Index: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/27-SA-16:07.openssh =================================================================== --- user/cperciva/freebsd-update-build/patches/10.1-RELEASE/27-SA-16:07.openssh (nonexistent) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/27-SA-16:07.openssh (revision 294929) @@ -0,0 +1,21 @@ +--- crypto/openssh/readconf.c.orig ++++ crypto/openssh/readconf.c +@@ -1610,7 +1610,7 @@ + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; +- options->use_roaming = -1; ++ options->use_roaming = 0; + options->visual_host_key = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; +@@ -1788,8 +1788,7 @@ + options->tun_remote = SSH_TUNID_ANY; + if (options->permit_local_command == -1) + options->permit_local_command = 0; +- if (options->use_roaming == -1) +- options->use_roaming = 1; ++ options->use_roaming = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; + if (options->ip_qos_interactive == -1) Index: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/28-SA-16:09.ntp =================================================================== --- user/cperciva/freebsd-update-build/patches/10.1-RELEASE/28-SA-16:09.ntp (nonexistent) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/28-SA-16:09.ntp (revision 294929) @@ -0,0 +1,17352 @@ +Index: contrib/ntp/ChangeLog +=================================================================== +--- contrib/ntp/ChangeLog (revision 294707) ++++ contrib/ntp/ChangeLog (working copy) +@@ -1,4 +1,38 @@ + --- ++(4.2.8p6) 2016/01/20 Released by Harlan Stenn ++ ++* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. ++* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org ++* [Sec 2938] ntpq saveconfig command allows dangerous characters ++ in filenames. perlinger@ntp.org ++* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org ++* [Sec 2940] Stack exhaustion in recursive traversal of restriction ++ list. perlinger@ntp.org ++* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org ++* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org ++* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org ++* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org ++* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org ++* [Bug 2892] Several test cases assume IPv6 capabilities even when ++ IPv6 is disabled in the build. perlinger@ntp.org ++ - Found this already fixed, but validation led to cleanup actions. ++* [Bug 2905] DNS lookups broken. perlinger@ntp.org ++ - added limits to stack consumption, fixed some return code handling ++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - changed stacked/nested handling of CTRL-C. perlinger@ntp.org ++ - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org ++* [Bug 2980] reduce number of warnings. perlinger@ntp.org ++ - integrated several patches from Havard Eidnes (he@uninett.no) ++* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++* Make leapsec_query debug messages less verbose. Harlan Stenn. ++* Disable incomplete t-ntp_signd.c test. Harlan Stenn. ++ ++--- + (4.2.8p5) 2016/01/07 Released by Harlan Stenn + + * [Sec 2956] small-step/big-step. Close the panic gate earlier. HStenn. +@@ -47,6 +81,7 @@ + lots of clients. perlinger@ntp.org + * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call + - changed stacked/nested handling of CTRL-C. perlinger@ntp.org ++ - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org + * Unity cleanup for FreeBSD-6.4. Harlan Stenn. + * Unity test cleanup. Harlan Stenn. + * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. +@@ -55,9 +90,8 @@ + * Quiet a warning from clang. Harlan Stenn. + * Update the NEWS file. Harlan Stenn. + * Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. ++ + --- +-(4.2.8p4) 2015/10/21 Released by Harlan Stenn +-(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn + + * [Sec 2899] CVE-2014-9297 perlinger@ntp.org + * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's. +Index: contrib/ntp/CommitLog +=================================================================== +--- contrib/ntp/CommitLog (revision 294707) ++++ contrib/ntp/CommitLog (working copy) +@@ -1,8 +1,633 @@ +-ChangeSet@1.3623, 2016-01-07 23:33:11+00:00, stenn@deacon.udel.edu ++ChangeSet@1.3628, 2016-01-20 04:20:12-05:00, stenn@deacon.udel.edu ++ NTP_4_2_8P6 ++ TAG: NTP_4_2_8P6 ++ ++ ChangeLog@1.1793 +1 -0 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntp.conf.texi@1.196 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntp.keys.texi@1.188 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpd/invoke-ntpd.texi@1.504 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.5man@1.230 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.5mdoc@1.230 +2 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.html@1.183 +60 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.man.in@1.230 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.conf.mdoc.in@1.230 +2 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.5man@1.222 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.5mdoc@1.222 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.html@1.184 +21 -33 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.man.in@1.222 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntp.keys.mdoc.in@1.222 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd-opts.c@1.526 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd-opts.h@1.525 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.1ntpdman@1.333 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.1ntpdmdoc@1.333 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.html@1.177 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.man.in@1.333 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpd/ntpd.mdoc.in@1.333 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpdc/invoke-ntpdc.texi@1.501 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc-opts.c@1.519 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc-opts.h@1.518 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.1ntpdcman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.html@1.345 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpdc/ntpdc.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpq/invoke-ntpq.texi@1.508 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq-opts.c@1.525 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq-opts.h@1.523 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.1ntpqman@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.1ntpqmdoc@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.html@1.174 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.man.in@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpq/ntpq.mdoc.in@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.503 +2 -2 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.521 +10 -10 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.520 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.html@1.172 +1 -1 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ packageinfo.sh@1.524 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.93 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.94 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.95 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.92 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.94 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.97 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/invoke-plot_summary.texi@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/invoke-summary.texi@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.324 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.60 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.321 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.322 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.html@1.341 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.321 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.322 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.100 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.html@1.113 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.101 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.113 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.101 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.html@1.114 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.man.in@1.100 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.102 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.1plot_summaryman@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.html@1.115 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.man.in@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/plot_summary.mdoc.in@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary-opts@1.62 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.1summaryman@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/summary.1summarymdoc@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.html@1.115 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/summary.man.in@1.112 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/summary.mdoc.in@1.112 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.13 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap-opts@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.13 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.html@1.13 +1 -1 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.man.in@1.13 +3 -3 ++ NTP_4_2_8P6 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.13 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/invoke-sntp.texi@1.501 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/sntp-opts.c@1.520 +10 -10 ++ NTP_4_2_8P6 ++ ++ sntp/sntp-opts.h@1.518 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.1sntpman@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.1sntpmdoc@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.html@1.516 +2 -2 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.man.in@1.336 +4 -4 ++ NTP_4_2_8P6 ++ ++ sntp/sntp.mdoc.in@1.336 +3 -3 ++ NTP_4_2_8P6 ++ ++ util/invoke-ntp-keygen.texi@1.504 +2 -2 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen-opts.c@1.522 +10 -10 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen-opts.h@1.520 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.1ntp-keygenman@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.html@1.178 +2 -2 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.man.in@1.332 +4 -4 ++ NTP_4_2_8P6 ++ ++ util/ntp-keygen.mdoc.in@1.332 +3 -3 ++ NTP_4_2_8P6 ++ ++ChangeSet@1.3627, 2016-01-20 04:14:51-05:00, stenn@deacon.udel.edu ++ solaris hack ++ ++ libntp/work_thread.c@1.20 +2 -0 ++ solaris hack ++ ++ChangeSet@1.3626, 2016-01-20 01:50:09-05:00, stenn@deacon.udel.edu ++ 4.2.8p6 ++ ++ packageinfo.sh@1.523 +1 -1 ++ 4.2.8p6 ++ ++ChangeSet@1.3625, 2016-01-20 00:34:15+00:00, stenn@psp-deb1.ntp.org ++ updates ++ ++ NEWS@1.160 +24 -24 ++ updates ++ ++ChangeSet@1.3624, 2016-01-19 22:28:41+00:00, stenn@psp-deb1.ntp.org ++ typo ++ ++ NEWS@1.159 +1 -1 ++ typo ++ ++ChangeSet@1.3623, 2016-01-18 11:55:56+00:00, stenn@psp-deb1.ntp.org ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ChangeLog@1.1792 +1 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ NEWS@1.158 +40 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ include/Makefile.am@1.54 +1 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ include/ntp_io.h@1.23 +2 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ include/ntp_keyacc.h@1.1 +13 -0 ++ BitKeeper file /home/stenn/ntp-stable-2936/include/ntp_keyacc.h ++ ++ include/ntp_keyacc.h@1.0 +0 -0 ++ ++ include/ntp_stdlib.h@1.81 +4 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ include/ntp_types.h@1.36 +1 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ libntp/Makefile.am@1.77 +1 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ libntp/authkeys.c@1.31 +60 -6 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ libntp/authreadkeys.c@1.25 +50 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ libntp/authusekey.c@1.11 +1 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ libntp/is_ip_address.c@1.1 +129 -0 ++ BitKeeper file /home/stenn/ntp-stable-2936/libntp/is_ip_address.c ++ ++ libntp/is_ip_address.c@1.0 +0 -0 ++ ++ ntpd/invoke-ntp.keys.texi@1.187 +11 -3 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.5man@1.221 +13 -5 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.5mdoc@1.221 +14 -6 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.def@1.11 +10 -2 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.html@1.183 +42 -22 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.man.in@1.221 +13 -5 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp.keys.mdoc.in@1.221 +14 -6 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp_crypto.c@1.186 +1 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp_io.c@1.412 +0 -72 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ ntpd/ntp_proto.c@1.373 +34 -0 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ tests/libntp/authkeys.c@1.15 +1 -1 ++ [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. ++ ++ChangeSet@1.3622, 2016-01-17 09:03:57+00:00, stenn@psp-deb1.ntp.org ++ Disable incomplete t-ntp_signd.c test. Harlan Stenn. ++ ++ ChangeLog@1.1791 +1 -0 ++ Disable incomplete t-ntp_signd.c test. Harlan Stenn. ++ ++ tests/ntpd/t-ntp_signd.c@1.16 +4 -0 ++ Disable incomplete t-ntp_signd.c test. Harlan Stenn. ++ ++ChangeSet@1.3621, 2016-01-17 05:51:14+00:00, stenn@psp-deb1.ntp.org ++ Update NEWS file for 2942 ++ ++ NEWS@1.157 +22 -0 ++ Update NEWS file for 2942 ++ ++ChangeSet@1.3615.13.1, 2016-01-17 05:07:22+00:00, stenn@psp-deb1.ntp.org ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ChangeLog@1.1786.13.1 +4 -0 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ html/miscopt.html@1.85 +11 -3 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ include/ntp.h@1.213.1.1 +3 -0 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/invoke-ntp.conf.texi@1.195 +64 -3 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/keyword-gen-utd@1.27 +1 -1 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/keyword-gen.c@1.33 +3 -0 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp.conf.5man@1.229 +71 -7 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp.conf.5mdoc@1.229 +71 -7 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp.conf.def@1.21 +67 -4 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp.conf.man.in@1.229 +71 -7 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp.conf.mdoc.in@1.229 +71 -7 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_config.c@1.335.1.1 +12 -0 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_keyword.h@1.29 +505 -468 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_parser.c@1.101 +1762 -1513 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_parser.h@1.65 +257 -235 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_parser.y@1.91 +6 -0 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ ntpd/ntp_proto.c@1.368.2.1 +40 -4 ++ [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. ++ ++ChangeSet@1.3619, 2016-01-14 12:19:16+00:00, stenn@psp-at1.ntp.org ++ NEWS file updates ++ ++ NEWS@1.156 +21 -0 ++ NEWS file updates ++ ++ChangeSet@1.3615.1.9, 2016-01-14 11:33:43+00:00, stenn@psp-at1.ntp.org ++ merge cleanup ++ ++ ChangeLog@1.1786.1.9 +3 -0 ++ merge cleanup ++ ++ChangeSet@1.3615.1.5, 2016-01-14 10:44:13+00:00, stenn@psp-at1.ntp.org ++ merge cleanup ++ ++ ChangeLog@1.1786.1.5 +0 -1 ++ merge cleanup ++ ++ChangeSet@1.3615.12.4, 2016-01-14 10:27:23+00:00, stenn@psp-at1.ntp.org ++ merge cleanup ++ ++ ChangeLog@1.1786.12.4 +1 -1 ++ merge cleanup ++ ++ChangeSet@1.3615.12.2, 2016-01-14 09:49:52+00:00, stenn@psp-at1.ntp.org ++ merge cleanup ++ ++ ChangeLog@1.1786.12.2 +2 -2 ++ merge cleanup ++ ++ChangeSet@1.3615.3.17, 2016-01-14 09:33:56+00:00, stenn@psp-at1.ntp.org ++ merge cleanup ++ ++ ChangeLog@1.1786.3.14 +1 -1 ++ merge cleanup ++ ++ChangeSet@1.3615.3.14, 2016-01-14 07:36:57+00:00, stenn@psp-at1.ntp.org ++ NEWS update ++ ++ NEWS@1.155 +98 -7 ++ NEWS update ++ ++ChangeSet@1.3615.3.12, 2016-01-13 08:07:30+00:00, stenn@psp-deb1.ntp.org ++ typo ++ ++ ChangeLog@1.1786.3.10 +1 -1 ++ typo ++ ++ChangeSet@1.3615.3.10, 2016-01-13 06:08:29+00:00, stenn@psp-deb1.ntp.org ++ Update NEWS file for bug 2938 ++ ++ NEWS@1.154 +29 -2 ++ Update NEWS file for bug 2938 ++ ++ChangeSet@1.3615.3.8, 2016-01-13 04:23:46+00:00, stenn@psp-deb1.ntp.org ++ Update NEWS file for bug 2935 ++ ++ NEWS@1.153 +52 -0 ++ Update NEWS file for bug 2935 ++ ++ChangeSet@1.3615.7.12, 2016-01-12 09:53:06+00:00, stenn@psp-at1.ntp.org ++ [Sec 2935] use L_SUB instead of L_ISGT. Juergen Perlinger ++ ++ ntpd/ntp_proto.c@1.368.1.5 +4 -1 ++ [Sec 2935] use L_SUB instead of L_ISGT. Juergen Perlinger ++ ++ChangeSet@1.3615.7.11, 2016-01-11 03:02:53-08:00, harlan@max.pfcs.com ++ [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. ++ ++ ChangeLog@1.1786.9.1 +4 -0 ++ [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. ++ ++ include/ntp.h@1.215 +1 -0 ++ [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. ++ ++ ntpd/ntp_proto.c@1.368.1.4 +67 -0 ++ [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. ++ ++ChangeSet@1.3615.7.10, 2016-01-11 02:44:25-08:00, harlan@max.pfcs.com ++ make leapsec_query messages less verbose. ++ ++ ntpd/ntp_timer.c@1.93.1.1 +6 -4 ++ make leapsec_query messages less verbose. ++ ++ChangeSet@1.3615.9.1, 2016-01-11 10:26:12+01:00, jnperlin@hydra.localnet ++ [Bug 2985] bogus calculation in authkeys.c ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++ ++ ChangeLog@1.1786.7.5 +2 -0 ++ [Bug 2985] bogus calculation in authkeys.c ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++ ++ libntp/authkeys.c@1.30 +33 -10 ++ [Bug 2985] bogus calculation in authkeys.c ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++ ++ tests/libntp/authkeys.c@1.14 +38 -0 ++ [Bug 2985] bogus calculation in authkeys.c ++ - test bithack implementation of 'auth_log2()' ++ ++ tests/libntp/run-authkeys.c@1.12 +9 -6 ++ [Bug 2985] bogus calculation in authkeys.c ++ - update auto-generated file ++ ++ChangeSet@1.3615.7.9, 2016-01-09 09:52:44+00:00, stenn@psp-at1.ntp.org ++ Add timelastrec to the peer structure ++ ++ include/ntp.h@1.214 +2 -1 ++ Add timelastrec to the peer structure ++ ++ChangeSet@1.3615.3.6, 2016-01-08 10:00:03+00:00, stenn@psp-at1.ntp.org ++ 4.2.8p5 merge cleanup ++ ++ ChangeLog@1.1786.3.6 +1 -1 ++ 4.2.8p5 merge cleanup ++ ++ChangeSet@1.3615.7.8, 2016-01-08 00:26:09+00:00, stenn@deacon.udel.edu ++ Update copyright year ++ ++ sntp/include/copyright.def@1.26 +1 -1 ++ Update copyright year ++ ++ChangeSet@1.3615.7.7, 2016-01-07 23:33:11+00:00, stenn@deacon.udel.edu + NTP_4_2_8P5 + TAG: NTP_4_2_8P5 + +- ChangeLog@1.1791 +1 -0 ++ ChangeLog@1.1786.7.4 +1 -0 + NTP_4_2_8P5 + + ntpd/invoke-ntp.conf.texi@1.194 +1 -1 +@@ -332,60 +957,349 @@ + util/ntp-keygen.mdoc.in@1.331 +2 -2 + NTP_4_2_8P5 + +-ChangeSet@1.3622, 2016-01-07 17:52:24-05:00, stenn@deacon.udel.edu ++ChangeSet@1.3615.7.6, 2016-01-07 17:52:24-05:00, stenn@deacon.udel.edu + ntp-4.2.8p5 + + packageinfo.sh@1.521 +1 -1 + ntp-4.2.8p5 + +-ChangeSet@1.3621, 2016-01-07 22:20:05+00:00, stenn@psp-at1.ntp.org ++ChangeSet@1.3615.7.5, 2016-01-07 22:20:05+00:00, stenn@psp-at1.ntp.org + cleanup + + NEWS@1.152 +2 -2 + cleanup + +-ChangeSet@1.3620, 2016-01-07 09:33:11+00:00, stenn@psp-at1.ntp.org ++ChangeSet@1.3615.7.4, 2016-01-07 09:33:11+00:00, stenn@psp-at1.ntp.org + typo in ntp_proto.c - leap smear. Reported by Martin Burnicki + +- ntpd/ntp_proto.c@1.371 +1 -1 ++ ntpd/ntp_proto.c@1.368.1.3 +1 -1 + typo in ntp_proto.c - leap smear. Reported by Martin Burnicki + +-ChangeSet@1.3619, 2016-01-07 06:33:08+00:00, stenn@psp-at1.ntp.org ++ChangeSet@1.3615.7.3, 2016-01-07 06:33:08+00:00, stenn@psp-at1.ntp.org + Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. + +- ChangeLog@1.1790 +1 -0 ++ ChangeLog@1.1786.7.3 +1 -0 + Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. + + scripts/calc_tickadj/Makefile.am@1.11 +2 -0 + Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. + +-ChangeSet@1.3616.1.1, 2016-01-05 10:57:45+00:00, stenn@psp-at1.ntp.org ++ChangeSet@1.3615.3.2, 2016-01-05 12:34:56+00:00, stenn@psp-at1.ntp.org ++ ntp-4.2.8p6 ++ ++ ChangeLog@1.1786.3.2 +2 -0 ++ ntp-4.2.8p6 ++ ++ChangeSet@1.3615.8.1, 2016-01-05 10:57:45+00:00, stenn@psp-at1.ntp.org + Bug 2952 fixes + +- ChangeLog@1.1787.1.1 +1 -0 ++ ChangeLog@1.1786.8.1 +1 -0 + Bug 2952 fixes + +- ntpd/ntp_proto.c@1.370 +165 -152 ++ ntpd/ntp_proto.c@1.368.1.2 +165 -152 + Bug 2952 fixes + +-ChangeSet@1.3617, 2016-01-05 09:56:31+00:00, stenn@psp-at1.ntp.org ++ChangeSet@1.3615.7.1, 2016-01-05 09:56:31+00:00, stenn@psp-at1.ntp.org + ntp-4.2.8p5 prep + +- ChangeLog@1.1788 +2 -1 ++ ChangeLog@1.1786.7.1 +2 -1 + ntp-4.2.8p5 prep + + NEWS@1.151 +104 -3 + ntp-4.2.8p5 prep + +-ChangeSet@1.3616, 2015-12-06 11:20:02+00:00, stenn@psp-deb1.ntp.org ++ChangeSet@1.3615.5.1, 2015-12-13 13:35:12+01:00, jnperlin@hydra.localnet ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ Found this already fixed, but validation lead to further cleanup: ++ - source code formatting ++ - inline variable definitions moved to start of block ++ - made some pure input data pointers 'const void*' instead of 'char*'; avoids casts and warnings ++ ++ ChangeLog@1.1786.5.1 +3 -0 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ ++ sntp/crypto.c@1.19 +13 -12 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - sidekick: make pure input pointers 'const void*' instead of 'char*' ++ - sidekick: remove unnecessary casts ++ ++ sntp/crypto.h@1.11 +11 -9 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - sidekick: make pure input pointers 'const void*' instead of 'char*' ++ - source formatting ++ ++ sntp/main.c@1.99 +1 -1 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - no need to cast input to 'make_mac()' any more ++ ++ sntp/networking.c@1.68 +1 -1 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - no need to cast input to 'auth_md5()' any more ++ ++ sntp/tests/crypto.c@1.10 +41 -27 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - remove unnecessary casts ++ - source code formatting ++ ++ sntp/tests/fileHandlingTest.c@1.4 +43 -20 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - create 'DestroyPath()' companion to 'CreatePath()' to avoid trouble with 'free()' on 'const char*' ++ ++ sntp/tests/fileHandlingTest.h.in@1.15 +6 -15 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - create 'DestroyPath()' companion to 'CreatePath()' to avoid trouble with 'free()' on 'const char*' ++ ++ sntp/tests/keyFile.c@1.13 +66 -46 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - use 'DestroyPath()' avoid trouble with 'free()' on 'const char*' ++ - printf() combined ++ - source code formatting ++ - move variable declarations to front ++ ++ sntp/tests/packetHandling.c@1.6 +75 -64 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - move variable declarations to front ++ - source code formatting ++ ++ sntp/tests/packetProcessing.c@1.9 +124 -90 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - move variable declarations to front ++ - source code formatting ++ - drop unnecessary casts ++ ++ sntp/tests/run-packetProcessing.c@1.10 +18 -18 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ ++ sntp/unity/unity_internals.h@1.6 +1 -1 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - added missing 'const' in pointer casts ++ ++ tests/libntp/decodenetnum.c@1.11 +33 -23 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - source code formatting + cleanup ++ ++ tests/libntp/run-decodenetnum.c@1.11 +4 -4 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ ++ tests/libntp/run-socktoa.c@1.14 +5 -5 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ ++ tests/libntp/socktoa.c@1.12 +23 -17 ++ [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build ++ - source code formatting + cleanup ++ ++ChangeSet@1.3615.4.1, 2015-12-11 18:24:16+01:00, jnperlin@hydra.localnet ++ [Bug 2882] Look at ntp_request.c:list_peers_sum() ++ ++ ChangeLog@1.1786.4.1 +1 -0 ++ [Bug 2882] Look at ntp_request.c:list_peers_sum() ++ ++ ntpd/ntp_request.c@1.116 +57 -72 ++ [Bug 2882] Look at ntp_request.c:list_peers_sum() ++ - 'list_peers()' and 'list_peers_sum()' skip IPv6 entires if client does not support them, ++ but continue processing until end of list now. ++ ++ChangeSet@1.3615.1.3, 2015-12-09 18:23:31+01:00, jnperlin@hydra.localnet ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ ++ ChangeLog@1.1786.1.3 +1 -0 ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ ++ include/ntp_worker.h@1.5 +31 -22 ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ - provide signal-safe result-ready detection ++ ++ libntp/ntp_worker.c@1.7 +27 -0 ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ - support signal-safe result-ready detection ++ - provide function to harvest async results from mainloop ++ ++ ntpd/ntp_io.c@1.409.1.1 +160 -133 ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ - do not process async-resolver results from signal handler ++ - set notification tags to harvest asyn-resolver results from mainloop ++ - avoid double select for synchronous IO ++ - avoid several syslog calls in signal-handler context ++ - refactor / conditionalize some functions that cannot be used in signal-driven IO ++ ++ ntpd/ntpd.c@1.169 +4 -0 ++ [Bug 2891] Deadlock in deferred DNS lookup framework. ++ - reap/harvest async resolver results from mainloop ++ ++ChangeSet@1.3615.1.2, 2015-12-06 21:33:26+01:00, jnperlin@hydra.localnet ++ [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++ ++ ChangeLog@1.1786.1.2 +2 -0 ++ [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++ ++ ntpd/ntpd.c@1.168 +26 -3 ++ [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++ ++ChangeSet@1.3615.2.1, 2015-12-06 20:19:32+01:00, jnperlin@hydra.localnet ++ [Bug 2772] adj_systime overflows tv_usec ++ ++ ChangeLog@1.1786.2.1 +1 -0 ++ [Bug 2772] adj_systime overflows tv_usec ++ ++ libntp/systime.c@1.71 +12 -3 ++ [Bug 2772] adj_systime overflows tv_usec ++ - add missing normalisation for nitpicking implementations of 'adjtime()' ++ ++ChangeSet@1.3615.1.1, 2015-12-06 11:20:02+00:00, stenn@psp-deb1.ntp.org + Quiet a warning from clang. Harlan Stenn. + +- ChangeLog@1.1787 +1 -0 ++ ChangeLog@1.1786.1.1 +1 -0 + Quiet a warning from clang. Harlan Stenn. + + libntp/ntp_rfc2553.c@1.50 +3 -2 + Quiet a warning from clang. Harlan Stenn. + ++ChangeSet@1.3616, 2015-12-05 20:28:19+00:00, perlinger@psp-deb1.ntp.org ++ [Bug 2980] reduce number of warnings ++ - string formatting(arguments should be literals) ++ - applying constness where necessary ++ - removing bad consts that are superfluous ++ - avoid signed/unsigned clashes in conditionals (either by cast or type change) ++ - signed/unsigned and promotion conflicts ++ - add prototypes for function pointer tables ++ - force unsigned argument promotion in calls to 'ctype' functions (is{digit,cntrl,...}) ++ ++ ChangeLog@1.1787 +2 -0 ++ [Bug 2980] reduce number of warnings ++ ++ include/parse.h@1.14 +3 -3 ++ [Bug 2980] reduce number of warnings ++ - make GPSWRAP and GPSWEEK unqualified literals to avoid signed/unsigned clashes ++ ++ ntpd/ntp_config.c@1.336 +2 -0 ++ [Bug 2980] reduce number of warnings ++ - add forward declaration of yyparse() ++ ++ ntpd/ntp_io.c@1.410 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - fix a signedness comparison by adding a cast to size_t ++ ++ ntpd/ntp_scanner.c@1.49 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - for type compatibility, make counter 'i' a size_t ++ ++ ntpd/ntp_timer.c@1.94 +5 -6 ++ [Bug 2980] reduce number of warnings ++ - fix a signed / unsigned compare ++ ++ ntpd/refclock_chu.c@1.58 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - rewrite check to avoid warning about integer overflow ++ ++ ntpd/refclock_gpsdjson.c@1.24 +13 -15 ++ [Bug 2980] reduce number of warnings ++ - reshuffle to use a literal format string ++ - fix signed/unsigned clashes in compare ++ ++ ntpd/refclock_jjy.c@1.30 +47 -44 ++ Bug 2980 - reduce number of warnings ++ - make several pointers 'const char*' ++ - add prototypes for function pointer tables ++ - force unsigned argument promotion in calls to 'ctype' functions (is{digit,cntrl,...}) ++ ++ ntpd/refclock_shm.c@1.39 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - fix signed/unsigned clashes in compare ++ ++ ntpq/ntpq-subs.c@1.114.1.1 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - avoid signed/unsigned clashe in compare ++ ++ ntpq/ntpq.c@1.165.1.1 +47 -7 ++ [Bug 2980] reduce number of warnings ++ - avoid juggling with formatting into dynamic buffers by a 'asprintf' like function ++ ++ sntp/libopts/configfile.c@1.24 +22 -22 ++ [Bug 2980] reduce number of warnings ++ - add some pointer constness to avoid casting it away ++ ++ sntp/libopts/enum.c@1.14 +5 -5 ++ [Bug 2980] reduce number of warnings ++ - avoid some unnecessary casts ++ - avoid shift/promote ambiguity by proper typing ++ ++ sntp/libopts/find.c@1.13 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - Use VOIDP instead of a (char*) cast ++ ++ sntp/libopts/init.c@1.9 +2 -3 ++ [Bug 2980] reduce number of warnings ++ - use VOIDP() to replace a complicated double cast ++ - remove one useless cast ++ ++ sntp/libopts/load.c@1.22 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - remove a useless cast ++ ++ sntp/libopts/makeshell.c@1.21 +3 -3 ++ [Bug 2980] reduce number of warnings ++ - fix integer promotion in calls to toupper/tolower ++ ++ sntp/libopts/nested.c@1.17 +3 -1 ++ [Bug 2980] reduce number of warnings ++ - avoid casting away constness by using a helper variable ++ ++ sntp/libopts/parse-duration.c@1.15 +8 -2 ++ [Bug 2980] reduce number of warnings ++ - avoid casting away constness by using a helper variable ++ ++ sntp/libopts/reset.c@1.18 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - remove a useless cast ++ ++ sntp/libopts/save.c@1.19 +2 -2 ++ [Bug 2980] reduce number of warnings ++ - use VOIDP() instead of cast via (void**) ++ ++ sntp/libopts/tokenize.c@1.14 +1 -1 ++ [Bug 2980] reduce number of warnings ++ - add a required const qualification ++ ++ChangeSet@1.3597.1.5, 2015-12-05 14:29:10+01:00, jnperlin@hydra.localnet ++ [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - make CTRL-C work for retrieval and printing od MRU list. ++ ++ ChangeLog@1.1770.1.3 +1 -0 ++ [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - make CTRL-C work for retrieval and printing od MRU list. ++ ++ ntpq/ntpq-subs.c@1.115 +6 -0 ++ [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - make CTRL-C work for retrieval and printing od MRU list: ++ 1) CTRL-C while collecting terminates the assembling of respose. ++ 2) CTRL-C while printing will terminate the print loop. ++ 3) both work independently of each other. ++ ++ ntpq/ntpq.c@1.166 +16 -0 ++ [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - when collecting fragments, CTRL-C will try to cleanly return the list of fragments so far. ++ ++ChangeSet@1.3597.5.1, 2015-12-05 13:44:57+01:00, jnperlin@hydra.localnet ++ [Bug 2905] DNS lookups broken. ++ - added limits to stack consumption, fixed some return code handling ++ ++ ChangeLog@1.1770.5.1 +2 -0 ++ [Bug 2905] DNS lookups broken. ++ - added limits to stack consumption, fixed some return code handling ++ ++ libntp/work_thread.c@1.19 +55 -17 ++ [Bug 2905] DNS lookups broken. ++ - added limits to stack consumption ++ - fixed some return code handling ++ - harden queue handling ++ ++ ntpd/ntpd.c@1.166.1.1 +21 -4 ++ [Bug 2905] DNS lookups broken. ++ - added limits to stack consumption of wartmup thread ++ + ChangeSet@1.3615, 2015-12-05 10:41:51+00:00, stenn@psp-at1.ntp.org + CID 1341677: Nits in sntp/tests/keyFile.c. HStenn. + +@@ -1113,7 +2027,7 @@ ChangeSet@1.3584.1.1, 2015-11-13 22:54:35+01:00, j + [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets + - avoid 'unused' warnings + +- ntpd/ntp_proto.c@1.369 +8 -6 ++ ntpd/ntp_proto.c@1.368.1.1 +8 -6 + [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets + - promote use of 'size_t' for values that express a size + - format string fixes +@@ -1164,7 +2078,7 @@ ChangeSet@1.3584.1.1, 2015-11-13 22:54:35+01:00, j + - promote use of 'size_t' for values that express a size + - avoid truncation of SOCKET handles + +- ntpdc/ntpdc.c@1.105 +36 -34 ++ ntpdc/ntpdc.c@1.104.1.1 +36 -34 + [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets + - promote use of 'size_t' for values that express a size + - format string fixes +@@ -1827,6 +2741,31 @@ ChangeSet@1.3574, 2015-10-20 08:00:43+00:00, stenn + NEWS@1.149 +16 -16 + Update CVEs + ++ChangeSet@1.3558.8.1, 2015-10-17 23:19:57+02:00, jnperlin@hydra.localnet ++ [Bug 2945] Zero Origin Timestamp Bypass ++ ++ ChangeLog@1.1743.8.1 +2 -0 ++ [Bug 2945] Zero Origin Timestamp Bypass ++ ++ ntpd/ntp_proto.c@1.364.2.1 +9 -1 ++ [Bug 2945] Zero Origin Timestamp Bypass ++ - in basic mode 'aorg' is cleared to indicate a response has been received. So a reply has to be dropped ++ when it either does not match the origin timestamp OR the origin time stamp is zero. ++ ++ChangeSet@1.3558.7.1, 2015-10-17 21:15:39+02:00, jnperlin@hydra.localnet ++ [Bug 2948] Potential Infinite Loop in ntpq and ntpdc ++ ++ ChangeLog@1.1743.7.1 +2 -0 ++ [Bug 2948] Potential Infinite Loop in ntpq and ntpdc ++ ++ ntpdc/ntpdc.c@1.105 +20 -1 ++ [Bug 2948] Potential Infinite Loop in ntpq and ntpdc ++ - check timeout between request and valid response(s) instead of *any* incoming data ++ ++ ntpq/ntpq.c@1.161.2.1 +22 -2 ++ [Bug 2948] Potential Infinite Loop in ntpq and ntpdc ++ - check timeout between request and valid response(s) instead of *any* incoming data ++ + ChangeSet@1.3573, 2015-10-17 06:28:49+00:00, stenn@psp-deb1.ntp.org + ntp-4.2.8p4-sec-RC2 + +@@ -2172,6 +3111,53 @@ ChangeSet@1.3571, 2015-10-17 01:39:22+00:00, stenn + ChangeLog@1.1755 +4 -1 + [Sec 2941] NAK to the Future: Symmetric association authentication bypass via crypto-NAK + ++ChangeSet@1.3558.6.2, 2015-10-13 23:31:28+02:00, jnperlin@hydra.localnet ++ [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames. ++ - make sure the file does not exist (no overwrite allowed) ++ - ensure text mode where applicable (windows) ++ ++ ntpd/ntp_control.c@1.203.1.2 +17 -3 ++ [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames. ++ - make sure the file does not exist (no overwrite allowed) ++ - ensure text mode where applicable (windows) ++ ++ChangeSet@1.3558.6.1, 2015-10-12 08:18:56+02:00, jnperlin@hydra.localnet ++ [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames ++ ++ ChangeLog@1.1743.6.1 +3 -0 ++ [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames ++ ++ ntpd/ntp_control.c@1.203.1.1 +161 -37 ++ [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames ++ - added function to check safe file names ([_A-Za-z0-9][-+._A-Za-z0-9]*) ++ - checked for truncation, too, not only overrun safey ++ ++ChangeSet@1.3558.5.1, 2015-10-11 14:12:31+02:00, jnperlin@hydra.localnet ++ [Bug 2939] reslist NULL pointer dereference ++ [Bug 2940] Stack exhaustion in recursive traversal of restriction list ++ -- these two where fixed together -- ++ ++ ChangeLog@1.1743.5.1 +4 -0 ++ [Bug 2939] reslist NULL pointer dereference ++ [Bug 2940] Stack exhaustion in recursive traversal of restriction list ++ ++ ntpd/ntp_request.c@1.113.1.1 +127 -39 ++ [Bug 2939] reslist NULL pointer dereference ++ [Bug 2940] Stack exhaustion in recursive traversal of restriction list ++ - use iteration and a scratch pad stack to do the list reversal; deep recusrsion can be dangerous in C ++ - properly terminate processing when 'more_pkt()' indicates packet full ++ - check the return value of 'more_pkt()' when used in iterations, or trash it explicitely ++ - fixed uint32_t vs. u_long clash that would cause security problems on big-endian 64bit machines ++ ++ChangeSet@1.3558.4.1, 2015-10-11 09:32:40+02:00, jnperlin@hydra.localnet ++ [Bug 2937] (NTPQ) nextvar() missing length check ++ ++ ChangeLog@1.1743.4.1 +2 -0 ++ [Bug 2937] (NTPQ) nextvar() missing length check ++ ++ ntpq/ntpq.c@1.161.1.1 +2 -0 ++ [Bug 2937] (NTPQ) nextvar() missing length check ++ + ChangeSet@1.3558.3.3, 2015-10-11 08:10:20+02:00, jnperlin@hydra.localnet + [Bug 2941] NAK to the Future: Symmetric association authentication bypass via crypto-NAK + +Index: contrib/ntp/NEWS +=================================================================== +--- contrib/ntp/NEWS (revision 294707) ++++ contrib/ntp/NEWS (working copy) +@@ -1,5 +1,258 @@ + --- + ++NTP 4.2.8p6 ++ ++Focus: Security, Bug fixes, enhancements. ++ ++Severity: MEDIUM ++ ++In addition to bug fixes and enhancements, this release fixes the ++following X low- and Y medium-severity vulnerabilities: ++ ++* Potential Infinite Loop in 'ntpq' ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2548 / CVE-2015-8158 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM ++ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM ++ Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'. ++ The loop's only stopping conditions are receiving a complete and ++ correct response or hitting a small number of error conditions. ++ If the packet contains incorrect values that don't trigger one of ++ the error conditions, the loop continues to receive new packets. ++ Note well, this is an attack against an instance of 'ntpq', not ++ 'ntpd', and this attack requires the attacker to do one of the ++ following: ++ * Own a malicious NTP server that the client trusts ++ * Prevent a legitimate NTP server from sending packets to ++ the 'ntpq' client ++ * MITM the 'ntpq' communications between the 'ntpq' client ++ and the NTP server ++ Mitigation: ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page ++ Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. ++ ++* 0rigin: Zero Origin Timestamp Bypass ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2945 / CVE-2015-8138 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM ++ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM ++ (3.7 - LOW if you score AC:L) ++ Summary: To distinguish legitimate peer responses from forgeries, a ++ client attempts to verify a response packet by ensuring that the ++ origin timestamp in the packet matches the origin timestamp it ++ transmitted in its last request. A logic error exists that ++ allows packets with an origin timestamp of zero to bypass this ++ check whenever there is not an outstanding request to the server. ++ Mitigation: ++ Configure 'ntpd' to get time from multiple sources. ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Monitor your 'ntpd= instances. ++ Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. ++ ++* Stack exhaustion in recursive traversal of restriction list ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016 ++ References: Sec 2940 / CVE-2015-7978 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM ++ Summary: An unauthenticated 'ntpdc reslist' command can cause a ++ segmentation fault in ntpd by exhausting the call stack. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ If you are unable to upgrade: ++ In ntp-4.2.8, mode 7 is disabled by default. Don't enable it. ++ If you must enable mode 7: ++ configure the use of a 'requestkey' to control who can ++ issue mode 7 requests. ++ configure 'restrict noquery' to further limit mode 7 ++ requests to trusted sources. ++ Monitor your ntpd instances. ++ Credit: This weakness was discovered by Stephen Gray at Cisco ASIG. ++ ++* Off-path Denial of Service (!DoS) attack on authenticated broadcast mode ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2942 / CVE-2015-7979 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:N/AC:M/Au:N/C:N/I:P/A:P) Base Score: 5.8 ++ Summary: An off-path attacker can send broadcast packets with bad ++ authentication (wrong key, mismatched key, incorrect MAC, etc) ++ to broadcast clients. It is observed that the broadcast client ++ tears down the association with the broadcast server upon ++ receiving just one bad packet. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ Monitor your 'ntpd' instances. ++ If this sort of attack is an active problem for you, you have ++ deeper problems to investigate. In this case also consider ++ having smaller NTP broadcast domains. ++ Credit: This weakness was discovered by Aanchal Malhotra of Boston ++ University. ++ ++* reslist NULL pointer dereference ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2939 / CVE-2015-7977 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM ++ Summary: An unauthenticated 'ntpdc reslist' command can cause a ++ segmentation fault in ntpd by causing a NULL pointer dereference. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p6, or later, from NTP Project Download Page or ++ the NTP Public Services Project Download Page. ++ If you are unable to upgrade: ++ mode 7 is disabled by default. Don't enable it. ++ If you must enable mode 7: ++ configure the use of a 'requestkey' to control who can ++ issue mode 7 requests. ++ configure 'restrict noquery' to further limit mode 7 ++ requests to trusted sources. ++ Monitor your ntpd instances. ++ Credit: This weakness was discovered by Stephen Gray of Cisco ASIG. ++ ++* 'ntpq saveconfig' command allows dangerous characters in filenames. ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2938 / CVE-2015-7976 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM ++ Summary: The ntpq saveconfig command does not do adequate filtering ++ of special characters from the supplied filename. ++ Note well: The ability to use the saveconfig command is controlled ++ by the 'restrict nomodify' directive, and the recommended default ++ configuration is to disable this capability. If the ability to ++ execute a 'saveconfig' is required, it can easily (and should) be ++ limited and restricted to a known small number of IP addresses. ++ Mitigation: ++ Implement BCP-38. ++ use 'restrict default nomodify' in your 'ntp.conf' file. ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page. ++ If you are unable to upgrade: ++ build NTP with 'configure --disable-saveconfig' if you will ++ never need this capability, or ++ use 'restrict default nomodify' in your 'ntp.conf' file. Be ++ careful about what IPs have the ability to send 'modify' ++ requests to 'ntpd'. ++ Monitor your ntpd instances. ++ 'saveconfig' requests are logged to syslog - monitor your syslog files. ++ Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. ++ ++* nextvar() missing length check in ntpq ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2937 / CVE-2015-7975 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW ++ If you score A:C, this becomes 4.0. ++ CVSSv3: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Base Score 2.9, LOW ++ Summary: ntpq may call nextvar() which executes a memcpy() into the ++ name buffer without a proper length check against its maximum ++ length of 256 bytes. Note well that we're taking about ntpq here. ++ The usual worst-case effect of this vulnerability is that the ++ specific instance of ntpq will crash and the person or process ++ that did this will have stopped themselves. ++ Mitigation: ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ If you are unable to upgrade: ++ If you have scripts that feed input to ntpq make sure there are ++ some sanity checks on the input received from the "outside". ++ This is potentially more dangerous if ntpq is run as root. ++ Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG. ++ ++* Skeleton Key: Any trusted key system can serve time ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2936 / CVE-2015-7974 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:N/AC:H/Au:S/C:N/I:C/A:N) Base Score: 4.9 ++ Summary: Symmetric key encryption uses a shared trusted key. The ++ reported title for this issue was "Missing key check allows ++ impersonation between authenticated peers" and the report claimed ++ "A key specified only for one server should only work to ++ authenticate that server, other trusted keys should be refused." ++ Except there has never been any correlation between this trusted ++ key and server v. clients machines and there has never been any ++ way to specify a key only for one server. We have treated this as ++ an enhancement request, and ntp-4.2.8p6 includes other checks and ++ tests to strengthen clients against attacks coming from broadcast ++ servers. ++ Mitigation: ++ Implement BCP-38. ++ If this scenario represents a real or a potential issue for you, ++ upgrade to 4.2.8p6, or later, from the NTP Project Download ++ Page or the NTP Public Services Project Download Page, and ++ use the new field in the ntp.keys file that specifies the list ++ of IPs that are allowed to serve time. Note that this alone ++ will not protect against time packets with forged source IP ++ addresses, however other changes in ntp-4.2.8p6 provide ++ significant mitigation against broadcast attacks. MITM attacks ++ are a different story. ++ If you are unable to upgrade: ++ Don't use broadcast mode if you cannot monitor your client ++ servers. ++ If you choose to use symmetric keys to authenticate time ++ packets in a hostile environment where ephemeral time ++ servers can be created, or if it is expected that malicious ++ time servers will participate in an NTP broadcast domain, ++ limit the number of participating systems that participate ++ in the shared-key group. ++ Monitor your ntpd instances. ++ Credit: This weakness was discovered by Matt Street of Cisco ASIG. ++ ++* Deja Vu: Replay attack on authenticated broadcast mode ++ Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 ++ References: Sec 2935 / CVE-2015-7973 ++ Affects: All ntp-4 releases up to, but not including 4.2.8p6, and ++ 4.3.0 up to, but not including 4.3.90 ++ CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM ++ Summary: If an NTP network is configured for broadcast operations then ++ either a man-in-the-middle attacker or a malicious participant ++ that has the same trusted keys as the victim can replay time packets. ++ Mitigation: ++ Implement BCP-38. ++ Upgrade to 4.2.8p6, or later, from the NTP Project Download Page ++ or the NTP Public Services Project Download Page. ++ If you are unable to upgrade: ++ Don't use broadcast mode if you cannot monitor your client servers. ++ Monitor your ntpd instances. ++ Credit: This weakness was discovered by Aanchal Malhotra of Boston ++ University. ++ ++Other fixes: ++ ++* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org ++* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org ++ - applied patch by shenpeng11@huawei.com with minor adjustments ++* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org ++* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org ++* [Bug 2892] Several test cases assume IPv6 capabilities even when ++ IPv6 is disabled in the build. perlinger@ntp.org ++ - Found this already fixed, but validation led to cleanup actions. ++* [Bug 2905] DNS lookups broken. perlinger@ntp.org ++ - added limits to stack consumption, fixed some return code handling ++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call ++ - changed stacked/nested handling of CTRL-C. perlinger@ntp.org ++ - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org ++* [Bug 2980] reduce number of warnings. perlinger@ntp.org ++ - integrated several patches from Havard Eidnes (he@uninett.no) ++* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org ++ - implement 'auth_log2()' using integer bithack instead of float calculation ++* Make leapsec_query debug messages less verbose. Harlan Stenn. ++ ++--- ++ + NTP 4.2.8p5 + + Focus: Security, Bug fixes, enhancements. +Index: contrib/ntp/configure +=================================================================== +--- contrib/ntp/configure (revision 294707) ++++ contrib/ntp/configure (working copy) +@@ -1,6 +1,6 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p5. ++# Generated by GNU Autoconf 2.69 for ntp 4.2.8p6. + # + # Report bugs to . + # +@@ -590,8 +590,8 @@ MAKEFLAGS= + # Identity of this package. + PACKAGE_NAME='ntp' + PACKAGE_TARNAME='ntp' +-PACKAGE_VERSION='4.2.8p5' +-PACKAGE_STRING='ntp 4.2.8p5' ++PACKAGE_VERSION='4.2.8p6' ++PACKAGE_STRING='ntp 4.2.8p6' + PACKAGE_BUGREPORT='http://bugs.ntp.org./' + PACKAGE_URL='http://www.ntp.org./' + +@@ -1616,7 +1616,7 @@ if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures ntp 4.2.8p5 to adapt to many kinds of systems. ++\`configure' configures ntp 4.2.8p6 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1686,7 +1686,7 @@ fi + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of ntp 4.2.8p5:";; ++ short | recursive ) echo "Configuration of ntp 4.2.8p6:";; + esac + cat <<\_ACEOF + +@@ -1919,7 +1919,7 @@ fi + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-ntp configure 4.2.8p5 ++ntp configure 4.2.8p6 + generated by GNU Autoconf 2.69 + + Copyright (C) 2012 Free Software Foundation, Inc. +@@ -2749,7 +2749,7 @@ cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by ntp $as_me 4.2.8p5, which was ++It was created by ntp $as_me 4.2.8p6, which was + generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ +@@ -3750,7 +3750,7 @@ fi + + # Define the identity of the package. + PACKAGE='ntp' +- VERSION='4.2.8p5' ++ VERSION='4.2.8p6' + + + cat >>confdefs.h <<_ACEOF +@@ -37840,7 +37840,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by ntp $as_me 4.2.8p5, which was ++This file was extended by ntp $as_me 4.2.8p6, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -37907,7 +37907,7 @@ _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-ntp config.status 4.2.8p5 ++ntp config.status 4.2.8p6 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Index: contrib/ntp/html/miscopt.html +=================================================================== +--- contrib/ntp/html/miscopt.html (revision 294707) ++++ contrib/ntp/html/miscopt.html (working copy) +@@ -11,7 +11,7 @@ + giffrom Pogo, Walt Kelly +

We have three, now looking for more.

