIMIT_MEMLOCK: Operation not permitted

Since then a number of improvments to ASLR stack gap implementation have
rendered the mitigations unnecessary. The mitigations initially developed
here at FreeBSD were subsequently upstreamed (noticed by the folks at
nwtime.org and automatically upstreamed). The mitigations have been
reversed in the base system. This patch reverses the ASLR mitigations in
the port as well.

PR:		262031
Reported by:	p5B2E9A8F@t-online.de

net/ntp: Fix build on older FreeBSD

Fix stackgap build on older FreeBSD.

PR:		261491
Reported by:	tomasz.sowinski@nucleus.malbork.pl
MFH:		2022Q1

net/ntp: Fix stable/12 build

There should be no minimum to 1300524.

Reported by:	Scott Allendorf <scott-allendorf@uiowa.edu>
Fixes:		a6e356e8f50f92acbdec6156c068e768d1835591
MFH:		2022Q1

net/ntp: Reverse "Disable ntpd stack gap" for stable/13

As stack gap mitigations have been MFCed to stable/13, reverse
"Disable ntpd stack gap" for __FreeBSD_version < 1300524 too.

MFH:		2022Q1

net/ntp: Use __FreeBSD_version < 1400038

__FreeBSD_version < 1400038 is more appropriate as it follows the
commit to resolve setrlimit(2) segfaults.

MFH:		2021Q4

net/ntp: Implement 8dc43f07dc6 only for 14-CURRENT for now

Only Reverse "Disable ntpd stack gap" for __FreeBSD_version < 1400037
for now until the next __FreeBSD_version bump.

Reported by:	kevans
MFH:		2021Q4

net/ntp: Reverse "Disable ntpd stack gap"

120137c822c9697c19cf94461f436f8ccc372d24 (svn r517694) disabled ntpd
ASLR stack gap, which caused ntpd to segfault. (The patch in
120137c822c9697c19cf94461f436f8ccc372d24 was subsequently submitted
to nwtime.org for inclusion into upstream ntp.) src commit
889b56c8cd84c9a9f2d9e3b019c154d6f14d9021 addressed the underlying cause
for the setrlimit segfault negating the need for this workaround. This
commit removes the workaround.

MFH:		2021Q4 (after a month)

net/ntp: Fix stage when devel/bitkeeper is installed

NTP is developed using the bitkeeper VCS. checkHtmlFileDates, uses
bitkeeper metadata to alter dates in html files. This results in
a bunch of *.old files installed in ${STAGEDIR}. As the distribution
tarball contains no bitkeeper metadata, no dates are updated at the
cost of failed build. This patch teaches scripts/build/checkHtmlFileDates
to act as if bitkeeper is not installed regardless of bitkeeper's
installatikon status.

MFH:		2021Q4

Remove # $FreeBSD$ from Makefiles.

Update 4.2.8p14 --> 4.2.8p15

Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.

MFH:		2020Q3
Security:	NTP Bug 3661

net/ntpsec: Add CONFLICTS between net/{ntp,ntp-devel,openntpd,ntpsec} because
they all install sbin/ntpd

Also remove -* for versions because this isn't needed.

PR:		246553
Reported by:	naddy
Approved by:	portmgr (port compliance, infrastructure)

ntpd: fix build with -fno-common

Only a small nit here: psl should be declared extern and defined exactly
once.

-fno-common will become the default in GCC10/LLVM11.

Obtained from:	src r359676 (kevans)
MFH:		2020Q2

Update ntp-4.2.8p13 --> 4.2.8p14.

The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele

No CVEs have been documented yet.

MFH:		2020Q2
Security:	http://support.ntp.org/bin/view/Main/NtpBug3610
		http://support.ntp.org/bin/view/Main/NtpBug3596
		http://support.ntp.org/bin/view/Main/NtpBug3592

Chase r512433, (also chasing src r355388) document that rlimit memlock
is disabled by default.

Disable ntpd stack gap. When ASLR with STACK GAP != 0 ntpd suffers SIGSEGV.

