21:01 Cy Schubert (cy) 

net/ntp: Restore previous behaviour

Restore ntp to prior to the ASLR mitigations applied.

When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd
would segfault due to insufficient stack. This was because stack gap was
not taken into account by applications requesting stack and/or memory
limits. (BTW, this problem also affected firefox and thunderbird.)

This subsequently caused disabling of rlimit memlock, which could not be
avoided under the previous implementation of ASLR:

	Cannot set RLIMIT_MEMLOCK: Operation not permitted

Since then a number of improvments to ASLR stack gap implementation have
rendered the mitigations unnecessary. The mitigations initially developed
here at FreeBSD were subsequently upstreamed (noticed by the folks at
nwtime.org and automatically upstreamed). The mitigations have been
reversed in the base system. This patch reverses the ASLR mitigations in
the port as well.

PR:		262031
Reported by:	p5B2E9A8F@t-online.de

    c2a26c7

22:29 Cy Schubert (cy) 

net/ntp: Fix build on older FreeBSD

Fix stackgap build on older FreeBSD.

PR:		261491
Reported by:	tomasz.sowinski@nucleus.malbork.pl
MFH:		2022Q1

    646499b

04:43 Cy Schubert (cy) 

net/ntp: Fix stable/12 build

There should be no minimum to 1300524.

Reported by:	Scott Allendorf <scott-allendorf@uiowa.edu>
Fixes:		a6e356e8f50f92acbdec6156c068e768d1835591
MFH:		2022Q1

    d4607d3

14:26 Cy Schubert (cy) 

net/ntp: Reverse "Disable ntpd stack gap" for stable/13

As stack gap mitigations have been MFCed to stable/13, reverse
"Disable ntpd stack gap" for __FreeBSD_version < 1300524 too.

MFH:		2022Q1

    a6e356e

17:14 Cy Schubert (cy) 

net/ntp: Use __FreeBSD_version < 1400038

__FreeBSD_version < 1400038 is more appropriate as it follows the
commit to resolve setrlimit(2) segfaults.

MFH:		2021Q4

    f424bca

15:08 Cy Schubert (cy) 

net/ntp: Implement 8dc43f07dc6 only for 14-CURRENT for now

Only Reverse "Disable ntpd stack gap" for __FreeBSD_version < 1400037
for now until the next __FreeBSD_version bump.

Reported by:	kevans
MFH:		2021Q4

    ad1f51b

03:59 Cy Schubert (cy) 

net/ntp: Reverse "Disable ntpd stack gap"

120137c822c9697c19cf94461f436f8ccc372d24 (svn r517694) disabled ntpd
ASLR stack gap, which caused ntpd to segfault. (The patch in
120137c822c9697c19cf94461f436f8ccc372d24 was subsequently submitted
to nwtime.org for inclusion into upstream ntp.) src commit
889b56c8cd84c9a9f2d9e3b019c154d6f14d9021 addressed the underlying cause
for the setrlimit segfault negating the need for this workaround. This
commit removes the workaround.

MFH:		2021Q4 (after a month)

    8dc43f0

21:48 cy 

Update ntp-4.2.8p13 --> 4.2.8p14.

The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele

No CVEs have been documented yet.

MFH:		2020Q2
Security:	http://support.ntp.org/bin/view/Main/NtpBug3610
		http://support.ntp.org/bin/view/Main/NtpBug3596
		http://support.ntp.org/bin/view/Main/NtpBug3592

 

16:34 cy 

Disable ntpd stack gap. When ASLR with STACK GAP != 0 ntpd suffers SIGSEGV.

PR:		241421, 241960
Reported by:	Vladimir Zakharov <zakharov.vv@gmail.com>,
		dewayne@heuristicsystems.com.au
Reviewed by:	kib, imp (previous version), ian (suggestion)
MFH:		2019Q4
Differential Revision:  https://reviews.freebsd.org/D22358

 

20:19 cy 

patch-ntpd_ntp.c should really be named patch-ntpd_ntpd.c as it patches
ntpd/ntpd.c.

 

05:07 cy 

Update 4.2.8p11 --> 4.2.8p12

MFH:		2018Q3

 

00:32 ian 

Add TrustedBSD MAC(4) support to ntpd.

These changes add support for running ntpd as non-root, and improve support
for the --jaildir (chroot) option when running on freebsd. These correspond
to the changes made in the base system with r336525.

The new patches in this change are exactly what was submitted upstream in
https://bugs.ntp.org/show_bug.cgi?id=3509

Approved by:	cy@
Differential Revision:	https://reviews.freebsd.org/D16396