+

Last update: +- 17-Nov-2015 11:06 ++ 16-Jan-2016 13:08 + UTC

+
+

Related Links

+@@ -29,8 +29,9 @@ +
The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version.
+
dscp dscp
+
This command specifies the Differentiated Services Code Point (DSCP) value that is used in sent NTP packets. The default value is 46 for Expedited Forwarding (EF).
+-
enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]
+- disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]
++
enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]
++ ++
disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]
+
Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that most of these flags can be modified remotely using ntpq utility program's :config and config-from-file commands. +
+
auth
+@@ -50,6 +51,13 @@ +
Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.
+
stats
+
Enables the statistics facility. See the Monitoring Options page for further information. The default for this flag is enabled. This flag is excluded from runtime configuration using ntpq.
++| unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early ++
unpeer_crypto_early
++
Enables the early resetting of an association in case of a crypto failure. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using ntpq.
++
unpeer_crypto_nak_early
++
Enables the early resetting of an association in case of a crypto_NAK message. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using ntpq.
++
unpeer_digest_early
++
Enables the early resetting of an association in case of an autokey digest failur. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using ntpq.
+
+
+
includefile includefile
+Index: contrib/ntp/include/Makefile.am +=================================================================== +--- contrib/ntp/include/Makefile.am (revision 294707) ++++ contrib/ntp/include/Makefile.am (working copy) +@@ -36,6 +36,7 @@ noinst_HEADERS = \ + ntp_if.h \ + ntp_intres.h \ + ntp_io.h \ ++ ntp_keyacc.h \ + ntp_libopts.h \ + ntp_lineedit.h \ + ntp_lists.h \ +Index: contrib/ntp/include/Makefile.in +=================================================================== +--- contrib/ntp/include/Makefile.in (revision 294707) ++++ contrib/ntp/include/Makefile.in (working copy) +@@ -521,6 +521,7 @@ noinst_HEADERS = \ + ntp_if.h \ + ntp_intres.h \ + ntp_io.h \ ++ ntp_keyacc.h \ + ntp_libopts.h \ + ntp_lineedit.h \ + ntp_lists.h \ +Index: contrib/ntp/include/ntp.h +=================================================================== +--- contrib/ntp/include/ntp.h (revision 294707) ++++ contrib/ntp/include/ntp.h (working copy) +@@ -350,6 +350,7 @@ struct peer { + l_fp dst; /* destination timestamp */ + l_fp aorg; /* origin timestamp */ + l_fp borg; /* alternate origin timestamp */ ++ l_fp bxmt; /* most recent broadcast transmit timestamp */ + double offset; /* peer clock offset */ + double delay; /* peer roundtrip delay */ + double jitter; /* peer jitter (squares) */ +@@ -382,7 +383,8 @@ struct peer { + * Statistic counters + */ + u_long timereset; /* time stat counters were reset */ +- u_long timereceived; /* last packet received time */ ++ u_long timelastrec; /* last packet received time */ ++ u_long timereceived; /* last (clean) packet received time */ + u_long timereachable; /* last reachable/unreachable time */ + + u_long sent; /* packets sent */ +@@ -708,6 +710,9 @@ struct pkt { + #define PROTO_ORPHAN 26 + #define PROTO_ORPHWAIT 27 + #define PROTO_MODE7 28 ++#define PROTO_UECRYPTO 29 ++#define PROTO_UECRYPTONAK 30 ++#define PROTO_UEDIGEST 31 + + /* + * Configuration items for the loop filter +Index: contrib/ntp/include/ntp_io.h +=================================================================== +--- contrib/ntp/include/ntp_io.h (revision 294707) ++++ contrib/ntp/include/ntp_io.h (working copy) +@@ -40,6 +40,8 @@ + + #include "libntp.h" /* This needs Something above for GETDTABLESIZE */ + ++#include "ntp_keyacc.h" ++ + /* + * Define FNDELAY and FASYNC using O_NONBLOCK and O_ASYNC if we need + * to (and can). This is here initially for QNX, but may help for +@@ -83,7 +85,6 @@ typedef enum { + extern int qos; + SOCKET move_fd(SOCKET fd); + isc_boolean_t get_broadcastclient_flag(void); +-extern int is_ip_address(const char *, u_short, sockaddr_u *); + extern void sau_from_netaddr(sockaddr_u *, const isc_netaddr_t *); + extern void add_nic_rule(nic_rule_match match_type, + const char *if_name, int prefixlen, +Index: contrib/ntp/include/ntp_keyacc.h +=================================================================== +--- contrib/ntp/include/ntp_keyacc.h (nonexistent) ++++ contrib/ntp/include/ntp_keyacc.h (working copy) +@@ -0,0 +1,13 @@ ++/* ++ * ntp_keyacc.h - key access stuff ++ */ ++#ifndef NTP_KEYACC_H ++#define NTP_KEYACC_H ++ ++typedef struct keyaccess KeyAccT; ++struct keyaccess { ++ KeyAccT * next; ++ sockaddr_u addr; ++}; ++ ++#endif /* NTP_KEYACC_H */ +Index: contrib/ntp/include/ntp_stdlib.h +=================================================================== +--- contrib/ntp/include/ntp_stdlib.h (revision 294707) ++++ contrib/ntp/include/ntp_stdlib.h (working copy) +@@ -16,6 +16,7 @@ + #include "ntp_malloc.h" + #include "ntp_string.h" + #include "ntp_syslog.h" ++#include "ntp_keyacc.h" + + #ifdef __GNUC__ + #define NTP_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args))) +@@ -69,6 +70,7 @@ extern int authdecrypt (keyid_t, u_int32 *, size_t + extern size_t authencrypt (keyid_t, u_int32 *, size_t); + extern int authhavekey (keyid_t); + extern int authistrusted (keyid_t); ++extern int authistrustedip (keyid_t, sockaddr_u *); + extern int authreadkeys (const char *); + extern void authtrust (keyid_t, u_long); + extern int authusekey (keyid_t, int, const u_char *); +@@ -97,7 +99,7 @@ extern int ymd2yd (int, int, int); + /* a_md5encrypt.c */ + extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t); + extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t); +-extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t); ++extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c); + extern u_int32 addr2refid (sockaddr_u *); + + /* emalloc.c */ +@@ -141,6 +143,7 @@ extern int atouint (const char *, u_long *); + extern int hextoint (const char *, u_long *); + extern const char * humanlogtime (void); + extern const char * humantime (time_t); ++extern int is_ip_address (const char *, u_short, sockaddr_u *); + extern char * mfptoa (u_int32, u_int32, short); + extern char * mfptoms (u_int32, u_int32, short); + extern const char * modetoa (size_t); +Index: contrib/ntp/include/ntp_types.h +=================================================================== +--- contrib/ntp/include/ntp_types.h (revision 294707) ++++ contrib/ntp/include/ntp_types.h (working copy) +@@ -218,6 +218,7 @@ typedef uint16_t associd_t; /* association ID */ + #define ASSOCID_MAX USHRT_MAX + typedef u_int32 keyid_t; /* cryptographic key ID */ + #define KEYID_T_MAX (0xffffffff) ++ + typedef u_int32 tstamp_t; /* NTP seconds timestamp */ + + /* +Index: contrib/ntp/include/ntp_worker.h +=================================================================== +--- contrib/ntp/include/ntp_worker.h (revision 294707) ++++ contrib/ntp/include/ntp_worker.h (working copy) +@@ -60,33 +60,35 @@ typedef sema_type *sem_ref; + #if defined(WORK_FORK) + + typedef struct blocking_child_tag { +- int reusable; +- int pid; +- int req_write_pipe; /* parent */ +- int resp_read_pipe; +- void * resp_read_ctx; +- int req_read_pipe; /* child */ +- int resp_write_pipe; +- int ispipe; ++ int reusable; ++ int pid; ++ int req_write_pipe; /* parent */ ++ int resp_read_pipe; ++ void * resp_read_ctx; ++ int req_read_pipe; /* child */ ++ int resp_write_pipe; ++ int ispipe; ++ volatile u_int resp_ready_seen; /* signal/scan */ ++ volatile u_int resp_ready_done; /* consumer/mainloop */ + } blocking_child; + + #elif defined(WORK_THREAD) + + typedef struct blocking_child_tag { +-/* +- * blocking workitems and blocking_responses are dynamically-sized +- * one-dimensional arrays of pointers to blocking worker requests and +- * responses. +- * +- * IMPORTANT: This structure is shared between threads, and all access +- * that is not atomic (especially queue operations) must hold the +- * 'accesslock' semaphore to avoid data races. +- * +- * The resource management (thread/semaphore creation/destruction) +- * functions and functions just testing a handle are safe because these +- * are only changed by the main thread when no worker is running on the +- * same data structure. +- */ ++ /* ++ * blocking workitems and blocking_responses are ++ * dynamically-sized one-dimensional arrays of pointers to ++ * blocking worker requests and responses. ++ * ++ * IMPORTANT: This structure is shared between threads, and all ++ * access that is not atomic (especially queue operations) must ++ * hold the 'accesslock' semaphore to avoid data races. ++ * ++ * The resource management (thread/semaphore ++ * creation/destruction) functions and functions just testing a ++ * handle are safe because these are only changed by the main ++ * thread when no worker is running on the same data structure. ++ */ + int reusable; + sem_ref accesslock; /* shared access lock */ + thr_ref thread_ref; /* thread 'handle' */ +@@ -117,6 +119,8 @@ typedef struct blocking_child_tag { + int resp_write_pipe; /* child */ + int ispipe; + void * resp_read_ctx; /* child */ ++ volatile u_int resp_ready_seen; /* signal/scan */ ++ volatile u_int resp_ready_done; /* consumer/mainloop */ + #else + sem_ref responses_pending; /* signalling */ + #endif +@@ -126,6 +130,10 @@ typedef struct blocking_child_tag { + + #endif /* WORK_THREAD */ + ++/* we need some global tag to indicate any blocking child may be ready: */ ++extern volatile u_int blocking_child_ready_seen;/* signal/scan */ ++extern volatile u_int blocking_child_ready_done;/* consumer/mainloop */ ++ + extern blocking_child ** blocking_children; + extern size_t blocking_children_alloc; + extern int worker_per_query; /* boolean */ +@@ -139,6 +147,7 @@ extern int queue_blocking_response(blocking_child + blocking_pipe_header *, size_t, + const blocking_pipe_header *); + extern void process_blocking_resp(blocking_child *); ++extern void harvest_blocking_responses(void); + extern int send_blocking_req_internal(blocking_child *, + blocking_pipe_header *, + void *); +Index: contrib/ntp/include/parse.h +=================================================================== +--- contrib/ntp/include/parse.h (revision 294707) ++++ contrib/ntp/include/parse.h (working copy) +@@ -107,9 +107,9 @@ extern unsigned int splclock (void); + /* + * some constants useful for GPS time conversion + */ +-#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */ +-#define GPSWRAP 990U /* assume week count less than this in the previous epoch */ +-#define GPSWEEKS 1024U /* number of weeks until the GPS epch rolls over */ ++#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */ ++#define GPSWRAP 990 /* assume week count less than this in the previous epoch */ ++#define GPSWEEKS 1024 /* number of weeks until the GPS epch rolls over */ + + /* + * state flags +Index: contrib/ntp/libntp/Makefile.am +=================================================================== +--- contrib/ntp/libntp/Makefile.am (revision 294707) ++++ contrib/ntp/libntp/Makefile.am (working copy) +@@ -70,6 +70,7 @@ libntp_a_SRCS = \ + humandate.c \ + icom.c \ + iosignal.c \ ++ is_ip_address.c \ + lib_strbuf.c \ + machines.c \ + mktime.c \ +Index: contrib/ntp/libntp/Makefile.in +=================================================================== +--- contrib/ntp/libntp/Makefile.in (revision 294707) ++++ contrib/ntp/libntp/Makefile.in (working copy) +@@ -150,12 +150,12 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt + calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ + dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ + hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ +- lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \ +- netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \ +- ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \ +- ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ +- refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ +- socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ ++ is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \ ++ mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \ ++ ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \ ++ ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \ ++ prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \ ++ socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ + strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ + vint64ops.c work_fork.c work_thread.c ymd2yd.c \ + $(srcdir)/../lib/isc/assertions.c \ +@@ -207,21 +207,21 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(O + dolfptoa.$(OBJEXT) emalloc.$(OBJEXT) findconfig.$(OBJEXT) \ + getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \ + humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \ +- lib_strbuf.$(OBJEXT) machines.$(OBJEXT) mktime.$(OBJEXT) \ +- modetoa.$(OBJEXT) mstolfp.$(OBJEXT) msyslog.$(OBJEXT) \ +- netof.$(OBJEXT) ntp_calendar.$(OBJEXT) \ +- ntp_crypto_rnd.$(OBJEXT) ntp_intres.$(OBJEXT) \ +- ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \ +- ntp_random.$(OBJEXT) ntp_rfc2553.$(OBJEXT) \ +- ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) numtohost.$(OBJEXT) \ +- octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \ +- recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \ +- socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \ +- ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \ +- strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \ +- timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \ +- work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \ +- $(am__objects_3) $(am__objects_1) ++ is_ip_address.$(OBJEXT) lib_strbuf.$(OBJEXT) \ ++ machines.$(OBJEXT) mktime.$(OBJEXT) modetoa.$(OBJEXT) \ ++ mstolfp.$(OBJEXT) msyslog.$(OBJEXT) netof.$(OBJEXT) \ ++ ntp_calendar.$(OBJEXT) ntp_crypto_rnd.$(OBJEXT) \ ++ ntp_intres.$(OBJEXT) ntp_libopts.$(OBJEXT) \ ++ ntp_lineedit.$(OBJEXT) ntp_random.$(OBJEXT) \ ++ ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \ ++ numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \ ++ refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \ ++ snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \ ++ socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \ ++ strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \ ++ timetoa.$(OBJEXT) timevalops.$(OBJEXT) uglydate.$(OBJEXT) \ ++ vint64ops.$(OBJEXT) work_fork.$(OBJEXT) work_thread.$(OBJEXT) \ ++ ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1) + am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4) + libntp_a_OBJECTS = $(am_libntp_a_OBJECTS) + libntpsim_a_AR = $(AR) $(ARFLAGS) +@@ -232,12 +232,12 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5en + calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ + dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ + hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ +- lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \ +- netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \ +- ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \ +- ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ +- refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ +- socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ ++ is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \ ++ mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \ ++ ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \ ++ ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \ ++ prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \ ++ socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ + strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ + vint64ops.c work_fork.c work_thread.c ymd2yd.c \ + $(srcdir)/../lib/isc/assertions.c \ +@@ -660,6 +660,7 @@ libntp_a_SRCS = \ + humandate.c \ + icom.c \ + iosignal.c \ ++ is_ip_address.c \ + lib_strbuf.c \ + machines.c \ + mktime.c \ +@@ -806,6 +807,7 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inet_pton.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interfaceiter.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iosignal.Po@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_ip_address.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ +Index: contrib/ntp/libntp/authkeys.c +=================================================================== +--- contrib/ntp/libntp/authkeys.c (revision 294707) ++++ contrib/ntp/libntp/authkeys.c (working copy) +@@ -15,6 +15,7 @@ + #include "ntp_string.h" + #include "ntp_malloc.h" + #include "ntp_stdlib.h" ++#include "ntp_keyacc.h" + + /* + * Structure to store keys in in the hash table. +@@ -25,6 +26,7 @@ struct savekey { + symkey * hlink; /* next in hash bucket */ + DECL_DLIST_LINK(symkey, llink); /* for overall & free lists */ + u_char * secret; /* shared secret */ ++ KeyAccT * keyacclist; /* Private key access list */ + u_long lifetime; /* remaining lifetime */ + keyid_t keyid; /* key identifier */ + u_short type; /* OpenSSL digest NID */ +@@ -48,13 +50,13 @@ struct symkey_alloc_tag { + symkey_alloc * authallocs; + #endif /* DEBUG */ + +-static inline u_short auth_log2(double x); +-static void auth_resize_hashtable(void); +-static void allocsymkey(symkey **, keyid_t, u_short, +- u_short, u_long, u_short, u_char *); +-static void freesymkey(symkey *, symkey **); ++static u_short auth_log2(size_t); ++static void auth_resize_hashtable(void); ++static void allocsymkey(symkey **, keyid_t, u_short, u_short, ++ u_long, u_short, u_char *, KeyAccT *); ++static void freesymkey(symkey *, symkey **); + #ifdef DEBUG +-static void free_auth_mem(void); ++static void free_auth_mem(void); + #endif + + symkey key_listhead; /* list of all in-use keys */; +@@ -97,6 +99,7 @@ u_char *cache_secret; /* secret */ + u_short cache_secretsize; /* secret length */ + int cache_type; /* OpenSSL digest NID */ + u_short cache_flags; /* flags that wave */ ++KeyAccT *cache_keyacclist; /* key access list */ + + + /* +@@ -142,6 +145,7 @@ free_auth_mem(void) + key_hash = NULL; + cache_keyid = 0; + cache_flags = 0; ++ cache_keyacclist = NULL; + for (alloc = authallocs; alloc != NULL; alloc = next_alloc) { + next_alloc = alloc->link; + free(alloc->mem); +@@ -210,10 +214,33 @@ auth_prealloc_symkeys( + } + + +-static inline u_short +-auth_log2(double x) ++static u_short ++auth_log2(size_t x) + { +- return (u_short)(log10(x) / log10(2)); ++ /* ++ ** bithack to calculate floor(log2(x)) ++ ** ++ ** This assumes ++ ** - (sizeof(size_t) is a power of two ++ ** - CHAR_BITS is a power of two ++ ** - returning zero for arguments <= 0 is OK. ++ ** ++ ** Does only shifts, masks and sums in integer arithmetic in ++ ** log2(CHAR_BIT*sizeof(size_t)) steps. (that is, 5/6 steps for ++ ** 32bit/64bit size_t) ++ */ ++ int s; ++ int r = 0; ++ size_t m = ~(size_t)0; ++ ++ for (s = sizeof(size_t) / 2 * CHAR_BIT; s != 0; s >>= 1) { ++ m <<= s; ++ if (x & m) ++ r += s; ++ else ++ x <<= s; ++ } ++ return (u_short)r; + } + + +@@ -234,7 +261,7 @@ auth_resize_hashtable(void) + symkey * sk; + + totalkeys = authnumkeys + authnumfreekeys; +- hashbits = auth_log2(totalkeys / 4.0) + 1; ++ hashbits = auth_log2(totalkeys / 4) + 1; + hashbits = max(4, hashbits); + hashbits = min(15, hashbits); + +@@ -267,7 +294,8 @@ allocsymkey( + u_short type, + u_long lifetime, + u_short secretsize, +- u_char * secret ++ u_char * secret, ++ KeyAccT * ka + ) + { + symkey * sk; +@@ -281,6 +309,7 @@ allocsymkey( + sk->type = type; + sk->secretsize = secretsize; + sk->secret = secret; ++ sk->keyacclist = ka; + sk->lifetime = lifetime; + LINK_SLIST(*bucket, sk, hlink); + LINK_TAIL_DLIST(key_listhead, sk, llink); +@@ -412,6 +441,7 @@ authhavekey( + cache_flags = sk->flags; + cache_secret = sk->secret; + cache_secretsize = sk->secretsize; ++ cache_keyacclist = sk->keyacclist; + + return TRUE; + } +@@ -451,6 +481,7 @@ authtrust( + if (cache_keyid == id) { + cache_flags = 0; + cache_keyid = 0; ++ cache_keyacclist = NULL; + } + + /* +@@ -480,7 +511,7 @@ authtrust( + } else { + lifetime = 0; + } +- allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL); ++ allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL, NULL); + } + + +@@ -511,6 +542,49 @@ authistrusted( + return TRUE; + } + ++ ++/* ++ * authistrustedip - determine if the IP is OK for the keyid ++ */ ++ int ++ authistrustedip( ++ keyid_t keyno, ++ sockaddr_u * sau ++ ) ++{ ++ symkey * sk; ++ symkey ** bucket; ++ KeyAccT * kal; ++ KeyAccT * k; ++ ++ if (keyno == cache_keyid) ++ kal = cache_keyacclist; ++ else { ++ authkeyuncached++; ++ bucket = &key_hash[KEYHASH(keyno)]; ++ for (sk = *bucket; sk != NULL; sk = sk->hlink) { ++ if (keyno == sk->keyid) ++ break; ++ } ++ if (NULL == sk || !(KEY_TRUSTED & sk->flags)) { ++ INSIST(!"authistrustedip: keyid not found/trusted!"); ++ return FALSE; ++ } ++ kal = sk->keyacclist; ++ } ++ ++ if (NULL == kal) ++ return TRUE; ++ ++ for (k = kal; k; k = k->next) { ++ if (SOCK_EQ(&k->addr, sau)) ++ return TRUE; ++ } ++ ++ return FALSE; ++} ++ ++ + /* Note: There are two locations below where 'strncpy()' is used. While + * this function is a hazard by itself, it's essential that it is used + * here. Bug 1243 involved that the secret was filled with NUL bytes +@@ -527,7 +601,8 @@ MD5auth_setkey( + keyid_t keyno, + int keytype, + const u_char *key, +- size_t len ++ size_t len, ++ KeyAccT *ka + ) + { + symkey * sk; +@@ -553,6 +628,7 @@ MD5auth_setkey( + sk->type = (u_short)keytype; + secretsize = len; + sk->secretsize = (u_short)secretsize; ++ sk->keyacclist = ka; + #ifndef DISABLE_BUG1243_FIX + memcpy(sk->secret, key, secretsize); + #else +@@ -563,6 +639,7 @@ MD5auth_setkey( + if (cache_keyid == keyno) { + cache_flags = 0; + cache_keyid = 0; ++ cache_keyacclist = NULL; + } + return; + } +@@ -580,7 +657,7 @@ MD5auth_setkey( + strncpy((char *)secret, (const char *)key, secretsize); + #endif + allocsymkey(bucket, keyno, 0, (u_short)keytype, 0, +- (u_short)secretsize, secret); ++ (u_short)secretsize, secret, ka); + #ifdef DEBUG + if (debug >= 4) { + size_t j; +Index: contrib/ntp/libntp/authreadkeys.c +=================================================================== +--- contrib/ntp/libntp/authreadkeys.c (revision 294707) ++++ contrib/ntp/libntp/authreadkeys.c (working copy) +@@ -5,10 +5,12 @@ + #include + #include + ++#include "ntpd.h" /* Only for DPRINTF */ + #include "ntp_fp.h" + #include "ntp.h" + #include "ntp_syslog.h" + #include "ntp_stdlib.h" ++#include "ntp_keyacc.h" + + #ifdef OPENSSL + #include "openssl/objects.h" +@@ -85,6 +87,7 @@ static void log_maybe(u_int*, const char*, ...) NT + typedef struct keydata KeyDataT; + struct keydata { + KeyDataT *next; /* queue/stack link */ ++ KeyAccT *keyacclist; /* key access list */ + keyid_t keyid; /* stored key ID */ + u_short keytype; /* stored key type */ + u_short seclen; /* length of secret */ +@@ -228,6 +231,7 @@ authreadkeys( + len = strlen(token); + if (len <= 20) { /* Bug 2537 */ + next = emalloc(sizeof(KeyDataT) + len); ++ next->keyacclist = NULL; + next->keyid = keyno; + next->keytype = keytype; + next->seclen = len; +@@ -257,11 +261,48 @@ authreadkeys( + } + len = jlim/2; /* hmmmm.... what about odd length?!? */ + next = emalloc(sizeof(KeyDataT) + len); ++ next->keyacclist = NULL; + next->keyid = keyno; + next->keytype = keytype; + next->seclen = len; + memcpy(next->secbuf, keystr, len); + } ++ ++ token = nexttok(&line); ++DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL")); ++ if (token != NULL) { /* A comma-separated IP access list */ ++ char *tp = token; ++ ++ while (tp) { ++ char *i; ++ KeyAccT ka; ++ ++ i = strchr(tp, (int)','); ++ if (i) ++ *i = '\0'; ++DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp)); ++ ++ if (is_ip_address(tp, AF_UNSPEC, &ka.addr)) { ++ KeyAccT *kap; ++ ++ kap = emalloc(sizeof(KeyAccT)); ++ memcpy(kap, &ka, sizeof ka); ++ kap->next = next->keyacclist; ++ next->keyacclist = kap; ++ } else { ++ log_maybe(&nerr, ++ "authreadkeys: invalid IP address <%s> for key %d", ++ tp, keyno); ++ } ++ ++ if (i) { ++ tp = i + 1; ++ } else { ++ tp = 0; ++ } ++ } ++ } ++ + INSIST(NULL != next); + next->next = list; + list = next; +@@ -286,7 +327,7 @@ authreadkeys( + while (NULL != (next = list)) { + list = next->next; + MD5auth_setkey(next->keyid, next->keytype, +- next->secbuf, next->seclen); ++ next->secbuf, next->seclen, next->keyacclist); + /* purge secrets from memory before free()ing it */ + memset(next, 0, sizeof(*next) + next->seclen); + free(next); +@@ -297,6 +338,14 @@ authreadkeys( + /* Mop up temporary storage before bailing out. */ + while (NULL != (next = list)) { + list = next->next; ++ ++ while (next->keyacclist) { ++ KeyAccT *kap = next->keyacclist; ++ ++ next->keyacclist = kap->next; ++ free(kap); ++ } ++ + /* purge secrets from memory before free()ing it */ + memset(next, 0, sizeof(*next) + next->seclen); + free(next); +Index: contrib/ntp/libntp/authusekey.c +=================================================================== +--- contrib/ntp/libntp/authusekey.c (revision 294707) ++++ contrib/ntp/libntp/authusekey.c (working copy) +@@ -29,6 +29,6 @@ authusekey( + if (0 == len) + return 0; + +- MD5auth_setkey(keyno, keytype, str, len); ++ MD5auth_setkey(keyno, keytype, str, len, NULL); + return 1; + } +Index: contrib/ntp/libntp/is_ip_address.c +=================================================================== +--- contrib/ntp/libntp/is_ip_address.c (nonexistent) ++++ contrib/ntp/libntp/is_ip_address.c (working copy) +@@ -0,0 +1,129 @@ ++/* ++ * is_ip_address ++ * ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ ++#if 0 ++#include ++#include ++#ifdef HAVE_FNMATCH_H ++# include ++# if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) ++# define FNM_CASEFOLD FNM_IGNORECASE ++# endif ++#endif ++#ifdef HAVE_SYS_PARAM_H ++# include ++#endif ++#ifdef HAVE_SYS_IOCTL_H ++# include ++#endif ++#ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance ) */ ++# include ++#endif ++#ifdef HAVE_SYS_UIO_H ++# include ++#endif ++#endif ++ ++#include "ntp_assert.h" ++#include "ntp_stdlib.h" ++#include "safecast.h" ++ ++#if 0 ++#include "ntp_machine.h" ++#include "ntpd.h" ++#include "ntp_io.h" ++#include "iosignal.h" ++#include "ntp_lists.h" ++#include "ntp_refclock.h" ++#include "ntp_worker.h" ++#include "ntp_request.h" ++#include "timevalops.h" ++#include "timespecops.h" ++#include "ntpd-opts.h" ++#endif ++ ++/* Don't include ISC's version of IPv6 variables and structures */ ++#define ISC_IPV6_H 1 ++#include ++#include ++#include ++#include ++#include ++ ++ ++/* ++ * Code to tell if we have an IP address ++ * If we have then return the sockaddr structure ++ * and set the return value ++ * see the bind9/getaddresses.c for details ++ */ ++int ++is_ip_address( ++ const char * host, ++ u_short af, ++ sockaddr_u * addr ++ ) ++{ ++ struct in_addr in4; ++ struct addrinfo hints; ++ struct addrinfo *result; ++ struct sockaddr_in6 *resaddr6; ++ char tmpbuf[128]; ++ char *pch; ++ ++ REQUIRE(host != NULL); ++ REQUIRE(addr != NULL); ++ ++ ZERO_SOCK(addr); ++ ++ /* ++ * Try IPv4, then IPv6. In order to handle the extended format ++ * for IPv6 scoped addresses (address%scope_ID), we'll use a local ++ * working buffer of 128 bytes. The length is an ad-hoc value, but ++ * should be enough for this purpose; the buffer can contain a string ++ * of at least 80 bytes for scope_ID in addition to any IPv6 numeric ++ * addresses (up to 46 bytes), the delimiter character and the ++ * terminating NULL character. ++ */ ++ if (AF_UNSPEC == af || AF_INET == af) ++ if (inet_pton(AF_INET, host, &in4) == 1) { ++ AF(addr) = AF_INET; ++ SET_ADDR4N(addr, in4.s_addr); ++ ++ return TRUE; ++ } ++ ++ if (AF_UNSPEC == af || AF_INET6 == af) ++ if (sizeof(tmpbuf) > strlen(host)) { ++ if ('[' == host[0]) { ++ strlcpy(tmpbuf, &host[1], sizeof(tmpbuf)); ++ pch = strchr(tmpbuf, ']'); ++ if (pch != NULL) ++ *pch = '\0'; ++ } else { ++ strlcpy(tmpbuf, host, sizeof(tmpbuf)); ++ } ++ ZERO(hints); ++ hints.ai_family = AF_INET6; ++ hints.ai_flags |= AI_NUMERICHOST; ++ if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) { ++ AF(addr) = AF_INET6; ++ resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr); ++ SET_ADDR6N(addr, resaddr6->sin6_addr); ++ SET_SCOPE(addr, resaddr6->sin6_scope_id); ++ ++ freeaddrinfo(result); ++ return TRUE; ++ } ++ } ++ /* ++ * If we got here it was not an IP address ++ */ ++ return FALSE; ++} +Index: contrib/ntp/libntp/ntp_worker.c +=================================================================== +--- contrib/ntp/libntp/ntp_worker.c (revision 294707) ++++ contrib/ntp/libntp/ntp_worker.c (working copy) +@@ -27,6 +27,8 @@ blocking_child ** blocking_children; + size_t blocking_children_alloc; + int worker_per_query; /* boolean */ + int intres_req_pending; ++volatile u_int blocking_child_ready_seen; ++volatile u_int blocking_child_ready_done; + + + #ifndef HAVE_IO_COMPLETION_PORT +@@ -262,7 +264,32 @@ process_blocking_resp( + req_child_exit(c); + } + ++void ++harvest_blocking_responses(void) ++{ ++ int idx; ++ blocking_child* cp; ++ u_int scseen, scdone; + ++ scseen = blocking_child_ready_seen; ++ scdone = blocking_child_ready_done; ++ if (scdone != scseen) { ++ blocking_child_ready_done = scseen; ++ for (idx = 0; idx < blocking_children_alloc; idx++) { ++ cp = blocking_children[idx]; ++ if (NULL == cp) ++ continue; ++ scseen = cp->resp_ready_seen; ++ scdone = cp->resp_ready_done; ++ if (scdone != scseen) { ++ cp->resp_ready_done = scseen; ++ process_blocking_resp(cp); ++ } ++ } ++ } ++} ++ ++ + /* + * blocking_child_common runs as a forked child or a thread + */ +Index: contrib/ntp/libntp/systime.c +=================================================================== +--- contrib/ntp/libntp/systime.c (revision 294707) ++++ contrib/ntp/libntp/systime.c (working copy) +@@ -323,9 +323,18 @@ adj_systime( + else + quant = 1e-6; + ticks = (long)(dtemp / quant + .5); +- adjtv.tv_usec = (long)(ticks * quant * 1e6); +- dtemp -= adjtv.tv_usec / 1e6; +- sys_residual = dtemp; ++ adjtv.tv_usec = (long)(ticks * quant * 1.e6 + .5); ++ /* The rounding in the conversions could us push over the ++ * limits: make sure the result is properly normalised! ++ * note: sign comes later, all numbers non-negative here. ++ */ ++ if (adjtv.tv_usec >= 1000000) { ++ adjtv.tv_sec += 1; ++ adjtv.tv_usec -= 1000000; ++ dtemp -= 1.; ++ } ++ /* set the new residual with leftover from correction */ ++ sys_residual = dtemp - adjtv.tv_usec * 1.e-6; + + /* + * Convert to signed seconds and microseconds for the Unix +Index: contrib/ntp/libntp/work_thread.c +=================================================================== +--- contrib/ntp/libntp/work_thread.c (revision 294707) ++++ contrib/ntp/libntp/work_thread.c (working copy) +@@ -25,13 +25,38 @@ + + #define CHILD_EXIT_REQ ((blocking_pipe_header *)(intptr_t)-1) + #define CHILD_GONE_RESP CHILD_EXIT_REQ ++/* Queue size increments: ++ * The request queue grows a bit faster than the response queue -- the ++ * deamon can push requests and pull results faster on avarage than the ++ * worker can process requests and push results... If this really pays ++ * off is debatable. ++ */ + #define WORKITEMS_ALLOC_INC 16 + #define RESPONSES_ALLOC_INC 4 + ++/* Fiddle with min/max stack sizes. 64kB minimum seems to work, so we ++ * set the maximum to 256kB. If the minimum goes below the ++ * system-defined minimum stack size, we have to adjust accordingly. ++ */ + #ifndef THREAD_MINSTACKSIZE +-#define THREAD_MINSTACKSIZE (64U * 1024) ++# define THREAD_MINSTACKSIZE (64U * 1024) + #endif ++#ifndef __sun ++#if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN ++# undef THREAD_MINSTACKSIZE ++# define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN ++#endif ++#endif + ++#ifndef THREAD_MAXSTACKSIZE ++# define THREAD_MAXSTACKSIZE (256U * 1024) ++#endif ++#if THREAD_MAXSTACKSIZE < THREAD_MINSTACKSIZE ++# undef THREAD_MAXSTACKSIZE ++# define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE ++#endif ++ ++ + #ifdef SYS_WINNT + + # define thread_exit(c) _endthreadex(c) +@@ -148,15 +173,19 @@ ensure_workitems_empty_slot( + + size_t new_alloc; + size_t slots_used; ++ size_t sidx; + + slots_used = c->head_workitem - c->tail_workitem; + if (slots_used >= c->workitems_alloc) { + new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC; + c->workitems = erealloc(c->workitems, new_alloc * each); ++ for (sidx = c->workitems_alloc; sidx < new_alloc; ++sidx) ++ c->workitems[sidx] = NULL; + c->tail_workitem = 0; + c->head_workitem = c->workitems_alloc; + c->workitems_alloc = new_alloc; + } ++ INSIST(NULL == c->workitems[c->head_workitem % c->workitems_alloc]); + return (0 == slots_used); + } + +@@ -180,15 +209,19 @@ ensure_workresp_empty_slot( + + size_t new_alloc; + size_t slots_used; ++ size_t sidx; + + slots_used = c->head_response - c->tail_response; + if (slots_used >= c->responses_alloc) { + new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC; + c->responses = erealloc(c->responses, new_alloc * each); ++ for (sidx = c->responses_alloc; sidx < new_alloc; ++sidx) ++ c->responses[sidx] = NULL; + c->tail_response = 0; + c->head_response = c->responses_alloc; + c->responses_alloc = new_alloc; + } ++ INSIST(NULL == c->responses[c->head_response % c->responses_alloc]); + return (0 == slots_used); + } + +@@ -478,11 +511,11 @@ start_blocking_thread_internal( + # endif + pthread_attr_t thr_attr; + int rc; +- int saved_errno; + int pipe_ends[2]; /* read then write */ + int is_pipe; + int flags; +- size_t stacksize; ++ size_t ostacksize; ++ size_t nstacksize; + sigset_t saved_sig_mask; + + c->thread_ref = NULL; +@@ -522,21 +555,29 @@ start_blocking_thread_internal( + pthread_attr_setdetachstate(&thr_attr, PTHREAD_CREATE_DETACHED); + #if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \ + defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) +- rc = pthread_attr_getstacksize(&thr_attr, &stacksize); +- if (-1 == rc) { ++ rc = pthread_attr_getstacksize(&thr_attr, &ostacksize); ++ if (0 != rc) { + msyslog(LOG_ERR, +- "start_blocking_thread: pthread_attr_getstacksize %m"); +- } else if (stacksize < THREAD_MINSTACKSIZE) { +- rc = pthread_attr_setstacksize(&thr_attr, +- THREAD_MINSTACKSIZE); +- if (-1 == rc) ++ "start_blocking_thread: pthread_attr_getstacksize() -> %s", ++ strerror(rc)); ++ } else { ++ if (ostacksize < THREAD_MINSTACKSIZE) ++ nstacksize = THREAD_MINSTACKSIZE; ++ else if (ostacksize > THREAD_MAXSTACKSIZE) ++ nstacksize = THREAD_MAXSTACKSIZE; ++ else ++ nstacksize = ostacksize; ++ if (nstacksize != ostacksize) ++ rc = pthread_attr_setstacksize(&thr_attr, nstacksize); ++ if (0 != rc) + msyslog(LOG_ERR, +- "start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) %m", +- (u_long)stacksize, +- (u_long)THREAD_MINSTACKSIZE); ++ "start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) -> %s", ++ (u_long)ostacksize, (u_long)nstacksize, ++ strerror(rc)); + } + #else +- UNUSED_ARG(stacksize); ++ UNUSED_ARG(nstacksize); ++ UNUSED_ARG(ostacksize); + #endif + #if defined(PTHREAD_SCOPE_SYSTEM) && defined(NEED_PTHREAD_SCOPE_SYSTEM) + pthread_attr_setscope(&thr_attr, PTHREAD_SCOPE_SYSTEM); +@@ -545,12 +586,11 @@ start_blocking_thread_internal( + block_thread_signals(&saved_sig_mask); + rc = pthread_create(&c->thr_table[0], &thr_attr, + &blocking_thread, c); +- saved_errno = errno; + pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL); + pthread_attr_destroy(&thr_attr); + if (0 != rc) { +- errno = saved_errno; +- msyslog(LOG_ERR, "pthread_create() blocking child: %m"); ++ msyslog(LOG_ERR, "start_blocking_thread: pthread_create() -> %s", ++ strerror(rc)); + exit(1); + } + c->thread_ref = &c->thr_table[0]; +Index: contrib/ntp/ntpd/invoke-ntp.conf.texi +=================================================================== +--- contrib/ntp/ntpd/invoke-ntp.conf.texi (revision 294707) ++++ contrib/ntp/ntpd/invoke-ntp.conf.texi (working copy) +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) + # +-# It has been AutoGen-ed January 7, 2016 at 11:30:49 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 20, 2016 at 04:17:59 AM by AutoGen 5.18.5 + # From the definitions ntp.conf.def + # and the template file agtexi-file.tpl + @end ignore +@@ -2294,8 +2294,8 @@ otherwise, should be avoided. + @item @code{dscp} @kbd{value} + This option specifies the Differentiated Services Control Point (DSCP) value, + a 6-bit code. The default value is 46, signifying Expedited Forwarding. +-@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} +-@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} ++@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]} ++@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]} + Provides a way to enable or disable various server options. + Flags not mentioned are unaffected. + Note that all of these flags +@@ -2367,6 +2367,67 @@ See the + section for further information. + The default for this flag is + @code{disable}. ++@item @code{unpeer_crypto_early} ++By default, if ++@code{ntpd(1ntpdmdoc)} ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++@code{peerstats} ++file for evidence of any of these attacks. ++The ++default for this flag is ++@code{enable}. ++@item @code{unpeer_crypto_nak_early} ++By default, if ++@code{ntpd(1ntpdmdoc)} ++receives a crypto-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++@code{peerstats} ++file for evidence of any of these attacks. ++The ++default for this flag is ++@code{enable}. ++@item @code{unpeer_digest_early} ++By default, if ++@code{ntpd(1ntpdmdoc)} ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++@code{peerstats} ++file for evidence of any of these attacks. ++The ++default for this flag is ++@code{enable}. + @end table + @item @code{includefile} @kbd{includefile} + This command allows additional configuration commands +Index: contrib/ntp/ntpd/invoke-ntp.keys.texi +=================================================================== +--- contrib/ntp/ntpd/invoke-ntp.keys.texi (revision 294707) ++++ contrib/ntp/ntpd/invoke-ntp.keys.texi (working copy) +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) + # +-# It has been AutoGen-ed January 7, 2016 at 11:30:52 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 20, 2016 at 04:18:02 AM by AutoGen 5.18.5 + # From the definitions ntp.keys.def + # and the template file agtexi-file.tpl + @end ignore +@@ -37,7 +37,7 @@ as the configuration file. + Key entries use a fixed format of the form + + @example +-@kbd{keyno} @kbd{type} @kbd{key} ++@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} + @end example + + where +@@ -47,7 +47,15 @@ is a positive integer (between 1 and 65534), + is the message digest algorithm, + and + @kbd{key} +-is the key itself. ++is the key itself, and ++@kbd{opt_IP_list} ++is an optional comma-separated list of IPs ++that are allowed to serve time. ++If ++@kbd{opt_IP_list} ++is empty, ++any properly-authenticated server message will be ++accepted. + + The + @kbd{key} +Index: contrib/ntp/ntpd/invoke-ntpd.texi +=================================================================== +--- contrib/ntp/ntpd/invoke-ntpd.texi (revision 294707) ++++ contrib/ntp/ntpd/invoke-ntpd.texi (working copy) +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) + # +-# It has been AutoGen-ed January 7, 2016 at 11:30:54 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 20, 2016 at 04:18:04 AM by AutoGen 5.18.5 + # From the definitions ntpd-opts.def + # and the template file agtexi-cmd.tpl + @end ignore +@@ -142,7 +142,7 @@ with a status code of 0. + + @exampleindent 0 + @example +-ntpd - NTP daemon program - Ver. 4.2.8p5 ++ntpd - NTP daemon program - Ver. 4.2.8p6 + Usage: ntpd [ - [] | --[@{=| @}] ]... \ + [ ... ] + Flg Arg Option-Name Description +Index: contrib/ntp/ntpd/keyword-gen-utd +=================================================================== +--- contrib/ntp/ntpd/keyword-gen-utd (revision 294707) ++++ contrib/ntp/ntpd/keyword-gen-utd (working copy) +@@ -1 +1 @@ +- * Generated 2015-06-25 03:57:00 UTC diff_ignore_line ++ * Generated 2016-01-16 08:33:03 UTC diff_ignore_line +Index: contrib/ntp/ntpd/keyword-gen.c +=================================================================== +--- contrib/ntp/ntpd/keyword-gen.c (revision 294707) ++++ contrib/ntp/ntpd/keyword-gen.c (working copy) +@@ -202,6 +202,9 @@ struct key_tok ntp_keywords[] = { + { "ntp", T_Ntp, FOLLBY_TOKEN }, + { "mode7", T_Mode7, FOLLBY_TOKEN }, + { "stats", T_Stats, FOLLBY_TOKEN }, ++{ "unpeer_crypto_early", T_UEcrypto, FOLLBY_TOKEN }, ++{ "unpeer_crypto_nak_early", T_UEcryptonak, FOLLBY_TOKEN }, ++{ "unpeer_digest_early", T_UEdigest, FOLLBY_TOKEN }, + /* rlimit_option */ + { "memlock", T_Memlock, FOLLBY_TOKEN }, + { "stacksize", T_Stacksize, FOLLBY_TOKEN }, +Index: contrib/ntp/ntpd/ntp.conf.5man +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.5man (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.5man (working copy) +@@ -10,11 +10,11 @@ + .ds B-Font B + .ds I-Font I + .ds R-Font R +-.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats" ++.TH ntp.conf 5man "20 Jan 2016" "4.2.8p6" "File Formats" + .\" +-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) ++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agman-cmd.tpl + .SH NAME +@@ -2573,9 +2573,9 @@ otherwise, should be avoided. + This option specifies the Differentiated Services Control Point (DSCP) value, + a 6-bit code. The default value is 46, signifying Expedited Forwarding. + .TP 7 +-.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] ++.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] + .TP 7 +-.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] ++.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] + Provides a way to enable or disable various server options. + Flags not mentioned are unaffected. + Note that all of these flags +@@ -2655,6 +2655,70 @@ See the + section for further information. + The default for this flag is + \f\*[B-Font]disable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_crypto_early\f[] ++By default, if ++\fCntpd\f[]\fR(1ntpdmdoc)\f[] ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[] ++By default, if ++\fCntpd\f[]\fR(1ntpdmdoc)\f[] ++receives a crypto-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_digest_early\f[] ++By default, if ++\fCntpd\f[]\fR(1ntpdmdoc)\f[] ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. + .RE + .TP 7 + .NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] +@@ -3027,7 +3091,7 @@ RFC5905 + .SH "AUTHORS" + The University of Delaware and Network Time Foundation + .SH "COPYRIGHT" +-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .SH BUGS + The syntax checking is not picky; some combinations of +Index: contrib/ntp/ntpd/ntp.conf.5mdoc +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.5mdoc (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.5mdoc (working copy) +@@ -1,9 +1,9 @@ +-.Dd January 7 2016 ++.Dd January 20 2016 + .Dt NTP_CONF 5mdoc File Formats + .Os + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agmdoc-cmd.tpl + .Sh NAME +@@ -2393,8 +2393,9 @@ a 6\-bit code. The default value is 46, signifyin + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + .It Xo Ic disable +@@ -2401,8 +2402,9 @@ a 6\-bit code. The default value is 46, signifyin + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + Provides a way to enable or disable various server options. +@@ -2476,6 +2478,67 @@ See the + section for further information. + The default for this flag is + .Ic disable . ++.It Cm unpeer_crypto_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_crypto_nak_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives a crypto\-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto\-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_digest_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . + .El + .It Ic includefile Ar includefile + This command allows additional configuration commands +@@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in H + .Sh "AUTHORS" + The University of Delaware and Network Time Foundation + .Sh "COPYRIGHT" +-Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .Sh BUGS + The syntax checking is not picky; some combinations of +Index: contrib/ntp/ntpd/ntp.conf.def +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.def (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.def (working copy) +@@ -2395,8 +2395,9 @@ a 6-bit code. The default value is 46, signifying + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + .It Xo Ic disable +@@ -2403,8 +2404,9 @@ a 6-bit code. The default value is 46, signifying + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + Provides a way to enable or disable various server options. +@@ -2478,6 +2480,67 @@ See the + section for further information. + The default for this flag is + .Ic disable . ++.It Cm unpeer_crypto_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_crypto_nak_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives a crypto-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_digest_early ++By default, if ++.Xr ntpd 1ntpdmdoc ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . + .El + .It Ic includefile Ar includefile + This command allows additional configuration commands +Index: contrib/ntp/ntpd/ntp.conf.html +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.html (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.html (working copy) +@@ -33,7 +33,7 @@ Up: (di +