PR:		241421, 241960
Reported by:	Vladimir Zakharov <zakharov.vv@gmail.com>,
		dewayne@heuristicsystems.com.au
Reviewed by:	kib, imp (previous version), ian (suggestion)
MFH:		2019Q4
Differential Revision:  https://reviews.freebsd.org/D22358

patch-ntpd_ntp.c should really be named patch-ntpd_ntpd.c as it patches
ntpd/ntpd.c.

Drop the ipv6 virtual category for n* category as it is not relevant anymore

Chase src r352540:

Follow up on ports r511987 (base r352304) which disabled default
mlockall() at startup. Unfortunately though the original tarball
supports this in ./configure (for Linux), to fully support disabling
of mlockall() by default requires a little extra help otherwise the
following is logged in syslog:

        Cannot set RLIMIT_MEMLOCK: Operation not permitted

Chase base r352518:

Reduce calls to close(2) at startup through the use of closefrom(2).

Submitted by:		pawel.biernacki@gmail.com (based on)
Obtained from:		base r352518

Sync with base r352304, no longer locking ntpd in memory. Users who
wish to restore historic BSD behaviour can add the following to ntp.conf:

	rlimit memlock 32

Discussed on:	freebsd-current@ between Sept 6-9, 2019
Mentioned in Differential Revision:
		https://reviews.freebsd.org/D21581

TrustedBSD-MAC has been accepted upstream.

Convert to UCL & cleanup pkg-message (categories n)

(and missed 3 missed files from previous categories.)

devel/libevent2: update to 2.1.11

Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		239599
Reported by:	GitHub (watch releases)
Approved by:	zeising (maintainer)
MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision:	https://reviews.freebsd.org/D21133

4.2.8p12 --> 4.2.8p13

Fix build on armv6.

Submitted by:	garga@
MFH:		2018Q4

Also tell people how to enable ntpd and ntpdate from ports using
sysrc.

mat@ suggested this however as I'm not enamoured with sysrc, it has
been added as annother approach to add/edit rc.conf variables.

Reported by:	mat@
MFH:		2018Q3

Fix a typo.

Reported by:	Herbert J. Skuhra <herbert@gojira.at>
MFH:		2018Q3

Add a package message instructing the user how to use ports ntp
instead of base ntp.

Reported by:	adamw
MFH:		2018Q3

Update 4.2.8p11 --> 4.2.8p12

MFH:		2018Q3

Add TrustedBSD MAC(4) support to ntpd.

These changes add support for running ntpd as non-root, and improve support
for the --jaildir (chroot) option when running on freebsd. These correspond
to the changes made in the base system with r336525.

The new patches in this change are exactly what was submitted upstream in
https://bugs.ntp.org/show_bug.cgi?id=3509

Approved by:	cy@
Differential Revision:	https://reviews.freebsd.org/D16396

www/libwww: Update to 5.4.2, Fix security vulnerabilities

This a security release for libwww to take into account security advisories
CVE-2016-9063 and CVE-2017-9233.

In order to take into account current and future expat security advisories,
the expat source code was removed from the libwww tree. The makefiles were
modified so that libwww dynamically links against the system's expat library.

Patches removed were incorporated upstream.

Bump PORTREVISION of dependent ports due shlib change.

Changes:	libwww/5.4.2/ChangeLog">https://raw.githubusercontent.com/w3c/libwww/5.4.2/ChangeLog

MFH:		2018Q3
Security:	e375ff3f-7fec-11e8-8088-28d244aee256

Security update 4.2.8p10 --> 4.2.8p11.

MFH:		2018Q1

Fix RIPENCC TRIMBLE driver compile error.

PR:		223819

Register conflict with openntpd.

Reported by:	rodrigo

r436859 removed a bunch of refclock drivers that were enabled by
default. (New patch from ian@.)

While here ian@ and I discussed the www/libwww libmd5 dependency. It
turns out that if the sntp configure script finds libmd5, it uses it.
This is now an option to include the dependency.

While working on the libmd5 dependency it was discovered that the
sntp build requires SSL only if it finds libmd5. This is now an
IMPLIES.

Thanks to ian@ for the additional patch and for discovering the
libmd5 check, pointing me in the right direction to solve the without
SSL breakage.