This document describes the configuration file for the NTP Project's + ntpd program. + +-

This document applies to version 4.2.8p5 of ntp.conf. ++

This document applies to version 4.2.8p6 of ntp.conf. + +

+

Short Contents

+@@ -2288,7 +2288,7 @@ drift file is located in, and that file system lin + otherwise, should be avoided. +
dscp value
This option specifies the Differentiated Services Control Point (DSCP) value, + a 6-bit code. The default value is 46, signifying Expedited Forwarding. +-
enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]
disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]
Provides a way to enable or disable various server options. ++
enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]
disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]
Provides a way to enable or disable various server options. + Flags not mentioned are unaffected. + Note that all of these flags + can be controlled remotely using the +@@ -2351,6 +2351,64 @@ See the + section for further information. + The default for this flag is + disable. ++
unpeer_crypto_early
By default, if ++ntpd(1ntpdmdoc) ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++enable. ++
unpeer_crypto_nak_early
By default, if ++ntpd(1ntpdmdoc) ++receives a crypto-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++enable. ++
unpeer_digest_early
By default, if ++ntpd(1ntpdmdoc) ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++enable. + +
includefile includefile
This command allows additional configuration commands + to be included from a separate file. +Index: contrib/ntp/ntpd/ntp.conf.man.in +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.man.in (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.man.in (working copy) +@@ -10,11 +10,11 @@ + .ds B-Font B + .ds I-Font I + .ds R-Font R +-.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats" ++.TH ntp.conf 5 "20 Jan 2016" "4.2.8p6" "File Formats" + .\" +-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) ++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agman-cmd.tpl + .SH NAME +@@ -2573,9 +2573,9 @@ otherwise, should be avoided. + This option specifies the Differentiated Services Control Point (DSCP) value, + a 6-bit code. The default value is 46, signifying Expedited Forwarding. + .TP 7 +-.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] ++.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] + .TP 7 +-.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] ++.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] + Provides a way to enable or disable various server options. + Flags not mentioned are unaffected. + Note that all of these flags +@@ -2655,6 +2655,70 @@ See the + section for further information. + The default for this flag is + \f\*[B-Font]disable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_crypto_early\f[] ++By default, if ++\fCntpd\f[]\fR(@NTPD_MS@)\f[] ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[] ++By default, if ++\fCntpd\f[]\fR(@NTPD_MS@)\f[] ++receives a crypto-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. ++.TP 7 ++.NOP \f\*[B-Font]unpeer_digest_early\f[] ++By default, if ++\fCntpd\f[]\fR(@NTPD_MS@)\f[] ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++\f\*[B-Font]peerstats\f[] ++file for evidence of any of these attacks. ++The ++default for this flag is ++\f\*[B-Font]enable\f[]. + .RE + .TP 7 + .NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] +@@ -3027,7 +3091,7 @@ RFC5905 + .SH "AUTHORS" + The University of Delaware and Network Time Foundation + .SH "COPYRIGHT" +-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .SH BUGS + The syntax checking is not picky; some combinations of +Index: contrib/ntp/ntpd/ntp.conf.mdoc.in +=================================================================== +--- contrib/ntp/ntpd/ntp.conf.mdoc.in (revision 294707) ++++ contrib/ntp/ntpd/ntp.conf.mdoc.in (working copy) +@@ -1,9 +1,9 @@ +-.Dd January 7 2016 ++.Dd January 20 2016 + .Dt NTP_CONF 5 File Formats + .Os + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agmdoc-cmd.tpl + .Sh NAME +@@ -2393,8 +2393,9 @@ a 6\-bit code. The default value is 46, signifyin + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + .It Xo Ic disable +@@ -2401,8 +2402,9 @@ a 6\-bit code. The default value is 46, signifyin + .Oo + .Cm auth | Cm bclient | + .Cm calibrate | Cm kernel | +-.Cm mode7 | monitor | +-.Cm ntp | Cm stats ++.Cm mode7 | Cm monitor | ++.Cm ntp | Cm stats | ++.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early + .Oc + .Xc + Provides a way to enable or disable various server options. +@@ -2476,6 +2478,67 @@ See the + section for further information. + The default for this flag is + .Ic disable . ++.It Cm unpeer_crypto_early ++By default, if ++.Xr ntpd @NTPD_MS@ ++receives an autokey packet that fails TEST9, ++a crypto failure, ++the association is immediately cleared. ++This is almost certainly a feature, ++but if, in spite of the current recommendation of not using autokey, ++you are ++.B still ++using autokey ++.B and ++you are seeing this sort of DoS attack ++disabling this flag will delay ++tearing down the association until the reachability counter ++becomes zero. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_crypto_nak_early ++By default, if ++.Xr ntpd @NTPD_MS@ ++receives a crypto\-NAK packet that ++passes the duplicate packet and origin timestamp checks ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery if a server key has changed, ++a properly forged and appropriately delivered crypto\-NAK packet ++can be used in a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . ++.It Cm unpeer_digest_early ++By default, if ++.Xr ntpd @NTPD_MS@ ++receives what should be an authenticated packet ++that passes other packet sanity checks but ++contains an invalid digest ++the association is immediately cleared. ++While this is generally a feature ++as it allows for quick recovery, ++if this type of packet is carefully forged and sent ++during an appropriate window it can be used for a DoS attack. ++If you have active noticable problems with this type of DoS attack ++then you should consider ++disabling this option. ++You can check your ++.Cm peerstats ++file for evidence of any of these attacks. ++The ++default for this flag is ++.Ic enable . + .El + .It Ic includefile Ar includefile + This command allows additional configuration commands +@@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in H + .Sh "AUTHORS" + The University of Delaware and Network Time Foundation + .Sh "COPYRIGHT" +-Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .Sh BUGS + The syntax checking is not picky; some combinations of +Index: contrib/ntp/ntpd/ntp.keys.5man +=================================================================== +--- contrib/ntp/ntpd/ntp.keys.5man (revision 294707) ++++ contrib/ntp/ntpd/ntp.keys.5man (working copy) +@@ -1,8 +1,8 @@ +-.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats" ++.TH ntp.keys 5man "20 Jan 2016" "4.2.8p6" "File Formats" + .\" + .\" EDIT THIS FILE WITH CAUTION (ntp.man) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agman-file.tpl + .Sh NAME +@@ -66,7 +66,7 @@ Key entries use a fixed format of the form + .ne 2 + + .in +4 +-\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] ++\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[] + .in -4 + .sp \n(Ppu + .ne 2 +@@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534), + is the message digest algorithm, + and + \f\*[I-Font]key\f[] +-is the key itself. ++is the key itself, and ++\f\*[I-Font]opt_IP_list\f[] ++is an optional comma-separated list of IPs ++that are allowed to serve time. ++If ++\f\*[I-Font]opt_IP_list\f[] ++is empty, ++any properly-authenticated server message will be ++accepted. + .sp \n(Ppu + .ne 2 + +@@ -160,7 +168,7 @@ the default name of the configuration file + .SH "AUTHORS" + The University of Delaware and Network Time Foundation + .SH "COPYRIGHT" +-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .SH "BUGS" + Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +Index: contrib/ntp/ntpd/ntp.keys.5mdoc +=================================================================== +--- contrib/ntp/ntpd/ntp.keys.5mdoc (revision 294707) ++++ contrib/ntp/ntpd/ntp.keys.5mdoc (working copy) +@@ -1,9 +1,9 @@ +-.Dd January 7 2016 ++.Dd January 20 2016 + .Dt NTP_KEYS 5mdoc File Formats + .Os SunOS 5.10 + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agmdoc-file.tpl + .Sh NAME +@@ -44,7 +44,7 @@ The key file uses the same comment conventions + as the configuration file. + Key entries use a fixed format of the form + .Pp +-.D1 Ar keyno type key ++.D1 Ar keyno type key opt_IP_list + .Pp + where + .Ar keyno +@@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534), + is the message digest algorithm, + and + .Ar key +-is the key itself. ++is the key itself, and ++.Ar opt_IP_list ++is an optional comma\-separated list of IPs ++that are allowed to serve time. ++If ++.Ar opt_IP_list ++is empty, ++any properly\-authenticated server message will be ++accepted. + .Pp + The + .Ar key +@@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net. Thank + .Sh "AUTHORS" + The University of Delaware and Network Time Foundation + .Sh "COPYRIGHT" +-Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. ++Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved. + This program is released under the terms of the NTP license, . + .Sh "BUGS" + Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +Index: contrib/ntp/ntpd/ntp.keys.def +=================================================================== +--- contrib/ntp/ntpd/ntp.keys.def (revision 294707) ++++ contrib/ntp/ntpd/ntp.keys.def (working copy) +@@ -43,7 +43,7 @@ The key file uses the same comment conventions + as the configuration file. + Key entries use a fixed format of the form + .Pp +-.D1 Ar keyno type key ++.D1 Ar keyno type key opt_IP_list + .Pp + where + .Ar keyno +@@ -52,7 +52,15 @@ is a positive integer (between 1 and 65534), + is the message digest algorithm, + and + .Ar key +-is the key itself. ++is the key itself, and ++.Ar opt_IP_list ++is an optional comma-separated list of IPs ++that are allowed to serve time. ++If ++.Ar opt_IP_list ++is empty, ++any properly-authenticated server message will be ++accepted. + .Pp + The + .Ar key +Index: contrib/ntp/ntpd/ntp.keys.html +=================================================================== +--- contrib/ntp/ntpd/ntp.keys.html (revision 294707) ++++ contrib/ntp/ntpd/ntp.keys.html (working copy) +@@ -33,7 +33,7 @@ Up: (di +

This document describes the symmetric key file for the NTP Project's + ntpd program. + +-

This document applies to version 4.2.8p5 of ntp.keys. ++

This document applies to version 4.2.8p6 of ntp.keys. + +

+

Short Contents

+@@ -93,7 +93,7 @@ may be arbitrarily set in the keys file. + as the configuration file. + Key entries use a fixed format of the form + +-
     keyno type key
++
     keyno type key opt_IP_list
+ 

+   
where
+ keyno
+@@ -102,7 +102,15 @@ is a positive integer (between 1 and 65534),
+ is the message digest algorithm,
+ and
+ key
+-is the key itself.
++is the key itself, and
++opt_IP_list
++is an optional comma-separated list of IPs
++that are allowed to serve time. 
++If
++opt_IP_list
++is empty,
++any properly-authenticated server message will be
++accepted.
+ 
+   
The
+ key
+Index: contrib/ntp/ntpd/ntp.keys.man.in
+===================================================================
+--- contrib/ntp/ntpd/ntp.keys.man.in	(revision 294707)
++++ contrib/ntp/ntpd/ntp.keys.man.in	(working copy)
+@@ -1,8 +1,8 @@
+-.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats"
++.TH ntp.keys 5 "20 Jan 2016" "4.2.8p6" "File Formats"
+ .\"
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+ .\"
+-.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:41 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agman-file.tpl
+ .Sh NAME
+@@ -66,7 +66,7 @@ Key entries use a fixed format of the form
+ .ne 2
+ 
+ .in +4
+-\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
++\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[]
+ .in -4
+ .sp \n(Ppu
+ .ne 2
+@@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534),
+ is the message digest algorithm,
+ and
+ \f\*[I-Font]key\f[]
+-is the key itself.
++is the key itself, and
++\f\*[I-Font]opt_IP_list\f[]
++is an optional comma-separated list of IPs
++that are allowed to serve time.
++If
++\f\*[I-Font]opt_IP_list\f[]
++is empty,
++any properly-authenticated server message will be
++accepted.
+ .sp \n(Ppu
+ .ne 2
+ 
+@@ -160,7 +168,7 @@ the default name of the configuration file
+ .SH "AUTHORS"
+ The University of Delaware and Network Time Foundation
+ .SH "COPYRIGHT"
+-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
+ This program is released under the terms of the NTP license, .
+ .SH "BUGS"
+ Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
+Index: contrib/ntp/ntpd/ntp.keys.mdoc.in
+===================================================================
+--- contrib/ntp/ntpd/ntp.keys.mdoc.in	(revision 294707)
++++ contrib/ntp/ntpd/ntp.keys.mdoc.in	(working copy)
+@@ -1,9 +1,9 @@
+-.Dd January 7 2016
++.Dd January 20 2016
+ .Dt NTP_KEYS 5 File Formats
+ .Os SunOS 5.10
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:00 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agmdoc-file.tpl
+ .Sh NAME
+@@ -44,7 +44,7 @@ The key file uses the same comment conventions
+ as the configuration file.
+ Key entries use a fixed format of the form
+ .Pp
+-.D1 Ar keyno type key
++.D1 Ar keyno type key opt_IP_list
+ .Pp
+ where
+ .Ar keyno
+@@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534),
+ is the message digest algorithm,
+ and
+ .Ar key
+-is the key itself.
++is the key itself, and
++.Ar opt_IP_list
++is an optional comma\-separated list of IPs
++that are allowed to serve time.
++If
++.Ar opt_IP_list
++is empty,
++any properly\-authenticated server message will be
++accepted.
+ .Pp
+ The
+ .Ar key
+@@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net.  Thank
+ .Sh "AUTHORS"
+ The University of Delaware and Network Time Foundation
+ .Sh "COPYRIGHT"
+-Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
++Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
+ This program is released under the terms of the NTP license, .
+ .Sh "BUGS"
+ Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
+Index: contrib/ntp/ntpd/ntp_config.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_config.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_config.c	(working copy)
+@@ -53,6 +53,8 @@
+ #include "ntp_parser.h"
+ #include "ntpd-opts.h"
+ 
++extern int yyparse(void);
++
+ /* Bug 2817 */
+ #if defined(HAVE_SYS_MMAN_H)
+ # include 
+@@ -2981,6 +2983,18 @@ apply_enable_disable(
+ 			proto_config(PROTO_FILEGEN, enable, 0., NULL);
+ 			break;
+ 
++		case T_UEcrypto:
++			proto_config(PROTO_UECRYPTO, enable, 0., NULL);
++			break;
++
++		case T_UEcryptonak:
++			proto_config(PROTO_UECRYPTONAK, enable, 0., NULL);
++			break;
++
++		case T_UEdigest:
++			proto_config(PROTO_UEDIGEST, enable, 0., NULL);
++			break;
++
+ #ifdef BC_LIST_FRAMEWORK_NOT_YET_USED
+ 		case T_Bc_bugXXXX:
+ 			pentry = bc_list;
+Index: contrib/ntp/ntpd/ntp_control.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_control.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_control.c	(working copy)
+@@ -75,6 +75,7 @@ static	void	ctl_putarray	(const char *, double *,
+ static	void	ctl_putsys	(int);
+ static	void	ctl_putpeer	(int, struct peer *);
+ static	void	ctl_putfs	(const char *, tstamp_t);
++static	void	ctl_printf	(const char *, ...) NTP_PRINTF(1, 2);
+ #ifdef REFCLOCK
+ static	void	ctl_putclock	(int, struct refclockstat *, int);
+ #endif	/* REFCLOCK */
+@@ -111,6 +112,8 @@ static	void	unset_trap	(struct recvbuf *, int);
+ static	struct ctl_trap *ctlfindtrap(sockaddr_u *,
+ 				     struct interface *);
+ 
++int/*BOOL*/ is_safe_filename(const char * name);
++
+ static const struct ctl_proc control_codes[] = {
+ 	{ CTL_OP_UNSPEC,		NOAUTH,	control_unspec },
+ 	{ CTL_OP_READSTAT,		NOAUTH,	read_status },
+@@ -873,10 +876,66 @@ ctl_error(
+ 			CTL_HEADER_LEN);
+ }
+ 
++int/*BOOL*/
++is_safe_filename(const char * name)
++{
++	/* We need a strict validation of filenames we should write: The
++	 * daemon might run with special permissions and is remote
++	 * controllable, so we better take care what we allow as file
++	 * name!
++	 *
++	 * The first character must be digit or a letter from the ASCII
++	 * base plane or a '_' ([_A-Za-z0-9]), the following characters
++	 * must be from [-._+A-Za-z0-9].
++	 *
++	 * We do not trust the character classification much here: Since
++	 * the NTP protocol makes no provisions for UTF-8 or local code
++	 * pages, we strictly require the 7bit ASCII code page.
++	 *
++	 * The following table is a packed bit field of 128 two-bit
++	 * groups. The LSB in each group tells us if a character is
++	 * acceptable at the first position, the MSB if the character is
++	 * accepted at any other position.
++	 *
++	 * This does not ensure that the file name is syntactically
++	 * correct (multiple dots will not work with VMS...) but it will
++	 * exclude potential globbing bombs and directory traversal. It
++	 * also rules out drive selection. (For systems that have this
++	 * notion, like Windows or VMS.)
++	 */
++	static const uint32_t chclass[8] = {
++		0x00000000, 0x00000000,
++		0x28800000, 0x000FFFFF,
++		0xFFFFFFFC, 0xC03FFFFF,
++		0xFFFFFFFC, 0x003FFFFF
++	};
++
++	u_int widx, bidx, mask;
++	if (!*name)
++		return FALSE;
++	
++	mask = 1u;
++	while (0 != (widx = (u_char)*name++)) {
++		bidx = (widx & 15) << 1;
++		widx = widx >> 4;
++		if (widx >= sizeof(chclass))
++			return FALSE;
++		if (0 == ((chclass[widx] >> bidx) & mask))
++			return FALSE;
++		mask |= 2u;
++	}
++	return TRUE;
++}
++
++
+ /*
+  * save_config - Implements ntpq -c "saveconfig "
+  *		 Writes current configuration including any runtime
+  *		 changes by ntpq's :config or config-from-file
++ *
++ * Note: There should be no buffer overflow or truncation in the
++ * processing of file names -- both cause security problems. This is bit
++ * painful to code but essential here.
+  */
+ void
+ save_config(
+@@ -904,24 +963,38 @@ save_config(
+ 	    "\\/"	/* separator and critical char for POSIX */
+ #endif
+ 	    ;
+-
+-
+ 	char reply[128];
+ #ifdef SAVECONFIG
++	static const char savedconfig_eq[] = "savedconfig=";
++
++	/* Build a safe open mode from the available mode flags. We want
++	 * to create a new file and write it in text mode (when
++	 * applicable -- only Windows does this...)
++	 */
++	static const int openmode = O_CREAT | O_TRUNC | O_WRONLY
++#  if defined(O_EXCL)		/* posix, vms */
++	    | O_EXCL
++#  elif defined(_O_EXCL)	/* windows is alway very special... */
++	    | _O_EXCL
++#  endif
++#  if defined(_O_TEXT)		/* windows, again */
++	    | _O_TEXT
++#endif
++	    ; 
++	
+ 	char filespec[128];
+ 	char filename[128];
+ 	char fullpath[512];
+-	const char savedconfig_eq[] = "savedconfig=";
+ 	char savedconfig[sizeof(savedconfig_eq) + sizeof(filename)];
+ 	time_t now;
+ 	int fd;
+ 	FILE *fptr;
++	int prc;
++	size_t reqlen;
+ #endif
+ 
+ 	if (RES_NOMODIFY & restrict_mask) {
+-		snprintf(reply, sizeof(reply),
+-			 "saveconfig prohibited by restrict ... nomodify");
+-		ctl_putdata(reply, strlen(reply), 0);
++		ctl_printf("%s", "saveconfig prohibited by restrict ... nomodify");
+ 		ctl_flushpkt(0);
+ 		NLOG(NLOG_SYSINFO)
+ 			msyslog(LOG_NOTICE,
+@@ -933,9 +1006,7 @@ save_config(
+ 
+ #ifdef SAVECONFIG
+ 	if (NULL == saveconfigdir) {
+-		snprintf(reply, sizeof(reply),
+-			 "saveconfig prohibited, no saveconfigdir configured");
+-		ctl_putdata(reply, strlen(reply), 0);
++		ctl_printf("%s", "saveconfig prohibited, no saveconfigdir configured");
+ 		ctl_flushpkt(0);
+ 		NLOG(NLOG_SYSINFO)
+ 			msyslog(LOG_NOTICE,
+@@ -944,22 +1015,80 @@ save_config(
+ 		return;
+ 	}
+ 
+-	if (0 == reqend - reqpt)
++	/* The length checking stuff gets serious. Do not assume a NUL
++	 * byte can be found, but if so, use it to calculate the needed
++	 * buffer size. If the available buffer is too short, bail out;
++	 * likewise if there is no file spec. (The latter will not
++	 * happen when using NTPQ, but there are other ways to craft a
++	 * network packet!)
++	 */
++	reqlen = (size_t)(reqend - reqpt);
++	if (0 != reqlen) {
++		char * nulpos = (char*)memchr(reqpt, 0, reqlen);
++		if (NULL != nulpos)
++			reqlen = (size_t)(nulpos - reqpt);
++	}
++	if (0 == reqlen)
+ 		return;
++	if (reqlen >= sizeof(filespec)) {
++		ctl_printf("saveconfig exceeded maximum raw name length (%u)",
++			   (u_int)sizeof(filespec));
++		ctl_flushpkt(0);
++		msyslog(LOG_NOTICE,
++			"saveconfig exceeded maximum raw name length from %s",
++			stoa(&rbufp->recv_srcadr));
++		return;
++	}
+ 
+-	strlcpy(filespec, reqpt, sizeof(filespec));
+-	time(&now);
+-
++	/* copy data directly as we exactly know the size */
++	memcpy(filespec, reqpt, reqlen);
++	filespec[reqlen] = '\0';
++	
+ 	/*
+ 	 * allow timestamping of the saved config filename with
+ 	 * strftime() format such as:
+ 	 *   ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf"
+ 	 * XXX: Nice feature, but not too safe.
++	 * YYY: The check for permitted characters in file names should
++	 *      weed out the worst. Let's hope 'strftime()' does not
++	 *      develop pathological problems.
+ 	 */
++	time(&now);
+ 	if (0 == strftime(filename, sizeof(filename), filespec,
+-			       localtime(&now)))
++			  localtime(&now)))
++	{
++		/*
++		 * If we arrive here, 'strftime()' balked; most likely
++		 * the buffer was too short. (Or it encounterd an empty
++		 * format, or just a format that expands to an empty
++		 * string.) We try to use the original name, though this
++		 * is very likely to fail later if there are format
++		 * specs in the string. Note that truncation cannot
++		 * happen here as long as both buffers have the same
++		 * size!
++		 */
+ 		strlcpy(filename, filespec, sizeof(filename));
++	}
+ 
++	/*
++	 * Check the file name for sanity. This might/will rule out file
++	 * names that would be legal but problematic, and it blocks
++	 * directory traversal.
++	 */
++	if (!is_safe_filename(filename)) {
++		ctl_printf("saveconfig rejects unsafe file name '%s'",
++			   filename);
++		ctl_flushpkt(0);
++		msyslog(LOG_NOTICE,
++			"saveconfig rejects unsafe file name from %s",
++			stoa(&rbufp->recv_srcadr));
++		return;
++	}
++
++	/*
++	 * XXX: This next test may not be needed with is_safe_filename()
++	 */
++
+ 	/* block directory/drive traversal */
+ 	/* TALOS-CAN-0062: block directory traversal for VMS, too */
+ 	if (NULL != strpbrk(filename, illegal_in_filename)) {
+@@ -968,16 +1097,27 @@ save_config(
+ 		ctl_putdata(reply, strlen(reply), 0);
+ 		ctl_flushpkt(0);
+ 		msyslog(LOG_NOTICE,
+-			"saveconfig with path from %s rejected",
++			"saveconfig rejects unsafe file name from %s",
+ 			stoa(&rbufp->recv_srcadr));
+ 		return;
+ 	}
+ 
+-	snprintf(fullpath, sizeof(fullpath), "%s%s",
+-		 saveconfigdir, filename);
++	/* concatenation of directory and path can cause another
++	 * truncation...
++	 */
++	prc = snprintf(fullpath, sizeof(fullpath), "%s%s",
++		       saveconfigdir, filename);
++	if (prc < 0 || prc >= sizeof(fullpath)) {
++		ctl_printf("saveconfig exceeded maximum path length (%u)",
++			   (u_int)sizeof(fullpath));
++		ctl_flushpkt(0);
++		msyslog(LOG_NOTICE,
++			"saveconfig exceeded maximum path length from %s",
++			stoa(&rbufp->recv_srcadr));
++		return;
++	}
+ 
+-	fd = open(fullpath, O_CREAT | O_TRUNC | O_WRONLY,
+-		  S_IRUSR | S_IWUSR);
++	fd = open(fullpath, openmode, S_IRUSR | S_IWUSR);
+ 	if (-1 == fd)
+ 		fptr = NULL;
+ 	else
+@@ -984,22 +1124,22 @@ save_config(
+ 		fptr = fdopen(fd, "w");
+ 
+ 	if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
+-		snprintf(reply, sizeof(reply),
+-			 "Unable to save configuration to file %s",
+-			 filename);
++		ctl_printf("Unable to save configuration to file '%s': %m",
++			   filename);
+ 		msyslog(LOG_ERR,
+ 			"saveconfig %s from %s failed", filename,
+ 			stoa(&rbufp->recv_srcadr));
+ 	} else {
+-		snprintf(reply, sizeof(reply),
+-			 "Configuration saved to %s", filename);
++		ctl_printf("Configuration saved to '%s'", filename);
+ 		msyslog(LOG_NOTICE,
+-			"Configuration saved to %s (requested by %s)",
++			"Configuration saved to '%s' (requested by %s)",
+ 			fullpath, stoa(&rbufp->recv_srcadr));
+ 		/*
+ 		 * save the output filename in system variable
+ 		 * savedconfig, retrieved with:
+ 		 *   ntpq -c "rv 0 savedconfig"
++		 * Note: the way 'savedconfig' is defined makes overflow
++		 * checks unnecessary here.
+ 		 */
+ 		snprintf(savedconfig, sizeof(savedconfig), "%s%s",
+ 			 savedconfig_eq, filename);
+@@ -1009,11 +1149,9 @@ save_config(
+ 	if (NULL != fptr)
+ 		fclose(fptr);
+ #else	/* !SAVECONFIG follows */
+-	snprintf(reply, sizeof(reply),
+-		 "saveconfig unavailable, configured with --disable-saveconfig");
+-#endif
+-
+-	ctl_putdata(reply, strlen(reply), 0);
++	ctl_printf("%s",
++		   "saveconfig unavailable, configured with --disable-saveconfig");
++#endif	
+ 	ctl_flushpkt(0);
+ }
+ 
+@@ -1757,7 +1895,30 @@ ctl_putarray(
+ 	ctl_putdata(buffer, (unsigned)(cp - buffer), 0);
+ }
+ 
++/*
++ * ctl_printf - put a formatted string into the data buffer
++ */
++static void
++ctl_printf(
++	const char * fmt,
++	...
++	)
++{
++	static const char * ellipsis = "[...]";
++	va_list va;
++	char    fmtbuf[128];
++	int     rc;
++	
++	va_start(va, fmt);
++	rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va);
++	va_end(va);
++	if (rc < 0 || rc >= sizeof(fmtbuf))
++		strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1,
++		       ellipsis);
++	ctl_putdata(fmtbuf, strlen(fmtbuf), 0);
++}
+ 
++
+ /*
+  * ctl_putsys - output a system variable
+  */
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_crypto.c	(working copy)
+@@ -269,7 +269,7 @@ session_key(
+ 	memcpy(&keyid, dgst, 4);
+ 	keyid = ntohl(keyid);
+ 	if (lifetime != 0) {
+-		MD5auth_setkey(keyno, crypto_nid, dgst, len);
++		MD5auth_setkey(keyno, crypto_nid, dgst, len, NULL);
+ 		authtrust(keyno, lifetime);
+ 	}
+ 	DPRINTF(2, ("session_key: %s > %s %08x %08x hash %08x life %lu\n",
+Index: contrib/ntp/ntpd/ntp_io.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_io.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_io.c	(working copy)
+@@ -62,6 +62,9 @@
+ # endif
+ #endif
+ 
++#if defined(HAVE_SIGNALED_IO) && defined(DEBUG_TIMING)
++# undef DEBUG_TIMING
++#endif
+ 
+ /*
+  * setsockopt does not always have the same arg declaration
+@@ -280,9 +283,12 @@ static int	addr_samesubnet	(const sockaddr_u *, co
+ 				 const sockaddr_u *, const sockaddr_u *);
+ static	int	create_sockets	(u_short);
+ static	SOCKET	open_socket	(sockaddr_u *, int, int, endpt *);
+-static	char *	fdbits		(int, fd_set *);
+ static	void	set_reuseaddr	(int);
+ static	isc_boolean_t	socket_broadcast_enable	 (struct interface *, SOCKET, sockaddr_u *);
++
++#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
++static	char *	fdbits		(int, const fd_set *);
++#endif
+ #ifdef  OS_MISSES_SPECIFIC_ROUTE_UPDATES
+ static	isc_boolean_t	socket_broadcast_disable (struct interface *, sockaddr_u *);
+ #endif
+@@ -337,14 +343,17 @@ static int		cmp_addr_distance(const sockaddr_u *,
+ #if !defined(HAVE_IO_COMPLETION_PORT)
+ static inline int	read_network_packet	(SOCKET, struct interface *, l_fp);
+ static void		ntpd_addremove_io_fd	(int, int, int);
+-static input_handler_t  input_handler;
++static void 		input_handler_scan	(const l_fp*, const fd_set*);
++static int/*BOOL*/	sanitize_fdset		(int errc);
+ #ifdef REFCLOCK
+ static inline int	read_refclock_packet	(SOCKET, struct refclockio *, l_fp);
+ #endif
++#ifdef HAVE_SIGNALED_IO
++static void 		input_handler		(l_fp*);
+ #endif
++#endif
+ 
+ 
+-
+ #ifndef HAVE_IO_COMPLETION_PORT
+ void
+ maintain_activefds(
+@@ -455,11 +464,9 @@ init_io(void)
+ 	addremove_io_fd = &ntpd_addremove_io_fd;
+ #endif
+ 
+-#ifdef SYS_WINNT
++#if defined(SYS_WINNT)
+ 	init_io_completion_port();
+-#endif
+-
+-#if defined(HAVE_SIGNALED_IO)
++#elif defined(HAVE_SIGNALED_IO)
+ 	(void) set_signal(input_handler);
+ #endif
+ }
+@@ -475,7 +482,8 @@ ntpd_addremove_io_fd(
+ 	UNUSED_ARG(is_pipe);
+ 
+ #ifdef HAVE_SIGNALED_IO
+-	init_socket_sig(fd);
++	if (!remove_it)
++		init_socket_sig(fd);
+ #endif /* not HAVE_SIGNALED_IO */
+ 
+ 	maintain_activefds(fd, remove_it);
+@@ -717,78 +725,6 @@ addr_samesubnet(
+ 
+ 
+ /*
+- * Code to tell if we have an IP address
+- * If we have then return the sockaddr structure
+- * and set the return value
+- * see the bind9/getaddresses.c for details
+- */
+-int
+-is_ip_address(
+-	const char *	host,
+-	u_short		af,
+-	sockaddr_u *	addr
+-	)
+-{
+-	struct in_addr in4;
+-	struct addrinfo hints;
+-	struct addrinfo *result;
+-	struct sockaddr_in6 *resaddr6;
+-	char tmpbuf[128];
+-	char *pch;
+-
+-	REQUIRE(host != NULL);
+-	REQUIRE(addr != NULL);
+-
+-	ZERO_SOCK(addr);
+-
+-	/*
+-	 * Try IPv4, then IPv6.  In order to handle the extended format
+-	 * for IPv6 scoped addresses (address%scope_ID), we'll use a local
+-	 * working buffer of 128 bytes.  The length is an ad-hoc value, but
+-	 * should be enough for this purpose; the buffer can contain a string
+-	 * of at least 80 bytes for scope_ID in addition to any IPv6 numeric
+-	 * addresses (up to 46 bytes), the delimiter character and the
+-	 * terminating NULL character.
+-	 */
+-	if (AF_UNSPEC == af || AF_INET == af)
+-		if (inet_pton(AF_INET, host, &in4) == 1) {
+-			AF(addr) = AF_INET;
+-			SET_ADDR4N(addr, in4.s_addr);
+-
+-			return TRUE;
+-		}
+-
+-	if (AF_UNSPEC == af || AF_INET6 == af)
+-		if (sizeof(tmpbuf) > strlen(host)) {
+-			if ('[' == host[0]) {
+-				strlcpy(tmpbuf, &host[1], sizeof(tmpbuf));
+-				pch = strchr(tmpbuf, ']');
+-				if (pch != NULL)
+-					*pch = '\0';
+-			} else {
+-				strlcpy(tmpbuf, host, sizeof(tmpbuf));
+-			}
+-			ZERO(hints);
+-			hints.ai_family = AF_INET6;
+-			hints.ai_flags |= AI_NUMERICHOST;
+-			if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
+-				AF(addr) = AF_INET6;
+-				resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
+-				SET_ADDR6N(addr, resaddr6->sin6_addr);
+-				SET_SCOPE(addr, resaddr6->sin6_scope_id);
+-
+-				freeaddrinfo(result);
+-				return TRUE;
+-			}
+-		}
+-	/*
+-	 * If we got here it was not an IP address
+-	 */
+-	return FALSE;
+-}
+-
+-
+-/*
+  * interface list enumerator - visitor pattern
+  */
+ void
+@@ -2354,6 +2290,7 @@ get_broadcastclient_flag(void)
+ {
+ 	return (broadcast_client_enabled);
+ }
++
+ /*
+  * Check to see if the address is a multicast address
+  */
+@@ -3204,7 +3141,7 @@ sendpkt(
+ }
+ 
+ 
+-#if !defined(HAVE_IO_COMPLETION_PORT)
++#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
+ /*
+  * fdbits - generate ascii representation of fd_set (FAU debug support)
+  * HFDF format - highest fd first.
+@@ -3211,8 +3148,8 @@ sendpkt(
+  */
+ static char *
+ fdbits(
+-	int count,
+-	fd_set *set
++	int		count,
++	const fd_set*	set
+ 	)
+ {
+ 	static char buffer[256];
+@@ -3228,8 +3165,8 @@ fdbits(
+ 
+ 	return buffer;
+ }
++#endif
+ 
+-
+ #ifdef REFCLOCK
+ /*
+  * Routine to read the refclock packets for a specific interface
+@@ -3265,7 +3202,7 @@ read_refclock_packet(
+ 	/* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
+ 	 * to buffer overrun and memory corruption
+ 	 */
+-	if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space))
++	if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
+ 		read_count = sizeof(rb->recv_space);
+ 	else
+ 		read_count = (u_int)rp->datalen;
+@@ -3582,6 +3519,7 @@ io_handler(void)
+ 	 * and - lacking a hardware reference clock - I have
+ 	 * yet to learn about anything else that is.
+ 	 */
++	++handler_calls;
+ 	rdfdes = activefds;
+ #   if !defined(VMS) && !defined(SYS_VXWORKS)
+ 	nfound = select(maxactivefd + 1, &rdfdes, NULL,
+@@ -3590,8 +3528,7 @@ io_handler(void)
+ 	/* make select() wake up after one second */
+ 	{
+ 		struct timeval t1;
+-
+-		t1.tv_sec = 1;
++		t1.tv_sec  = 1;
+ 		t1.tv_usec = 0;
+ 		nfound = select(maxactivefd + 1,
+ 				&rdfdes, NULL, NULL,
+@@ -3598,12 +3535,22 @@ io_handler(void)
+ 				&t1);
+ 	}
+ #   endif	/* VMS, VxWorks */
++	if (nfound < 0 && sanitize_fdset(errno)) {
++		struct timeval t1;
++		t1.tv_sec  = 0;
++		t1.tv_usec = 0;
++		rdfdes = activefds;
++		nfound = select(maxactivefd + 1,
++				&rdfdes, NULL, NULL,
++				&t1);
++	}
++
+ 	if (nfound > 0) {
+ 		l_fp ts;
+ 
+ 		get_systime(&ts);
+ 
+-		input_handler(&ts);
++		input_handler_scan(&ts, &rdfdes);
+ 	} else if (nfound == -1 && errno != EINTR) {
+ 		msyslog(LOG_ERR, "select() error: %m");
+ 	}
+@@ -3619,27 +3566,110 @@ io_handler(void)
+ #  endif /* HAVE_SIGNALED_IO */
+ }
+ 
++#ifdef HAVE_SIGNALED_IO
+ /*
+  * input_handler - receive packets asynchronously
++ *
++ * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
+  */
+-static void
++static RETSIGTYPE
+ input_handler(
+ 	l_fp *	cts
+ 	)
+ {
++	int		n;
++	struct timeval	tvzero;
++	fd_set		fds;
++	
++	++handler_calls;
++
++	/*
++	 * Do a poll to see who has data
++	 */
++
++	fds = activefds;
++	tvzero.tv_sec = tvzero.tv_usec = 0;
++
++	n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
++	if (n < 0 && sanitize_fdset(errno)) {
++		fds = activefds;
++		tvzero.tv_sec = tvzero.tv_usec = 0;
++		n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
++	}
++	if (n > 0)
++		input_handler_scan(cts, &fds);
++}
++#endif /* HAVE_SIGNALED_IO */
++
++
++/*
++ * Try to sanitize the global FD set
++ *
++ * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
++ */
++static int/*BOOL*/
++sanitize_fdset(
++	int	errc
++	)
++{
++	int j, b, maxscan;
++
++#  ifndef HAVE_SIGNALED_IO
++	/*
++	 * extended FAU debugging output
++	 */
++	if (errc != EINTR) {
++		msyslog(LOG_ERR,
++			"select(%d, %s, 0L, 0L, &0.0) error: %m",
++			maxactivefd + 1,
++			fdbits(maxactivefd, &activefds));
++	}
++#   endif
++	
++	if (errc != EBADF)
++		return FALSE;
++
++	/* if we have oviously bad FDs, try to sanitize the FD set. */
++	for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
++		if (FD_ISSET(j, &activefds)) {
++			if (-1 != read(j, &b, 0)) {
++				maxscan = j;
++				continue;
++			}
++#		    ifndef HAVE_SIGNALED_IO
++			msyslog(LOG_ERR,
++				"Removing bad file descriptor %d from select set",
++				j);
++#		    endif
++			FD_CLR(j, &activefds);
++		}
++	}
++	if (maxactivefd != maxscan)
++		maxactivefd = maxscan;
++	return TRUE;
++}
++
++/*
++ * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 
++ *
++ * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
++ */
++static void
++input_handler_scan(
++	const l_fp *	cts,
++	const fd_set *	pfds
++	)
++{
+ 	int		buflen;
+-	int		n;
+ 	u_int		idx;
+ 	int		doing;
+ 	SOCKET		fd;
+ 	blocking_child *c;
+-	struct timeval	tvzero;
+ 	l_fp		ts;	/* Timestamp at BOselect() gob */
+-#ifdef DEBUG_TIMING
++
++#if defined(DEBUG_TIMING)
+ 	l_fp		ts_e;	/* Timestamp at EOselect() gob */
+ #endif
+-	fd_set		fds;
+-	size_t		select_count;
+ 	endpt *		ep;
+ #ifdef REFCLOCK
+ 	struct refclockio *rp;
+@@ -3651,101 +3681,45 @@ input_handler(
+ 	struct asyncio_reader *	next_asyncio_reader;
+ #endif
+ 
+-	handler_calls++;
+-	select_count = 0;
+-
+-	/*
+-	 * If we have something to do, freeze a timestamp.
+-	 * See below for the other cases (nothing left to do or error)
+-	 */
++	++handler_pkts;
+ 	ts = *cts;
+ 
++#ifdef REFCLOCK
+ 	/*
+-	 * Do a poll to see who has data
++	 * Check out the reference clocks first, if any
+ 	 */
+-
+-	fds = activefds;
+-	tvzero.tv_sec = tvzero.tv_usec = 0;
+-
+-	n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
+-
+-	/*
+-	 * If there are no packets waiting just return
+-	 */
+-	if (n < 0) {
+-		int err = errno;
+-		int j, b, prior;
++	
++	for (rp = refio; rp != NULL; rp = rp->next) {
++		fd = rp->fd;
++		
++		if (!FD_ISSET(fd, pfds))
++			continue;
++		buflen = read_refclock_packet(fd, rp, ts);
+ 		/*
+-		 * extended FAU debugging output
++		 * The first read must succeed after select() indicates
++		 * readability, or we've reached a permanent EOF.
++		 * http://bugs.ntp.org/1732 reported ntpd munching CPU
++		 * after a USB GPS was unplugged because select was
++		 * indicating EOF but ntpd didn't remove the descriptor
++		 * from the activefds set.
+ 		 */
+-		if (err != EINTR)
+-			msyslog(LOG_ERR,
+-				"select(%d, %s, 0L, 0L, &0.0) error: %m",
+-				maxactivefd + 1,
+-				fdbits(maxactivefd, &activefds));
+-		if (err != EBADF)
+-			goto ih_return;
+-		for (j = 0, prior = 0; j <= maxactivefd; j++) {
+-			if (FD_ISSET(j, &activefds)) {
+-				if (-1 != read(j, &b, 0)) {
+-					prior = j;
+-					continue;
+-				}
+-				msyslog(LOG_ERR,
+-					"Removing bad file descriptor %d from select set",
+-					j);
+-				FD_CLR(j, &activefds);
+-				if (j == maxactivefd)
+-					maxactivefd = prior;
+-			}
++		if (buflen < 0 && EAGAIN != errno) {
++			saved_errno = errno;
++			clk = refnumtoa(&rp->srcclock->srcadr);
++			errno = saved_errno;
++			msyslog(LOG_ERR, "%s read: %m", clk);
++			maintain_activefds(fd, TRUE);
++		} else if (0 == buflen) {
++			clk = refnumtoa(&rp->srcclock->srcadr);
++			msyslog(LOG_ERR, "%s read EOF", clk);
++			maintain_activefds(fd, TRUE);
++		} else {
++			/* drain any remaining refclock input */
++			do {
++				buflen = read_refclock_packet(fd, rp, ts);
++			} while (buflen > 0);
+ 		}
+-		goto ih_return;
+ 	}
+-	else if (n == 0)
+-		goto ih_return;
+-
+-	++handler_pkts;
+-
+-#ifdef REFCLOCK
+-	/*
+-	 * Check out the reference clocks first, if any
+-	 */
+-
+-	if (refio != NULL) {
+-		for (rp = refio; rp != NULL; rp = rp->next) {
+-			fd = rp->fd;
+-
+-			if (!FD_ISSET(fd, &fds))
+-				continue;
+-			++select_count;
+-			buflen = read_refclock_packet(fd, rp, ts);
+-			/*
+-			 * The first read must succeed after select()
+-			 * indicates readability, or we've reached
+-			 * a permanent EOF.  http://bugs.ntp.org/1732
+-			 * reported ntpd munching CPU after a USB GPS
+-			 * was unplugged because select was indicating
+-			 * EOF but ntpd didn't remove the descriptor
+-			 * from the activefds set.
+-			 */
+-			if (buflen < 0 && EAGAIN != errno) {
+-				saved_errno = errno;
+-				clk = refnumtoa(&rp->srcclock->srcadr);
+-				errno = saved_errno;
+-				msyslog(LOG_ERR, "%s read: %m", clk);
+-				maintain_activefds(fd, TRUE);
+-			} else if (0 == buflen) {
+-				clk = refnumtoa(&rp->srcclock->srcadr);
+-				msyslog(LOG_ERR, "%s read EOF", clk);
+-				maintain_activefds(fd, TRUE);
+-			} else {
+-				/* drain any remaining refclock input */
+-				do {
+-					buflen = read_refclock_packet(fd, rp, ts);
+-				} while (buflen > 0);
+-			}
+-		}
+-	}
+ #endif /* REFCLOCK */
+ 
+ 	/*
+@@ -3762,9 +3736,8 @@ input_handler(
+ 			}
+ 			if (fd < 0)
+ 				continue;
+-			if (FD_ISSET(fd, &fds))
++			if (FD_ISSET(fd, pfds))
+ 				do {
+-					++select_count;
+ 					buflen = read_network_packet(
+ 							fd, ep, ts);
+ 				} while (buflen > 0);
+@@ -3781,10 +3754,8 @@ input_handler(
+ 	while (asyncio_reader != NULL) {
+ 		/* callback may unlink and free asyncio_reader */
+ 		next_asyncio_reader = asyncio_reader->link;
+-		if (FD_ISSET(asyncio_reader->fd, &fds)) {
+-			++select_count;
++		if (FD_ISSET(asyncio_reader->fd, pfds))
+ 			(*asyncio_reader->receiver)(asyncio_reader);
+-		}
+ 		asyncio_reader = next_asyncio_reader;
+ 	}
+ #endif /* HAS_ROUTING_SOCKET */
+@@ -3796,26 +3767,14 @@ input_handler(
+ 		c = blocking_children[idx];
+ 		if (NULL == c || -1 == c->resp_read_pipe)
+ 			continue;
+-		if (FD_ISSET(c->resp_read_pipe, &fds)) {
+-			select_count++;
+-			process_blocking_resp(c);
++		if (FD_ISSET(c->resp_read_pipe, pfds)) {
++			++c->resp_ready_seen;
++			++blocking_child_ready_seen;
+ 		}
+ 	}
+ 
+-	/*
+-	 * Done everything from that select.
+-	 * If nothing to do, just return.
+-	 * If an error occurred, complain and return.
+-	 */
+-	if (select_count == 0) { /* We really had nothing to do */
+-#ifdef DEBUG
+-		if (debug)
+-			msyslog(LOG_DEBUG, "input_handler: select() returned 0");
+-#endif /* DEBUG */
+-		goto ih_return;
+-	}
+ 	/* We've done our work */
+-#ifdef DEBUG_TIMING
++#if defined(DEBUG_TIMING)
+ 	get_systime(&ts_e);
+ 	/*
+ 	 * (ts_e - ts) is the amount of time we spent
+@@ -3829,11 +3788,7 @@ input_handler(
+ 			"input_handler: Processed a gob of fd's in %s msec",
+ 			lfptoms(&ts_e, 6));
+ #endif /* DEBUG_TIMING */
+-	/* We're done... */
+-    ih_return:
+-	return;
+ }
+-#endif /* !HAVE_IO_COMPLETION_PORT */
+ 
+ 
+ /*
+Index: contrib/ntp/ntpd/ntp_keyword.h
+===================================================================
+--- contrib/ntp/ntpd/ntp_keyword.h	(revision 294707)
++++ contrib/ntp/ntpd/ntp_keyword.h	(working copy)
+@@ -2,7 +2,7 @@
+  * ntp_keyword.h
+  * 
+  * NOTE: edit this file with caution, it is generated by keyword-gen.c
+- *	 Generated 2015-06-25 03:57:00 UTC	  diff_ignore_line
++ *	 Generated 2016-01-16 08:33:03 UTC	  diff_ignore_line
+  *
+  */
+ #include "ntp_scanner.h"
+@@ -10,7 +10,7 @@
+ 
+ #define LOWEST_KEYWORD_ID 258
+ 
+-const char * const keyword_text[191] = {
++const char * const keyword_text[194] = {
+ 	/* 0       258             T_Abbrev */	"abbrev",
+ 	/* 1       259                T_Age */	"age",
+ 	/* 2       260                T_All */	"all",
+@@ -182,31 +182,34 @@
+ 	/* 168     426                T_Ttl */	"ttl",
+ 	/* 169     427               T_Type */	"type",
+ 	/* 170     428              T_U_int */	NULL,
+-	/* 171     429           T_Unconfig */	"unconfig",
+-	/* 172     430             T_Unpeer */	"unpeer",
+-	/* 173     431            T_Version */	"version",
+-	/* 174     432    T_WanderThreshold */	NULL,
+-	/* 175     433               T_Week */	"week",
+-	/* 176     434           T_Wildcard */	"wildcard",
+-	/* 177     435             T_Xleave */	"xleave",
+-	/* 178     436               T_Year */	"year",
+-	/* 179     437               T_Flag */	NULL,
+-	/* 180     438                T_EOC */	NULL,
+-	/* 181     439           T_Simulate */	"simulate",
+-	/* 182     440         T_Beep_Delay */	"beep_delay",
+-	/* 183     441       T_Sim_Duration */	"simulation_duration",
+-	/* 184     442      T_Server_Offset */	"server_offset",
+-	/* 185     443           T_Duration */	"duration",
+-	/* 186     444        T_Freq_Offset */	"freq_offset",
+-	/* 187     445             T_Wander */	"wander",
+-	/* 188     446             T_Jitter */	"jitter",
+-	/* 189     447         T_Prop_Delay */	"prop_delay",
+-	/* 190     448         T_Proc_Delay */	"proc_delay"
++	/* 171     429           T_UEcrypto */	"unpeer_crypto_early",
++	/* 172     430        T_UEcryptonak */	"unpeer_crypto_nak_early",
++	/* 173     431           T_UEdigest */	"unpeer_digest_early",
++	/* 174     432           T_Unconfig */	"unconfig",
++	/* 175     433             T_Unpeer */	"unpeer",
++	/* 176     434            T_Version */	"version",
++	/* 177     435    T_WanderThreshold */	NULL,
++	/* 178     436               T_Week */	"week",
++	/* 179     437           T_Wildcard */	"wildcard",
++	/* 180     438             T_Xleave */	"xleave",
++	/* 181     439               T_Year */	"year",
++	/* 182     440               T_Flag */	NULL,
++	/* 183     441                T_EOC */	NULL,
++	/* 184     442           T_Simulate */	"simulate",
++	/* 185     443         T_Beep_Delay */	"beep_delay",
++	/* 186     444       T_Sim_Duration */	"simulation_duration",
++	/* 187     445      T_Server_Offset */	"server_offset",
++	/* 188     446           T_Duration */	"duration",
++	/* 189     447        T_Freq_Offset */	"freq_offset",
++	/* 190     448             T_Wander */	"wander",
++	/* 191     449             T_Jitter */	"jitter",
++	/* 192     450         T_Prop_Delay */	"prop_delay",
++	/* 193     451         T_Proc_Delay */	"proc_delay"
+ };
+ 
+-#define SCANNER_INIT_S 853
++#define SCANNER_INIT_S 887
+ 
+-const scan_state sst[856] = {
++const scan_state sst[890] = {
+ /*SS_T( ch,	f-by, match, other ),				 */
+   0,				      /*     0                   */
+   S_ST( '-',	3,      323,     0 ), /*     1                   */
+@@ -252,7 +255,7 @@
+   S_ST( 'd',	3,       42,     0 ), /*    41 beep_             */
+   S_ST( 'e',	3,       43,     0 ), /*    42 beep_d            */
+   S_ST( 'l',	3,       44,     0 ), /*    43 beep_de           */
+-  S_ST( 'a',	3,      440,     0 ), /*    44 beep_del          */
++  S_ST( 'a',	3,      443,     0 ), /*    44 beep_del          */
+   S_ST( 'r',	3,       46,    34 ), /*    45 b                 */
+   S_ST( 'o',	3,       47,     0 ), /*    46 br                */
+   S_ST( 'a',	3,       48,     0 ), /*    47 bro               */
+@@ -352,7 +355,7 @@
+   S_ST( 'a',	3,      142,     0 ), /*   141 dur               */
+   S_ST( 't',	3,      143,     0 ), /*   142 dura              */
+   S_ST( 'i',	3,      144,     0 ), /*   143 durat             */
+-  S_ST( 'o',	3,      443,     0 ), /*   144 durati            */
++  S_ST( 'o',	3,      446,     0 ), /*   144 durati            */
+   S_ST( 'e',	3,      146,   105 ), /*   145                   */
+   S_ST( 'n',	3,      293,     0 ), /*   146 e                 */
+   S_ST( 'a',	3,      148,     0 ), /*   147 en                */
+@@ -378,7 +381,7 @@
+   S_ST( 'f',	3,      168,     0 ), /*   167 freq_o            */
+   S_ST( 'f',	3,      169,     0 ), /*   168 freq_of           */
+   S_ST( 's',	3,      170,     0 ), /*   169 freq_off          */
+-  S_ST( 'e',	3,      444,     0 ), /*   170 freq_offs         */
++  S_ST( 'e',	3,      447,     0 ), /*   170 freq_offs         */
+   S_ST( 'u',	3,      172,   163 ), /*   171 f                 */
+   S_ST( 'd',	3,      173,     0 ), /*   172 fu                */
+   S_ST( 'g',	3,      305,     0 ), /*   173 fud               */
+@@ -438,7 +441,7 @@
+   S_ST( 'i',	3,      228,     0 ), /*   227 j                 */
+   S_ST( 't',	3,      229,     0 ), /*   228 ji                */
+   S_ST( 't',	3,      230,     0 ), /*   229 jit               */
+-  S_ST( 'e',	3,      446,     0 ), /*   230 jitt              */
++  S_ST( 'e',	3,      449,     0 ), /*   230 jitt              */
+   S_ST( 'k',	3,      238,   226 ), /*   231                   */
+   S_ST( 'e',	3,      325,     0 ), /*   232 k                 */
+   S_ST( 'r',	3,      234,     0 ), /*   233 ke                */
+@@ -447,7 +450,7 @@
+   S_ST( 'd',	3,      237,     0 ), /*   236 keys              */
+   S_ST( 'i',	3,      327,     0 ), /*   237 keysd             */
+   S_ST( 'o',	3,      328,   232 ), /*   238 k                 */
+-  S_ST( 'l',	3,      449,   231 ), /*   239                   */
++  S_ST( 'l',	3,      452,   231 ), /*   239                   */
+   S_ST( 'e',	3,      241,     0 ), /*   240 l                 */
+   S_ST( 'a',	3,      242,     0 ), /*   241 le                */
+   S_ST( 'p',	3,      246,     0 ), /*   242 lea               */
+@@ -495,7 +498,7 @@
+   S_ST( 'e',	0,        0,     0 ), /*   284 T_Disable         */
+   S_ST( 'd',	0,        0,     0 ), /*   285 T_Discard         */
+   S_ST( 'n',	0,        0,     0 ), /*   286 T_Dispersion      */
+-  S_ST( 'i',	3,      432,   240 ), /*   287 l                 */
++  S_ST( 'i',	3,      435,   240 ), /*   287 l                 */
+   S_ST( 'e',	1,        0,     0 ), /*   288 T_Driftfile       */
+   S_ST( 'p',	0,        0,     0 ), /*   289 T_Drop            */
+   S_ST( 'p',	0,        0,     0 ), /*   290 T_Dscp            */
+@@ -557,7 +560,7 @@
+   S_ST( 'm',	0,        0,     0 ), /*   346 T_Maxmem          */
+   S_ST( 'l',	0,        0,     0 ), /*   347 T_Maxpoll         */
+   S_ST( 's',	0,        0,     0 ), /*   348 T_Mdnstries       */
+-  S_ST( 'm',	0,      518,     0 ), /*   349 T_Mem             */
++  S_ST( 'm',	0,      521,     0 ), /*   349 T_Mem             */
+   S_ST( 'k',	0,        0,     0 ), /*   350 T_Memlock         */
+   S_ST( 'k',	0,        0,     0 ), /*   351 T_Minclock        */
+   S_ST( 'h',	0,        0,     0 ), /*   352 T_Mindepth        */
+@@ -583,16 +586,16 @@
+   S_ST( 'e',	0,        0,     0 ), /*   372 T_Noserve         */
+   S_ST( 'p',	0,        0,     0 ), /*   373 T_Notrap          */
+   S_ST( 't',	0,        0,     0 ), /*   374 T_Notrust         */
+-  S_ST( 'p',	0,      614,     0 ), /*   375 T_Ntp             */
++  S_ST( 'p',	0,      617,     0 ), /*   375 T_Ntp             */
+   S_ST( 't',	0,        0,     0 ), /*   376 T_Ntpport         */
+   S_ST( 't',	1,        0,     0 ), /*   377 T_NtpSignDsocket  */
+-  S_ST( 'n',	0,      629,     0 ), /*   378 T_Orphan          */
++  S_ST( 'n',	0,      632,     0 ), /*   378 T_Orphan          */
+   S_ST( 't',	0,        0,     0 ), /*   379 T_Orphanwait      */
+   S_ST( 'c',	0,        0,     0 ), /*   380 T_Panic           */
+-  S_ST( 'r',	1,      638,     0 ), /*   381 T_Peer            */
++  S_ST( 'r',	1,      641,     0 ), /*   381 T_Peer            */
+   S_ST( 's',	0,        0,     0 ), /*   382 T_Peerstats       */
+   S_ST( 'e',	2,        0,     0 ), /*   383 T_Phone           */
+-  S_ST( 'd',	0,      646,     0 ), /*   384 T_Pid             */
++  S_ST( 'd',	0,      649,     0 ), /*   384 T_Pid             */
+   S_ST( 'e',	1,        0,     0 ), /*   385 T_Pidfile         */
+   S_ST( 'l',	1,        0,     0 ), /*   386 T_Pool            */
+   S_ST( 't',	0,        0,     0 ), /*   387 T_Port            */
+@@ -599,7 +602,7 @@
+   S_ST( 't',	0,        0,     0 ), /*   388 T_Preempt         */
+   S_ST( 'r',	0,        0,     0 ), /*   389 T_Prefer          */
+   S_ST( 's',	0,        0,     0 ), /*   390 T_Protostats      */
+-  S_ST( 'w',	1,        0,   652 ), /*   391 T_Pw              */
++  S_ST( 'w',	1,        0,   655 ), /*   391 T_Pw              */
+   S_ST( 'e',	1,        0,     0 ), /*   392 T_Randfile        */
+   S_ST( 's',	0,        0,     0 ), /*   393 T_Rawstats        */
+   S_ST( 'd',	1,        0,     0 ), /*   394 T_Refid           */
+@@ -609,20 +612,20 @@
+   S_ST( 'e',	0,        0,     0 ), /*   398 T_Revoke          */
+   S_ST( 't',	0,        0,     0 ), /*   399 T_Rlimit          */
+   S_ST( 'r',	1,        0,     0 ), /*   400 T_Saveconfigdir   */
+-  S_ST( 'r',	1,      729,     0 ), /*   401 T_Server          */
++  S_ST( 'r',	1,      732,     0 ), /*   401 T_Server          */
+   S_ST( 'r',	1,        0,     0 ), /*   402 T_Setvar          */
+   S_ST( 'e',	0,        0,     0 ), /*   403 T_Source          */
+   S_ST( 'e',	0,        0,     0 ), /*   404 T_Stacksize       */
+   S_ST( 's',	0,        0,     0 ), /*   405 T_Statistics      */
+-  S_ST( 's',	0,      772,   767 ), /*   406 T_Stats           */
++  S_ST( 's',	0,      775,   770 ), /*   406 T_Stats           */
+   S_ST( 'r',	1,        0,     0 ), /*   407 T_Statsdir        */
+-  S_ST( 'p',	0,      780,     0 ), /*   408 T_Step            */
++  S_ST( 'p',	0,      783,     0 ), /*   408 T_Step            */
+   S_ST( 'k',	0,        0,     0 ), /*   409 T_Stepback        */
+   S_ST( 'd',	0,        0,     0 ), /*   410 T_Stepfwd         */
+   S_ST( 't',	0,        0,     0 ), /*   411 T_Stepout         */
+   S_ST( 'm',	0,        0,     0 ), /*   412 T_Stratum         */
+   S_ST( 'e',	3,      332,     0 ), /*   413 limit             */
+-  S_ST( 's',	0,      787,     0 ), /*   414 T_Sys             */
++  S_ST( 's',	0,      790,     0 ), /*   414 T_Sys             */
+   S_ST( 's',	0,        0,     0 ), /*   415 T_Sysstats        */
+   S_ST( 'k',	0,        0,     0 ), /*   416 T_Tick            */
+   S_ST( '1',	0,        0,     0 ), /*   417 T_Time1           */
+@@ -637,432 +640,466 @@
+   S_ST( 'l',	0,        0,     0 ), /*   426 T_Ttl             */
+   S_ST( 'e',	0,        0,     0 ), /*   427 T_Type            */
+   S_ST( 'n',	3,      333,   294 ), /*   428 li                */
+-  S_ST( 'g',	1,        0,     0 ), /*   429 T_Unconfig        */
+-  S_ST( 'r',	1,        0,     0 ), /*   430 T_Unpeer          */
+-  S_ST( 'n',	0,        0,     0 ), /*   431 T_Version         */
+-  S_ST( 's',	3,      437,   428 ), /*   432 li                */
+-  S_ST( 'k',	0,        0,     0 ), /*   433 T_Week            */
+-  S_ST( 'd',	0,        0,     0 ), /*   434 T_Wildcard        */
+-  S_ST( 'e',	0,        0,     0 ), /*   435 T_Xleave          */
+-  S_ST( 'r',	0,        0,     0 ), /*   436 T_Year            */
+-  S_ST( 't',	3,      438,     0 ), /*   437 lis               */
+-  S_ST( 'e',	3,      334,     0 ), /*   438 list              */
+-  S_ST( 'e',	0,        0,     0 ), /*   439 T_Simulate        */
+-  S_ST( 'y',	0,        0,     0 ), /*   440 T_Beep_Delay      */
+-  S_ST( 'n',	0,        0,     0 ), /*   441 T_Sim_Duration    */
+-  S_ST( 't',	0,        0,     0 ), /*   442 T_Server_Offset   */
+-  S_ST( 'n',	0,        0,     0 ), /*   443 T_Duration        */
+-  S_ST( 't',	0,        0,     0 ), /*   444 T_Freq_Offset     */
+-  S_ST( 'r',	0,        0,     0 ), /*   445 T_Wander          */
+-  S_ST( 'r',	0,        0,     0 ), /*   446 T_Jitter          */
+-  S_ST( 'y',	0,        0,     0 ), /*   447 T_Prop_Delay      */
+-  S_ST( 'y',	0,        0,     0 ), /*   448 T_Proc_Delay      */
+-  S_ST( 'o',	3,      465,   287 ), /*   449 l                 */
+-  S_ST( 'g',	3,      456,     0 ), /*   450 lo                */
+-  S_ST( 'c',	3,      452,     0 ), /*   451 log               */
+-  S_ST( 'o',	3,      453,     0 ), /*   452 logc              */
+-  S_ST( 'n',	3,      454,     0 ), /*   453 logco             */
+-  S_ST( 'f',	3,      455,     0 ), /*   454 logcon            */
+-  S_ST( 'i',	3,      335,     0 ), /*   455 logconf           */
+-  S_ST( 'f',	3,      457,   451 ), /*   456 log               */
+-  S_ST( 'i',	3,      458,     0 ), /*   457 logf              */
+-  S_ST( 'l',	3,      336,     0 ), /*   458 logfi             */
+-  S_ST( 'o',	3,      460,   450 ), /*   459 lo                */
+-  S_ST( 'p',	3,      461,     0 ), /*   460 loo               */
+-  S_ST( 's',	3,      462,     0 ), /*   461 loop              */
+-  S_ST( 't',	3,      463,     0 ), /*   462 loops             */
+-  S_ST( 'a',	3,      464,     0 ), /*   463 loopst            */
+-  S_ST( 't',	3,      337,     0 ), /*   464 loopsta           */
+-  S_ST( 'w',	3,      466,   459 ), /*   465 lo                */
+-  S_ST( 'p',	3,      467,     0 ), /*   466 low               */
+-  S_ST( 'r',	3,      468,     0 ), /*   467 lowp              */
+-  S_ST( 'i',	3,      469,     0 ), /*   468 lowpr             */
+-  S_ST( 'o',	3,      470,     0 ), /*   469 lowpri            */
+-  S_ST( 't',	3,      471,     0 ), /*   470 lowprio           */
+-  S_ST( 'r',	3,      472,     0 ), /*   471 lowpriot          */
+-  S_ST( 'a',	3,      338,     0 ), /*   472 lowpriotr         */
+-  S_ST( 'm',	3,      554,   239 ), /*   473                   */
+-  S_ST( 'a',	3,      492,     0 ), /*   474 m                 */
+-  S_ST( 'n',	3,      476,     0 ), /*   475 ma                */
+-  S_ST( 'y',	3,      477,     0 ), /*   476 man               */
+-  S_ST( 'c',	3,      478,     0 ), /*   477 many              */
+-  S_ST( 'a',	3,      479,     0 ), /*   478 manyc             */
+-  S_ST( 's',	3,      480,     0 ), /*   479 manyca            */
+-  S_ST( 't',	3,      486,     0 ), /*   480 manycas           */
+-  S_ST( 'c',	3,      482,     0 ), /*   481 manycast          */
+-  S_ST( 'l',	3,      483,     0 ), /*   482 manycastc         */
+-  S_ST( 'i',	3,      484,     0 ), /*   483 manycastcl        */
+-  S_ST( 'e',	3,      485,     0 ), /*   484 manycastcli       */
+-  S_ST( 'n',	3,      339,     0 ), /*   485 manycastclie      */
+-  S_ST( 's',	3,      487,   481 ), /*   486 manycast          */
+-  S_ST( 'e',	3,      488,     0 ), /*   487 manycasts         */
+-  S_ST( 'r',	3,      489,     0 ), /*   488 manycastse        */
+-  S_ST( 'v',	3,      490,     0 ), /*   489 manycastser       */
+-  S_ST( 'e',	3,      340,     0 ), /*   490 manycastserv      */
+-  S_ST( 's',	3,      341,   475 ), /*   491 ma                */
+-  S_ST( 'x',	3,      507,   491 ), /*   492 ma                */
+-  S_ST( 'a',	3,      494,     0 ), /*   493 max               */
+-  S_ST( 'g',	3,      342,     0 ), /*   494 maxa              */
+-  S_ST( 'c',	3,      496,   493 ), /*   495 max               */
+-  S_ST( 'l',	3,      497,     0 ), /*   496 maxc              */
+-  S_ST( 'o',	3,      498,     0 ), /*   497 maxcl             */
+-  S_ST( 'c',	3,      343,     0 ), /*   498 maxclo            */
+-  S_ST( 'd',	3,      503,   495 ), /*   499 max               */
+-  S_ST( 'e',	3,      501,     0 ), /*   500 maxd              */
+-  S_ST( 'p',	3,      502,     0 ), /*   501 maxde             */
+-  S_ST( 't',	3,      344,     0 ), /*   502 maxdep            */
+-  S_ST( 'i',	3,      504,   500 ), /*   503 maxd              */
+-  S_ST( 's',	3,      345,     0 ), /*   504 maxdi             */
+-  S_ST( 'm',	3,      506,   499 ), /*   505 max               */
+-  S_ST( 'e',	3,      346,     0 ), /*   506 maxm              */
+-  S_ST( 'p',	3,      508,   505 ), /*   507 max               */
+-  S_ST( 'o',	3,      509,     0 ), /*   508 maxp              */
+-  S_ST( 'l',	3,      347,     0 ), /*   509 maxpo             */
+-  S_ST( 'd',	3,      511,   474 ), /*   510 m                 */
+-  S_ST( 'n',	3,      512,     0 ), /*   511 md                */
+-  S_ST( 's',	3,      513,     0 ), /*   512 mdn               */
+-  S_ST( 't',	3,      514,     0 ), /*   513 mdns              */
+-  S_ST( 'r',	3,      515,     0 ), /*   514 mdnst             */
+-  S_ST( 'i',	3,      516,     0 ), /*   515 mdnstr            */
+-  S_ST( 'e',	3,      348,     0 ), /*   516 mdnstri           */
+-  S_ST( 'e',	3,      349,   510 ), /*   517 m                 */
+-  S_ST( 'l',	3,      519,     0 ), /*   518 mem               */
+-  S_ST( 'o',	3,      520,     0 ), /*   519 meml              */
+-  S_ST( 'c',	3,      350,     0 ), /*   520 memlo             */
+-  S_ST( 'i',	3,      522,   517 ), /*   521 m                 */
+-  S_ST( 'n',	3,      539,     0 ), /*   522 mi                */
+-  S_ST( 'c',	3,      524,     0 ), /*   523 min               */
+-  S_ST( 'l',	3,      525,     0 ), /*   524 minc              */
+-  S_ST( 'o',	3,      526,     0 ), /*   525 mincl             */
+-  S_ST( 'c',	3,      351,     0 ), /*   526 minclo            */
+-  S_ST( 'd',	3,      531,   523 ), /*   527 min               */
+-  S_ST( 'e',	3,      529,     0 ), /*   528 mind              */
+-  S_ST( 'p',	3,      530,     0 ), /*   529 minde             */
+-  S_ST( 't',	3,      352,     0 ), /*   530 mindep            */
+-  S_ST( 'i',	3,      532,   528 ), /*   531 mind              */
+-  S_ST( 's',	3,      353,     0 ), /*   532 mindi             */
+-  S_ST( 'i',	3,      534,   527 ), /*   533 min               */
+-  S_ST( 'm',	3,      535,     0 ), /*   534 mini              */
+-  S_ST( 'u',	3,      354,     0 ), /*   535 minim             */
+-  S_ST( 'p',	3,      537,   533 ), /*   536 min               */
+-  S_ST( 'o',	3,      538,     0 ), /*   537 minp              */
+-  S_ST( 'l',	3,      355,     0 ), /*   538 minpo             */
+-  S_ST( 's',	3,      540,   536 ), /*   539 min               */
+-  S_ST( 'a',	3,      541,     0 ), /*   540 mins              */
+-  S_ST( 'n',	3,      356,     0 ), /*   541 minsa             */