PR:		218078
Submitted by:	ian@ (default driver options)
Discussed with:	ian@ (libmd5 dependency)

Remove autogen dependency added by r426923. This version of ntp no
longer needs it.

Use CONFIGURE_ENABLE instead of CONFIGURE_ON.

The current use of CONFIGURE_ON to handle refclock options allows
adding a refclock that is off by default, but doesn't allow a user
to eliminate refclocks that ntpd includes by default.

Using CONFIGURE_ENABLE instead of CONFIGURE_ON will add the proper
--disable-REFCLOCKNAME to the args when the user disables default-on
options.

PR:		218078
Submitted by:	ian@

Update 4.2.8p9 --> 4.2.8p10

Enable DEBUG option which enables debugging code in ntp via
--enable-debug. This enables -d and -D options within ntpd.

Correct the specification of ssl. This doesn't fix the brokenness
of this port when ssl is not specified but corrects the incorrect
specification regerdless.

Remove extraneous arguments and options, which don't make sense for
a file documented in volume 5.

OpenSSL includes are configured even though option is not selected
resulting in a build failure.

Same as r311005 in base, Fix up grammar.

devel/libevent2: drop historical suffix after r362796

PR:		216777
Approved by:	mm (maintainer)

devel/libevent2: update to 2.1.8 and cleanup

- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN

Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR:		216527
Exp-run by:	antoine
Approved by:	mm (maintainer)

Cleanup BROKEN/IGNORE for 10.3-

Sponsored by:	Absolight

Fix build with LibreSSL.

PR:		215323
Submitted by:	naddy

Flag ntp and ntp-devel ignore if libressl is installed due to md5
symbol conflicts.

PR:		215093

Unbreak Makefile, set up appropriate support for BROKEN.

As suggested by koobs, describe error in BROKEN=.

Document that net/ntp does not build under FreeBSD-9.

Fix build folloing r426791.

Also Submitted by:	roberto
Pointy hat to:		delphij
Reported by:		roberto, Craig Leres <leres@ee.lbl.gov>

Remove documentation of conflict with the ntp-rc port. net/ntp-rc
is only an active port when an NTP release candidate is available.

Submitted by:	des

Configure leap-second smearing (always).

Leap-second smearing is an experimental option that may be specified in
ntp.conf(5) to spread the effect of a leap-second over an interval as
specified by the leapsmearinterval config file statement. Recommended
values are between 7200 (2 hours) and 86400 (24 hours).

It is advised that leap-second smearing not be used for public NTP
servers (https://www.meinbergglobal.com/download/burnicki/Leap\
%20Second%20Smearing%20With%20NTP.pdf). It is also advised that NTP
clients not use a mix of NTP servers using leap-second smearing with
NTP servers not using leap-second smearing as that could cause
undefined client behaviour.

Suggested by:	des

Security update to 4.2.8p9.

Approved by:	so
MFH:		2016Q4

Let USES=localbase add -L${LOCALBASE}/lib to LIBS instead of LDFLAGS.
USES=localbase:ldflags can be used to set LDFLAGS.  Normally LDFLAGS
appears too early on the command line causing some ports to link with
their own libraries in LOCALBASE (if installed) instead of WRKSRC.

Also make use of _USES_POST so -L${LOCALBASE}/lib is added as late as
possible after anything a port Makefile might set.  Use _USES_POST
instead of .include in libedit.mk and libarchive.mk so things like
'USES=libedit localbase:ldflags' work correctly.

Fix some issues with LIBS in some ports.

Switch ports that don't support LIBS to localbase:ldflags.

PR:		212987
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Most commonly used build systems support silent builds, when they
hide actual commands executed and only show short summary line (like
"CC foo.c"). CMake and ninja enable this by default, some autotools
using ports do as well. This is unacceptable because we need complete
build logs at any time, so we now switch to verbose build logs
unconditionally. Note that this change deliberately affects ALL
builds and not only package builds on cluster, because we need to
be sure that user experiencing failure can always provide informative
build log regardless of settings and without rerunning the build.