+-  S_ST( 'o',	3,      544,   521 ), /*   542 m                 */
+-  S_ST( 'd',	3,      357,     0 ), /*   543 mo                */
+-  S_ST( 'n',	3,      548,   543 ), /*   544 mo                */
+-  S_ST( 'i',	3,      546,     0 ), /*   545 mon               */
+-  S_ST( 't',	3,      547,     0 ), /*   546 moni              */
+-  S_ST( 'o',	3,      359,     0 ), /*   547 monit             */
+-  S_ST( 't',	3,      360,   545 ), /*   548 mon               */
+-  S_ST( 'r',	3,      361,   542 ), /*   549 m                 */
+-  S_ST( 's',	3,      551,   549 ), /*   550 m                 */
+-  S_ST( 's',	3,      552,     0 ), /*   551 ms                */
+-  S_ST( 'n',	3,      553,     0 ), /*   552 mss               */
+-  S_ST( 't',	3,      329,     0 ), /*   553 mssn              */
+-  S_ST( 'u',	3,      555,   550 ), /*   554 m                 */
+-  S_ST( 'l',	3,      556,     0 ), /*   555 mu                */
+-  S_ST( 't',	3,      557,     0 ), /*   556 mul               */
+-  S_ST( 'i',	3,      558,     0 ), /*   557 mult              */
+-  S_ST( 'c',	3,      559,     0 ), /*   558 multi             */
+-  S_ST( 'a',	3,      560,     0 ), /*   559 multic            */
+-  S_ST( 's',	3,      561,     0 ), /*   560 multica           */
+-  S_ST( 't',	3,      562,     0 ), /*   561 multicas          */
+-  S_ST( 'c',	3,      563,     0 ), /*   562 multicast         */
+-  S_ST( 'l',	3,      564,     0 ), /*   563 multicastc        */
+-  S_ST( 'i',	3,      565,     0 ), /*   564 multicastcl       */
+-  S_ST( 'e',	3,      566,     0 ), /*   565 multicastcli      */
+-  S_ST( 'n',	3,      362,     0 ), /*   566 multicastclie     */
+-  S_ST( 'n',	3,      610,   473 ), /*   567                   */
+-  S_ST( 'i',	3,      363,     0 ), /*   568 n                 */
+-  S_ST( 'o',	3,      605,   568 ), /*   569 n                 */
+-  S_ST( 'l',	3,      571,     0 ), /*   570 no                */
+-  S_ST( 'i',	3,      572,     0 ), /*   571 nol               */
+-  S_ST( 'n',	3,      364,     0 ), /*   572 noli              */
+-  S_ST( 'm',	3,      578,   570 ), /*   573 no                */
+-  S_ST( 'o',	3,      575,     0 ), /*   574 nom               */
+-  S_ST( 'd',	3,      576,     0 ), /*   575 nomo              */
+-  S_ST( 'i',	3,      577,     0 ), /*   576 nomod             */
+-  S_ST( 'f',	3,      365,     0 ), /*   577 nomodi            */
+-  S_ST( 'r',	3,      579,   574 ), /*   578 nom               */
+-  S_ST( 'u',	3,      580,     0 ), /*   579 nomr              */
+-  S_ST( 'l',	3,      581,     0 ), /*   580 nomru             */
+-  S_ST( 'i',	3,      582,     0 ), /*   581 nomrul            */
+-  S_ST( 's',	3,      366,     0 ), /*   582 nomruli           */
+-  S_ST( 'n',	3,      584,   573 ), /*   583 no                */
+-  S_ST( 'v',	3,      585,   367 ), /*   584 non               */
+-  S_ST( 'o',	3,      586,     0 ), /*   585 nonv              */
+-  S_ST( 'l',	3,      587,     0 ), /*   586 nonvo             */
+-  S_ST( 'a',	3,      588,     0 ), /*   587 nonvol            */
+-  S_ST( 't',	3,      589,     0 ), /*   588 nonvola           */
+-  S_ST( 'i',	3,      590,     0 ), /*   589 nonvolat          */
+-  S_ST( 'l',	3,      368,     0 ), /*   590 nonvolati         */
+-  S_ST( 'p',	3,      592,   583 ), /*   591 no                */
+-  S_ST( 'e',	3,      593,     0 ), /*   592 nop               */
+-  S_ST( 'e',	3,      369,     0 ), /*   593 nope              */
+-  S_ST( 'q',	3,      595,   591 ), /*   594 no                */
+-  S_ST( 'u',	3,      596,     0 ), /*   595 noq               */
+-  S_ST( 'e',	3,      597,     0 ), /*   596 noqu              */
+-  S_ST( 'r',	3,      370,     0 ), /*   597 noque             */
+-  S_ST( 's',	3,      599,   594 ), /*   598 no                */
+-  S_ST( 'e',	3,      603,     0 ), /*   599 nos               */
+-  S_ST( 'l',	3,      601,     0 ), /*   600 nose              */
+-  S_ST( 'e',	3,      602,     0 ), /*   601 nosel             */
+-  S_ST( 'c',	3,      371,     0 ), /*   602 nosele            */
+-  S_ST( 'r',	3,      604,   600 ), /*   603 nose              */
+-  S_ST( 'v',	3,      372,     0 ), /*   604 noser             */
+-  S_ST( 't',	3,      606,   598 ), /*   605 no                */
+-  S_ST( 'r',	3,      608,     0 ), /*   606 not               */
+-  S_ST( 'a',	3,      373,     0 ), /*   607 notr              */
+-  S_ST( 'u',	3,      609,   607 ), /*   608 notr              */
+-  S_ST( 's',	3,      374,     0 ), /*   609 notru             */
+-  S_ST( 't',	3,      375,   569 ), /*   610 n                 */
+-  S_ST( 'p',	3,      612,     0 ), /*   611 ntp               */
+-  S_ST( 'o',	3,      613,     0 ), /*   612 ntpp              */
+-  S_ST( 'r',	3,      376,     0 ), /*   613 ntppo             */
+-  S_ST( 's',	3,      615,   611 ), /*   614 ntp               */
+-  S_ST( 'i',	3,      616,     0 ), /*   615 ntps              */
+-  S_ST( 'g',	3,      617,     0 ), /*   616 ntpsi             */
+-  S_ST( 'n',	3,      618,     0 ), /*   617 ntpsig            */
+-  S_ST( 'd',	3,      619,     0 ), /*   618 ntpsign           */
+-  S_ST( 's',	3,      620,     0 ), /*   619 ntpsignd          */
+-  S_ST( 'o',	3,      621,     0 ), /*   620 ntpsignds         */
+-  S_ST( 'c',	3,      622,     0 ), /*   621 ntpsigndso        */
+-  S_ST( 'k',	3,      623,     0 ), /*   622 ntpsigndsoc       */
+-  S_ST( 'e',	3,      377,     0 ), /*   623 ntpsigndsock      */
+-  S_ST( 'o',	3,      625,   567 ), /*   624                   */
+-  S_ST( 'r',	3,      626,     0 ), /*   625 o                 */
+-  S_ST( 'p',	3,      627,     0 ), /*   626 or                */
+-  S_ST( 'h',	3,      628,     0 ), /*   627 orp               */
+-  S_ST( 'a',	3,      378,     0 ), /*   628 orph              */
+-  S_ST( 'w',	3,      630,     0 ), /*   629 orphan            */
+-  S_ST( 'a',	3,      631,     0 ), /*   630 orphanw           */
+-  S_ST( 'i',	3,      379,     0 ), /*   631 orphanwa          */
+-  S_ST( 'p',	3,      391,   624 ), /*   632                   */
+-  S_ST( 'a',	3,      634,     0 ), /*   633 p                 */
+-  S_ST( 'n',	3,      635,     0 ), /*   634 pa                */
+-  S_ST( 'i',	3,      380,     0 ), /*   635 pan               */
+-  S_ST( 'e',	3,      637,   633 ), /*   636 p                 */
+-  S_ST( 'e',	3,      381,     0 ), /*   637 pe                */
+-  S_ST( 's',	3,      639,     0 ), /*   638 peer              */
+-  S_ST( 't',	3,      640,     0 ), /*   639 peers             */
+-  S_ST( 'a',	3,      641,     0 ), /*   640 peerst            */
+-  S_ST( 't',	3,      382,     0 ), /*   641 peersta           */
+-  S_ST( 'h',	3,      643,   636 ), /*   642 p                 */
+-  S_ST( 'o',	3,      644,     0 ), /*   643 ph                */
+-  S_ST( 'n',	3,      383,     0 ), /*   644 pho               */
+-  S_ST( 'i',	3,      384,   642 ), /*   645 p                 */
+-  S_ST( 'f',	3,      647,     0 ), /*   646 pid               */
+-  S_ST( 'i',	3,      648,     0 ), /*   647 pidf              */
+-  S_ST( 'l',	3,      385,     0 ), /*   648 pidfi             */
+-  S_ST( 'o',	3,      651,   645 ), /*   649 p                 */
+-  S_ST( 'o',	3,      386,     0 ), /*   650 po                */
+-  S_ST( 'r',	3,      387,   650 ), /*   651 po                */
+-  S_ST( 'r',	3,      659,   649 ), /*   652 p                 */
+-  S_ST( 'e',	3,      657,     0 ), /*   653 pr                */
+-  S_ST( 'e',	3,      655,     0 ), /*   654 pre               */
+-  S_ST( 'm',	3,      656,     0 ), /*   655 pree              */
+-  S_ST( 'p',	3,      388,     0 ), /*   656 preem             */
+-  S_ST( 'f',	3,      658,   654 ), /*   657 pre               */
+-  S_ST( 'e',	3,      389,     0 ), /*   658 pref              */
+-  S_ST( 'o',	3,      672,   653 ), /*   659 pr                */
+-  S_ST( 'c',	3,      661,     0 ), /*   660 pro               */
+-  S_ST( '_',	3,      662,     0 ), /*   661 proc              */
+-  S_ST( 'd',	3,      663,     0 ), /*   662 proc_             */
+-  S_ST( 'e',	3,      664,     0 ), /*   663 proc_d            */
+-  S_ST( 'l',	3,      665,     0 ), /*   664 proc_de           */
+-  S_ST( 'a',	3,      448,     0 ), /*   665 proc_del          */
+-  S_ST( 'p',	3,      667,   660 ), /*   666 pro               */
+-  S_ST( '_',	3,      668,     0 ), /*   667 prop              */
+-  S_ST( 'd',	3,      669,     0 ), /*   668 prop_             */
+-  S_ST( 'e',	3,      670,     0 ), /*   669 prop_d            */
+-  S_ST( 'l',	3,      671,     0 ), /*   670 prop_de           */
+-  S_ST( 'a',	3,      447,     0 ), /*   671 prop_del          */
+-  S_ST( 't',	3,      673,   666 ), /*   672 pro               */
+-  S_ST( 'o',	3,      674,     0 ), /*   673 prot              */
+-  S_ST( 's',	3,      675,     0 ), /*   674 proto             */
+-  S_ST( 't',	3,      676,     0 ), /*   675 protos            */
+-  S_ST( 'a',	3,      677,     0 ), /*   676 protost           */
+-  S_ST( 't',	3,      390,     0 ), /*   677 protosta          */
+-  S_ST( 'r',	3,      709,   632 ), /*   678                   */
+-  S_ST( 'a',	3,      685,     0 ), /*   679 r                 */
+-  S_ST( 'n',	3,      681,     0 ), /*   680 ra                */
+-  S_ST( 'd',	3,      682,     0 ), /*   681 ran               */
+-  S_ST( 'f',	3,      683,     0 ), /*   682 rand              */
+-  S_ST( 'i',	3,      684,     0 ), /*   683 randf             */
+-  S_ST( 'l',	3,      392,     0 ), /*   684 randfi            */
+-  S_ST( 'w',	3,      686,   680 ), /*   685 ra                */
+-  S_ST( 's',	3,      687,     0 ), /*   686 raw               */
+-  S_ST( 't',	3,      688,     0 ), /*   687 raws              */
+-  S_ST( 'a',	3,      689,     0 ), /*   688 rawst             */
+-  S_ST( 't',	3,      393,     0 ), /*   689 rawsta            */
+-  S_ST( 'e',	3,      706,   679 ), /*   690 r                 */
+-  S_ST( 'f',	3,      692,     0 ), /*   691 re                */
+-  S_ST( 'i',	3,      394,     0 ), /*   692 ref               */
+-  S_ST( 'q',	3,      694,   691 ), /*   693 re                */
+-  S_ST( 'u',	3,      695,     0 ), /*   694 req               */
+-  S_ST( 'e',	3,      696,     0 ), /*   695 requ              */
+-  S_ST( 's',	3,      697,     0 ), /*   696 reque             */
+-  S_ST( 't',	3,      698,     0 ), /*   697 reques            */
+-  S_ST( 'k',	3,      699,     0 ), /*   698 request           */
+-  S_ST( 'e',	3,      395,     0 ), /*   699 requestk          */
+-  S_ST( 's',	3,      702,   693 ), /*   700 re                */
+-  S_ST( 'e',	3,      396,     0 ), /*   701 res               */
+-  S_ST( 't',	3,      703,   701 ), /*   702 res               */
+-  S_ST( 'r',	3,      704,     0 ), /*   703 rest              */
+-  S_ST( 'i',	3,      705,     0 ), /*   704 restr             */
+-  S_ST( 'c',	3,      397,     0 ), /*   705 restri            */
+-  S_ST( 'v',	3,      707,   700 ), /*   706 re                */
+-  S_ST( 'o',	3,      708,     0 ), /*   707 rev               */
+-  S_ST( 'k',	3,      398,     0 ), /*   708 revo              */
+-  S_ST( 'l',	3,      710,   690 ), /*   709 r                 */
+-  S_ST( 'i',	3,      711,     0 ), /*   710 rl                */
+-  S_ST( 'm',	3,      712,     0 ), /*   711 rli               */
+-  S_ST( 'i',	3,      399,     0 ), /*   712 rlim              */
+-  S_ST( 's',	3,      786,   678 ), /*   713                   */
+-  S_ST( 'a',	3,      715,     0 ), /*   714 s                 */
+-  S_ST( 'v',	3,      716,     0 ), /*   715 sa                */
+-  S_ST( 'e',	3,      717,     0 ), /*   716 sav               */
+-  S_ST( 'c',	3,      718,     0 ), /*   717 save              */
+-  S_ST( 'o',	3,      719,     0 ), /*   718 savec             */
+-  S_ST( 'n',	3,      720,     0 ), /*   719 saveco            */
+-  S_ST( 'f',	3,      721,     0 ), /*   720 savecon           */
+-  S_ST( 'i',	3,      722,     0 ), /*   721 saveconf          */
+-  S_ST( 'g',	3,      723,     0 ), /*   722 saveconfi         */
+-  S_ST( 'd',	3,      724,     0 ), /*   723 saveconfig        */
+-  S_ST( 'i',	3,      400,     0 ), /*   724 saveconfigd       */
+-  S_ST( 'e',	3,      735,   714 ), /*   725 s                 */
+-  S_ST( 'r',	3,      727,     0 ), /*   726 se                */
+-  S_ST( 'v',	3,      728,     0 ), /*   727 ser               */
+-  S_ST( 'e',	3,      401,     0 ), /*   728 serv              */
+-  S_ST( '_',	3,      730,     0 ), /*   729 server            */
+-  S_ST( 'o',	3,      731,     0 ), /*   730 server_           */
+-  S_ST( 'f',	3,      732,     0 ), /*   731 server_o          */
+-  S_ST( 'f',	3,      733,     0 ), /*   732 server_of         */
+-  S_ST( 's',	3,      734,     0 ), /*   733 server_off        */
+-  S_ST( 'e',	3,      442,     0 ), /*   734 server_offs       */
+-  S_ST( 't',	3,      736,   726 ), /*   735 se                */
+-  S_ST( 'v',	3,      737,     0 ), /*   736 set               */
+-  S_ST( 'a',	3,      402,     0 ), /*   737 setv              */
+-  S_ST( 'i',	3,      739,   725 ), /*   738 s                 */
+-  S_ST( 'm',	3,      740,     0 ), /*   739 si                */
+-  S_ST( 'u',	3,      741,     0 ), /*   740 sim               */
+-  S_ST( 'l',	3,      742,     0 ), /*   741 simu              */
+-  S_ST( 'a',	3,      743,     0 ), /*   742 simul             */
+-  S_ST( 't',	3,      744,     0 ), /*   743 simula            */
+-  S_ST( 'i',	3,      745,   439 ), /*   744 simulat           */
+-  S_ST( 'o',	3,      746,     0 ), /*   745 simulati          */
+-  S_ST( 'n',	3,      747,     0 ), /*   746 simulatio         */
+-  S_ST( '_',	3,      748,     0 ), /*   747 simulation        */
+-  S_ST( 'd',	3,      749,     0 ), /*   748 simulation_       */
+-  S_ST( 'u',	3,      750,     0 ), /*   749 simulation_d      */
+-  S_ST( 'r',	3,      751,     0 ), /*   750 simulation_du     */
+-  S_ST( 'a',	3,      752,     0 ), /*   751 simulation_dur    */
+-  S_ST( 't',	3,      753,     0 ), /*   752 simulation_dura   */
+-  S_ST( 'i',	3,      754,     0 ), /*   753 simulation_durat  */
+-  S_ST( 'o',	3,      441,     0 ), /*   754 simulation_durati */
+-  S_ST( 'o',	3,      756,   738 ), /*   755 s                 */
+-  S_ST( 'u',	3,      757,     0 ), /*   756 so                */
+-  S_ST( 'r',	3,      758,     0 ), /*   757 sou               */
+-  S_ST( 'c',	3,      403,     0 ), /*   758 sour              */
+-  S_ST( 't',	3,      782,   755 ), /*   759 s                 */
+-  S_ST( 'a',	3,      766,     0 ), /*   760 st                */
+-  S_ST( 'c',	3,      762,     0 ), /*   761 sta               */
+-  S_ST( 'k',	3,      763,     0 ), /*   762 stac              */
+-  S_ST( 's',	3,      764,     0 ), /*   763 stack             */
+-  S_ST( 'i',	3,      765,     0 ), /*   764 stacks            */
+-  S_ST( 'z',	3,      404,     0 ), /*   765 stacksi           */
+-  S_ST( 't',	3,      406,   761 ), /*   766 sta               */
+-  S_ST( 'i',	3,      768,     0 ), /*   767 stat              */
+-  S_ST( 's',	3,      769,     0 ), /*   768 stati             */
+-  S_ST( 't',	3,      770,     0 ), /*   769 statis            */
+-  S_ST( 'i',	3,      771,     0 ), /*   770 statist           */
+-  S_ST( 'c',	3,      405,     0 ), /*   771 statisti          */
+-  S_ST( 'd',	3,      773,     0 ), /*   772 stats             */
+-  S_ST( 'i',	3,      407,     0 ), /*   773 statsd            */
+-  S_ST( 'e',	3,      408,   760 ), /*   774 st                */
+-  S_ST( 'b',	3,      776,     0 ), /*   775 step              */
+-  S_ST( 'a',	3,      777,     0 ), /*   776 stepb             */
+-  S_ST( 'c',	3,      409,     0 ), /*   777 stepba            */
+-  S_ST( 'f',	3,      779,   775 ), /*   778 step              */
+-  S_ST( 'w',	3,      410,     0 ), /*   779 stepf             */
+-  S_ST( 'o',	3,      781,   778 ), /*   780 step              */
+-  S_ST( 'u',	3,      411,     0 ), /*   781 stepo             */
+-  S_ST( 'r',	3,      783,   774 ), /*   782 st                */
+-  S_ST( 'a',	3,      784,     0 ), /*   783 str               */
+-  S_ST( 't',	3,      785,     0 ), /*   784 stra              */
+-  S_ST( 'u',	3,      412,     0 ), /*   785 strat             */
+-  S_ST( 'y',	3,      414,   759 ), /*   786 s                 */
+-  S_ST( 's',	3,      788,     0 ), /*   787 sys               */
+-  S_ST( 't',	3,      789,     0 ), /*   788 syss              */
+-  S_ST( 'a',	3,      790,     0 ), /*   789 sysst             */
+-  S_ST( 't',	3,      415,     0 ), /*   790 syssta            */
+-  S_ST( 't',	3,      817,   713 ), /*   791                   */
+-  S_ST( 'i',	3,      803,     0 ), /*   792 t                 */
+-  S_ST( 'c',	3,      416,     0 ), /*   793 ti                */
+-  S_ST( 'm',	3,      796,   793 ), /*   794 ti                */
+-  S_ST( 'e',	3,      419,     0 ), /*   795 tim               */
+-  S_ST( 'i',	3,      797,   795 ), /*   796 tim               */
+-  S_ST( 'n',	3,      798,     0 ), /*   797 timi              */
+-  S_ST( 'g',	3,      799,     0 ), /*   798 timin             */
+-  S_ST( 's',	3,      800,     0 ), /*   799 timing            */
+-  S_ST( 't',	3,      801,     0 ), /*   800 timings           */
+-  S_ST( 'a',	3,      802,     0 ), /*   801 timingst          */
+-  S_ST( 't',	3,      420,     0 ), /*   802 timingsta         */
+-  S_ST( 'n',	3,      804,   794 ), /*   803 ti                */
+-  S_ST( 'k',	3,      805,     0 ), /*   804 tin               */
+-  S_ST( 'e',	3,      421,     0 ), /*   805 tink              */
+-  S_ST( 'o',	3,      422,   792 ), /*   806 t                 */
+-  S_ST( 'r',	3,      809,   806 ), /*   807 t                 */
+-  S_ST( 'a',	3,      423,     0 ), /*   808 tr                */
+-  S_ST( 'u',	3,      810,   808 ), /*   809 tr                */
+-  S_ST( 's',	3,      811,   424 ), /*   810 tru               */
+-  S_ST( 't',	3,      812,     0 ), /*   811 trus              */
+-  S_ST( 'e',	3,      813,     0 ), /*   812 trust             */
+-  S_ST( 'd',	3,      814,     0 ), /*   813 truste            */
+-  S_ST( 'k',	3,      815,     0 ), /*   814 trusted           */
+-  S_ST( 'e',	3,      425,     0 ), /*   815 trustedk          */
+-  S_ST( 't',	3,      426,   807 ), /*   816 t                 */
+-  S_ST( 'y',	3,      818,   816 ), /*   817 t                 */
+-  S_ST( 'p',	3,      427,     0 ), /*   818 ty                */
+-  S_ST( 'u',	3,      820,   791 ), /*   819                   */
+-  S_ST( 'n',	3,      826,     0 ), /*   820 u                 */
+-  S_ST( 'c',	3,      822,     0 ), /*   821 un                */
+-  S_ST( 'o',	3,      823,     0 ), /*   822 unc               */
+-  S_ST( 'n',	3,      824,     0 ), /*   823 unco              */
+-  S_ST( 'f',	3,      825,     0 ), /*   824 uncon             */
+-  S_ST( 'i',	3,      429,     0 ), /*   825 unconf            */
+-  S_ST( 'p',	3,      827,   821 ), /*   826 un                */
+-  S_ST( 'e',	3,      828,     0 ), /*   827 unp               */
+-  S_ST( 'e',	3,      430,     0 ), /*   828 unpe              */
+-  S_ST( 'v',	3,      830,   819 ), /*   829                   */
+-  S_ST( 'e',	3,      831,     0 ), /*   830 v                 */
+-  S_ST( 'r',	3,      832,     0 ), /*   831 ve                */
+-  S_ST( 's',	3,      833,     0 ), /*   832 ver               */
+-  S_ST( 'i',	3,      834,     0 ), /*   833 vers              */
+-  S_ST( 'o',	3,      431,     0 ), /*   834 versi             */
+-  S_ST( 'w',	3,      842,   829 ), /*   835                   */
+-  S_ST( 'a',	3,      837,     0 ), /*   836 w                 */
+-  S_ST( 'n',	3,      838,     0 ), /*   837 wa                */
+-  S_ST( 'd',	3,      839,     0 ), /*   838 wan               */
+-  S_ST( 'e',	3,      445,     0 ), /*   839 wand              */
+-  S_ST( 'e',	3,      841,   836 ), /*   840 w                 */
+-  S_ST( 'e',	3,      433,     0 ), /*   841 we                */
+-  S_ST( 'i',	3,      843,   840 ), /*   842 w                 */
+-  S_ST( 'l',	3,      844,     0 ), /*   843 wi                */
+-  S_ST( 'd',	3,      845,     0 ), /*   844 wil               */
+-  S_ST( 'c',	3,      846,     0 ), /*   845 wild              */
+-  S_ST( 'a',	3,      847,     0 ), /*   846 wildc             */
+-  S_ST( 'r',	3,      434,     0 ), /*   847 wildca            */
+-  S_ST( 'x',	3,      849,   835 ), /*   848                   */
+-  S_ST( 'l',	3,      850,     0 ), /*   849 x                 */
+-  S_ST( 'e',	3,      851,     0 ), /*   850 xl                */
+-  S_ST( 'a',	3,      852,     0 ), /*   851 xle               */
+-  S_ST( 'v',	3,      435,     0 ), /*   852 xlea              */
+-  S_ST( 'y',	3,      854,   848 ), /*   853 [initial state]   */
+-  S_ST( 'e',	3,      855,     0 ), /*   854 y                 */
+-  S_ST( 'a',	3,      436,     0 )  /*   855 ye                */
++  S_ST( 'y',	0,        0,     0 ), /*   429 T_UEcrypto        */
++  S_ST( 'y',	0,        0,     0 ), /*   430 T_UEcryptonak     */
++  S_ST( 'y',	0,        0,     0 ), /*   431 T_UEdigest        */
++  S_ST( 'g',	1,        0,     0 ), /*   432 T_Unconfig        */
++  S_ST( 'r',	1,      832,     0 ), /*   433 T_Unpeer          */
++  S_ST( 'n',	0,        0,     0 ), /*   434 T_Version         */
++  S_ST( 's',	3,      440,   428 ), /*   435 li                */
++  S_ST( 'k',	0,        0,     0 ), /*   436 T_Week            */
++  S_ST( 'd',	0,        0,     0 ), /*   437 T_Wildcard        */
++  S_ST( 'e',	0,        0,     0 ), /*   438 T_Xleave          */
++  S_ST( 'r',	0,        0,     0 ), /*   439 T_Year            */
++  S_ST( 't',	3,      441,     0 ), /*   440 lis               */
++  S_ST( 'e',	3,      334,     0 ), /*   441 list              */
++  S_ST( 'e',	0,        0,     0 ), /*   442 T_Simulate        */
++  S_ST( 'y',	0,        0,     0 ), /*   443 T_Beep_Delay      */
++  S_ST( 'n',	0,        0,     0 ), /*   444 T_Sim_Duration    */
++  S_ST( 't',	0,        0,     0 ), /*   445 T_Server_Offset   */
++  S_ST( 'n',	0,        0,     0 ), /*   446 T_Duration        */
++  S_ST( 't',	0,        0,     0 ), /*   447 T_Freq_Offset     */
++  S_ST( 'r',	0,        0,     0 ), /*   448 T_Wander          */
++  S_ST( 'r',	0,        0,     0 ), /*   449 T_Jitter          */
++  S_ST( 'y',	0,        0,     0 ), /*   450 T_Prop_Delay      */
++  S_ST( 'y',	0,        0,     0 ), /*   451 T_Proc_Delay      */
++  S_ST( 'o',	3,      468,   287 ), /*   452 l                 */
++  S_ST( 'g',	3,      459,     0 ), /*   453 lo                */
++  S_ST( 'c',	3,      455,     0 ), /*   454 log               */
++  S_ST( 'o',	3,      456,     0 ), /*   455 logc              */
++  S_ST( 'n',	3,      457,     0 ), /*   456 logco             */
++  S_ST( 'f',	3,      458,     0 ), /*   457 logcon            */
++  S_ST( 'i',	3,      335,     0 ), /*   458 logconf           */
++  S_ST( 'f',	3,      460,   454 ), /*   459 log               */
++  S_ST( 'i',	3,      461,     0 ), /*   460 logf              */
++  S_ST( 'l',	3,      336,     0 ), /*   461 logfi             */
++  S_ST( 'o',	3,      463,   453 ), /*   462 lo                */
++  S_ST( 'p',	3,      464,     0 ), /*   463 loo               */
++  S_ST( 's',	3,      465,     0 ), /*   464 loop              */
++  S_ST( 't',	3,      466,     0 ), /*   465 loops             */
++  S_ST( 'a',	3,      467,     0 ), /*   466 loopst            */
++  S_ST( 't',	3,      337,     0 ), /*   467 loopsta           */
++  S_ST( 'w',	3,      469,   462 ), /*   468 lo                */
++  S_ST( 'p',	3,      470,     0 ), /*   469 low               */
++  S_ST( 'r',	3,      471,     0 ), /*   470 lowp              */
++  S_ST( 'i',	3,      472,     0 ), /*   471 lowpr             */
++  S_ST( 'o',	3,      473,     0 ), /*   472 lowpri            */
++  S_ST( 't',	3,      474,     0 ), /*   473 lowprio           */
++  S_ST( 'r',	3,      475,     0 ), /*   474 lowpriot          */
++  S_ST( 'a',	3,      338,     0 ), /*   475 lowpriotr         */
++  S_ST( 'm',	3,      557,   239 ), /*   476                   */
++  S_ST( 'a',	3,      495,     0 ), /*   477 m                 */
++  S_ST( 'n',	3,      479,     0 ), /*   478 ma                */
++  S_ST( 'y',	3,      480,     0 ), /*   479 man               */
++  S_ST( 'c',	3,      481,     0 ), /*   480 many              */
++  S_ST( 'a',	3,      482,     0 ), /*   481 manyc             */
++  S_ST( 's',	3,      483,     0 ), /*   482 manyca            */
++  S_ST( 't',	3,      489,     0 ), /*   483 manycas           */
++  S_ST( 'c',	3,      485,     0 ), /*   484 manycast          */
++  S_ST( 'l',	3,      486,     0 ), /*   485 manycastc         */
++  S_ST( 'i',	3,      487,     0 ), /*   486 manycastcl        */
++  S_ST( 'e',	3,      488,     0 ), /*   487 manycastcli       */
++  S_ST( 'n',	3,      339,     0 ), /*   488 manycastclie      */
++  S_ST( 's',	3,      490,   484 ), /*   489 manycast          */
++  S_ST( 'e',	3,      491,     0 ), /*   490 manycasts         */
++  S_ST( 'r',	3,      492,     0 ), /*   491 manycastse        */
++  S_ST( 'v',	3,      493,     0 ), /*   492 manycastser       */
++  S_ST( 'e',	3,      340,     0 ), /*   493 manycastserv      */
++  S_ST( 's',	3,      341,   478 ), /*   494 ma                */
++  S_ST( 'x',	3,      510,   494 ), /*   495 ma                */
++  S_ST( 'a',	3,      497,     0 ), /*   496 max               */
++  S_ST( 'g',	3,      342,     0 ), /*   497 maxa              */
++  S_ST( 'c',	3,      499,   496 ), /*   498 max               */
++  S_ST( 'l',	3,      500,     0 ), /*   499 maxc              */
++  S_ST( 'o',	3,      501,     0 ), /*   500 maxcl             */
++  S_ST( 'c',	3,      343,     0 ), /*   501 maxclo            */
++  S_ST( 'd',	3,      506,   498 ), /*   502 max               */
++  S_ST( 'e',	3,      504,     0 ), /*   503 maxd              */
++  S_ST( 'p',	3,      505,     0 ), /*   504 maxde             */
++  S_ST( 't',	3,      344,     0 ), /*   505 maxdep            */
++  S_ST( 'i',	3,      507,   503 ), /*   506 maxd              */
++  S_ST( 's',	3,      345,     0 ), /*   507 maxdi             */
++  S_ST( 'm',	3,      509,   502 ), /*   508 max               */
++  S_ST( 'e',	3,      346,     0 ), /*   509 maxm              */
++  S_ST( 'p',	3,      511,   508 ), /*   510 max               */
++  S_ST( 'o',	3,      512,     0 ), /*   511 maxp              */
++  S_ST( 'l',	3,      347,     0 ), /*   512 maxpo             */
++  S_ST( 'd',	3,      514,   477 ), /*   513 m                 */
++  S_ST( 'n',	3,      515,     0 ), /*   514 md                */
++  S_ST( 's',	3,      516,     0 ), /*   515 mdn               */
++  S_ST( 't',	3,      517,     0 ), /*   516 mdns              */
++  S_ST( 'r',	3,      518,     0 ), /*   517 mdnst             */
++  S_ST( 'i',	3,      519,     0 ), /*   518 mdnstr            */
++  S_ST( 'e',	3,      348,     0 ), /*   519 mdnstri           */
++  S_ST( 'e',	3,      349,   513 ), /*   520 m                 */
++  S_ST( 'l',	3,      522,     0 ), /*   521 mem               */
++  S_ST( 'o',	3,      523,     0 ), /*   522 meml              */
++  S_ST( 'c',	3,      350,     0 ), /*   523 memlo             */
++  S_ST( 'i',	3,      525,   520 ), /*   524 m                 */
++  S_ST( 'n',	3,      542,     0 ), /*   525 mi                */
++  S_ST( 'c',	3,      527,     0 ), /*   526 min               */
++  S_ST( 'l',	3,      528,     0 ), /*   527 minc              */
++  S_ST( 'o',	3,      529,     0 ), /*   528 mincl             */
++  S_ST( 'c',	3,      351,     0 ), /*   529 minclo            */
++  S_ST( 'd',	3,      534,   526 ), /*   530 min               */
++  S_ST( 'e',	3,      532,     0 ), /*   531 mind              */
++  S_ST( 'p',	3,      533,     0 ), /*   532 minde             */
++  S_ST( 't',	3,      352,     0 ), /*   533 mindep            */
++  S_ST( 'i',	3,      535,   531 ), /*   534 mind              */
++  S_ST( 's',	3,      353,     0 ), /*   535 mindi             */
++  S_ST( 'i',	3,      537,   530 ), /*   536 min               */
++  S_ST( 'm',	3,      538,     0 ), /*   537 mini              */
++  S_ST( 'u',	3,      354,     0 ), /*   538 minim             */
++  S_ST( 'p',	3,      540,   536 ), /*   539 min               */
++  S_ST( 'o',	3,      541,     0 ), /*   540 minp              */
++  S_ST( 'l',	3,      355,     0 ), /*   541 minpo             */
++  S_ST( 's',	3,      543,   539 ), /*   542 min               */
++  S_ST( 'a',	3,      544,     0 ), /*   543 mins              */
++  S_ST( 'n',	3,      356,     0 ), /*   544 minsa             */
++  S_ST( 'o',	3,      547,   524 ), /*   545 m                 */
++  S_ST( 'd',	3,      357,     0 ), /*   546 mo                */
++  S_ST( 'n',	3,      551,   546 ), /*   547 mo                */
++  S_ST( 'i',	3,      549,     0 ), /*   548 mon               */
++  S_ST( 't',	3,      550,     0 ), /*   549 moni              */
++  S_ST( 'o',	3,      359,     0 ), /*   550 monit             */
++  S_ST( 't',	3,      360,   548 ), /*   551 mon               */
++  S_ST( 'r',	3,      361,   545 ), /*   552 m                 */
++  S_ST( 's',	3,      554,   552 ), /*   553 m                 */
++  S_ST( 's',	3,      555,     0 ), /*   554 ms                */
++  S_ST( 'n',	3,      556,     0 ), /*   555 mss               */
++  S_ST( 't',	3,      329,     0 ), /*   556 mssn              */
++  S_ST( 'u',	3,      558,   553 ), /*   557 m                 */
++  S_ST( 'l',	3,      559,     0 ), /*   558 mu                */
++  S_ST( 't',	3,      560,     0 ), /*   559 mul               */
++  S_ST( 'i',	3,      561,     0 ), /*   560 mult              */
++  S_ST( 'c',	3,      562,     0 ), /*   561 multi             */
++  S_ST( 'a',	3,      563,     0 ), /*   562 multic            */
++  S_ST( 's',	3,      564,     0 ), /*   563 multica           */
++  S_ST( 't',	3,      565,     0 ), /*   564 multicas          */
++  S_ST( 'c',	3,      566,     0 ), /*   565 multicast         */
++  S_ST( 'l',	3,      567,     0 ), /*   566 multicastc        */
++  S_ST( 'i',	3,      568,     0 ), /*   567 multicastcl       */
++  S_ST( 'e',	3,      569,     0 ), /*   568 multicastcli      */
++  S_ST( 'n',	3,      362,     0 ), /*   569 multicastclie     */
++  S_ST( 'n',	3,      613,   476 ), /*   570                   */
++  S_ST( 'i',	3,      363,     0 ), /*   571 n                 */
++  S_ST( 'o',	3,      608,   571 ), /*   572 n                 */
++  S_ST( 'l',	3,      574,     0 ), /*   573 no                */
++  S_ST( 'i',	3,      575,     0 ), /*   574 nol               */
++  S_ST( 'n',	3,      364,     0 ), /*   575 noli              */
++  S_ST( 'm',	3,      581,   573 ), /*   576 no                */
++  S_ST( 'o',	3,      578,     0 ), /*   577 nom               */
++  S_ST( 'd',	3,      579,     0 ), /*   578 nomo              */
++  S_ST( 'i',	3,      580,     0 ), /*   579 nomod             */
++  S_ST( 'f',	3,      365,     0 ), /*   580 nomodi            */
++  S_ST( 'r',	3,      582,   577 ), /*   581 nom               */
++  S_ST( 'u',	3,      583,     0 ), /*   582 nomr              */
++  S_ST( 'l',	3,      584,     0 ), /*   583 nomru             */
++  S_ST( 'i',	3,      585,     0 ), /*   584 nomrul            */
++  S_ST( 's',	3,      366,     0 ), /*   585 nomruli           */
++  S_ST( 'n',	3,      587,   576 ), /*   586 no                */
++  S_ST( 'v',	3,      588,   367 ), /*   587 non               */
++  S_ST( 'o',	3,      589,     0 ), /*   588 nonv              */
++  S_ST( 'l',	3,      590,     0 ), /*   589 nonvo             */
++  S_ST( 'a',	3,      591,     0 ), /*   590 nonvol            */
++  S_ST( 't',	3,      592,     0 ), /*   591 nonvola           */
++  S_ST( 'i',	3,      593,     0 ), /*   592 nonvolat          */
++  S_ST( 'l',	3,      368,     0 ), /*   593 nonvolati         */
++  S_ST( 'p',	3,      595,   586 ), /*   594 no                */
++  S_ST( 'e',	3,      596,     0 ), /*   595 nop               */
++  S_ST( 'e',	3,      369,     0 ), /*   596 nope              */
++  S_ST( 'q',	3,      598,   594 ), /*   597 no                */
++  S_ST( 'u',	3,      599,     0 ), /*   598 noq               */
++  S_ST( 'e',	3,      600,     0 ), /*   599 noqu              */
++  S_ST( 'r',	3,      370,     0 ), /*   600 noque             */
++  S_ST( 's',	3,      602,   597 ), /*   601 no                */
++  S_ST( 'e',	3,      606,     0 ), /*   602 nos               */
++  S_ST( 'l',	3,      604,     0 ), /*   603 nose              */
++  S_ST( 'e',	3,      605,     0 ), /*   604 nosel             */
++  S_ST( 'c',	3,      371,     0 ), /*   605 nosele            */
++  S_ST( 'r',	3,      607,   603 ), /*   606 nose              */
++  S_ST( 'v',	3,      372,     0 ), /*   607 noser             */
++  S_ST( 't',	3,      609,   601 ), /*   608 no                */
++  S_ST( 'r',	3,      611,     0 ), /*   609 not               */
++  S_ST( 'a',	3,      373,     0 ), /*   610 notr              */
++  S_ST( 'u',	3,      612,   610 ), /*   611 notr              */
++  S_ST( 's',	3,      374,     0 ), /*   612 notru             */
++  S_ST( 't',	3,      375,   572 ), /*   613 n                 */
++  S_ST( 'p',	3,      615,     0 ), /*   614 ntp               */
++  S_ST( 'o',	3,      616,     0 ), /*   615 ntpp              */
++  S_ST( 'r',	3,      376,     0 ), /*   616 ntppo             */
++  S_ST( 's',	3,      618,   614 ), /*   617 ntp               */
++  S_ST( 'i',	3,      619,     0 ), /*   618 ntps              */
++  S_ST( 'g',	3,      620,     0 ), /*   619 ntpsi             */
++  S_ST( 'n',	3,      621,     0 ), /*   620 ntpsig            */
++  S_ST( 'd',	3,      622,     0 ), /*   621 ntpsign           */
++  S_ST( 's',	3,      623,     0 ), /*   622 ntpsignd          */
++  S_ST( 'o',	3,      624,     0 ), /*   623 ntpsignds         */
++  S_ST( 'c',	3,      625,     0 ), /*   624 ntpsigndso        */
++  S_ST( 'k',	3,      626,     0 ), /*   625 ntpsigndsoc       */
++  S_ST( 'e',	3,      377,     0 ), /*   626 ntpsigndsock      */
++  S_ST( 'o',	3,      628,   570 ), /*   627                   */
++  S_ST( 'r',	3,      629,     0 ), /*   628 o                 */
++  S_ST( 'p',	3,      630,     0 ), /*   629 or                */
++  S_ST( 'h',	3,      631,     0 ), /*   630 orp               */
++  S_ST( 'a',	3,      378,     0 ), /*   631 orph              */
++  S_ST( 'w',	3,      633,     0 ), /*   632 orphan            */
++  S_ST( 'a',	3,      634,     0 ), /*   633 orphanw           */
++  S_ST( 'i',	3,      379,     0 ), /*   634 orphanwa          */
++  S_ST( 'p',	3,      391,   627 ), /*   635                   */
++  S_ST( 'a',	3,      637,     0 ), /*   636 p                 */
++  S_ST( 'n',	3,      638,     0 ), /*   637 pa                */
++  S_ST( 'i',	3,      380,     0 ), /*   638 pan               */
++  S_ST( 'e',	3,      640,   636 ), /*   639 p                 */
++  S_ST( 'e',	3,      381,     0 ), /*   640 pe                */
++  S_ST( 's',	3,      642,     0 ), /*   641 peer              */
++  S_ST( 't',	3,      643,     0 ), /*   642 peers             */
++  S_ST( 'a',	3,      644,     0 ), /*   643 peerst            */
++  S_ST( 't',	3,      382,     0 ), /*   644 peersta           */
++  S_ST( 'h',	3,      646,   639 ), /*   645 p                 */
++  S_ST( 'o',	3,      647,     0 ), /*   646 ph                */
++  S_ST( 'n',	3,      383,     0 ), /*   647 pho               */
++  S_ST( 'i',	3,      384,   645 ), /*   648 p                 */
++  S_ST( 'f',	3,      650,     0 ), /*   649 pid               */
++  S_ST( 'i',	3,      651,     0 ), /*   650 pidf              */
++  S_ST( 'l',	3,      385,     0 ), /*   651 pidfi             */
++  S_ST( 'o',	3,      654,   648 ), /*   652 p                 */
++  S_ST( 'o',	3,      386,     0 ), /*   653 po                */
++  S_ST( 'r',	3,      387,   653 ), /*   654 po                */
++  S_ST( 'r',	3,      662,   652 ), /*   655 p                 */
++  S_ST( 'e',	3,      660,     0 ), /*   656 pr                */
++  S_ST( 'e',	3,      658,     0 ), /*   657 pre               */
++  S_ST( 'm',	3,      659,     0 ), /*   658 pree              */
++  S_ST( 'p',	3,      388,     0 ), /*   659 preem             */
++  S_ST( 'f',	3,      661,   657 ), /*   660 pre               */
++  S_ST( 'e',	3,      389,     0 ), /*   661 pref              */
++  S_ST( 'o',	3,      675,   656 ), /*   662 pr                */
++  S_ST( 'c',	3,      664,     0 ), /*   663 pro               */
++  S_ST( '_',	3,      665,     0 ), /*   664 proc              */
++  S_ST( 'd',	3,      666,     0 ), /*   665 proc_             */
++  S_ST( 'e',	3,      667,     0 ), /*   666 proc_d            */
++  S_ST( 'l',	3,      668,     0 ), /*   667 proc_de           */
++  S_ST( 'a',	3,      451,     0 ), /*   668 proc_del          */
++  S_ST( 'p',	3,      670,   663 ), /*   669 pro               */
++  S_ST( '_',	3,      671,     0 ), /*   670 prop              */
++  S_ST( 'd',	3,      672,     0 ), /*   671 prop_             */
++  S_ST( 'e',	3,      673,     0 ), /*   672 prop_d            */
++  S_ST( 'l',	3,      674,     0 ), /*   673 prop_de           */
++  S_ST( 'a',	3,      450,     0 ), /*   674 prop_del          */
++  S_ST( 't',	3,      676,   669 ), /*   675 pro               */
++  S_ST( 'o',	3,      677,     0 ), /*   676 prot              */
++  S_ST( 's',	3,      678,     0 ), /*   677 proto             */
++  S_ST( 't',	3,      679,     0 ), /*   678 protos            */
++  S_ST( 'a',	3,      680,     0 ), /*   679 protost           */
++  S_ST( 't',	3,      390,     0 ), /*   680 protosta          */
++  S_ST( 'r',	3,      712,   635 ), /*   681                   */
++  S_ST( 'a',	3,      688,     0 ), /*   682 r                 */
++  S_ST( 'n',	3,      684,     0 ), /*   683 ra                */
++  S_ST( 'd',	3,      685,     0 ), /*   684 ran               */
++  S_ST( 'f',	3,      686,     0 ), /*   685 rand              */
++  S_ST( 'i',	3,      687,     0 ), /*   686 randf             */
++  S_ST( 'l',	3,      392,     0 ), /*   687 randfi            */
++  S_ST( 'w',	3,      689,   683 ), /*   688 ra                */
++  S_ST( 's',	3,      690,     0 ), /*   689 raw               */
++  S_ST( 't',	3,      691,     0 ), /*   690 raws              */
++  S_ST( 'a',	3,      692,     0 ), /*   691 rawst             */
++  S_ST( 't',	3,      393,     0 ), /*   692 rawsta            */
++  S_ST( 'e',	3,      709,   682 ), /*   693 r                 */
++  S_ST( 'f',	3,      695,     0 ), /*   694 re                */
++  S_ST( 'i',	3,      394,     0 ), /*   695 ref               */
++  S_ST( 'q',	3,      697,   694 ), /*   696 re                */
++  S_ST( 'u',	3,      698,     0 ), /*   697 req               */
++  S_ST( 'e',	3,      699,     0 ), /*   698 requ              */
++  S_ST( 's',	3,      700,     0 ), /*   699 reque             */
++  S_ST( 't',	3,      701,     0 ), /*   700 reques            */
++  S_ST( 'k',	3,      702,     0 ), /*   701 request           */
++  S_ST( 'e',	3,      395,     0 ), /*   702 requestk          */
++  S_ST( 's',	3,      705,   696 ), /*   703 re                */
++  S_ST( 'e',	3,      396,     0 ), /*   704 res               */
++  S_ST( 't',	3,      706,   704 ), /*   705 res               */
++  S_ST( 'r',	3,      707,     0 ), /*   706 rest              */
++  S_ST( 'i',	3,      708,     0 ), /*   707 restr             */
++  S_ST( 'c',	3,      397,     0 ), /*   708 restri            */
++  S_ST( 'v',	3,      710,   703 ), /*   709 re                */
++  S_ST( 'o',	3,      711,     0 ), /*   710 rev               */
++  S_ST( 'k',	3,      398,     0 ), /*   711 revo              */
++  S_ST( 'l',	3,      713,   693 ), /*   712 r                 */
++  S_ST( 'i',	3,      714,     0 ), /*   713 rl                */
++  S_ST( 'm',	3,      715,     0 ), /*   714 rli               */
++  S_ST( 'i',	3,      399,     0 ), /*   715 rlim              */
++  S_ST( 's',	3,      789,   681 ), /*   716                   */
++  S_ST( 'a',	3,      718,     0 ), /*   717 s                 */
++  S_ST( 'v',	3,      719,     0 ), /*   718 sa                */
++  S_ST( 'e',	3,      720,     0 ), /*   719 sav               */
++  S_ST( 'c',	3,      721,     0 ), /*   720 save              */
++  S_ST( 'o',	3,      722,     0 ), /*   721 savec             */
++  S_ST( 'n',	3,      723,     0 ), /*   722 saveco            */
++  S_ST( 'f',	3,      724,     0 ), /*   723 savecon           */
++  S_ST( 'i',	3,      725,     0 ), /*   724 saveconf          */
++  S_ST( 'g',	3,      726,     0 ), /*   725 saveconfi         */
++  S_ST( 'd',	3,      727,     0 ), /*   726 saveconfig        */
++  S_ST( 'i',	3,      400,     0 ), /*   727 saveconfigd       */
++  S_ST( 'e',	3,      738,   717 ), /*   728 s                 */
++  S_ST( 'r',	3,      730,     0 ), /*   729 se                */
++  S_ST( 'v',	3,      731,     0 ), /*   730 ser               */
++  S_ST( 'e',	3,      401,     0 ), /*   731 serv              */
++  S_ST( '_',	3,      733,     0 ), /*   732 server            */
++  S_ST( 'o',	3,      734,     0 ), /*   733 server_           */
++  S_ST( 'f',	3,      735,     0 ), /*   734 server_o          */
++  S_ST( 'f',	3,      736,     0 ), /*   735 server_of         */
++  S_ST( 's',	3,      737,     0 ), /*   736 server_off        */
++  S_ST( 'e',	3,      445,     0 ), /*   737 server_offs       */
++  S_ST( 't',	3,      739,   729 ), /*   738 se                */
++  S_ST( 'v',	3,      740,     0 ), /*   739 set               */
++  S_ST( 'a',	3,      402,     0 ), /*   740 setv              */
++  S_ST( 'i',	3,      742,   728 ), /*   741 s                 */
++  S_ST( 'm',	3,      743,     0 ), /*   742 si                */
++  S_ST( 'u',	3,      744,     0 ), /*   743 sim               */
++  S_ST( 'l',	3,      745,     0 ), /*   744 simu              */
++  S_ST( 'a',	3,      746,     0 ), /*   745 simul             */
++  S_ST( 't',	3,      747,     0 ), /*   746 simula            */
++  S_ST( 'i',	3,      748,   442 ), /*   747 simulat           */
++  S_ST( 'o',	3,      749,     0 ), /*   748 simulati          */
++  S_ST( 'n',	3,      750,     0 ), /*   749 simulatio         */
++  S_ST( '_',	3,      751,     0 ), /*   750 simulation        */
++  S_ST( 'd',	3,      752,     0 ), /*   751 simulation_       */
++  S_ST( 'u',	3,      753,     0 ), /*   752 simulation_d      */
++  S_ST( 'r',	3,      754,     0 ), /*   753 simulation_du     */
++  S_ST( 'a',	3,      755,     0 ), /*   754 simulation_dur    */
++  S_ST( 't',	3,      756,     0 ), /*   755 simulation_dura   */
++  S_ST( 'i',	3,      757,     0 ), /*   756 simulation_durat  */
++  S_ST( 'o',	3,      444,     0 ), /*   757 simulation_durati */
++  S_ST( 'o',	3,      759,   741 ), /*   758 s                 */
++  S_ST( 'u',	3,      760,     0 ), /*   759 so                */
++  S_ST( 'r',	3,      761,     0 ), /*   760 sou               */
++  S_ST( 'c',	3,      403,     0 ), /*   761 sour              */
++  S_ST( 't',	3,      785,   758 ), /*   762 s                 */
++  S_ST( 'a',	3,      769,     0 ), /*   763 st                */
++  S_ST( 'c',	3,      765,     0 ), /*   764 sta               */
++  S_ST( 'k',	3,      766,     0 ), /*   765 stac              */
++  S_ST( 's',	3,      767,     0 ), /*   766 stack             */
++  S_ST( 'i',	3,      768,     0 ), /*   767 stacks            */
++  S_ST( 'z',	3,      404,     0 ), /*   768 stacksi           */
++  S_ST( 't',	3,      406,   764 ), /*   769 sta               */
++  S_ST( 'i',	3,      771,     0 ), /*   770 stat              */
++  S_ST( 's',	3,      772,     0 ), /*   771 stati             */
++  S_ST( 't',	3,      773,     0 ), /*   772 statis            */
++  S_ST( 'i',	3,      774,     0 ), /*   773 statist           */
++  S_ST( 'c',	3,      405,     0 ), /*   774 statisti          */
++  S_ST( 'd',	3,      776,     0 ), /*   775 stats             */
++  S_ST( 'i',	3,      407,     0 ), /*   776 statsd            */
++  S_ST( 'e',	3,      408,   763 ), /*   777 st                */
++  S_ST( 'b',	3,      779,     0 ), /*   778 step              */
++  S_ST( 'a',	3,      780,     0 ), /*   779 stepb             */
++  S_ST( 'c',	3,      409,     0 ), /*   780 stepba            */
++  S_ST( 'f',	3,      782,   778 ), /*   781 step              */
++  S_ST( 'w',	3,      410,     0 ), /*   782 stepf             */
++  S_ST( 'o',	3,      784,   781 ), /*   783 step              */
++  S_ST( 'u',	3,      411,     0 ), /*   784 stepo             */
++  S_ST( 'r',	3,      786,   777 ), /*   785 st                */
++  S_ST( 'a',	3,      787,     0 ), /*   786 str               */
++  S_ST( 't',	3,      788,     0 ), /*   787 stra              */
++  S_ST( 'u',	3,      412,     0 ), /*   788 strat             */
++  S_ST( 'y',	3,      414,   762 ), /*   789 s                 */
++  S_ST( 's',	3,      791,     0 ), /*   790 sys               */
++  S_ST( 't',	3,      792,     0 ), /*   791 syss              */
++  S_ST( 'a',	3,      793,     0 ), /*   792 sysst             */
++  S_ST( 't',	3,      415,     0 ), /*   793 syssta            */
++  S_ST( 't',	3,      820,   716 ), /*   794                   */
++  S_ST( 'i',	3,      806,     0 ), /*   795 t                 */
++  S_ST( 'c',	3,      416,     0 ), /*   796 ti                */
++  S_ST( 'm',	3,      799,   796 ), /*   797 ti                */
++  S_ST( 'e',	3,      419,     0 ), /*   798 tim               */
++  S_ST( 'i',	3,      800,   798 ), /*   799 tim               */
++  S_ST( 'n',	3,      801,     0 ), /*   800 timi              */
++  S_ST( 'g',	3,      802,     0 ), /*   801 timin             */
++  S_ST( 's',	3,      803,     0 ), /*   802 timing            */
++  S_ST( 't',	3,      804,     0 ), /*   803 timings           */
++  S_ST( 'a',	3,      805,     0 ), /*   804 timingst          */
++  S_ST( 't',	3,      420,     0 ), /*   805 timingsta         */
++  S_ST( 'n',	3,      807,   797 ), /*   806 ti                */
++  S_ST( 'k',	3,      808,     0 ), /*   807 tin               */
++  S_ST( 'e',	3,      421,     0 ), /*   808 tink              */
++  S_ST( 'o',	3,      422,   795 ), /*   809 t                 */
++  S_ST( 'r',	3,      812,   809 ), /*   810 t                 */
++  S_ST( 'a',	3,      423,     0 ), /*   811 tr                */
++  S_ST( 'u',	3,      813,   811 ), /*   812 tr                */
++  S_ST( 's',	3,      814,   424 ), /*   813 tru               */
++  S_ST( 't',	3,      815,     0 ), /*   814 trus              */
++  S_ST( 'e',	3,      816,     0 ), /*   815 trust             */
++  S_ST( 'd',	3,      817,     0 ), /*   816 truste            */
++  S_ST( 'k',	3,      818,     0 ), /*   817 trusted           */
++  S_ST( 'e',	3,      425,     0 ), /*   818 trustedk          */
++  S_ST( 't',	3,      426,   810 ), /*   819 t                 */
++  S_ST( 'y',	3,      821,   819 ), /*   820 t                 */
++  S_ST( 'p',	3,      427,     0 ), /*   821 ty                */
++  S_ST( 'u',	3,      823,   794 ), /*   822                   */
++  S_ST( 'n',	3,      829,     0 ), /*   823 u                 */
++  S_ST( 'c',	3,      825,     0 ), /*   824 un                */
++  S_ST( 'o',	3,      826,     0 ), /*   825 unc               */
++  S_ST( 'n',	3,      827,     0 ), /*   826 unco              */
++  S_ST( 'f',	3,      828,     0 ), /*   827 uncon             */
++  S_ST( 'i',	3,      432,     0 ), /*   828 unconf            */
++  S_ST( 'p',	3,      830,   824 ), /*   829 un                */
++  S_ST( 'e',	3,      831,     0 ), /*   830 unp               */
++  S_ST( 'e',	3,      433,     0 ), /*   831 unpe              */
++  S_ST( '_',	3,      852,     0 ), /*   832 unpeer            */
++  S_ST( 'c',	3,      834,     0 ), /*   833 unpeer_           */
++  S_ST( 'r',	3,      835,     0 ), /*   834 unpeer_c          */
++  S_ST( 'y',	3,      836,     0 ), /*   835 unpeer_cr         */
++  S_ST( 'p',	3,      837,     0 ), /*   836 unpeer_cry        */
++  S_ST( 't',	3,      838,     0 ), /*   837 unpeer_cryp       */
++  S_ST( 'o',	3,      839,     0 ), /*   838 unpeer_crypt      */
++  S_ST( '_',	3,      844,     0 ), /*   839 unpeer_crypto     */
++  S_ST( 'e',	3,      841,     0 ), /*   840 unpeer_crypto_    */
++  S_ST( 'a',	3,      842,     0 ), /*   841 unpeer_crypto_e   */
++  S_ST( 'r',	3,      843,     0 ), /*   842 unpeer_crypto_ea  */
++  S_ST( 'l',	3,      429,     0 ), /*   843 unpeer_crypto_ear */
++  S_ST( 'n',	3,      845,   840 ), /*   844 unpeer_crypto_    */
++  S_ST( 'a',	3,      846,     0 ), /*   845 unpeer_crypto_n   */
++  S_ST( 'k',	3,      847,     0 ), /*   846 unpeer_crypto_na  */
++  S_ST( '_',	3,      848,     0 ), /*   847 unpeer_crypto_nak */
++  S_ST( 'e',	3,      849,     0 ), /*   848 unpeer_crypto_nak_ */
++  S_ST( 'a',	3,      850,     0 ), /*   849 unpeer_crypto_nak_e */
++  S_ST( 'r',	3,      851,     0 ), /*   850 unpeer_crypto_nak_ea */
++  S_ST( 'l',	3,      430,     0 ), /*   851 unpeer_crypto_nak_ear */
++  S_ST( 'd',	3,      853,   833 ), /*   852 unpeer_           */
++  S_ST( 'i',	3,      854,     0 ), /*   853 unpeer_d          */
++  S_ST( 'g',	3,      855,     0 ), /*   854 unpeer_di         */
++  S_ST( 'e',	3,      856,     0 ), /*   855 unpeer_dig        */
++  S_ST( 's',	3,      857,     0 ), /*   856 unpeer_dige       */
++  S_ST( 't',	3,      858,     0 ), /*   857 unpeer_diges      */
++  S_ST( '_',	3,      859,     0 ), /*   858 unpeer_digest     */
++  S_ST( 'e',	3,      860,     0 ), /*   859 unpeer_digest_    */
++  S_ST( 'a',	3,      861,     0 ), /*   860 unpeer_digest_e   */
++  S_ST( 'r',	3,      862,     0 ), /*   861 unpeer_digest_ea  */
++  S_ST( 'l',	3,      431,     0 ), /*   862 unpeer_digest_ear */
++  S_ST( 'v',	3,      864,   822 ), /*   863                   */
++  S_ST( 'e',	3,      865,     0 ), /*   864 v                 */
++  S_ST( 'r',	3,      866,     0 ), /*   865 ve                */
++  S_ST( 's',	3,      867,     0 ), /*   866 ver               */
++  S_ST( 'i',	3,      868,     0 ), /*   867 vers              */
++  S_ST( 'o',	3,      434,     0 ), /*   868 versi             */
++  S_ST( 'w',	3,      876,   863 ), /*   869                   */
++  S_ST( 'a',	3,      871,     0 ), /*   870 w                 */
++  S_ST( 'n',	3,      872,     0 ), /*   871 wa                */
++  S_ST( 'd',	3,      873,     0 ), /*   872 wan               */
++  S_ST( 'e',	3,      448,     0 ), /*   873 wand              */
++  S_ST( 'e',	3,      875,   870 ), /*   874 w                 */
++  S_ST( 'e',	3,      436,     0 ), /*   875 we                */
++  S_ST( 'i',	3,      877,   874 ), /*   876 w                 */
++  S_ST( 'l',	3,      878,     0 ), /*   877 wi                */
++  S_ST( 'd',	3,      879,     0 ), /*   878 wil               */
++  S_ST( 'c',	3,      880,     0 ), /*   879 wild              */
++  S_ST( 'a',	3,      881,     0 ), /*   880 wildc             */
++  S_ST( 'r',	3,      437,     0 ), /*   881 wildca            */
++  S_ST( 'x',	3,      883,   869 ), /*   882                   */
++  S_ST( 'l',	3,      884,     0 ), /*   883 x                 */
++  S_ST( 'e',	3,      885,     0 ), /*   884 xl                */
++  S_ST( 'a',	3,      886,     0 ), /*   885 xle               */
++  S_ST( 'v',	3,      438,     0 ), /*   886 xlea              */
++  S_ST( 'y',	3,      888,   882 ), /*   887 [initial state]   */
++  S_ST( 'e',	3,      889,     0 ), /*   888 y                 */
++  S_ST( 'a',	3,      439,     0 )  /*   889 ye                */
+ };
+ 
+Index: contrib/ntp/ntpd/ntp_parser.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_parser.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_parser.c	(working copy)
+@@ -1,19 +1,19 @@
+-/* A Bison parser, made by GNU Bison 3.0.2.  */
++/* A Bison parser, made by GNU Bison 2.7.12-4996.  */
+ 
+ /* Bison implementation for Yacc-like parsers in C
+-
+-   Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+-
++   
++      Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
++   
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+-
++   
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+-
++   
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see .  */
+ 
+@@ -26,7 +26,7 @@
+    special exception, which will cause the skeleton and the resulting
+    Bison output files to be licensed under the GNU General Public
+    License without this special exception.
+-
++   
+    This special exception was added by the Free Software Foundation in
+    version 2.2 of Bison.  */
+ 
+@@ -44,7 +44,7 @@
+ #define YYBISON 1
+ 
+ /* Bison version.  */
+-#define YYBISON_VERSION "3.0.2"
++#define YYBISON_VERSION "2.7.12-4996"
+ 
+ /* Skeleton name.  */
+ #define YYSKELETON_NAME "yacc.c"
+@@ -62,7 +62,8 @@
+ 
+ 
+ /* Copy the first part of user declarations.  */
+-#line 11 "../../ntpd/ntp_parser.y" /* yacc.c:339  */
++/* Line 371 of yacc.c  */
++#line 11 "../../ntpd/ntp_parser.y"
+ 
+   #ifdef HAVE_CONFIG_H
+   # include 
+@@ -96,13 +97,14 @@
+   #  define ONLY_SIM(a)	NULL
+   #endif
+ 
+-#line 100 "../../ntpd/ntp_parser.c" /* yacc.c:339  */
++/* Line 371 of yacc.c  */
++#line 102 "ntp_parser.c"
+ 
+-# ifndef YY_NULLPTR
++# ifndef YY_NULL
+ #  if defined __cplusplus && 201103L <= __cplusplus
+-#   define YY_NULLPTR nullptr
++#   define YY_NULL nullptr
+ #  else
+-#   define YY_NULLPTR 0
++#   define YY_NULL 0
+ #  endif
+ # endif
+ 
+@@ -116,9 +118,9 @@
+ 
+ /* In a future release of Bison, this section will be replaced
+    by #include "y.tab.h".  */
+-#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED
+-# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED
+-/* Debug traces.  */
++#ifndef YY_YY_NTP_PARSER_H_INCLUDED
++# define YY_YY_NTP_PARSER_H_INCLUDED
++/* Enabling traces.  */
+ #ifndef YYDEBUG
+ # define YYDEBUG 1
+ #endif
+@@ -126,203 +128,207 @@
+ extern int yydebug;
+ #endif
+ 
+-/* Token type.  */
++/* Tokens.  */
+ #ifndef YYTOKENTYPE
+ # define YYTOKENTYPE
+-  enum yytokentype
+-  {
+-    T_Abbrev = 258,
+-    T_Age = 259,
+-    T_All = 260,
+-    T_Allan = 261,
+-    T_Allpeers = 262,
+-    T_Auth = 263,
+-    T_Autokey = 264,
+-    T_Automax = 265,
+-    T_Average = 266,
+-    T_Bclient = 267,
+-    T_Beacon = 268,
+-    T_Broadcast = 269,
+-    T_Broadcastclient = 270,
+-    T_Broadcastdelay = 271,
+-    T_Burst = 272,
+-    T_Calibrate = 273,
+-    T_Ceiling = 274,
+-    T_Clockstats = 275,
+-    T_Cohort = 276,
+-    T_ControlKey = 277,
+-    T_Crypto = 278,
+-    T_Cryptostats = 279,
+-    T_Ctl = 280,
+-    T_Day = 281,
+-    T_Default = 282,
+-    T_Digest = 283,
+-    T_Disable = 284,
+-    T_Discard = 285,
+-    T_Dispersion = 286,
+-    T_Double = 287,
+-    T_Driftfile = 288,
+-    T_Drop = 289,
+-    T_Dscp = 290,
+-    T_Ellipsis = 291,
+-    T_Enable = 292,
+-    T_End = 293,
+-    T_False = 294,
+-    T_File = 295,
+-    T_Filegen = 296,
+-    T_Filenum = 297,
+-    T_Flag1 = 298,
+-    T_Flag2 = 299,
+-    T_Flag3 = 300,
+-    T_Flag4 = 301,
+-    T_Flake = 302,
+-    T_Floor = 303,
+-    T_Freq = 304,
+-    T_Fudge = 305,
+-    T_Host = 306,
+-    T_Huffpuff = 307,
+-    T_Iburst = 308,
+-    T_Ident = 309,
+-    T_Ignore = 310,
+-    T_Incalloc = 311,
+-    T_Incmem = 312,
+-    T_Initalloc = 313,
+-    T_Initmem = 314,
+-    T_Includefile = 315,
+-    T_Integer = 316,
+-    T_Interface = 317,
+-    T_Intrange = 318,
+-    T_Io = 319,
+-    T_Ipv4 = 320,
+-    T_Ipv4_flag = 321,
+-    T_Ipv6 = 322,
+-    T_Ipv6_flag = 323,
+-    T_Kernel = 324,
+-    T_Key = 325,
+-    T_Keys = 326,
+-    T_Keysdir = 327,
+-    T_Kod = 328,
+-    T_Mssntp = 329,
+-    T_Leapfile = 330,
+-    T_Leapsmearinterval = 331,
+-    T_Limited = 332,
+-    T_Link = 333,
+-    T_Listen = 334,
+-    T_Logconfig = 335,
+-    T_Logfile = 336,
+-    T_Loopstats = 337,
+-    T_Lowpriotrap = 338,
+-    T_Manycastclient = 339,
+-    T_Manycastserver = 340,
+-    T_Mask = 341,
+-    T_Maxage = 342,
+-    T_Maxclock = 343,
+-    T_Maxdepth = 344,
+-    T_Maxdist = 345,
+-    T_Maxmem = 346,
+-    T_Maxpoll = 347,
+-    T_Mdnstries = 348,
+-    T_Mem = 349,
+-    T_Memlock = 350,
+-    T_Minclock = 351,
+-    T_Mindepth = 352,
+-    T_Mindist = 353,
+-    T_Minimum = 354,
+-    T_Minpoll = 355,
+-    T_Minsane = 356,
+-    T_Mode = 357,
+-    T_Mode7 = 358,
+-    T_Monitor = 359,
+-    T_Month = 360,
+-    T_Mru = 361,
+-    T_Multicastclient = 362,
+-    T_Nic = 363,
+-    T_Nolink = 364,
+-    T_Nomodify = 365,
+-    T_Nomrulist = 366,
+-    T_None = 367,
+-    T_Nonvolatile = 368,
+-    T_Nopeer = 369,
+-    T_Noquery = 370,
+-    T_Noselect = 371,
+-    T_Noserve = 372,
+-    T_Notrap = 373,
+-    T_Notrust = 374,
+-    T_Ntp = 375,
+-    T_Ntpport = 376,
+-    T_NtpSignDsocket = 377,
+-    T_Orphan = 378,
+-    T_Orphanwait = 379,
+-    T_Panic = 380,
+-    T_Peer = 381,
+-    T_Peerstats = 382,
+-    T_Phone = 383,
+-    T_Pid = 384,
+-    T_Pidfile = 385,
+-    T_Pool = 386,
+-    T_Port = 387,
+-    T_Preempt = 388,
+-    T_Prefer = 389,
+-    T_Protostats = 390,
+-    T_Pw = 391,
+-    T_Randfile = 392,
+-    T_Rawstats = 393,
+-    T_Refid = 394,
+-    T_Requestkey = 395,
+-    T_Reset = 396,
+-    T_Restrict = 397,
+-    T_Revoke = 398,
+-    T_Rlimit = 399,
+-    T_Saveconfigdir = 400,
+-    T_Server = 401,
+-    T_Setvar = 402,
+-    T_Source = 403,
+-    T_Stacksize = 404,
+-    T_Statistics = 405,
+-    T_Stats = 406,
+-    T_Statsdir = 407,
+-    T_Step = 408,
+-    T_Stepback = 409,
+-    T_Stepfwd = 410,
+-    T_Stepout = 411,
+-    T_Stratum = 412,
+-    T_String = 413,
+-    T_Sys = 414,
+-    T_Sysstats = 415,
+-    T_Tick = 416,
+-    T_Time1 = 417,
+-    T_Time2 = 418,
+-    T_Timer = 419,
+-    T_Timingstats = 420,
+-    T_Tinker = 421,
+-    T_Tos = 422,
+-    T_Trap = 423,
+-    T_True = 424,
+-    T_Trustedkey = 425,
+-    T_Ttl = 426,
+-    T_Type = 427,
+-    T_U_int = 428,
+-    T_Unconfig = 429,
+-    T_Unpeer = 430,
+-    T_Version = 431,
+-    T_WanderThreshold = 432,
+-    T_Week = 433,
+-    T_Wildcard = 434,
+-    T_Xleave = 435,
+-    T_Year = 436,
+-    T_Flag = 437,
+-    T_EOC = 438,
+-    T_Simulate = 439,
+-    T_Beep_Delay = 440,
+-    T_Sim_Duration = 441,
+-    T_Server_Offset = 442,
+-    T_Duration = 443,
+-    T_Freq_Offset = 444,
+-    T_Wander = 445,
+-    T_Jitter = 446,
+-    T_Prop_Delay = 447,
+-    T_Proc_Delay = 448
+-  };
++   /* Put the tokens into the symbol table, so that GDB and other debuggers
++      know about them.  */
++   enum yytokentype {
++     T_Abbrev = 258,
++     T_Age = 259,
++     T_All = 260,
++     T_Allan = 261,
++     T_Allpeers = 262,
++     T_Auth = 263,
++     T_Autokey = 264,
++     T_Automax = 265,
++     T_Average = 266,
++     T_Bclient = 267,
++     T_Beacon = 268,
++     T_Broadcast = 269,
++     T_Broadcastclient = 270,
++     T_Broadcastdelay = 271,
++     T_Burst = 272,
++     T_Calibrate = 273,
++     T_Ceiling = 274,
++     T_Clockstats = 275,
++     T_Cohort = 276,
++     T_ControlKey = 277,
++     T_Crypto = 278,
++     T_Cryptostats = 279,
++     T_Ctl = 280,
++     T_Day = 281,
++     T_Default = 282,
++     T_Digest = 283,
++     T_Disable = 284,
++     T_Discard = 285,
++     T_Dispersion = 286,
++     T_Double = 287,
++     T_Driftfile = 288,
++     T_Drop = 289,
++     T_Dscp = 290,
++     T_Ellipsis = 291,
++     T_Enable = 292,
++     T_End = 293,
++     T_False = 294,
++     T_File = 295,
++     T_Filegen = 296,
++     T_Filenum = 297,
++     T_Flag1 = 298,
++     T_Flag2 = 299,
++     T_Flag3 = 300,
++     T_Flag4 = 301,
++     T_Flake = 302,
++     T_Floor = 303,
++     T_Freq = 304,
++     T_Fudge = 305,
++     T_Host = 306,
++     T_Huffpuff = 307,
++     T_Iburst = 308,
++     T_Ident = 309,
++     T_Ignore = 310,
++     T_Incalloc = 311,
++     T_Incmem = 312,
++     T_Initalloc = 313,
++     T_Initmem = 314,
++     T_Includefile = 315,
++     T_Integer = 316,
++     T_Interface = 317,
++     T_Intrange = 318,
++     T_Io = 319,
++     T_Ipv4 = 320,
++     T_Ipv4_flag = 321,
++     T_Ipv6 = 322,
++     T_Ipv6_flag = 323,
++     T_Kernel = 324,
++     T_Key = 325,
++     T_Keys = 326,
++     T_Keysdir = 327,
++     T_Kod = 328,
++     T_Mssntp = 329,
++     T_Leapfile = 330,
++     T_Leapsmearinterval = 331,
++     T_Limited = 332,
++     T_Link = 333,
++     T_Listen = 334,
++     T_Logconfig = 335,
++     T_Logfile = 336,
++     T_Loopstats = 337,
++     T_Lowpriotrap = 338,
++     T_Manycastclient = 339,
++     T_Manycastserver = 340,
++     T_Mask = 341,
++     T_Maxage = 342,
++     T_Maxclock = 343,
++     T_Maxdepth = 344,
++     T_Maxdist = 345,
++     T_Maxmem = 346,
++     T_Maxpoll = 347,
++     T_Mdnstries = 348,
++     T_Mem = 349,
++     T_Memlock = 350,
++     T_Minclock = 351,
++     T_Mindepth = 352,
++     T_Mindist = 353,
++     T_Minimum = 354,
++     T_Minpoll = 355,
++     T_Minsane = 356,
++     T_Mode = 357,
++     T_Mode7 = 358,
++     T_Monitor = 359,
++     T_Month = 360,
++     T_Mru = 361,
++     T_Multicastclient = 362,
++     T_Nic = 363,
++     T_Nolink = 364,
++     T_Nomodify = 365,
++     T_Nomrulist = 366,
++     T_None = 367,
++     T_Nonvolatile = 368,
++     T_Nopeer = 369,
++     T_Noquery = 370,
++     T_Noselect = 371,
++     T_Noserve = 372,
++     T_Notrap = 373,
++     T_Notrust = 374,
++     T_Ntp = 375,
++     T_Ntpport = 376,
++     T_NtpSignDsocket = 377,
++     T_Orphan = 378,
++     T_Orphanwait = 379,
++     T_Panic = 380,
++     T_Peer = 381,
++     T_Peerstats = 382,
++     T_Phone = 383,
++     T_Pid = 384,
++     T_Pidfile = 385,
++     T_Pool = 386,
++     T_Port = 387,
++     T_Preempt = 388,
++     T_Prefer = 389,
++     T_Protostats = 390,
++     T_Pw = 391,
++     T_Randfile = 392,
++     T_Rawstats = 393,
++     T_Refid = 394,
++     T_Requestkey = 395,
++     T_Reset = 396,
++     T_Restrict = 397,
++     T_Revoke = 398,
++     T_Rlimit = 399,
++     T_Saveconfigdir = 400,
++     T_Server = 401,
++     T_Setvar = 402,
++     T_Source = 403,
++     T_Stacksize = 404,
++     T_Statistics = 405,
++     T_Stats = 406,
++     T_Statsdir = 407,
++     T_Step = 408,
++     T_Stepback = 409,
++     T_Stepfwd = 410,
++     T_Stepout = 411,
++     T_Stratum = 412,
++     T_String = 413,
++     T_Sys = 414,
++     T_Sysstats = 415,
++     T_Tick = 416,
++     T_Time1 = 417,
++     T_Time2 = 418,
++     T_Timer = 419,
++     T_Timingstats = 420,
++     T_Tinker = 421,
++     T_Tos = 422,
++     T_Trap = 423,
++     T_True = 424,
++     T_Trustedkey = 425,
++     T_Ttl = 426,
++     T_Type = 427,
++     T_U_int = 428,
++     T_UEcrypto = 429,
++     T_UEcryptonak = 430,
++     T_UEdigest = 431,
++     T_Unconfig = 432,
++     T_Unpeer = 433,
++     T_Version = 434,
++     T_WanderThreshold = 435,
++     T_Week = 436,
++     T_Wildcard = 437,
++     T_Xleave = 438,
++     T_Year = 439,
++     T_Flag = 440,
++     T_EOC = 441,
++     T_Simulate = 442,
++     T_Beep_Delay = 443,
++     T_Sim_Duration = 444,
++     T_Server_Offset = 445,
++     T_Duration = 446,
++     T_Freq_Offset = 447,
++     T_Wander = 448,
++     T_Jitter = 449,
++     T_Prop_Delay = 450,
++     T_Proc_Delay = 451
++   };
+ #endif
+ /* Tokens.  */
+ #define T_Abbrev 258
+@@ -496,33 +502,37 @@ extern int yydebug;
+ #define T_Ttl 426
+ #define T_Type 427
+ #define T_U_int 428
+-#define T_Unconfig 429
+-#define T_Unpeer 430
+-#define T_Version 431
+-#define T_WanderThreshold 432
+-#define T_Week 433
+-#define T_Wildcard 434
+-#define T_Xleave 435
+-#define T_Year 436
+-#define T_Flag 437
+-#define T_EOC 438
+-#define T_Simulate 439
+-#define T_Beep_Delay 440
+-#define T_Sim_Duration 441
+-#define T_Server_Offset 442
+-#define T_Duration 443
+-#define T_Freq_Offset 444
+-#define T_Wander 445
+-#define T_Jitter 446
+-#define T_Prop_Delay 447
+-#define T_Proc_Delay 448
++#define T_UEcrypto 429
++#define T_UEcryptonak 430
++#define T_UEdigest 431
++#define T_Unconfig 432
++#define T_Unpeer 433
++#define T_Version 434
++#define T_WanderThreshold 435
++#define T_Week 436
++#define T_Wildcard 437
++#define T_Xleave 438
++#define T_Year 439
++#define T_Flag 440
++#define T_EOC 441
++#define T_Simulate 442
++#define T_Beep_Delay 443
++#define T_Sim_Duration 444
++#define T_Server_Offset 445
++#define T_Duration 446
++#define T_Freq_Offset 447
++#define T_Wander 448
++#define T_Jitter 449
++#define T_Prop_Delay 450
++#define T_Proc_Delay 451
+ 
+-/* Value type.  */
++
++
+ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE YYSTYPE;
+-union YYSTYPE
++typedef union YYSTYPE
+ {
+-#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:355  */
++/* Line 387 of yacc.c  */
++#line 51 "../../ntpd/ntp_parser.y"
+ 
+ 	char *			String;
+ 	double			Double;
+@@ -541,22 +551,37 @@ extern int yydebug;
+ 	script_info *		Sim_script;
+ 	script_info_fifo *	Sim_script_fifo;
+ 
+-#line 545 "../../ntpd/ntp_parser.c" /* yacc.c:355  */
+-};
++
++/* Line 387 of yacc.c  */
++#line 557 "ntp_parser.c"
++} YYSTYPE;
+ # define YYSTYPE_IS_TRIVIAL 1
++# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+ # define YYSTYPE_IS_DECLARED 1
+ #endif
+ 
+-
+ extern YYSTYPE yylval;
+ 
++#ifdef YYPARSE_PARAM
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void *YYPARSE_PARAM);
++#else
++int yyparse ();
++#endif
++#else /* ! YYPARSE_PARAM */
++#if defined __STDC__ || defined __cplusplus
+ int yyparse (void);
++#else
++int yyparse ();
++#endif
++#endif /* ! YYPARSE_PARAM */
+ 
+-#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED  */
++#endif /* !YY_YY_NTP_PARSER_H_INCLUDED  */
+ 
+ /* Copy the second part of user declarations.  */
+ 
+-#line 560 "../../ntpd/ntp_parser.c" /* yacc.c:358  */
++/* Line 390 of yacc.c  */
++#line 585 "ntp_parser.c"
+ 
+ #ifdef short
+ # undef short
+@@ -570,8 +595,11 @@ typedef unsigned char yytype_uint8;
+ 
+ #ifdef YYTYPE_INT8
+ typedef YYTYPE_INT8 yytype_int8;
++#elif (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
++typedef signed char yytype_int8;
+ #else
+-typedef signed char yytype_int8;
++typedef short int yytype_int8;
+ #endif
+ 
+ #ifdef YYTYPE_UINT16
+@@ -591,7 +619,8 @@ typedef short int yytype_int16;
+ #  define YYSIZE_T __SIZE_TYPE__
+ # elif defined size_t
+ #  define YYSIZE_T size_t
+-# elif ! defined YYSIZE_T
++# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ #  include  /* INFRINGES ON USER NAME SPACE */
+ #  define YYSIZE_T size_t
+ # else
+@@ -613,33 +642,14 @@ typedef short int yytype_int16;
+ # endif
+ #endif
+ 
+-#ifndef YY_ATTRIBUTE
+-# if (defined __GNUC__                                               \
+-      && (2 < __GNUC__ || (__GNUC__ == 2 && 96 <= __GNUC_MINOR__)))  \
+-     || defined __SUNPRO_C && 0x5110 <= __SUNPRO_C
+-#  define YY_ATTRIBUTE(Spec) __attribute__(Spec)
+-# else
+-#  define YY_ATTRIBUTE(Spec) /* empty */
++#ifndef __attribute__
++/* This feature is available in gcc versions 2.5 and later.  */
++# if (! defined __GNUC__ || __GNUC__ < 2 \
++      || (__GNUC__ == 2 && __GNUC_MINOR__ < 5))
++#  define __attribute__(Spec) /* empty */
+ # endif
+ #endif
+ 
+-#ifndef YY_ATTRIBUTE_PURE
+-# define YY_ATTRIBUTE_PURE   YY_ATTRIBUTE ((__pure__))
+-#endif
+-
+-#ifndef YY_ATTRIBUTE_UNUSED
+-# define YY_ATTRIBUTE_UNUSED YY_ATTRIBUTE ((__unused__))
+-#endif
+-
+-#if !defined _Noreturn \
+-     && (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112)
+-# if defined _MSC_VER && 1200 <= _MSC_VER
+-#  define _Noreturn __declspec (noreturn)
+-# else
+-#  define _Noreturn YY_ATTRIBUTE ((__noreturn__))
+-# endif
+-#endif
+-
+ /* Suppress unused-variable warnings by "using" E.  */
+ #if ! defined lint || defined __GNUC__
+ # define YYUSE(E) ((void) (E))
+@@ -647,26 +657,25 @@ typedef short int yytype_int16;
+ # define YYUSE(E) /* empty */
+ #endif
+ 
+-#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__
+-/* Suppress an incorrect diagnostic about yylval being uninitialized.  */
+-# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \
+-    _Pragma ("GCC diagnostic push") \
+-    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\
+-    _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+-# define YY_IGNORE_MAYBE_UNINITIALIZED_END \
+-    _Pragma ("GCC diagnostic pop")
++
++/* Identity function, used to suppress warnings about constant conditions.  */
++#ifndef lint
++# define YYID(N) (N)
+ #else
+-# define YY_INITIAL_VALUE(Value) Value
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
++static int
++YYID (int yyi)
++#else
++static int
++YYID (yyi)
++    int yyi;
+ #endif
+-#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+-# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+-# define YY_IGNORE_MAYBE_UNINITIALIZED_END
++{
++  return yyi;
++}
+ #endif
+-#ifndef YY_INITIAL_VALUE
+-# define YY_INITIAL_VALUE(Value) /* Nothing. */
+-#endif
+ 
+-
+ #if ! defined yyoverflow || YYERROR_VERBOSE
+ 
+ /* The parser invokes alloca or malloc; define the necessary symbols.  */
+@@ -684,7 +693,8 @@ typedef short int yytype_int16;
+ #    define alloca _alloca
+ #   else
+ #    define YYSTACK_ALLOC alloca
+-#    if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS
++#    if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ #     include  /* INFRINGES ON USER NAME SPACE */
+       /* Use EXIT_SUCCESS as a witness for stdlib.h.  */
+ #     ifndef EXIT_SUCCESS
+@@ -696,8 +706,8 @@ typedef short int yytype_int16;
+ # endif
+ 
+ # ifdef YYSTACK_ALLOC
+-   /* Pacify GCC's 'empty if-body' warning.  */
+-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
++   /* Pacify GCC's `empty if-body' warning.  */
++#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+ #  ifndef YYSTACK_ALLOC_MAXIMUM
+     /* The OS might guarantee only one guard page at the bottom of the stack,
+        and a page size can be as small as 4096 bytes.  So we cannot safely
+@@ -713,7 +723,7 @@ typedef short int yytype_int16;
+ #  endif
+ #  if (defined __cplusplus && ! defined EXIT_SUCCESS \
+        && ! ((defined YYMALLOC || defined malloc) \
+-             && (defined YYFREE || defined free)))
++	     && (defined YYFREE || defined free)))
+ #   include  /* INFRINGES ON USER NAME SPACE */
+ #   ifndef EXIT_SUCCESS
+ #    define EXIT_SUCCESS 0
+@@ -721,13 +731,15 @@ typedef short int yytype_int16;
+ #  endif
+ #  ifndef YYMALLOC
+ #   define YYMALLOC malloc
+-#   if ! defined malloc && ! defined EXIT_SUCCESS
++#   if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+ #  ifndef YYFREE
+ #   define YYFREE free
+-#   if ! defined free && ! defined EXIT_SUCCESS
++#   if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ void free (void *); /* INFRINGES ON USER NAME SPACE */
+ #   endif
+ #  endif
+@@ -737,7 +749,7 @@ void free (void *); /* INFRINGES ON USER NAME SPAC
+ 
+ #if (! defined yyoverflow \
+      && (! defined __cplusplus \
+-         || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
++	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+ 
+ /* A type that is properly aligned for any stack member.  */
+ union yyalloc
+@@ -762,16 +774,16 @@ union yyalloc
+    elements in the stack, and YYPTR gives the new location of the
+    stack.  Advance YYPTR to a properly aligned location for the next
+    stack.  */
+-# define YYSTACK_RELOCATE(Stack_alloc, Stack)                           \
+-    do                                                                  \
+-      {                                                                 \
+-        YYSIZE_T yynewbytes;                                            \
+-        YYCOPY (&yyptr->Stack_alloc, Stack, yysize);                    \
+-        Stack = &yyptr->Stack_alloc;                                    \
+-        yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+-        yyptr += yynewbytes / sizeof (*yyptr);                          \
+-      }                                                                 \
+-    while (0)
++# define YYSTACK_RELOCATE(Stack_alloc, Stack)				\
++    do									\
++      {									\
++	YYSIZE_T yynewbytes;						\
++	YYCOPY (&yyptr->Stack_alloc, Stack, yysize);			\
++	Stack = &yyptr->Stack_alloc;					\
++	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
++	yyptr += yynewbytes / sizeof (*yyptr);				\
++      }									\
++    while (YYID (0))
+ 
+ #endif
+ 
+@@ -790,35 +802,33 @@ union yyalloc
+           for (yyi = 0; yyi < (Count); yyi++)   \
+             (Dst)[yyi] = (Src)[yyi];            \
+         }                                       \
+-      while (0)
++      while (YYID (0))
+ #  endif
+ # endif
+ #endif /* !YYCOPY_NEEDED */
+ 
+ /* YYFINAL -- State number of the termination state.  */
+-#define YYFINAL  210
++#define YYFINAL  213
+ /* YYLAST -- Last index in YYTABLE.  */
+-#define YYLAST   647
++#define YYLAST   624
+ 
+ /* YYNTOKENS -- Number of terminals.  */
+-#define YYNTOKENS  199
++#define YYNTOKENS  202
+ /* YYNNTS -- Number of nonterminals.  */
+ #define YYNNTS  105
+ /* YYNRULES -- Number of rules.  */
+-#define YYNRULES  313
+-/* YYNSTATES -- Number of states.  */
+-#define YYNSTATES  419
++#define YYNRULES  316
++/* YYNRULES -- Number of states.  */
++#define YYNSTATES  422
+ 
+-/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned
+-   by yylex, with out-of-bounds checking.  */
++/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+ #define YYUNDEFTOK  2
+-#define YYMAXUTOK   448
++#define YYMAXUTOK   451
+ 
+-#define YYTRANSLATE(YYX)                                                \
++#define YYTRANSLATE(YYX)						\
+   ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+ 
+-/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM
+-   as returned by yylex, without out-of-bounds checking.  */
++/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+ static const yytype_uint8 yytranslate[] =
+ {
+        0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+@@ -825,15 +835,15 @@ static const yytype_uint8 yytranslate[] =
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-     195,   196,     2,     2,     2,     2,     2,     2,     2,     2,
++     198,   199,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,   194,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,   197,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     2,     2,   197,     2,   198,     2,     2,     2,     2,
++       2,     2,     2,   200,     2,   201,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+@@ -865,45 +875,166 @@ static const yytype_uint8 yytranslate[] =
+      155,   156,   157,   158,   159,   160,   161,   162,   163,   164,
+      165,   166,   167,   168,   169,   170,   171,   172,   173,   174,
+      175,   176,   177,   178,   179,   180,   181,   182,   183,   184,
+-     185,   186,   187,   188,   189,   190,   191,   192,   193
++     185,   186,   187,   188,   189,   190,   191,   192,   193,   194,
++     195,   196
+ };
+ 
+ #if YYDEBUG
+-  /* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
++/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
++   YYRHS.  */
++static const yytype_uint16 yyprhs[] =
++{
++       0,     0,     3,     5,     9,    12,    15,    16,    18,    20,
++      22,    24,    26,    28,    30,    32,    34,    36,    38,    40,
++      42,    46,    48,    50,    52,    54,    56,    58,    61,    63,
++      65,    67,    68,    71,    73,    75,    77,    79,    81,    83,
++      85,    87,    89,    91,    93,    95,    98,   101,   103,   105,
++     107,   109,   111,   113,   116,   118,   121,   123,   125,   127,
++     130,   133,   136,   139,   142,   145,   148,   151,   154,   157,
++     160,   163,   164,   167,   170,   173,   175,   177,   179,   181,
++     183,   186,   189,   191,   194,   197,   200,   202,   204,   206,
++     208,   210,   212,   214,   216,   218,   220,   223,   226,   230,
++     233,   235,   237,   239,   241,   243,   245,   247,   249,   251,
++     252,   255,   258,   261,   263,   265,   267,   269,   271,   273,
++     275,   277,   279,   281,   283,   285,   287,   290,   293,   297,
++     303,   307,   312,   317,   321,   322,   325,   327,   329,   331,
++     333,   335,   337,   339,   341,   343,   345,   347,   349,   351,
++     353,   355,   358,   360,   363,   365,   367,   369,   372,   374,
++     377,   379,   381,   383,   385,   387,   389,   391,   393,   397,
++     400,   402,   405,   408,   411,   414,   417,   419,   421,   423,
++     425,   427,   429,   432,   435,   437,   440,   442,   444,   446,
++     449,   452,   455,   457,   459,   461,   463,   465,   467,   469,
++     471,   473,   475,   477,   479,   481,   483,   486,   489,   491,
++     494,   496,   498,   500,   502,   504,   506,   508,   510,   512,
++     514,   516,   518,   521,   524,   527,   530,   534,   536,   539,
++     542,   545,   548,   552,   555,   557,   559,   561,   563,   565,
++     567,   569,   571,   573,   575,   577,   580,   581,   586,   588,
++     589,   590,   593,   596,   599,   602,   604,   606,   610,   614,
++     616,   618,   620,   622,   624,   626,   628,   630,   632,   635,
++     638,   640,   642,   644,   646,   648,   650,   652,   654,   657,
++     659,   662,   664,   666,   668,   674,   677,   679,   682,   684,
++     686,   688,   690,   692,   694,   700,   702,   706,   709,   713,
++     715,   717,   720,   722,   728,   733,   737,   740,   742,   749,
++     753,   756,   760,   762,   764,   766,   768
++};
++
++/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
++static const yytype_int16 yyrhs[] =
++{
++     203,     0,    -1,   204,    -1,   204,   205,   186,    -1,   205,
++     186,    -1,     1,   186,    -1,    -1,   206,    -1,   219,    -1,
++     221,    -1,   222,    -1,   231,    -1,   239,    -1,   226,    -1,
++     248,    -1,   253,    -1,   257,    -1,   262,    -1,   266,    -1,
++     293,    -1,   207,   208,   211,    -1,   146,    -1,   131,    -1,
++     126,    -1,    14,    -1,    84,    -1,   209,    -1,   210,   158,
++      -1,   158,    -1,    66,    -1,    68,    -1,    -1,   211,   212,
++      -1,   213,    -1,   215,    -1,   217,    -1,   214,    -1,     9,
++      -1,    17,    -1,    53,    -1,   116,    -1,   133,    -1,   134,
++      -1,   169,    -1,   183,    -1,   216,    61,    -1,   216,   173,
++      -1,    70,    -1,   100,    -1,    92,    -1,   171,    -1,   102,
++      -1,   179,    -1,   218,   158,    -1,    54,    -1,   220,   208,
++      -1,   177,    -1,   178,    -1,    15,    -1,    85,   290,    -1,
++     107,   290,    -1,    93,    61,    -1,    10,    61,    -1,    22,
++      61,    -1,    23,   223,    -1,    71,   158,    -1,    72,   158,
++      -1,   140,    61,    -1,   143,    61,    -1,   170,   286,    -1,
++     122,   158,    -1,    -1,   223,   224,    -1,   225,   158,    -1,
++     143,    61,    -1,    51,    -1,    54,    -1,   136,    -1,   137,
++      -1,    28,    -1,   167,   227,    -1,   227,   228,    -1,   228,
++      -1,   229,    61,    -1,   230,   292,    -1,    21,   291,    -1,
++      19,    -1,    48,    -1,   123,    -1,   124,    -1,   101,    -1,
++      13,    -1,    98,    -1,    90,    -1,    96,    -1,    88,    -1,
++     150,   232,    -1,   152,   158,    -1,    41,   233,   234,    -1,
++     232,   233,    -1,   233,    -1,    20,    -1,    24,    -1,    82,
++      -1,   127,    -1,   138,    -1,   160,    -1,   165,    -1,   135,
++      -1,    -1,   234,   235,    -1,    40,   158,    -1,   172,   238,
++      -1,   236,    -1,   237,    -1,    78,    -1,   109,    -1,    37,
++      -1,    29,    -1,   112,    -1,   129,    -1,    26,    -1,   181,
++      -1,   105,    -1,   184,    -1,     4,    -1,    30,   242,    -1,
++     106,   245,    -1,   142,   208,   240,    -1,   142,   209,    86,
++     209,   240,    -1,   142,    27,   240,    -1,   142,    66,    27,
++     240,    -1,   142,    68,    27,   240,    -1,   142,   148,   240,
++      -1,    -1,   240,   241,    -1,    47,    -1,    55,    -1,    73,
++      -1,    74,    -1,    77,    -1,    83,    -1,   110,    -1,   111,
++      -1,   114,    -1,   115,    -1,   117,    -1,   118,    -1,   119,
++      -1,   121,    -1,   179,    -1,   242,   243,    -1,   243,    -1,
++     244,    61,    -1,    11,    -1,    99,    -1,   104,    -1,   245,
++     246,    -1,   246,    -1,   247,    61,    -1,    56,    -1,    57,
++      -1,    58,    -1,    59,    -1,    87,    -1,    89,    -1,    91,
++      -1,    97,    -1,    50,   208,   249,    -1,   249,   250,    -1,
++     250,    -1,   251,   292,    -1,   252,   291,    -1,   157,    61,
++      -1,     3,   158,    -1,   139,   158,    -1,   162,    -1,   163,
++      -1,    43,    -1,    44,    -1,    45,    -1,    46,    -1,   144,
++     254,    -1,   254,   255,    -1,   255,    -1,   256,    61,    -1,
++      95,    -1,   149,    -1,    42,    -1,    37,   258,    -1,    29,
++     258,    -1,   258,   259,    -1,   259,    -1,   260,    -1,   261,
++      -1,     8,    -1,    12,    -1,    18,    -1,    69,    -1,   104,
++      -1,   120,    -1,   103,    -1,   151,    -1,   174,    -1,   175,
++      -1,   176,    -1,   166,   263,    -1,   263,   264,    -1,   264,
++      -1,   265,   292,    -1,     6,    -1,    31,    -1,    49,    -1,
++      52,    -1,   125,    -1,   153,    -1,   154,    -1,   155,    -1,
++     156,    -1,   161,    -1,   278,    -1,   282,    -1,   267,   292,
++      -1,   268,    61,    -1,   269,   158,    -1,   270,   158,    -1,
++      60,   158,   205,    -1,    38,    -1,    33,   271,    -1,    80,
++     276,    -1,   128,   289,    -1,   147,   272,    -1,   168,   209,
++     274,    -1,   171,   285,    -1,    16,    -1,   113,    -1,   161,
++      -1,    35,    -1,    76,    -1,    54,    -1,    75,    -1,    81,
++      -1,   130,    -1,   145,    -1,   158,    -1,   158,    32,    -1,
++      -1,   158,   197,   158,   273,    -1,    27,    -1,    -1,    -1,
++     274,   275,    -1,   132,    61,    -1,    62,   209,    -1,   276,
++     277,    -1,   277,    -1,   158,    -1,   279,   281,   280,    -1,
++     279,   281,   158,    -1,    62,    -1,   108,    -1,     5,    -1,
++      65,    -1,    67,    -1,   182,    -1,    79,    -1,    55,    -1,
++      34,    -1,   141,   283,    -1,   283,   284,    -1,   284,    -1,
++       7,    -1,     8,    -1,    25,    -1,    64,    -1,    94,    -1,
++     159,    -1,   164,    -1,   285,    61,    -1,    61,    -1,   286,
++     287,    -1,   287,    -1,    61,    -1,   288,    -1,   198,    61,
++      36,    61,   199,    -1,   289,   158,    -1,   158,    -1,   290,
++     208,    -1,   208,    -1,    61,    -1,   169,    -1,    39,    -1,
++      61,    -1,    32,    -1,   294,   200,   295,   298,   201,    -1,
++     187,    -1,   295,   296,   186,    -1,   296,   186,    -1,   297,
++     197,   292,    -1,   188,    -1,   189,    -1,   298,   299,    -1,
++     299,    -1,   301,   200,   300,   302,   201,    -1,   190,   197,
++     292,   186,    -1,   146,   197,   208,    -1,   302,   303,    -1,
++     303,    -1,   191,   197,   292,   200,   304,   201,    -1,   304,
++     305,   186,    -1,   305,   186,    -1,   306,   197,   292,    -1,
++     192,    -1,   193,    -1,   194,    -1,   195,    -1,   196,    -1
++};
++
++/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+ static const yytype_uint16 yyrline[] =
+ {
+-       0,   366,   366,   370,   371,   372,   387,   388,   389,   390,
+-     391,   392,   393,   394,   395,   396,   397,   398,   399,   400,
+-     408,   418,   419,   420,   421,   422,   426,   427,   432,   437,
+-     439,   445,   446,   454,   455,   456,   460,   465,   466,   467,
+-     468,   469,   470,   471,   472,   476,   478,   483,   484,   485,
+-     486,   487,   488,   492,   497,   506,   516,   517,   527,   529,
+-     531,   533,   544,   551,   553,   558,   560,   562,   564,   566,
+-     575,   581,   582,   590,   592,   604,   605,   606,   607,   608,
+-     617,   622,   627,   635,   637,   639,   644,   645,   646,   647,
+-     648,   649,   653,   654,   655,   656,   665,   667,   676,   686,
+-     691,   699,   700,   701,   702,   703,   704,   705,   706,   711,
+-     712,   720,   730,   739,   754,   759,   760,   764,   765,   769,
+-     770,   771,   772,   773,   774,   775,   784,   788,   792,   800,
+-     808,   816,   831,   846,   859,   860,   868,   869,   870,   871,
+-     872,   873,   874,   875,   876,   877,   878,   879,   880,   881,
+-     882,   886,   891,   899,   904,   905,   906,   910,   915,   923,
+-     928,   929,   930,   931,   932,   933,   934,   935,   943,   953,
+-     958,   966,   968,   970,   979,   981,   986,   987,   991,   992,
+-     993,   994,  1002,  1007,  1012,  1020,  1025,  1026,  1027,  1036,
+-    1038,  1043,  1048,  1056,  1058,  1075,  1076,  1077,  1078,  1079,
+-    1080,  1084,  1085,  1093,  1098,  1103,  1111,  1116,  1117,  1118,
+-    1119,  1120,  1121,  1122,  1123,  1124,  1125,  1134,  1135,  1136,
+-    1143,  1150,  1157,  1173,  1192,  1194,  1196,  1198,  1200,  1202,
+-    1209,  1214,  1215,  1216,  1220,  1224,  1233,  1234,  1238,  1239,
+-    1240,  1244,  1255,  1269,  1281,  1286,  1288,  1293,  1294,  1302,
+-    1304,  1312,  1317,  1325,  1350,  1357,  1367,  1368,  1372,  1373,
+-    1374,  1375,  1379,  1380,  1381,  1385,  1390,  1395,  1403,  1404,
+-    1405,  1406,  1407,  1408,  1409,  1419,  1424,  1432,  1437,  1445,
+-    1447,  1451,  1456,  1461,  1469,  1474,  1482,  1491,  1492,  1496,
+-    1497,  1506,  1524,  1528,  1533,  1541,  1546,  1547,  1551,  1556,
+-    1564,  1569,  1574,  1579,  1584,  1592,  1597,  1602,  1610,  1615,
+-    1616,  1617,  1618,  1619
++       0,   369,   369,   373,   374,   375,   390,   391,   392,   393,
++     394,   395,   396,   397,   398,   399,   400,   401,   402,   403,
++     411,   421,   422,   423,   424,   425,   429,   430,   435,   440,
++     442,   448,   449,   457,   458,   459,   463,   468,   469,   470,
++     471,   472,   473,   474,   475,   479,   481,   486,   487,   488,
++     489,   490,   491,   495,   500,   509,   519,   520,   530,   532,
++     534,   536,   547,   554,   556,   561,   563,   565,   567,   569,
++     578,   584,   585,   593,   595,   607,   608,   609,   610,   611,
++     620,   625,   630,   638,   640,   642,   647,   648,   649,   650,
++     651,   652,   656,   657,   658,   659,   668,   670,   679,   689,
++     694,   702,   703,   704,   705,   706,   707,   708,   709,   714,
++     715,   723,   733,   742,   757,   762,   763,   767,   768,   772,
++     773,   774,   775,   776,   777,   778,   787,   791,   795,   803,
++     811,   819,   834,   849,   862,   863,   871,   872,   873,   874,
++     875,   876,   877,   878,   879,   880,   881,   882,   883,   884,
++     885,   889,   894,   902,   907,   908,   909,   913,   918,   926,
++     931,   932,   933,   934,   935,   936,   937,   938,   946,   956,
++     961,   969,   971,   973,   982,   984,   989,   990,   994,   995,
++     996,   997,  1005,  1010,  1015,  1023,  1028,  1029,  1030,  1039,
++    1041,  1046,  1051,  1059,  1061,  1078,  1079,  1080,  1081,  1082,
++    1083,  1087,  1088,  1089,  1090,  1091,  1099,  1104,  1109,  1117,
++    1122,  1123,  1124,  1125,  1126,  1127,  1128,  1129,  1130,  1131,
++    1140,  1141,  1142,  1149,  1156,  1163,  1179,  1198,  1200,  1202,
++    1204,  1206,  1208,  1215,  1220,  1221,  1222,  1226,  1230,  1239,
++    1240,  1244,  1245,  1246,  1250,  1261,  1275,  1287,  1292,  1294,
++    1299,  1300,  1308,  1310,  1318,  1323,  1331,  1356,  1363,  1373,
++    1374,  1378,  1379,  1380,  1381,  1385,  1386,  1387,  1391,  1396,
++    1401,  1409,  1410,  1411,  1412,  1413,  1414,  1415,  1425,  1430,
++    1438,  1443,  1451,  1453,  1457,  1462,  1467,  1475,  1480,  1488,
++    1497,  1498,  1502,  1503,  1512,  1530,  1534,  1539,  1547,  1552,
++    1553,  1557,  1562,  1570,  1575,  1580,  1585,  1590,  1598,  1603,
++    1608,  1616,  1621,  1622,  1623,  1624,  1625
+ };
+ #endif
+ 
+@@ -944,29 +1075,29 @@ static const char *const yytname[] =
+   "T_Step", "T_Stepback", "T_Stepfwd", "T_Stepout", "T_Stratum",
+   "T_String", "T_Sys", "T_Sysstats", "T_Tick", "T_Time1", "T_Time2",
+   "T_Timer", "T_Timingstats", "T_Tinker", "T_Tos", "T_Trap", "T_True",
+-  "T_Trustedkey", "T_Ttl", "T_Type", "T_U_int", "T_Unconfig", "T_Unpeer",
+-  "T_Version", "T_WanderThreshold", "T_Week", "T_Wildcard", "T_Xleave",
+-  "T_Year", "T_Flag", "T_EOC", "T_Simulate", "T_Beep_Delay",
+-  "T_Sim_Duration", "T_Server_Offset", "T_Duration", "T_Freq_Offset",
+-  "T_Wander", "T_Jitter", "T_Prop_Delay", "T_Proc_Delay", "'='", "'('",
+-  "')'", "'{'", "'}'", "$accept", "configuration", "command_list",
+-  "command", "server_command", "client_type", "address", "ip_address",
+-  "address_fam", "option_list", "option", "option_flag",
+-  "option_flag_keyword", "option_int", "option_int_keyword", "option_str",
+-  "option_str_keyword", "unpeer_command", "unpeer_keyword",
+-  "other_mode_command", "authentication_command", "crypto_command_list",
+-  "crypto_command", "crypto_str_keyword", "orphan_mode_command",
+-  "tos_option_list", "tos_option", "tos_option_int_keyword",
+-  "tos_option_dbl_keyword", "monitoring_command", "stats_list", "stat",
+-  "filegen_option_list", "filegen_option", "link_nolink", "enable_disable",
+-  "filegen_type", "access_control_command", "ac_flag_list",
+-  "access_control_flag", "discard_option_list", "discard_option",
+-  "discard_option_keyword", "mru_option_list", "mru_option",
+-  "mru_option_keyword", "fudge_command", "fudge_factor_list",
+-  "fudge_factor", "fudge_factor_dbl_keyword", "fudge_factor_bool_keyword",
+-  "rlimit_command", "rlimit_option_list", "rlimit_option",
+-  "rlimit_option_keyword", "system_option_command", "system_option_list",
+-  "system_option", "system_option_flag_keyword",
++  "T_Trustedkey", "T_Ttl", "T_Type", "T_U_int", "T_UEcrypto",
++  "T_UEcryptonak", "T_UEdigest", "T_Unconfig", "T_Unpeer", "T_Version",
++  "T_WanderThreshold", "T_Week", "T_Wildcard", "T_Xleave", "T_Year",
++  "T_Flag", "T_EOC", "T_Simulate", "T_Beep_Delay", "T_Sim_Duration",
++  "T_Server_Offset", "T_Duration", "T_Freq_Offset", "T_Wander", "T_Jitter",
++  "T_Prop_Delay", "T_Proc_Delay", "'='", "'('", "')'", "'{'", "'}'",
++  "$accept", "configuration", "command_list", "command", "server_command",
++  "client_type", "address", "ip_address", "address_fam", "option_list",
++  "option", "option_flag", "option_flag_keyword", "option_int",
++  "option_int_keyword", "option_str", "option_str_keyword",
++  "unpeer_command", "unpeer_keyword", "other_mode_command",
++  "authentication_command", "crypto_command_list", "crypto_command",
++  "crypto_str_keyword", "orphan_mode_command", "tos_option_list",
++  "tos_option", "tos_option_int_keyword", "tos_option_dbl_keyword",
++  "monitoring_command", "stats_list", "stat", "filegen_option_list",
++  "filegen_option", "link_nolink", "enable_disable", "filegen_type",
++  "access_control_command", "ac_flag_list", "access_control_flag",
++  "discard_option_list", "discard_option", "discard_option_keyword",
++  "mru_option_list", "mru_option", "mru_option_keyword", "fudge_command",
++  "fudge_factor_list", "fudge_factor", "fudge_factor_dbl_keyword",
++  "fudge_factor_bool_keyword", "rlimit_command", "rlimit_option_list",
++  "rlimit_option", "rlimit_option_keyword", "system_option_command",
++  "system_option_list", "system_option", "system_option_flag_keyword",
+   "system_option_local_flag_keyword", "tinker_command",
+   "tinker_option_list", "tinker_option", "tinker_option_keyword",
+   "miscellaneous_command", "misc_cmd_dbl_keyword", "misc_cmd_int_keyword",
+@@ -981,13 +1112,13 @@ static const char *const yytname[] =
+   "sim_init_statement_list", "sim_init_statement", "sim_init_keyword",
+   "sim_server_list", "sim_server", "sim_server_offset", "sim_server_name",
+   "sim_act_list", "sim_act", "sim_act_stmt_list", "sim_act_stmt",
+-  "sim_act_keyword", YY_NULLPTR
++  "sim_act_keyword", YY_NULL
+ };
+ #endif
+ 
+ # ifdef YYPRINT
+-/* YYTOKNUM[NUM] -- (External) token number corresponding to the
+-   (internal) symbol number NUM (which must be that of a token).  */
++/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
++   token YYLEX-NUM.  */
+ static const yytype_uint16 yytoknum[] =
+ {
+        0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+@@ -1009,292 +1140,363 @@ static const yytype_uint16 yytoknum[] =
+      415,   416,   417,   418,   419,   420,   421,   422,   423,   424,
+      425,   426,   427,   428,   429,   430,   431,   432,   433,   434,
+      435,   436,   437,   438,   439,   440,   441,   442,   443,   444,
+-     445,   446,   447,   448,    61,    40,    41,   123,   125
++     445,   446,   447,   448,   449,   450,   451,    61,    40,    41,
++     123,   125
+ };
+ # endif
+ 
+-#define YYPACT_NINF -185
++/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
++static const yytype_uint16 yyr1[] =
++{
++       0,   202,   203,   204,   204,   204,   205,   205,   205,   205,
++     205,   205,   205,   205,   205,   205,   205,   205,   205,   205,
++     206,   207,   207,   207,   207,   207,   208,   208,   209,   210,
++     210,   211,   211,   212,   212,   212,   213,   214,   214,   214,
++     214,   214,   214,   214,   214,   215,   215,   216,   216,   216,
++     216,   216,   216,   217,   218,   219,   220,   220,   221,   221,
++     221,   221,   222,   222,   222,   222,   222,   222,   222,   222,
++     222,   223,   223,   224,   224,   225,   225,   225,   225,   225,
++     226,   227,   227,   228,   228,   228,   229,   229,   229,   229,
++     229,   229,   230,   230,   230,   230,   231,   231,   231,   232,
++     232,   233,   233,   233,   233,   233,   233,   233,   233,   234,
++     234,   235,   235,   235,   235,   236,   236,   237,   237,   238,
++     238,   238,   238,   238,   238,   238,   239,   239,   239,   239,
++     239,   239,   239,   239,   240,   240,   241,   241,   241,   241,
++     241,   241,   241,   241,   241,   241,   241,   241,   241,   241,
++     241,   242,   242,   243,   244,   244,   244,   245,   245,   246,
++     247,   247,   247,   247,   247,   247,   247,   247,   248,   249,
++     249,   250,   250,   250,   250,   250,   251,   251,   252,   252,
++     252,   252,   253,   254,   254,   255,   256,   256,   256,   257,
++     257,   258,   258,   259,   259,   260,   260,   260,   260,   260,
++     260,   261,   261,   261,   261,   261,   262,   263,   263,   264,
++     265,   265,   265,   265,   265,   265,   265,   265,   265,   265,
++     266,   266,   266,   266,   266,   266,   266,   266,   266,   266,
++     266,   266,   266,   266,   267,   267,   267,   268,   268,   269,
++     269,   270,   270,   270,   271,   271,   271,   272,   273,   273,
++     274,   274,   275,   275,   276,   276,   277,   278,   278,   279,
++     279,   280,   280,   280,   280,   281,   281,   281,   282,   283,
++     283,   284,   284,   284,   284,   284,   284,   284,   285,   285,
++     286,   286,   287,   287,   288,   289,   289,   290,   290,   291,
++     291,   291,   292,   292,   293,   294,   295,   295,   296,   297,
++     297,   298,   298,   299,   300,   301,   302,   302,   303,   304,
++     304,   305,   306,   306,   306,   306,   306
++};
+ 
+-#define yypact_value_is_default(Yystate) \
+-  (!!((Yystate) == (-185)))
+-
+-#define YYTABLE_NINF -7
+-
+-#define yytable_value_is_error(Yytable_value) \
+-  0
+-
+-  /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+-     STATE-NUM.  */
+-static const yytype_int16 yypact[] =
++/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
++static const yytype_uint8 yyr2[] =
+ {
+-      78,  -169,   -34,  -185,  -185,  -185,   -29,  -185,    17,    43,
+-    -124,  -185,    17,  -185,    -5,   -27,  -185,  -121,  -185,  -112,
+-    -110,  -185,  -185,  -100,  -185,  -185,   -27,     0,   116,   -27,
+-    -185,  -185,   -91,  -185,   -89,  -185,  -185,    11,    35,    30,