Change summary:

- Always do verbose builds for cmake, ninja and GNU configure (the
  latter includes check if --disable-silent-rules is actually supported
  by the configure script; there are isolated cases when it's not true)

Fix Makefile typo.

Record an indirect libwww dependency.

Switch to USES=ssl.

Fixup sntp.8 man page formatting. This commit is the same as r304721
in base.

Submitted by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
Discussed with:	bjk@

Update 4.2.8p7 --> 4.2.8p8

Security update net/ntp to 4.2.8p7.

Security:	CVE-2015-7704
Security:	CVE-2015-8138
Security:	CVE-2016-1547
Security:	CVE-2016-1548
Security:	CVE-2016-1549
Security:	CVE-2016-1550
Security:	CVE-2016-1551
Security:	CVE-2016-2516
Security:	CVE-2016-2517
Security:	CVE-2016-2518
Security:	CVE-2016-2519
Security:	b2487d9a-0c30-11e6-acd0-d050996490d0
MFH:		2016Q2
With hat:	so

Remove ${PORTSDIR}/ from dependencies, categories m, n, o, and p.

With hat:	portmgr
Sponsored by:	Absolight

Fixup some whitespace at the beginning of lines problems.

With hat:	portmgr
Sponsored by:	Absolight

Update 4.2.8p5 --> 4.2.8p6

Update to 4.2.8p5.

Security:	CVE-2015-5300
Security:	4eae4f46-b5ce-11e5-8a2b-d050996490d0
MFH:		2016Q1
With hat:	so

net/ntp: Fix untracked gettext dependency & lots more

ntp links against gettext (libintl) if it is installed on the system:

- Add an NLS OPTION to explicitly enable, disable and track libintl dependency
- Add DEBUG and THREADS OPTIONS. Keep the latter enabled by OPTIONS_DEFAULT to
  preserve compatibility with existing behaviour.
- Explicitly pass OpenSSL include / library dir paths to configure
- Unsilence install command
- Enable verbose building (--disable-silent-rules)
- Use TOUCH variable instead of hardcoded command
- Add TEST_TARGET to enable test suite
- Patch sntp tests to ensure they link correctly to threading library
- Pet portlint (*_DEPENDS order, group USE{S} sections, sort OPTIONS)

Approved by:		cy (maintainer)
Differential Revision:	D4812
MFH:			2016Q1

Update ntp 4.2.8p3 --> 4.2.8p4.

As ntp 4.2.8p4 has gone GA, remove ntp-rc.

Shebang fix update-leap.

- Switch to USES=libedit as suggested by stage-qa
- Switch to options helpers

Approved by:	portmgr blanket

Update 4.2.8p2 --> 4.2.8p3

Special thanks to delphij@ for the prep work.

Security:	VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security:	http://bugs.ntp.org/show_bug.cgi?id=2853
Security:	https://www.kb.cert.org/vuls/id/668167
Security:	http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

Rework r385426:
  - The include/event2 directory was being created improperly due to the lack
    of a pkgconfig dependency. Add it to USES.
  - Remove WRKSRC from SHEBANG list.

Reported by:	many

- Fix orphaned include/event2 dir (likely an upstream error that it is created)
- Fix shebang QA error when not using PERL_UTILS. This was broken in r374987.
  Error: '-w' is an invalid shebang you need USES=shebangfix for 'sbin/ntptrace'
  Must replace @PERL_PATH@ before install or it becomes a blank: '#!  -w'

Sponsored by:	EMC / Isilon Storage Division

net/ntp: add CPE info

PR:		199619
Submitted by:	Shun <shun.fbsd.pr@dropcut.net>
Approved by:	portmgr blanket

Update ntp 4.2.8p1 --> 4.2.8p2

Update ntp-devel 4.3.13 --> 4.3.14

Mark ntp-rc IGNORE

PR:		199274, 199276
Submitted by:	delphij
Security:	VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
Security:	VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2

Add missing =

Copy net/ntp to net/ntp-rc to track release candidates.

Register conflicts between ports.

Remove redundant DOCSDIR.

Update 4.2.8 --> 4.2.8p1

Adjust MASTER_SITES.

Unbreak MX4200.

Submitted by:	delphij

MX4200 is still broken.