+-      13,    31,  -185,  -185,   -83,    -5,   -78,  -185,   186,   523,
+-     -76,   -56,    15,  -185,  -185,  -185,    83,   244,   -99,  -185,
+-     -27,  -185,   -27,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,   -12,    24,   -71,   -69,  -185,   -11,  -185,
+-    -185,  -107,  -185,  -185,  -185,     8,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,    17,  -185,  -185,  -185,  -185,  -185,
+-    -185,    43,  -185,    34,    59,  -185,    17,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,     7,
+-    -185,   -61,   407,  -185,  -185,  -185,  -100,  -185,  -185,   -27,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,   116,
+-    -185,    44,   -27,  -185,  -185,   -52,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,    35,  -185,  -185,    85,    96,  -185,
+-    -185,    39,  -185,  -185,  -185,  -185,    31,  -185,    75,   -46,
+-    -185,    -5,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,   186,  -185,   -12,  -185,  -185,   -35,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,   523,  -185,
+-      82,   -12,  -185,  -185,    91,   -56,  -185,  -185,  -185,   100,
+-    -185,   -26,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,    -2,  -130,  -185,  -185,  -185,  -185,
+-    -185,   105,  -185,     9,  -185,  -185,  -185,  -185,    -7,    18,
+-    -185,  -185,  -185,  -185,    25,   121,  -185,  -185,     7,  -185,
+-     -12,   -35,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-     391,  -185,  -185,   391,   391,   -76,  -185,  -185,    29,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,   -51,
+-     153,  -185,  -185,  -185,   464,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,   -82,    14,     1,  -185,  -185,  -185,  -185,
+-      38,  -185,  -185,    12,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,   391,
+-     391,  -185,   171,   -76,   140,  -185,   141,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,   -55,  -185,    53,    20,
+-      33,  -128,  -185,    32,  -185,   -12,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,   391,  -185,  -185,  -185,  -185,
+-      16,  -185,  -185,  -185,   -27,  -185,  -185,  -185,    46,  -185,
+-    -185,  -185,    37,    48,   -12,    40,  -167,  -185,    54,   -12,
+-    -185,  -185,  -185,    45,    79,  -185,  -185,  -185,  -185,  -185,
+-      98,    57,    47,  -185,    60,  -185,   -12,  -185,  -185
++       0,     2,     1,     3,     2,     2,     0,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       3,     1,     1,     1,     1,     1,     1,     2,     1,     1,
++       1,     0,     2,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     2,     2,     1,     1,     1,
++       1,     1,     1,     2,     1,     2,     1,     1,     1,     2,
++       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
++       2,     0,     2,     2,     2,     1,     1,     1,     1,     1,
++       2,     2,     1,     2,     2,     2,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     2,     2,     3,     2,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     0,
++       2,     2,     2,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     2,     2,     3,     5,
++       3,     4,     4,     3,     0,     2,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     2,     1,     2,     1,     1,     1,     2,     1,     2,
++       1,     1,     1,     1,     1,     1,     1,     1,     3,     2,
++       1,     2,     2,     2,     2,     2,     1,     1,     1,     1,
++       1,     1,     2,     2,     1,     2,     1,     1,     1,     2,
++       2,     2,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     1,     2,     2,     1,     2,
++       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
++       1,     1,     2,     2,     2,     2,     3,     1,     2,     2,
++       2,     2,     3,     2,     1,     1,     1,     1,     1,     1,
++       1,     1,     1,     1,     1,     2,     0,     4,     1,     0,
++       0,     2,     2,     2,     2,     1,     1,     3,     3,     1,
++       1,     1,     1,     1,     1,     1,     1,     1,     2,     2,
++       1,     1,     1,     1,     1,     1,     1,     1,     2,     1,
++       2,     1,     1,     1,     5,     2,     1,     2,     1,     1,
++       1,     1,     1,     1,     5,     1,     3,     2,     3,     1,
++       1,     2,     1,     5,     4,     3,     2,     1,     6,     3,
++       2,     3,     1,     1,     1,     1,     1
+ };
+ 
+-  /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
+-     Performed when YYTABLE does not specify something else to do.  Zero
+-     means the default is an error.  */
++/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM.
++   Performed when YYTABLE doesn't specify something else to do.  Zero
++   means the default is an error.  */
+ static const yytype_uint16 yydefact[] =
+ {
+-       0,     0,     0,    24,    58,   231,     0,    71,     0,     0,
+-     243,   234,     0,   224,     0,     0,   236,     0,   256,     0,
+-       0,   237,   235,     0,   238,    25,     0,     0,     0,     0,
+-     257,   232,     0,    23,     0,   239,    22,     0,     0,     0,
+-       0,     0,   240,    21,     0,     0,     0,   233,     0,     0,
+-       0,     0,     0,    56,    57,   292,     0,     2,     0,     7,
++       0,     0,     0,    24,    58,   234,     0,    71,     0,     0,
++     246,   237,     0,   227,     0,     0,   239,     0,   259,     0,
++       0,   240,   238,     0,   241,    25,     0,     0,     0,     0,
++     260,   235,     0,    23,     0,   242,    22,     0,     0,     0,
++       0,     0,   243,    21,     0,     0,     0,   236,     0,     0,
++       0,     0,     0,    56,    57,   295,     0,     2,     0,     7,
+        0,     8,     0,     9,    10,    13,    11,    12,    14,    15,
+-      16,    17,    18,     0,     0,     0,     0,   217,     0,   218,
++      16,    17,    18,     0,     0,     0,     0,   220,     0,   221,
+       19,     0,     5,    62,    63,    64,   195,   196,   197,   198,
+-     201,   199,   200,   202,   190,   192,   193,   194,   154,   155,
+-     156,   126,   152,     0,   241,   225,   189,   101,   102,   103,
+-     104,   108,   105,   106,   107,   109,    29,    30,    28,     0,
+-      26,     0,     6,    65,    66,   253,   226,   252,   285,    59,
+-      61,   160,   161,   162,   163,   164,   165,   166,   167,   127,
+-     158,     0,    60,    70,   283,   227,    67,   268,   269,   270,
+-     271,   272,   273,   274,   265,   267,   134,    29,    30,   134,
+-     134,    26,    68,   188,   186,   187,   182,   184,     0,     0,
+-     228,    96,   100,    97,   207,   208,   209,   210,   211,   212,
+-     213,   214,   215,   216,   203,   205,     0,    91,    86,     0,
+-      87,    95,    93,    94,    92,    90,    88,    89,    80,    82,
+-       0,     0,   247,   279,     0,    69,   278,   280,   276,   230,
+-       1,     0,     4,    31,    55,   290,   289,   219,   220,   221,
+-     222,   264,   263,   262,     0,     0,    79,    75,    76,    77,
+-      78,     0,    72,     0,   191,   151,   153,   242,    98,     0,
+-     178,   179,   180,   181,     0,     0,   176,   177,   168,   170,
+-       0,     0,    27,   223,   251,   284,   157,   159,   282,   266,
+-     130,   134,   134,   133,   128,     0,   183,   185,     0,    99,
+-     204,   206,   288,   286,   287,    85,    81,    83,    84,   229,
+-       0,   277,   275,     3,    20,   258,   259,   260,   255,   261,
+-     254,   296,   297,     0,     0,     0,    74,    73,   118,   117,
+-       0,   115,   116,     0,   110,   113,   114,   174,   175,   173,
+-     169,   171,   172,   136,   137,   138,   139,   140,   141,   142,
+-     143,   144,   145,   146,   147,   148,   149,   150,   135,   131,
+-     132,   134,   246,     0,     0,   248,     0,    37,    38,    39,
+-      54,    47,    49,    48,    51,    40,    41,    42,    43,    50,
+-      52,    44,    32,    33,    36,    34,     0,    35,     0,     0,
+-       0,     0,   299,     0,   294,     0,   111,   125,   121,   123,
+-     119,   120,   122,   124,   112,   129,   245,   244,   250,   249,
+-       0,    45,    46,    53,     0,   293,   291,   298,     0,   295,
+-     281,   302,     0,     0,     0,     0,     0,   304,     0,     0,
+-     300,   303,   301,     0,     0,   309,   310,   311,   312,   313,
+-       0,     0,     0,   305,     0,   307,     0,   306,   308
++     201,   199,   200,   202,   203,   204,   205,   190,   192,   193,
++     194,   154,   155,   156,   126,   152,     0,   244,   228,   189,
++     101,   102,   103,   104,   108,   105,   106,   107,   109,    29,
++      30,    28,     0,    26,     0,     6,    65,    66,   256,   229,
++     255,   288,    59,    61,   160,   161,   162,   163,   164,   165,
++     166,   167,   127,   158,     0,    60,    70,   286,   230,    67,
++     271,   272,   273,   274,   275,   276,   277,   268,   270,   134,
++      29,    30,   134,   134,    26,    68,   188,   186,   187,   182,
++     184,     0,     0,   231,    96,   100,    97,   210,   211,   212,
++     213,   214,   215,   216,   217,   218,   219,   206,   208,     0,
++      91,    86,     0,    87,    95,    93,    94,    92,    90,    88,
++      89,    80,    82,     0,     0,   250,   282,     0,    69,   281,
++     283,   279,   233,     1,     0,     4,    31,    55,   293,   292,
++     222,   223,   224,   225,   267,   266,   265,     0,     0,    79,
++      75,    76,    77,    78,     0,    72,     0,   191,   151,   153,
++     245,    98,     0,   178,   179,   180,   181,     0,     0,   176,
++     177,   168,   170,     0,     0,    27,   226,   254,   287,   157,
++     159,   285,   269,   130,   134,   134,   133,   128,     0,   183,
++     185,     0,    99,   207,   209,   291,   289,   290,    85,    81,
++      83,    84,   232,     0,   280,   278,     3,    20,   261,   262,
++     263,   258,   264,   257,   299,   300,     0,     0,     0,    74,
++      73,   118,   117,     0,   115,   116,     0,   110,   113,   114,
++     174,   175,   173,   169,   171,   172,   136,   137,   138,   139,
++     140,   141,   142,   143,   144,   145,   146,   147,   148,   149,
++     150,   135,   131,   132,   134,   249,     0,     0,   251,     0,
++      37,    38,    39,    54,    47,    49,    48,    51,    40,    41,
++      42,    43,    50,    52,    44,    32,    33,    36,    34,     0,
++      35,     0,     0,     0,     0,   302,     0,   297,     0,   111,
++     125,   121,   123,   119,   120,   122,   124,   112,   129,   248,
++     247,   253,   252,     0,    45,    46,    53,     0,   296,   294,
++     301,     0,   298,   284,   305,     0,     0,     0,     0,     0,
++     307,     0,     0,   303,   306,   304,     0,     0,   312,   313,
++     314,   315,   316,     0,     0,     0,   308,     0,   310,     0,
++     309,   311
+ };
+ 
+-  /* YYPGOTO[NTERM-NUM].  */
+-static const yytype_int16 yypgoto[] =
++/* YYDEFGOTO[NTERM-NUM].  */
++static const yytype_int16 yydefgoto[] =
+ {
+-    -185,  -185,  -185,   -44,  -185,  -185,   -15,   -38,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,  -185,    28,  -185,  -185,  -185,
+-    -185,   -36,  -185,  -185,  -185,  -185,  -185,  -185,  -152,  -185,
+-    -185,   146,  -185,  -185,   111,  -185,  -185,  -185,     3,  -185,
+-    -185,  -185,  -185,    89,  -185,  -185,   245,   -66,  -185,  -185,
+-    -185,  -185,    72,  -185,  -185,  -185,  -185,  -185,  -185,  -185,
+-    -185,  -185,  -185,  -185,  -185,   137,  -185,  -185,  -185,  -185,
+-    -185,  -185,   110,  -185,  -185,    70,  -185,  -185,   236,    27,
+-    -184,  -185,  -185,  -185,   -17,  -185,  -185,   -81,  -185,  -185,
+-    -185,  -113,  -185,  -126,  -185
++      -1,    56,    57,    58,    59,    60,   131,   123,   124,   287,
++     355,   356,   357,   358,   359,   360,   361,    61,    62,    63,
++      64,    85,   235,   236,    65,   201,   202,   203,   204,    66,
++     174,   118,   241,   307,   308,   309,   377,    67,   263,   331,
++     104,   105,   106,   142,   143,   144,    68,   251,   252,   253,
++     254,    69,   169,   170,   171,    70,    97,    98,    99,   100,
++      71,   187,   188,   189,    72,    73,    74,    75,    76,   108,
++     173,   380,   282,   338,   129,   130,    77,    78,   293,   227,
++      79,   157,   158,   212,   208,   209,   210,   148,   132,   278,
++     220,    80,    81,   296,   297,   298,   364,   365,   396,   366,
++     399,   400,   413,   414,   415
+ };
+ 
+-  /* YYDEFGOTO[NTERM-NUM].  */
+-static const yytype_int16 yydefgoto[] =
++/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
++   STATE-NUM.  */
++#define YYPACT_NINF -188
++static const yytype_int16 yypact[] =
+ {
+-      -1,    56,    57,    58,    59,    60,   128,   120,   121,   284,
+-     352,   353,   354,   355,   356,   357,   358,    61,    62,    63,
+-      64,    85,   232,   233,    65,   198,   199,   200,   201,    66,
+-     171,   115,   238,   304,   305,   306,   374,    67,   260,   328,
+-     101,   102,   103,   139,   140,   141,    68,   248,   249,   250,
+-     251,    69,   166,   167,   168,    70,    94,    95,    96,    97,
+-      71,   184,   185,   186,    72,    73,    74,    75,    76,   105,
+-     170,   377,   279,   335,   126,   127,    77,    78,   290,   224,
+-      79,   154,   155,   209,   205,   206,   207,   145,   129,   275,
+-     217,    80,    81,   293,   294,   295,   361,   362,   393,   363,
+-     396,   397,   410,   411,   412
++       5,  -160,   -28,  -188,  -188,  -188,   -24,  -188,    60,     0,
++    -119,  -188,    60,  -188,   118,     7,  -188,  -117,  -188,  -110,
++    -108,  -188,  -188,  -101,  -188,  -188,     7,    -1,   345,     7,
++    -188,  -188,   -96,  -188,   -95,  -188,  -188,    21,    -3,    73,
++      33,    11,  -188,  -188,   -94,   118,   -61,  -188,    43,   446,
++     -57,   -58,    41,  -188,  -188,  -188,   105,   179,   -79,  -188,
++       7,  -188,     7,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,    -7,    48,   -48,   -39,  -188,    24,  -188,
++    -188,   -86,  -188,  -188,  -188,    42,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,    60,  -188,  -188,
++    -188,  -188,  -188,  -188,     0,  -188,    59,    89,  -188,    60,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,    80,  -188,     9,   338,  -188,  -188,  -188,  -101,
++    -188,  -188,     7,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,   345,  -188,    67,     7,  -188,  -188,    12,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,    -3,  -188,  -188,
++     107,   116,  -188,  -188,    83,  -188,  -188,  -188,  -188,    11,
++    -188,   113,   -20,  -188,   118,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,    43,  -188,    -7,
++    -188,  -188,   -25,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,   446,  -188,   127,    -7,  -188,  -188,   129,   -58,  -188,
++    -188,  -188,   142,  -188,    19,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,     4,  -158,  -188,
++    -188,  -188,  -188,  -188,   145,  -188,    49,  -188,  -188,  -188,
++    -188,   233,    55,  -188,  -188,  -188,  -188,    64,   157,  -188,
++    -188,    80,  -188,    -7,   -25,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,   445,  -188,  -188,   445,   445,   -57,  -188,
++    -188,    82,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,   -44,   202,  -188,  -188,  -188,   324,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,   -30,    58,    50,  -188,
++    -188,  -188,  -188,    88,  -188,  -188,     3,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,   445,   445,  -188,   221,   -57,   188,  -188,   191,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,   -51,
++    -188,    99,    61,    75,  -114,  -188,    65,  -188,    -7,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,   445,  -188,
++    -188,  -188,  -188,    68,  -188,  -188,  -188,     7,  -188,  -188,
++    -188,    76,  -188,  -188,  -188,    71,    78,    -7,    74,  -178,
++    -188,    90,    -7,  -188,  -188,  -188,    77,    32,  -188,  -188,
++    -188,  -188,  -188,   101,    93,    84,  -188,    94,  -188,    -7,
++    -188,  -188
+ };
+ 
+-  /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
+-     positive, shift that token.  If negative, reduce the rule whose
+-     number is the opposite.  If YYTABLE_NINF, syntax error.  */
++/* YYPGOTO[NTERM-NUM].  */
++static const yytype_int16 yypgoto[] =
++{
++    -188,  -188,  -188,   -41,  -188,  -188,   -15,   -38,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,  -188,    81,  -188,  -188,  -188,
++    -188,   -37,  -188,  -188,  -188,  -188,  -188,  -188,  -111,  -188,
++    -188,   170,  -188,  -188,   133,  -188,  -188,  -188,    37,  -188,
++    -188,  -188,  -188,   115,  -188,  -188,   277,   -53,  -188,  -188,
++    -188,  -188,   103,  -188,  -188,  -188,  -188,  -188,  -188,  -188,
++    -188,  -188,  -188,  -188,  -188,   162,  -188,  -188,  -188,  -188,
++    -188,  -188,   143,  -188,  -188,    91,  -188,  -188,   274,    52,
++    -187,  -188,  -188,  -188,     8,  -188,  -188,   -56,  -188,  -188,
++    -188,   -87,  -188,  -100,  -188
++};
++
++/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
++   positive, shift that token.  If negative, reduce the rule which
++   number is the opposite.  If YYTABLE_NINF, syntax error.  */
++#define YYTABLE_NINF -7
+ static const yytype_int16 yytable[] =
+ {
+-     119,   161,   271,   285,   272,   203,   381,   263,   264,   172,
+-     239,   333,   202,   211,    82,   107,   367,   278,   359,   108,
+-     215,   395,   298,   221,   160,    86,   273,    83,   234,    87,
+-     299,   400,    84,   300,   104,    88,   226,   122,   368,   116,
+-     234,   117,   147,   148,   222,   213,   123,   214,   124,   216,
+-     240,   241,   242,   243,    98,   291,   292,   156,   125,   227,
+-     149,   130,   228,   286,   359,   287,   311,   143,   223,   144,
+-     386,   301,   146,   163,   162,   169,   208,   109,   253,     1,
+-     173,   334,   118,   210,   212,   218,    89,   219,     2,   220,
+-     225,   237,     3,     4,     5,   236,   157,   252,   158,   150,
+-       6,     7,   302,   291,   292,   257,   258,     8,     9,   329,
+-     330,    10,   261,    11,   255,    12,    13,   369,   382,    14,
+-      90,    91,   110,   262,   370,   265,   164,   255,    15,   151,
+-     111,   118,    16,   112,   274,   269,   267,    92,    17,   204,
+-      18,   371,    99,   277,   229,   230,   244,   100,   268,    19,
+-      20,   231,   280,    21,    22,   113,   288,   283,    23,    24,
+-     114,   282,    25,    26,   245,   303,   296,   297,    93,   246,
+-     247,    27,   131,   132,   133,   134,   307,   289,   159,   375,
+-     165,   389,   309,   308,    28,    29,    30,   332,   118,   336,
+-     372,    31,   174,   373,   152,   365,   366,   364,   376,   153,
+-      32,   379,   380,   135,    33,   136,    34,   137,    35,    36,
+-     398,   383,   390,   138,   384,   403,   385,   175,    37,    38,
+-      39,    40,    41,    42,    43,    44,   276,   331,    45,   388,
+-      46,   394,   418,   392,   399,   176,   395,   402,   177,    47,
+-     415,   416,   404,   417,    48,    49,    50,   235,    51,    52,
+-     256,   310,    53,    54,     2,   266,   270,   106,     3,     4,
+-       5,    -6,    55,   254,   259,   142,     6,     7,   405,   406,
+-     407,   408,   409,     8,     9,   281,   360,    10,   312,    11,
+-     387,    12,    13,   401,   414,    14,     0,   405,   406,   407,
+-     408,   409,     0,     0,    15,   378,   413,     0,    16,     0,
+-       0,     0,     0,     0,    17,     0,    18,     0,     0,     0,
+-       0,   178,     0,     0,     0,    19,    20,     0,     0,    21,
+-      22,     0,     0,     0,    23,    24,     0,     0,    25,    26,
+-       0,     0,     0,     0,     0,     0,     0,    27,     0,   179,
+-     180,   181,   182,     0,     0,     0,     0,   183,     0,     0,
+-      28,    29,    30,     0,     0,     0,     0,    31,     0,     0,
+-       0,     0,     0,     0,     0,     0,    32,     0,     0,   391,
+-      33,     0,    34,     0,    35,    36,     0,     0,     0,     0,
+-       0,     0,     0,     0,    37,    38,    39,    40,    41,    42,
+-      43,    44,     0,     0,    45,     0,    46,     0,     0,     0,
+-       0,     0,     0,     0,     0,    47,     0,     0,     0,     0,
+-      48,    49,    50,     0,    51,    52,     0,     2,    53,    54,
+-       0,     3,     4,     5,     0,     0,     0,    -6,    55,     6,
+-       7,     0,     0,     0,     0,     0,     8,     9,   313,     0,
+-      10,     0,    11,     0,    12,    13,   314,     0,    14,     0,
+-       0,     0,     0,     0,     0,     0,     0,    15,     0,     0,
+-       0,    16,     0,     0,   315,   316,     0,    17,   317,    18,
+-       0,     0,     0,   337,   318,     0,     0,     0,    19,    20,
+-       0,   338,    21,    22,     0,     0,     0,    23,    24,     0,
+-       0,    25,    26,     0,     0,     0,     0,     0,     0,     0,
+-      27,   319,   320,     0,     0,   321,   322,     0,   323,   324,
+-     325,     0,   326,    28,    29,    30,     0,   339,   340,     0,
+-      31,     0,     0,     0,     0,     0,     0,     0,     0,    32,
+-       0,     0,     0,    33,   341,    34,   187,    35,    36,     0,
+-       0,     0,   188,     0,   189,     0,     0,    37,    38,    39,
+-      40,    41,    42,    43,    44,     0,   342,    45,     0,    46,
+-       0,     0,     0,     0,   343,     0,   344,   327,    47,     0,
+-       0,   190,     0,    48,    49,    50,     0,    51,    52,     0,
+-     345,    53,    54,     0,     0,     0,     0,     0,     0,     0,
+-       0,    55,     0,     0,     0,     0,     0,   346,   347,     0,
++     122,   164,   274,   206,   150,   151,     1,   370,   175,   288,
++     384,   101,   205,   398,   275,     2,   214,   281,   336,     3,
++       4,     5,   152,   403,   163,   218,    82,     6,     7,   371,
++     294,   295,   362,    83,     8,     9,   276,    84,    10,   107,
++      11,   125,    12,    13,   237,   216,    14,   217,   126,   177,
++     127,   266,   267,   166,   219,    15,   237,   128,   224,    16,
++     133,   153,   146,   147,   172,    17,   314,    18,    86,   289,
++     229,   290,    87,   119,   178,   120,    19,    20,    88,   225,
++      21,    22,   149,   242,   256,    23,    24,   389,   337,    25,
++      26,   154,   179,   230,   165,   180,   231,   176,    27,   102,
++     159,   121,   211,   226,   103,   213,   167,   215,   372,   221,
++     222,    28,    29,    30,   228,   373,   362,   258,    31,   223,
++     239,   240,   385,   243,   244,   245,   246,    32,   260,    89,
++     258,    33,   374,    34,   264,    35,    36,   272,   110,   160,
++     207,   161,   111,   265,   277,    37,    38,    39,    40,    41,
++      42,    43,    44,   332,   333,    45,   155,    46,   294,   295,
++     168,   156,   291,    90,    91,   121,    47,   255,   181,   268,
++     261,    48,    49,    50,   270,    51,    52,   271,   232,   233,
++      92,   392,    53,    54,   375,   234,   292,   376,   280,     2,
++     283,    -6,    55,     3,     4,     5,   182,   183,   184,   185,
++     112,     6,     7,   285,   186,   286,   299,   300,     8,     9,
++     401,    93,    10,   310,    11,   406,    12,    13,   312,   247,
++      14,   162,   311,   378,   408,   409,   410,   411,   412,    15,
++     334,   121,   421,    16,    94,    95,    96,   248,   339,    17,
++     335,    18,   249,   250,   367,   113,   369,   368,   379,   382,
++      19,    20,   383,   114,    21,    22,   115,   386,   387,    23,
++      24,   388,   301,    25,    26,   391,   395,   393,   397,   398,
++     302,   402,    27,   303,   238,   259,   405,   407,   116,   418,
++     420,   419,   279,   117,   269,    28,    29,    30,   313,   109,
++     273,   257,    31,   408,   409,   410,   411,   412,   381,   284,
++     262,    32,   416,   145,   363,    33,   315,    34,   390,    35,
++      36,   304,   404,   417,     0,     0,     0,     0,     0,    37,
++      38,    39,    40,    41,    42,    43,    44,     0,     0,    45,
++       0,    46,     0,   340,     0,     0,     0,     0,     0,     0,
++      47,   341,   305,     0,     0,    48,    49,    50,     2,    51,
++      52,     0,     3,     4,     5,     0,    53,    54,     0,     0,
++       6,     7,     0,     0,     0,    -6,    55,     8,     9,     0,
++       0,    10,   394,    11,     0,    12,    13,   342,   343,    14,
++       0,     0,     0,     0,     0,     0,     0,     0,    15,     0,
++       0,     0,    16,     0,   344,     0,     0,     0,    17,     0,
++      18,   134,   135,   136,   137,   306,     0,     0,     0,    19,
++      20,     0,     0,    21,    22,     0,   345,     0,    23,    24,
++       0,     0,    25,    26,   346,     0,   347,     0,     0,     0,
++       0,    27,   138,     0,   139,     0,   140,     0,     0,     0,
++     348,     0,   141,     0,    28,    29,    30,     0,     0,     0,
++       0,    31,     0,     0,     0,     0,     0,   349,   350,   190,
++      32,     0,     0,     0,    33,   191,    34,   192,    35,    36,
++       0,     0,     0,     0,     0,     0,     0,     0,    37,    38,
++      39,    40,    41,    42,    43,    44,     0,     0,    45,     0,
++      46,     0,   316,   351,   193,   352,     0,     0,     0,    47,
++     317,     0,     0,   353,    48,    49,    50,   354,    51,    52,
++       0,     0,     0,     0,     0,    53,    54,     0,   318,   319,
++       0,     0,   320,     0,     0,    55,     0,     0,   321,     0,
++       0,     0,     0,     0,   194,     0,   195,     0,     0,     0,
++       0,     0,   196,     0,   197,     0,     0,   198,     0,     0,
++       0,     0,     0,     0,     0,   322,   323,     0,     0,   324,
++     325,     0,   326,   327,   328,     0,   329,     0,     0,   199,
++     200,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+-       0,   191,     0,   192,     0,     0,     0,     0,     0,   193,
+-       0,   194,     0,     0,   195,     0,     0,     0,     0,     0,
+-       0,     0,     0,   348,     0,   349,     0,     0,     0,     0,
+-     350,     0,     0,     0,   351,     0,   196,   197
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
++       0,     0,     0,     0,   330
+ };
+ 
++#define yypact_value_is_default(Yystate) \
++  (!!((Yystate) == (-188)))
++
++#define yytable_value_is_error(Yytable_value) \
++  YYID (0)
++
+ static const yytype_int16 yycheck[] =
+ {
+-      15,    39,   186,     5,    39,    61,    61,   159,   160,    45,
+-       3,    62,    50,    57,   183,    20,     4,   201,   146,    24,
+-      32,   188,    29,    34,    39,     8,    61,    61,    94,    12,
+-      37,   198,    61,    40,   158,    18,    28,   158,    26,    66,
+-     106,    68,     7,     8,    55,    60,   158,    62,   158,    61,
+-      43,    44,    45,    46,    11,   185,   186,    27,   158,    51,
+-      25,    61,    54,    65,   146,    67,   250,   158,    79,   158,
+-     198,    78,    61,    42,    61,   158,    61,    82,   122,     1,
+-     158,   132,   158,     0,   183,    61,    69,   158,    10,   158,
+-     197,    32,    14,    15,    16,    61,    66,   158,    68,    64,
+-      22,    23,   109,   185,   186,    61,   158,    29,    30,   261,
+-     262,    33,    27,    35,   129,    37,    38,   105,   173,    41,
+-     103,   104,   127,    27,   112,    86,    95,   142,    50,    94,
+-     135,   158,    54,   138,   169,   171,    61,   120,    60,   195,
+-      62,   129,    99,    61,   136,   137,   139,   104,   194,    71,
+-      72,   143,    61,    75,    76,   160,   158,   183,    80,    81,
+-     165,    61,    84,    85,   157,   172,    61,   158,   151,   162,
+-     163,    93,    56,    57,    58,    59,   158,   179,   148,   331,
+-     149,   365,    61,   158,   106,   107,   108,   158,   158,    36,
+-     178,   113,     6,   181,   159,   194,   158,   183,    27,   164,
+-     122,    61,    61,    87,   126,    89,   128,    91,   130,   131,
+-     394,   158,   196,    97,   194,   399,   183,    31,   140,   141,
+-     142,   143,   144,   145,   146,   147,   198,   265,   150,   197,
+-     152,   194,   416,   187,   194,    49,   188,   183,    52,   161,
+-     183,   194,   197,   183,   166,   167,   168,   101,   170,   171,
+-     139,   248,   174,   175,    10,   166,   184,    12,    14,    15,
+-      16,   183,   184,   126,   154,    29,    22,    23,   189,   190,
+-     191,   192,   193,    29,    30,   205,   293,    33,   251,    35,
+-     361,    37,    38,   396,   410,    41,    -1,   189,   190,   191,
+-     192,   193,    -1,    -1,    50,   333,   198,    -1,    54,    -1,
+-      -1,    -1,    -1,    -1,    60,    -1,    62,    -1,    -1,    -1,
+-      -1,   125,    -1,    -1,    -1,    71,    72,    -1,    -1,    75,
+-      76,    -1,    -1,    -1,    80,    81,    -1,    -1,    84,    85,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    93,    -1,   153,
+-     154,   155,   156,    -1,    -1,    -1,    -1,   161,    -1,    -1,
+-     106,   107,   108,    -1,    -1,    -1,    -1,   113,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,   122,    -1,    -1,   384,
+-     126,    -1,   128,    -1,   130,   131,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,   140,   141,   142,   143,   144,   145,
+-     146,   147,    -1,    -1,   150,    -1,   152,    -1,    -1,    -1,
+-      -1,    -1,    -1,    -1,    -1,   161,    -1,    -1,    -1,    -1,
+-     166,   167,   168,    -1,   170,   171,    -1,    10,   174,   175,
+-      -1,    14,    15,    16,    -1,    -1,    -1,   183,   184,    22,
+-      23,    -1,    -1,    -1,    -1,    -1,    29,    30,    47,    -1,
+-      33,    -1,    35,    -1,    37,    38,    55,    -1,    41,    -1,
+-      -1,    -1,    -1,    -1,    -1,    -1,    -1,    50,    -1,    -1,
+-      -1,    54,    -1,    -1,    73,    74,    -1,    60,    77,    62,
+-      -1,    -1,    -1,     9,    83,    -1,    -1,    -1,    71,    72,
+-      -1,    17,    75,    76,    -1,    -1,    -1,    80,    81,    -1,
+-      -1,    84,    85,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      93,   110,   111,    -1,    -1,   114,   115,    -1,   117,   118,
+-     119,    -1,   121,   106,   107,   108,    -1,    53,    54,    -1,
+-     113,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   122,
+-      -1,    -1,    -1,   126,    70,   128,    13,   130,   131,    -1,
+-      -1,    -1,    19,    -1,    21,    -1,    -1,   140,   141,   142,
+-     143,   144,   145,   146,   147,    -1,    92,   150,    -1,   152,
+-      -1,    -1,    -1,    -1,   100,    -1,   102,   176,   161,    -1,
+-      -1,    48,    -1,   166,   167,   168,    -1,   170,   171,    -1,
+-     116,   174,   175,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,   184,    -1,    -1,    -1,    -1,    -1,   133,   134,    -1,
++      15,    39,   189,    61,     7,     8,     1,     4,    45,     5,
++      61,    11,    50,   191,    39,    10,    57,   204,    62,    14,
++      15,    16,    25,   201,    39,    32,   186,    22,    23,    26,
++     188,   189,   146,    61,    29,    30,    61,    61,    33,   158,
++      35,   158,    37,    38,    97,    60,    41,    62,   158,     6,
++     158,   162,   163,    42,    61,    50,   109,   158,    34,    54,
++      61,    64,   158,   158,   158,    60,   253,    62,     8,    65,
++      28,    67,    12,    66,    31,    68,    71,    72,    18,    55,
++      75,    76,    61,     3,   125,    80,    81,   201,   132,    84,
++      85,    94,    49,    51,    61,    52,    54,   158,    93,    99,
++      27,   158,    61,    79,   104,     0,    95,   186,   105,    61,
++     158,   106,   107,   108,   200,   112,   146,   132,   113,   158,
++      61,    32,   173,    43,    44,    45,    46,   122,    61,    69,
++     145,   126,   129,   128,    27,   130,   131,   174,    20,    66,
++     198,    68,    24,    27,   169,   140,   141,   142,   143,   144,
++     145,   146,   147,   264,   265,   150,   159,   152,   188,   189,
++     149,   164,   158,   103,   104,   158,   161,   158,   125,    86,
++     158,   166,   167,   168,    61,   170,   171,   197,   136,   137,
++     120,   368,   177,   178,   181,   143,   182,   184,    61,    10,
++      61,   186,   187,    14,    15,    16,   153,   154,   155,   156,
++      82,    22,    23,    61,   161,   186,    61,   158,    29,    30,
++     397,   151,    33,   158,    35,   402,    37,    38,    61,   139,
++      41,   148,   158,   334,   192,   193,   194,   195,   196,    50,
++     268,   158,   419,    54,   174,   175,   176,   157,    36,    60,
++     158,    62,   162,   163,   186,   127,   158,   197,    27,    61,
++      71,    72,    61,   135,    75,    76,   138,   158,   197,    80,
++      81,   186,    29,    84,    85,   200,   190,   199,   197,   191,
++      37,   197,    93,    40,   104,   142,   186,   200,   160,   186,
++     186,   197,   201,   165,   169,   106,   107,   108,   251,    12,
++     187,   129,   113,   192,   193,   194,   195,   196,   336,   208,
++     157,   122,   201,    29,   296,   126,   254,   128,   364,   130,
++     131,    78,   399,   413,    -1,    -1,    -1,    -1,    -1,   140,
++     141,   142,   143,   144,   145,   146,   147,    -1,    -1,   150,
++      -1,   152,    -1,     9,    -1,    -1,    -1,    -1,    -1,    -1,
++     161,    17,   109,    -1,    -1,   166,   167,   168,    10,   170,
++     171,    -1,    14,    15,    16,    -1,   177,   178,    -1,    -1,
++      22,    23,    -1,    -1,    -1,   186,   187,    29,    30,    -1,
++      -1,    33,   387,    35,    -1,    37,    38,    53,    54,    41,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    50,    -1,
++      -1,    -1,    54,    -1,    70,    -1,    -1,    -1,    60,    -1,
++      62,    56,    57,    58,    59,   172,    -1,    -1,    -1,    71,
++      72,    -1,    -1,    75,    76,    -1,    92,    -1,    80,    81,
++      -1,    -1,    84,    85,   100,    -1,   102,    -1,    -1,    -1,
++      -1,    93,    87,    -1,    89,    -1,    91,    -1,    -1,    -1,
++     116,    -1,    97,    -1,   106,   107,   108,    -1,    -1,    -1,
++      -1,   113,    -1,    -1,    -1,    -1,    -1,   133,   134,    13,
++     122,    -1,    -1,    -1,   126,    19,   128,    21,   130,   131,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,   140,   141,
++     142,   143,   144,   145,   146,   147,    -1,    -1,   150,    -1,
++     152,    -1,    47,   169,    48,   171,    -1,    -1,    -1,   161,
++      55,    -1,    -1,   179,   166,   167,   168,   183,   170,   171,
++      -1,    -1,    -1,    -1,    -1,   177,   178,    -1,    73,    74,
++      -1,    -1,    77,    -1,    -1,   187,    -1,    -1,    83,    -1,
++      -1,    -1,    -1,    -1,    88,    -1,    90,    -1,    -1,    -1,
++      -1,    -1,    96,    -1,    98,    -1,    -1,   101,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,   110,   111,    -1,    -1,   114,
++     115,    -1,   117,   118,   119,    -1,   121,    -1,    -1,   123,
++     124,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+-      -1,    88,    -1,    90,    -1,    -1,    -1,    -1,    -1,    96,
+-      -1,    98,    -1,    -1,   101,    -1,    -1,    -1,    -1,    -1,
+-      -1,    -1,    -1,   169,    -1,   171,    -1,    -1,    -1,    -1,
+-     176,    -1,    -1,    -1,   180,    -1,   123,   124
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
++      -1,    -1,    -1,    -1,   179
+ };
+ 
+-  /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+-     symbol of state STATE-NUM.  */
++/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
++   symbol of state STATE-NUM.  */
+ static const yytype_uint16 yystos[] =
+ {
+        0,     1,    10,    14,    15,    16,    22,    23,    29,    30,
+@@ -1302,130 +1504,71 @@ static const yytype_uint16 yystos[] =
+       72,    75,    76,    80,    81,    84,    85,    93,   106,   107,
+      108,   113,   122,   126,   128,   130,   131,   140,   141,   142,
+      143,   144,   145,   146,   147,   150,   152,   161,   166,   167,
+-     168,   170,   171,   174,   175,   184,   200,   201,   202,   203,
+-     204,   216,   217,   218,   219,   223,   228,   236,   245,   250,
+-     254,   259,   263,   264,   265,   266,   267,   275,   276,   279,
+-     290,   291,   183,    61,    61,   220,     8,    12,    18,    69,
+-     103,   104,   120,   151,   255,   256,   257,   258,    11,    99,
+-     104,   239,   240,   241,   158,   268,   255,    20,    24,    82,
+-     127,   135,   138,   160,   165,   230,    66,    68,   158,   205,
+-     206,   207,   158,   158,   158,   158,   273,   274,   205,   287,
+-      61,    56,    57,    58,    59,    87,    89,    91,    97,   242,
+-     243,   244,   287,   158,   158,   286,    61,     7,     8,    25,
+-      64,    94,   159,   164,   280,   281,    27,    66,    68,   148,
+-     205,   206,    61,    42,    95,   149,   251,   252,   253,   158,
+-     269,   229,   230,   158,     6,    31,    49,    52,   125,   153,
+-     154,   155,   156,   161,   260,   261,   262,    13,    19,    21,
+-      48,    88,    90,    96,    98,   101,   123,   124,   224,   225,
+-     226,   227,   206,    61,   195,   283,   284,   285,    61,   282,
+-       0,   202,   183,   205,   205,    32,    61,   289,    61,   158,
+-     158,    34,    55,    79,   278,   197,    28,    51,    54,   136,
+-     137,   143,   221,   222,   256,   240,    61,    32,   231,     3,
+-      43,    44,    45,    46,   139,   157,   162,   163,   246,   247,
+-     248,   249,   158,   202,   274,   205,   243,    61,   158,   281,
+-     237,    27,    27,   237,   237,    86,   252,    61,   194,   230,
+-     261,   289,    39,    61,   169,   288,   225,    61,   289,   271,
+-      61,   284,    61,   183,   208,     5,    65,    67,   158,   179,
+-     277,   185,   186,   292,   293,   294,    61,   158,    29,    37,
+-      40,    78,   109,   172,   232,   233,   234,   158,   158,    61,
+-     247,   289,   288,    47,    55,    73,    74,    77,    83,   110,
+-     111,   114,   115,   117,   118,   119,   121,   176,   238,   237,
+-     237,   206,   158,    62,   132,   272,    36,     9,    17,    53,
+-      54,    70,    92,   100,   102,   116,   133,   134,   169,   171,
+-     176,   180,   209,   210,   211,   212,   213,   214,   215,   146,
+-     293,   295,   296,   298,   183,   194,   158,     4,    26,   105,
+-     112,   129,   178,   181,   235,   237,    27,   270,   206,    61,
+-      61,    61,   173,   158,   194,   183,   198,   296,   197,   289,
+-     196,   205,   187,   297,   194,   188,   299,   300,   289,   194,
+-     198,   300,   183,   289,   197,   189,   190,   191,   192,   193,
+-     301,   302,   303,   198,   302,   183,   194,   183,   289
++     168,   170,   171,   177,   178,   187,   203,   204,   205,   206,
++     207,   219,   220,   221,   222,   226,   231,   239,   248,   253,
++     257,   262,   266,   267,   268,   269,   270,   278,   279,   282,
++     293,   294,   186,    61,    61,   223,     8,    12,    18,    69,
++     103,   104,   120,   151,   174,   175,   176,   258,   259,   260,
++     261,    11,    99,   104,   242,   243,   244,   158,   271,   258,
++      20,    24,    82,   127,   135,   138,   160,   165,   233,    66,
++      68,   158,   208,   209,   210,   158,   158,   158,   158,   276,
++     277,   208,   290,    61,    56,    57,    58,    59,    87,    89,
++      91,    97,   245,   246,   247,   290,   158,   158,   289,    61,
++       7,     8,    25,    64,    94,   159,   164,   283,   284,    27,
++      66,    68,   148,   208,   209,    61,    42,    95,   149,   254,
++     255,   256,   158,   272,   232,   233,   158,     6,    31,    49,
++      52,   125,   153,   154,   155,   156,   161,   263,   264,   265,
++      13,    19,    21,    48,    88,    90,    96,    98,   101,   123,
++     124,   227,   228,   229,   230,   209,    61,   198,   286,   287,
++     288,    61,   285,     0,   205,   186,   208,   208,    32,    61,
++     292,    61,   158,   158,    34,    55,    79,   281,   200,    28,
++      51,    54,   136,   137,   143,   224,   225,   259,   243,    61,
++      32,   234,     3,    43,    44,    45,    46,   139,   157,   162,
++     163,   249,   250,   251,   252,   158,   205,   277,   208,   246,
++      61,   158,   284,   240,    27,    27,   240,   240,    86,   255,
++      61,   197,   233,   264,   292,    39,    61,   169,   291,   228,
++      61,   292,   274,    61,   287,    61,   186,   211,     5,    65,
++      67,   158,   182,   280,   188,   189,   295,   296,   297,    61,
++     158,    29,    37,    40,    78,   109,   172,   235,   236,   237,
++     158,   158,    61,   250,   292,   291,    47,    55,    73,    74,
++      77,    83,   110,   111,   114,   115,   117,   118,   119,   121,
++     179,   241,   240,   240,   209,   158,    62,   132,   275,    36,
++       9,    17,    53,    54,    70,    92,   100,   102,   116,   133,
++     134,   169,   171,   179,   183,   212,   213,   214,   215,   216,
++     217,   218,   146,   296,   298,   299,   301,   186,   197,   158,
++       4,    26,   105,   112,   129,   181,   184,   238,   240,    27,
++     273,   209,    61,    61,    61,   173,   158,   197,   186,   201,
++     299,   200,   292,   199,   208,   190,   300,   197,   191,   302,
++     303,   292,   197,   201,   303,   186,   292,   200,   192,   193,
++     194,   195,   196,   304,   305,   306,   201,   305,   186,   197,
++     186,   292
+ };
+ 
+-  /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+-static const yytype_uint16 yyr1[] =
+-{
+-       0,   199,   200,   201,   201,   201,   202,   202,   202,   202,
+-     202,   202,   202,   202,   202,   202,   202,   202,   202,   202,
+-     203,   204,   204,   204,   204,   204,   205,   205,   206,   207,
+-     207,   208,   208,   209,   209,   209,   210,   211,   211,   211,
+-     211,   211,   211,   211,   211,   212,   212,   213,   213,   213,
+-     213,   213,   213,   214,   215,   216,   217,   217,   218,   218,
+-     218,   218,   219,   219,   219,   219,   219,   219,   219,   219,
+-     219,   220,   220,   221,   221,   222,   222,   222,   222,   222,
+-     223,   224,   224,   225,   225,   225,   226,   226,   226,   226,
+-     226,   226,   227,   227,   227,   227,   228,   228,   228,   229,
+-     229,   230,   230,   230,   230,   230,   230,   230,   230,   231,
+-     231,   232,   232,   232,   232,   233,   233,   234,   234,   235,
+-     235,   235,   235,   235,   235,   235,   236,   236,   236,   236,
+-     236,   236,   236,   236,   237,   237,   238,   238,   238,   238,
+-     238,   238,   238,   238,   238,   238,   238,   238,   238,   238,
+-     238,   239,   239,   240,   241,   241,   241,   242,   242,   243,
+-     244,   244,   244,   244,   244,   244,   244,   244,   245,   246,
+-     246,   247,   247,   247,   247,   247,   248,   248,   249,   249,
+-     249,   249,   250,   251,   251,   252,   253,   253,   253,   254,
+-     254,   255,   255,   256,   256,   257,   257,   257,   257,   257,
+-     257,   258,   258,   259,   260,   260,   261,   262,   262,   262,
+-     262,   262,   262,   262,   262,   262,   262,   263,   263,   263,
+-     263,   263,   263,   263,   263,   263,   263,   263,   263,   263,
+-     263,   264,   264,   264,   265,   265,   266,   266,   267,   267,
+-     267,   268,   268,   268,   269,   270,   270,   271,   271,   272,
+-     272,   273,   273,   274,   275,   275,   276,   276,   277,   277,
+-     277,   277,   278,   278,   278,   279,   280,   280,   281,   281,
+-     281,   281,   281,   281,   281,   282,   282,   283,   283,   284,
+-     284,   285,   286,   286,   287,   287,   288,   288,   288,   289,
+-     289,   290,   291,   292,   292,   293,   294,   294,   295,   295,
+-     296,   297,   298,   299,   299,   300,   301,   301,   302,   303,
+-     303,   303,   303,   303
+-};
++#define yyerrok		(yyerrstatus = 0)
++#define yyclearin	(yychar = YYEMPTY)
++#define YYEMPTY		(-2)
++#define YYEOF		0
+ 
+-  /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN.  */
+-static const yytype_uint8 yyr2[] =
+-{
+-       0,     2,     1,     3,     2,     2,     0,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       3,     1,     1,     1,     1,     1,     1,     2,     1,     1,
+-       1,     0,     2,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     2,     2,     1,     1,     1,
+-       1,     1,     1,     2,     1,     2,     1,     1,     1,     2,
+-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+-       2,     0,     2,     2,     2,     1,     1,     1,     1,     1,
+-       2,     2,     1,     2,     2,     2,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     2,     2,     3,     2,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     0,
+-       2,     2,     2,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     2,     2,     3,     5,
+-       3,     4,     4,     3,     0,     2,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     2,     1,     2,     1,     1,     1,     2,     1,     2,
+-       1,     1,     1,     1,     1,     1,     1,     1,     3,     2,
+-       1,     2,     2,     2,     2,     2,     1,     1,     1,     1,
+-       1,     1,     2,     2,     1,     2,     1,     1,     1,     2,
+-       2,     2,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     1,     2,     2,     1,     2,     1,     1,     1,
+-       1,     1,     1,     1,     1,     1,     1,     1,     1,     2,
+-       2,     2,     2,     3,     1,     2,     2,     2,     2,     3,
+-       2,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+-       1,     1,     2,     0,     4,     1,     0,     0,     2,     2,
+-       2,     2,     1,     1,     3,     3,     1,     1,     1,     1,
+-       1,     1,     1,     1,     1,     2,     2,     1,     1,     1,
+-       1,     1,     1,     1,     1,     2,     1,     2,     1,     1,
+-       1,     5,     2,     1,     2,     1,     1,     1,     1,     1,
+-       1,     5,     1,     3,     2,     3,     1,     1,     2,     1,
+-       5,     4,     3,     2,     1,     6,     3,     2,     3,     1,
+-       1,     1,     1,     1
+-};
++#define YYACCEPT	goto yyacceptlab
++#define YYABORT		goto yyabortlab
++#define YYERROR		goto yyerrorlab
+ 
+ 
+-#define yyerrok         (yyerrstatus = 0)
+-#define yyclearin       (yychar = YYEMPTY)
+-#define YYEMPTY         (-2)
+-#define YYEOF           0
++/* Like YYERROR except do call yyerror.  This remains here temporarily
++   to ease the transition to the new meaning of YYERROR, for GCC.
++   Once GCC version 2 has supplanted version 1, this can go.  However,
++   YYFAIL appears to be in use.  Nevertheless, it is formally deprecated
++   in Bison 2.4.2's NEWS entry, where a plan to phase it out is
++   discussed.  */
+ 
+-#define YYACCEPT        goto yyacceptlab
+-#define YYABORT         goto yyabortlab
+-#define YYERROR         goto yyerrorlab
++#define YYFAIL		goto yyerrlab
++#if defined YYFAIL
++  /* This is here to suppress warnings from the GCC cpp's
++     -Wunused-macros.  Normally we don't worry about that warning, but
++     some users do, and we want to make it easy for users to remove
++     YYFAIL uses, which will produce warnings from Bison 2.5.  */
++#endif
+ 
+-
+ #define YYRECOVERING()  (!!yyerrstatus)
+ 
+ #define YYBACKUP(Token, Value)                                  \
+@@ -1441,16 +1584,28 @@ do
+   else                                                          \
+     {                                                           \
+       yyerror (YY_("syntax error: cannot back up")); \
+-      YYERROR;                                                  \
+-    }                                                           \
+-while (0)
++      YYERROR;							\
++    }								\
++while (YYID (0))
+ 
+ /* Error token number */
+-#define YYTERROR        1
+-#define YYERRCODE       256
++#define YYTERROR	1
++#define YYERRCODE	256
+ 
+ 
++/* This macro is provided for backward compatibility. */
++#ifndef YY_LOCATION_PRINT
++# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
++#endif
+ 
++
++/* YYLEX -- calling `yylex' with the right arguments.  */
++#ifdef YYLEX_PARAM
++# define YYLEX yylex (YYLEX_PARAM)
++#else
++# define YYLEX yylex ()
++#endif
++
+ /* Enable debugging if requested.  */
+ #if YYDEBUG
+ 
+@@ -1459,36 +1614,40 @@ do
+ #  define YYFPRINTF fprintf
+ # endif
+ 
+-# define YYDPRINTF(Args)                        \
+-do {                                            \
+-  if (yydebug)                                  \
+-    YYFPRINTF Args;                             \
+-} while (0)
++# define YYDPRINTF(Args)			\
++do {						\
++  if (yydebug)					\
++    YYFPRINTF Args;				\
++} while (YYID (0))
+ 
+-/* This macro is provided for backward compatibility. */
+-#ifndef YY_LOCATION_PRINT
+-# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+-#endif
++# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
++do {									  \
++  if (yydebug)								  \
++    {									  \
++      YYFPRINTF (stderr, "%s ", Title);					  \
++      yy_symbol_print (stderr,						  \
++		  Type, Value); \
++      YYFPRINTF (stderr, "\n");						  \
++    }									  \
++} while (YYID (0))
+ 
+ 
+-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)                    \
+-do {                                                                      \
+-  if (yydebug)                                                            \
+-    {                                                                     \
+-      YYFPRINTF (stderr, "%s ", Title);                                   \
+-      yy_symbol_print (stderr,                                            \
+-                  Type, Value); \
+-      YYFPRINTF (stderr, "\n");                                           \
+-    }                                                                     \
+-} while (0)
++/*--------------------------------.
++| Print this symbol on YYOUTPUT.  |
++`--------------------------------*/
+ 
+-
+-/*----------------------------------------.
+-| Print this symbol's value on YYOUTPUT.  |
+-`----------------------------------------*/
+-
++/*ARGSUSED*/
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static void
+ yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
++#else
++static void
++yy_symbol_value_print (yyoutput, yytype, yyvaluep)
++    FILE *yyoutput;
++    int yytype;
++    YYSTYPE const * const yyvaluep;
++#endif
+ {
+   FILE *yyo = yyoutput;
+   YYUSE (yyo);
+@@ -1497,6 +1656,8 @@ yy_symbol_value_print (FILE *yyoutput, int yytype,
+ # ifdef YYPRINT
+   if (yytype < YYNTOKENS)
+     YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
++# else
++  YYUSE (yyoutput);
+ # endif
+   YYUSE (yytype);
+ }
+@@ -1506,11 +1667,22 @@ yy_symbol_value_print (FILE *yyoutput, int yytype,
+ | Print this symbol on YYOUTPUT.  |
+ `--------------------------------*/
+ 
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static void
+ yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
++#else
++static void
++yy_symbol_print (yyoutput, yytype, yyvaluep)
++    FILE *yyoutput;
++    int yytype;
++    YYSTYPE const * const yyvaluep;
++#endif
+ {
+-  YYFPRINTF (yyoutput, "%s %s (",
+-             yytype < YYNTOKENS ? "token" : "nterm", yytname[yytype]);
++  if (yytype < YYNTOKENS)
++    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
++  else
++    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+ 
+   yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+   YYFPRINTF (yyoutput, ")");
+@@ -1521,8 +1693,16 @@ yy_symbol_print (FILE *yyoutput, int yytype, YYSTY
+ | TOP (included).                                                   |
+ `------------------------------------------------------------------*/
+ 
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static void
+ yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
++#else
++static void
++yy_stack_print (yybottom, yytop)
++    yytype_int16 *yybottom;
++    yytype_int16 *yytop;
++#endif
+ {
+   YYFPRINTF (stderr, "Stack now");
+   for (; yybottom <= yytop; yybottom++)
+@@ -1533,11 +1713,11 @@ yy_stack_print (yytype_int16 *yybottom, yytype_int
+   YYFPRINTF (stderr, "\n");
+ }
+ 
+-# define YY_STACK_PRINT(Bottom, Top)                            \
+-do {                                                            \
+-  if (yydebug)                                                  \
+-    yy_stack_print ((Bottom), (Top));                           \
+-} while (0)
++# define YY_STACK_PRINT(Bottom, Top)				\
++do {								\
++  if (yydebug)							\
++    yy_stack_print ((Bottom), (Top));				\
++} while (YYID (0))
+ 
+ 
+ /*------------------------------------------------.
+@@ -1544,31 +1724,38 @@ yy_stack_print (yytype_int16 *yybottom, yytype_int
+ | Report that the YYRULE is going to be reduced.  |
+ `------------------------------------------------*/
+ 
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static void
+-yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule)
++yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
++#else
++static void
++yy_reduce_print (yyvsp, yyrule)
++    YYSTYPE *yyvsp;
++    int yyrule;
++#endif
+ {
+-  unsigned long int yylno = yyrline[yyrule];
+   int yynrhs = yyr2[yyrule];
+   int yyi;
++  unsigned long int yylno = yyrline[yyrule];
+   YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+-             yyrule - 1, yylno);
++	     yyrule - 1, yylno);
+   /* The symbols being reduced.  */
+   for (yyi = 0; yyi < yynrhs; yyi++)
+     {
+       YYFPRINTF (stderr, "   $%d = ", yyi + 1);
+-      yy_symbol_print (stderr,
+-                       yystos[yyssp[yyi + 1 - yynrhs]],
+-                       &(yyvsp[(yyi + 1) - (yynrhs)])
+-                                              );
++      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
++		       &(yyvsp[(yyi + 1) - (yynrhs)])
++		       		       );
+       YYFPRINTF (stderr, "\n");
+     }
+ }
+ 
+-# define YY_REDUCE_PRINT(Rule)          \
+-do {                                    \
+-  if (yydebug)                          \
+-    yy_reduce_print (yyssp, yyvsp, Rule); \
+-} while (0)
++# define YY_REDUCE_PRINT(Rule)		\
++do {					\
++  if (yydebug)				\
++    yy_reduce_print (yyvsp, Rule); \
++} while (YYID (0))
+ 
+ /* Nonzero means print parse trace.  It is left uninitialized so that
+    multiple parsers can coexist.  */
+@@ -1582,7 +1769,7 @@ int yydebug;
+ 
+ 
+ /* YYINITDEPTH -- initial size of the parser's stacks.  */
+-#ifndef YYINITDEPTH
++#ifndef	YYINITDEPTH
+ # define YYINITDEPTH 200
+ #endif
+ 
+@@ -1605,8 +1792,15 @@ int yydebug;
+ #   define yystrlen strlen
+ #  else
+ /* Return the length of YYSTR.  */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static YYSIZE_T
+ yystrlen (const char *yystr)
++#else
++static YYSIZE_T
++yystrlen (yystr)
++    const char *yystr;
++#endif
+ {
+   YYSIZE_T yylen;
+   for (yylen = 0; yystr[yylen]; yylen++)
+@@ -1622,8 +1816,16 @@ yystrlen (const char *yystr)
+ #  else
+ /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+    YYDEST.  */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static char *
+ yystpcpy (char *yydest, const char *yysrc)
++#else
++static char *
++yystpcpy (yydest, yysrc)
++    char *yydest;
++    const char *yysrc;
++#endif
+ {
+   char *yyd = yydest;
+   const char *yys = yysrc;
+@@ -1653,27 +1855,27 @@ yytnamerr (char *yyres, const char *yystr)
+       char const *yyp = yystr;
+ 
+       for (;;)
+-        switch (*++yyp)
+-          {
+-          case '\'':
+-          case ',':
+-            goto do_not_strip_quotes;
++	switch (*++yyp)
++	  {
++	  case '\'':
++	  case ',':
++	    goto do_not_strip_quotes;
+ 
+-          case '\\':
+-            if (*++yyp != '\\')
+-              goto do_not_strip_quotes;
+-            /* Fall through.  */
+-          default:
+-            if (yyres)
+-              yyres[yyn] = *yyp;
+-            yyn++;
+-            break;
++	  case '\\':
++	    if (*++yyp != '\\')
++	      goto do_not_strip_quotes;
++	    /* Fall through.  */
++	  default:
++	    if (yyres)
++	      yyres[yyn] = *yyp;
++	    yyn++;
++	    break;
+ 
+-          case '"':
+-            if (yyres)
+-              yyres[yyn] = '\0';
+-            return yyn;
+-          }
++	  case '"':
++	    if (yyres)
++	      yyres[yyn] = '\0';
++	    return yyn;
++	  }
+     do_not_strip_quotes: ;
+     }
+ 
+@@ -1696,11 +1898,11 @@ static int
+ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
+                 yytype_int16 *yyssp, int yytoken)
+ {
+-  YYSIZE_T yysize0 = yytnamerr (YY_NULLPTR, yytname[yytoken]);
++  YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
+   YYSIZE_T yysize = yysize0;
+   enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+   /* Internationalized format string. */
+-  const char *yyformat = YY_NULLPTR;
++  const char *yyformat = YY_NULL;
+   /* Arguments of yyformat. */
+   char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+   /* Number of reported tokens (one for the "unexpected", one per
+@@ -1708,6 +1910,10 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yyms
+   int yycount = 0;
+ 
+   /* There are many possibilities here to consider:
++     - Assume YYFAIL is not used.  It's too flawed to consider.  See
++       
++       for details.  YYERROR is fine as it does not invoke this
++       function.
+      - If this state is a consistent state with a default action, then
+        the only way this function was invoked is if the default action
+        is an error action.  In that case, don't check for expected
+@@ -1757,7 +1963,7 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yyms
+                   }
+                 yyarg[yycount++] = yytname[yyx];
+                 {
+-                  YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]);
++                  YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
+                   if (! (yysize <= yysize1
+                          && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
+                     return 2;
+@@ -1824,17 +2030,26 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yyms
+ | Release the memory associated to this symbol.  |
+ `-----------------------------------------------*/
+ 
++/*ARGSUSED*/
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ static void
+ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
++#else
++static void
++yydestruct (yymsg, yytype, yyvaluep)
++    const char *yymsg;
++    int yytype;
++    YYSTYPE *yyvaluep;
++#endif
+ {
+   YYUSE (yyvaluep);
++
+   if (!yymsg)
+     yymsg = "Deleting";
+   YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+ 
+-  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+   YYUSE (yytype);
+-  YY_IGNORE_MAYBE_UNINITIALIZED_END
+ }
+ 
+ 
+@@ -1843,8 +2058,18 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE
+ /* The lookahead symbol.  */
+ int yychar;
+ 
++
++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END
++#endif
++#ifndef YY_INITIAL_VALUE
++# define YY_INITIAL_VALUE(Value) /* Nothing. */
++#endif
++
+ /* The semantic value of the lookahead symbol.  */
+-YYSTYPE yylval;
++YYSTYPE yylval YY_INITIAL_VALUE(yyval_default);
++
+ /* Number of syntax errors so far.  */
+ int yynerrs;
+ 
+@@ -1853,8 +2078,27 @@ int yynerrs;
+ | yyparse.  |
+ `----------*/
+ 
++#ifdef YYPARSE_PARAM
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
+ int
++yyparse (void *YYPARSE_PARAM)
++#else
++int
++yyparse (YYPARSE_PARAM)
++    void *YYPARSE_PARAM;
++#endif
++#else /* ! YYPARSE_PARAM */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++     || defined __cplusplus || defined _MSC_VER)
++int
+ yyparse (void)
++#else
++int
++yyparse ()
++
++#endif
++#endif
+ {
+     int yystate;
+     /* Number of tokens to shift before error messages enabled.  */
+@@ -1861,8 +2105,8 @@ yyparse (void)
+     int yyerrstatus;
+ 
+     /* The stacks and their tools:
+-       'yyss': related to states.
+-       'yyvs': related to semantic values.
++       `yyss': related to states.
++       `yyvs': related to semantic values.
+ 
+        Refer to the stacks through separate pointers, to allow yyoverflow
+        to reallocate them elsewhere.  */
+@@ -1930,23 +2174,23 @@ yyparse (void)
+ 
+ #ifdef yyoverflow
+       {
+-        /* Give user a chance to reallocate the stack.  Use copies of
+-           these so that the &'s don't force the real ones into
+-           memory.  */
+-        YYSTYPE *yyvs1 = yyvs;
+-        yytype_int16 *yyss1 = yyss;
++	/* Give user a chance to reallocate the stack.  Use copies of
++	   these so that the &'s don't force the real ones into
++	   memory.  */
++	YYSTYPE *yyvs1 = yyvs;
++	yytype_int16 *yyss1 = yyss;
+ 
+-        /* Each stack pointer address is followed by the size of the
+-           data in use in that stack, in bytes.  This used to be a
+-           conditional around just the two extra args, but that might
+-           be undefined if yyoverflow is a macro.  */
+-        yyoverflow (YY_("memory exhausted"),
+-                    &yyss1, yysize * sizeof (*yyssp),
+-                    &yyvs1, yysize * sizeof (*yyvsp),
+-                    &yystacksize);
++	/* Each stack pointer address is followed by the size of the
++	   data in use in that stack, in bytes.  This used to be a
++	   conditional around just the two extra args, but that might
++	   be undefined if yyoverflow is a macro.  */
++	yyoverflow (YY_("memory exhausted"),
++		    &yyss1, yysize * sizeof (*yyssp),
++		    &yyvs1, yysize * sizeof (*yyvsp),
++		    &yystacksize);
+ 
+-        yyss = yyss1;
+-        yyvs = yyvs1;
++	yyss = yyss1;
++	yyvs = yyvs1;
+       }
+ #else /* no yyoverflow */
+ # ifndef YYSTACK_RELOCATE
+@@ -1954,22 +2198,22 @@ yyparse (void)
+ # else
+       /* Extend the stack our own way.  */
+       if (YYMAXDEPTH <= yystacksize)
+-        goto yyexhaustedlab;
++	goto yyexhaustedlab;
+       yystacksize *= 2;
+       if (YYMAXDEPTH < yystacksize)
+-        yystacksize = YYMAXDEPTH;
++	yystacksize = YYMAXDEPTH;
+ 
+       {
+-        yytype_int16 *yyss1 = yyss;
+-        union yyalloc *yyptr =
+-          (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+-        if (! yyptr)
+-          goto yyexhaustedlab;
+-        YYSTACK_RELOCATE (yyss_alloc, yyss);
+-        YYSTACK_RELOCATE (yyvs_alloc, yyvs);
++	yytype_int16 *yyss1 = yyss;
++	union yyalloc *yyptr =
++	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
++	if (! yyptr)
++	  goto yyexhaustedlab;
++	YYSTACK_RELOCATE (yyss_alloc, yyss);
++	YYSTACK_RELOCATE (yyvs_alloc, yyvs);
+ #  undef YYSTACK_RELOCATE
+-        if (yyss1 != yyssa)
+-          YYSTACK_FREE (yyss1);
++	if (yyss1 != yyssa)
++	  YYSTACK_FREE (yyss1);
+       }
+ # endif
+ #endif /* no yyoverflow */
+@@ -1978,10 +2222,10 @@ yyparse (void)
+       yyvsp = yyvs + yysize - 1;
+ 
+       YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+-                  (unsigned long int) yystacksize));
++		  (unsigned long int) yystacksize));
+ 
+       if (yyss + yystacksize - 1 <= yyssp)
+-        YYABORT;
++	YYABORT;
+     }
+ 
+   YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+@@ -2010,7 +2254,7 @@ yybackup:
+   if (yychar == YYEMPTY)
+     {
+       YYDPRINTF ((stderr, "Reading a token: "));
+-      yychar = yylex ();
++      yychar = YYLEX;
+     }
+ 
+   if (yychar <= YYEOF)
+@@ -2075,7 +2319,7 @@ yyreduce:
+   yylen = yyr2[yyn];
+ 
+   /* If YYLEN is nonzero, implement the default value of the action:
+-     '$$ = $1'.
++     `$$ = $1'.
+ 
+      Otherwise, the following line sets YYVAL to garbage.
+      This behavior is undocumented and Bison
+@@ -2089,7 +2333,8 @@ yyreduce:
+   switch (yyn)
+     {
+         case 5:
+-#line 373 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 376 "../../ntpd/ntp_parser.y"
+     {
+ 			/* I will need to incorporate much more fine grained
+ 			 * error messages. The following should suffice for
+@@ -2102,173 +2347,173 @@ yyreduce:
+ 				ip_ctx->errpos.nline,
+ 				ip_ctx->errpos.ncol);
+ 		}
+-#line 2106 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 20:
+-#line 409 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 412 "../../ntpd/ntp_parser.y"
+     {
+ 			peer_node *my_node;
+ 
+-			my_node = create_peer_node((yyvsp[-2].Integer), (yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo));
++			my_node = create_peer_node((yyvsp[(1) - (3)].Integer), (yyvsp[(2) - (3)].Address_node), (yyvsp[(3) - (3)].Attr_val_fifo));
+ 			APPEND_G_FIFO(cfgt.peers, my_node);
+ 		}
+-#line 2117 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 27:
+-#line 428 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Address_node) = create_address_node((yyvsp[0].String), (yyvsp[-1].Integer)); }
+-#line 2123 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 431 "../../ntpd/ntp_parser.y"
++    { (yyval.Address_node) = create_address_node((yyvsp[(2) - (2)].String), (yyvsp[(1) - (2)].Integer)); }
+     break;
+ 
+   case 28:
+-#line 433 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Address_node) = create_address_node((yyvsp[0].String), AF_UNSPEC); }
+-#line 2129 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 436 "../../ntpd/ntp_parser.y"
++    { (yyval.Address_node) = create_address_node((yyvsp[(1) - (1)].String), AF_UNSPEC); }
+     break;
+ 
+   case 29:
+-#line 438 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 441 "../../ntpd/ntp_parser.y"
+     { (yyval.Integer) = AF_INET; }
+-#line 2135 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 30:
+-#line 440 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 443 "../../ntpd/ntp_parser.y"
+     { (yyval.Integer) = AF_INET6; }
+-#line 2141 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 31:
+-#line 445 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 448 "../../ntpd/ntp_parser.y"
+     { (yyval.Attr_val_fifo) = NULL; }
+-#line 2147 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 32:
+-#line 447 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 450 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2156 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 36:
+-#line 461 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); }
+-#line 2162 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 464 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[(1) - (1)].Integer)); }
+     break;
+ 
+   case 45:
+-#line 477 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2168 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 480 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 46:
+-#line 479 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_uval((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2174 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 482 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_uval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 53:
+-#line 493 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2180 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 496 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String)); }
+     break;
+ 
+   case 55:
+-#line 507 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 510 "../../ntpd/ntp_parser.y"
+     {
+ 			unpeer_node *my_node;
+ 
+-			my_node = create_unpeer_node((yyvsp[0].Address_node));
++			my_node = create_unpeer_node((yyvsp[(2) - (2)].Address_node));
+ 			if (my_node)
+ 				APPEND_G_FIFO(cfgt.unpeers, my_node);
+ 		}
+-#line 2192 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 58:
+-#line 528 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 531 "../../ntpd/ntp_parser.y"
+     { cfgt.broadcastclient = 1; }
+-#line 2198 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 59:
+-#line 530 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.manycastserver, (yyvsp[0].Address_fifo)); }
+-#line 2204 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 533 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.manycastserver, (yyvsp[(2) - (2)].Address_fifo)); }
+     break;
+ 
+   case 60:
+-#line 532 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.multicastclient, (yyvsp[0].Address_fifo)); }
+-#line 2210 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 535 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.multicastclient, (yyvsp[(2) - (2)].Address_fifo)); }
+     break;
+ 
+   case 61:
+-#line 534 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.mdnstries = (yyvsp[0].Integer); }
+-#line 2216 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 537 "../../ntpd/ntp_parser.y"
++    { cfgt.mdnstries = (yyvsp[(2) - (2)].Integer); }
+     break;
+ 
+   case 62:
+-#line 545 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 548 "../../ntpd/ntp_parser.y"
+     {
+ 			attr_val *atrv;
+ 
+-			atrv = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
++			atrv = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer));
+ 			APPEND_G_FIFO(cfgt.vars, atrv);
+ 		}
+-#line 2227 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 63:
+-#line 552 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.control_key = (yyvsp[0].Integer); }
+-#line 2233 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 555 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.control_key = (yyvsp[(2) - (2)].Integer); }
+     break;
+ 
+   case 64:
+-#line 554 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 557 "../../ntpd/ntp_parser.y"
+     {
+ 			cfgt.auth.cryptosw++;
+-			CONCAT_G_FIFOS(cfgt.auth.crypto_cmd_list, (yyvsp[0].Attr_val_fifo));
++			CONCAT_G_FIFOS(cfgt.auth.crypto_cmd_list, (yyvsp[(2) - (2)].Attr_val_fifo));
+ 		}
+-#line 2242 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 65:
+-#line 559 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.keys = (yyvsp[0].String); }
+-#line 2248 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 562 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.keys = (yyvsp[(2) - (2)].String); }
+     break;
+ 
+   case 66:
+-#line 561 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.keysdir = (yyvsp[0].String); }
+-#line 2254 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 564 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.keysdir = (yyvsp[(2) - (2)].String); }
+     break;
+ 
+   case 67:
+-#line 563 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.request_key = (yyvsp[0].Integer); }
+-#line 2260 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 566 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.request_key = (yyvsp[(2) - (2)].Integer); }
+     break;
+ 
+   case 68:
+-#line 565 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.revoke = (yyvsp[0].Integer); }
+-#line 2266 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 568 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.revoke = (yyvsp[(2) - (2)].Integer); }
+     break;
+ 
+   case 69:
+-#line 567 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 570 "../../ntpd/ntp_parser.y"
+     {
+-			cfgt.auth.trusted_key_list = (yyvsp[0].Attr_val_fifo);
++			cfgt.auth.trusted_key_list = (yyvsp[(2) - (2)].Attr_val_fifo);
+ 
+ 			// if (!cfgt.auth.trusted_key_list)
+ 			// 	cfgt.auth.trusted_key_list = $2;
+@@ -2275,191 +2520,191 @@ yyreduce:
+ 			// else
+ 			// 	LINK_SLIST(cfgt.auth.trusted_key_list, $2, link);
+ 		}
+-#line 2279 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 70:
+-#line 576 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { cfgt.auth.ntp_signd_socket = (yyvsp[0].String); }
+-#line 2285 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 579 "../../ntpd/ntp_parser.y"
++    { cfgt.auth.ntp_signd_socket = (yyvsp[(2) - (2)].String); }
+     break;
+ 
+   case 71:
+-#line 581 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 584 "../../ntpd/ntp_parser.y"
+     { (yyval.Attr_val_fifo) = NULL; }
+-#line 2291 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 72:
+-#line 583 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 586 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2300 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 73:
+-#line 591 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2306 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 594 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String)); }
+     break;
+ 
+   case 74:
+-#line 593 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 596 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val) = NULL;
+-			cfgt.auth.revoke = (yyvsp[0].Integer);
++			cfgt.auth.revoke = (yyvsp[(2) - (2)].Integer);
+ 			msyslog(LOG_WARNING,
+ 				"'crypto revoke %d' is deprecated, "
+ 				"please use 'revoke %d' instead.",
+ 				cfgt.auth.revoke, cfgt.auth.revoke);
+ 		}
+-#line 2319 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 80:
+-#line 618 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.orphan_cmds, (yyvsp[0].Attr_val_fifo)); }
+-#line 2325 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 621 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.orphan_cmds, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+   case 81:
+-#line 623 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 626 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2334 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 82:
+-#line 628 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 631 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2343 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 83:
+-#line 636 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); }
+-#line 2349 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 639 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (2)].Integer), (double)(yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 84:
+-#line 638 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); }
+-#line 2355 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 641 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Double)); }
+     break;
+ 
+   case 85:
+-#line 640 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); }
+-#line 2361 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 643 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (2)].Integer), (double)(yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 96:
+-#line 666 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.stats_list, (yyvsp[0].Int_fifo)); }
+-#line 2367 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 669 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.stats_list, (yyvsp[(2) - (2)].Int_fifo)); }
+     break;
+ 
+   case 97:
+-#line 668 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 671 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+-				cfgt.stats_dir = (yyvsp[0].String);
++				cfgt.stats_dir = (yyvsp[(2) - (2)].String);
+ 			} else {
+-				YYFREE((yyvsp[0].String));
++				YYFREE((yyvsp[(2) - (2)].String));
+ 				yyerror("statsdir remote configuration ignored");
+ 			}
+ 		}
+-#line 2380 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 98:
+-#line 677 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 680 "../../ntpd/ntp_parser.y"
+     {
+ 			filegen_node *fgn;
+ 
+-			fgn = create_filegen_node((yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo));
++			fgn = create_filegen_node((yyvsp[(2) - (3)].Integer), (yyvsp[(3) - (3)].Attr_val_fifo));
+ 			APPEND_G_FIFO(cfgt.filegen_opts, fgn);
+ 		}
+-#line 2391 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 99:
+-#line 687 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 690 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Int_fifo) = (yyvsp[-1].Int_fifo);
+-			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
++			(yyval.Int_fifo) = (yyvsp[(1) - (2)].Int_fifo);
++			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[(2) - (2)].Integer)));
+ 		}
+-#line 2400 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 100:
+-#line 692 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 695 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Int_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
++			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[(1) - (1)].Integer)));
+ 		}
+-#line 2409 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 109:
+-#line 711 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 714 "../../ntpd/ntp_parser.y"
+     { (yyval.Attr_val_fifo) = NULL; }
+-#line 2415 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 110:
+-#line 713 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 716 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2424 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 111:
+-#line 721 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 724 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+-				(yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String));
++				(yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String));
+ 			} else {
+ 				(yyval.Attr_val) = NULL;
+-				YYFREE((yyvsp[0].String));
++				YYFREE((yyvsp[(2) - (2)].String));
+ 				yyerror("filegen file remote config ignored");
+ 			}
+ 		}
+-#line 2438 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 112:
+-#line 731 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 734 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+-				(yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
++				(yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer));
+ 			} else {
+ 				(yyval.Attr_val) = NULL;
+ 				yyerror("filegen type remote config ignored");
+ 			}
+ 		}
+-#line 2451 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 113:
+-#line 740 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 743 "../../ntpd/ntp_parser.y"
+     {
+ 			const char *err;
+ 
+ 			if (lex_from_file()) {
+-				(yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer));
++				(yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[(1) - (1)].Integer));
+ 			} else {
+ 				(yyval.Attr_val) = NULL;
+-				if (T_Link == (yyvsp[0].Integer))
++				if (T_Link == (yyvsp[(1) - (1)].Integer))
+ 					err = "filegen link remote config ignored";
+ 				else
+ 					err = "filegen nolink remote config ignored";
+@@ -2466,69 +2711,69 @@ yyreduce:
+ 				yyerror(err);
+ 			}
+ 		}
+-#line 2470 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 114:
+-#line 755 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); }
+-#line 2476 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 758 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[(1) - (1)].Integer)); }
+     break;
+ 
+   case 126:
+-#line 785 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 788 "../../ntpd/ntp_parser.y"
+     {
+-			CONCAT_G_FIFOS(cfgt.discard_opts, (yyvsp[0].Attr_val_fifo));
++			CONCAT_G_FIFOS(cfgt.discard_opts, (yyvsp[(2) - (2)].Attr_val_fifo));
+ 		}
+-#line 2484 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 127:
+-#line 789 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 792 "../../ntpd/ntp_parser.y"
+     {
+-			CONCAT_G_FIFOS(cfgt.mru_opts, (yyvsp[0].Attr_val_fifo));
++			CONCAT_G_FIFOS(cfgt.mru_opts, (yyvsp[(2) - (2)].Attr_val_fifo));
+ 		}
+-#line 2492 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 128:
+-#line 793 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 796 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *rn;
+ 
+-			rn = create_restrict_node((yyvsp[-1].Address_node), NULL, (yyvsp[0].Int_fifo),
++			rn = create_restrict_node((yyvsp[(2) - (3)].Address_node), NULL, (yyvsp[(3) - (3)].Int_fifo),
+ 						  lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2504 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 129:
+-#line 801 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 804 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *rn;
+ 
+-			rn = create_restrict_node((yyvsp[-3].Address_node), (yyvsp[-1].Address_node), (yyvsp[0].Int_fifo),
++			rn = create_restrict_node((yyvsp[(2) - (5)].Address_node), (yyvsp[(4) - (5)].Address_node), (yyvsp[(5) - (5)].Int_fifo),
+ 						  lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2516 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 130:
+-#line 809 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 812 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *rn;
+ 
+-			rn = create_restrict_node(NULL, NULL, (yyvsp[0].Int_fifo),
++			rn = create_restrict_node(NULL, NULL, (yyvsp[(3) - (3)].Int_fifo),
+ 						  lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2528 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 131:
+-#line 817 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 820 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *rn;
+ 
+@@ -2539,15 +2784,15 @@ yyreduce:
+ 				create_address_node(
+ 					estrdup("0.0.0.0"),
+ 					AF_INET),
+-				(yyvsp[0].Int_fifo),
++				(yyvsp[(4) - (4)].Int_fifo),
+ 				lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2547 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 132:
+-#line 832 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 835 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *rn;
+ 
+@@ -2558,226 +2803,226 @@ yyreduce:
+ 				create_address_node(
+ 					estrdup("::"),
+ 					AF_INET6),
+-				(yyvsp[0].Int_fifo),
++				(yyvsp[(4) - (4)].Int_fifo),
+ 				lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2566 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 133:
+-#line 847 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 850 "../../ntpd/ntp_parser.y"
+     {
+ 			restrict_node *	rn;
+ 
+-			APPEND_G_FIFO((yyvsp[0].Int_fifo), create_int_node((yyvsp[-1].Integer)));
++			APPEND_G_FIFO((yyvsp[(3) - (3)].Int_fifo), create_int_node((yyvsp[(2) - (3)].Integer)));
+ 			rn = create_restrict_node(
+-				NULL, NULL, (yyvsp[0].Int_fifo), lex_current()->curpos.nline);
++				NULL, NULL, (yyvsp[(3) - (3)].Int_fifo), lex_current()->curpos.nline);
+ 			APPEND_G_FIFO(cfgt.restrict_opts, rn);
+ 		}
+-#line 2579 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 134:
+-#line 859 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 862 "../../ntpd/ntp_parser.y"
+     { (yyval.Int_fifo) = NULL; }
+-#line 2585 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 135:
+-#line 861 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 864 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Int_fifo) = (yyvsp[-1].Int_fifo);
+-			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
++			(yyval.Int_fifo) = (yyvsp[(1) - (2)].Int_fifo);
++			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[(2) - (2)].Integer)));
+ 		}
+-#line 2594 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 151:
+-#line 887 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 890 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2603 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 152:
+-#line 892 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 895 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2612 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 153:
+-#line 900 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2618 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 903 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 157:
+-#line 911 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 914 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2627 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 158:
+-#line 916 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 919 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2636 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 159:
+-#line 924 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2642 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 927 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 168:
+-#line 944 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 947 "../../ntpd/ntp_parser.y"
+     {
+ 			addr_opts_node *aon;
+ 
+-			aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo));
++			aon = create_addr_opts_node((yyvsp[(2) - (3)].Address_node), (yyvsp[(3) - (3)].Attr_val_fifo));
+ 			APPEND_G_FIFO(cfgt.fudge, aon);
+ 		}
+-#line 2653 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 169:
+-#line 954 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 957 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2662 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 170:
+-#line 959 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 962 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2671 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 171:
+-#line 967 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); }
+-#line 2677 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 970 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Double)); }
+     break;
+ 
+   case 172:
+-#line 969 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2683 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 972 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 173:
+-#line 971 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 974 "../../ntpd/ntp_parser.y"
+     {
+-			if ((yyvsp[0].Integer) >= 0 && (yyvsp[0].Integer) <= 16) {
+-				(yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
++			if ((yyvsp[(2) - (2)].Integer) >= 0 && (yyvsp[(2) - (2)].Integer) <= 16) {
++				(yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer));
+ 			} else {
+ 				(yyval.Attr_val) = NULL;
+ 				yyerror("fudge factor: stratum value not in [0..16], ignored");
+ 			}
+ 		}
+-#line 2696 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 174:
+-#line 980 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2702 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 983 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String)); }
+     break;
+ 
+   case 175:
+-#line 982 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2708 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 985 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String)); }
+     break;
+ 
+   case 182:
+-#line 1003 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[0].Attr_val_fifo)); }
+-#line 2714 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1006 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+   case 183:
+-#line 1008 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1011 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2723 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 184:
+-#line 1013 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1016 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2732 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 185:
+-#line 1021 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2738 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1024 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+   case 189:
+-#line 1037 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[0].Attr_val_fifo)); }
+-#line 2744 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1040 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+   case 190:
+-#line 1039 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[0].Attr_val_fifo)); }
+-#line 2750 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1042 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+   case 191:
+-#line 1044 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1047 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2759 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 192:
+-#line 1049 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1052 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2768 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 193:
+-#line 1057 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); }
+-#line 2774 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1060 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[(1) - (1)].Integer)); }
+     break;
+ 
+   case 194:
+-#line 1059 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 1062 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+-				(yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer));
++				(yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[(1) - (1)].Integer));
+ 			} else {
+ 				char err_str[128];
+ 
+@@ -2784,101 +3029,101 @@ yyreduce:
+ 				(yyval.Attr_val) = NULL;
+ 				snprintf(err_str, sizeof(err_str),
+ 					 "enable/disable %s remote configuration ignored",
+-					 keyword((yyvsp[0].Integer)));
++					 keyword((yyvsp[(1) - (1)].Integer)));
+ 				yyerror(err_str);
+ 			}
+ 		}
+-#line 2792 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 203:
+-#line 1094 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[0].Attr_val_fifo)); }
+-#line 2798 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 206:
++/* Line 1787 of yacc.c  */
++#line 1100 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+-  case 204:
+-#line 1099 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 207:
++/* Line 1787 of yacc.c  */
++#line 1105 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 2807 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 205:
+-#line 1104 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 208:
++/* Line 1787 of yacc.c  */
++#line 1110 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 2816 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 206:
+-#line 1112 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); }
+-#line 2822 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 209:
++/* Line 1787 of yacc.c  */
++#line 1118 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Double)); }
+     break;
+ 
+-  case 219:
+-#line 1137 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 222:
++/* Line 1787 of yacc.c  */
++#line 1143 "../../ntpd/ntp_parser.y"
+     {
+ 			attr_val *av;
+ 
+-			av = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double));
++			av = create_attr_dval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Double));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2833 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 220:
+-#line 1144 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 223:
++/* Line 1787 of yacc.c  */
++#line 1150 "../../ntpd/ntp_parser.y"
+     {
+ 			attr_val *av;
+ 
+-			av = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
++			av = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2844 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 221:
+-#line 1151 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 224:
++/* Line 1787 of yacc.c  */
++#line 1157 "../../ntpd/ntp_parser.y"
+     {
+ 			attr_val *av;
+ 
+-			av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String));
++			av = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2855 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 222:
+-#line 1158 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 225:
++/* Line 1787 of yacc.c  */
++#line 1164 "../../ntpd/ntp_parser.y"
+     {
+ 			char error_text[64];
+ 			attr_val *av;
+ 
+ 			if (lex_from_file()) {
+-				av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String));
++				av = create_attr_sval((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].String));
+ 				APPEND_G_FIFO(cfgt.vars, av);
+ 			} else {
+-				YYFREE((yyvsp[0].String));
++				YYFREE((yyvsp[(2) - (2)].String));
+ 				snprintf(error_text, sizeof(error_text),
+ 					 "%s remote config ignored",
+-					 keyword((yyvsp[-1].Integer)));
++					 keyword((yyvsp[(1) - (2)].Integer)));
+ 				yyerror(error_text);
+ 			}
+ 		}
+-#line 2875 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 223:
+-#line 1174 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 226:
++/* Line 1787 of yacc.c  */
++#line 1180 "../../ntpd/ntp_parser.y"
+     {
+ 			if (!lex_from_file()) {
+-				YYFREE((yyvsp[-1].String)); /* avoid leak */
++				YYFREE((yyvsp[(2) - (3)].String)); /* avoid leak */
+ 				yyerror("remote includefile ignored");
+ 				break;
+ 			}
+@@ -2886,108 +3131,108 @@ yyreduce:
+ 				fprintf(stderr, "getconfig: Maximum include file level exceeded.\n");
+ 				msyslog(LOG_ERR, "getconfig: Maximum include file level exceeded.");
+ 			} else {
+-				const char * path = FindConfig((yyvsp[-1].String)); /* might return $2! */
++				const char * path = FindConfig((yyvsp[(2) - (3)].String)); /* might return $2! */
+ 				if (!lex_push_file(path, "r")) {
+ 					fprintf(stderr, "getconfig: Couldn't open <%s>\n", path);
+ 					msyslog(LOG_ERR, "getconfig: Couldn't open <%s>", path);
+ 				}
+ 			}
+-			YYFREE((yyvsp[-1].String)); /* avoid leak */
++			YYFREE((yyvsp[(2) - (3)].String)); /* avoid leak */
+ 		}
+-#line 2898 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 224:
+-#line 1193 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 227:
++/* Line 1787 of yacc.c  */
++#line 1199 "../../ntpd/ntp_parser.y"
+     { lex_flush_stack(); }
+-#line 2904 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 225:
+-#line 1195 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 228:
++/* Line 1787 of yacc.c  */
++#line 1201 "../../ntpd/ntp_parser.y"
+     { /* see drift_parm below for actions */ }
+-#line 2910 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 226:
+-#line 1197 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[0].Attr_val_fifo)); }
+-#line 2916 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 229:
++/* Line 1787 of yacc.c  */
++#line 1203 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+-  case 227:
+-#line 1199 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[0].String_fifo)); }
+-#line 2922 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 230:
++/* Line 1787 of yacc.c  */
++#line 1205 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[(2) - (2)].String_fifo)); }
+     break;
+ 
+-  case 228:
+-#line 1201 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { APPEND_G_FIFO(cfgt.setvar, (yyvsp[0].Set_var)); }
+-#line 2928 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 231:
++/* Line 1787 of yacc.c  */
++#line 1207 "../../ntpd/ntp_parser.y"
++    { APPEND_G_FIFO(cfgt.setvar, (yyvsp[(2) - (2)].Set_var)); }
+     break;
+ 
+-  case 229:
+-#line 1203 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 232:
++/* Line 1787 of yacc.c  */
++#line 1209 "../../ntpd/ntp_parser.y"
+     {
+ 			addr_opts_node *aon;
+ 
+-			aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo));
++			aon = create_addr_opts_node((yyvsp[(2) - (3)].Address_node), (yyvsp[(3) - (3)].Attr_val_fifo));
+ 			APPEND_G_FIFO(cfgt.trap, aon);
+ 		}
+-#line 2939 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 230:
+-#line 1210 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[0].Attr_val_fifo)); }
+-#line 2945 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 233:
++/* Line 1787 of yacc.c  */
++#line 1216 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[(2) - (2)].Attr_val_fifo)); }
+     break;
+ 
+-  case 235:
+-#line 1225 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 238:
++/* Line 1787 of yacc.c  */
++#line 1231 "../../ntpd/ntp_parser.y"
+     {
+ #ifndef LEAP_SMEAR
+ 			yyerror("Built without LEAP_SMEAR support.");
+ #endif
+ 		}
+-#line 2955 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 241:
+-#line 1245 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 244:
++/* Line 1787 of yacc.c  */
++#line 1251 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+-				av = create_attr_sval(T_Driftfile, (yyvsp[0].String));
++				av = create_attr_sval(T_Driftfile, (yyvsp[(1) - (1)].String));
+ 				APPEND_G_FIFO(cfgt.vars, av);
+ 			} else {
+-				YYFREE((yyvsp[0].String));
++				YYFREE((yyvsp[(1) - (1)].String));
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 2970 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 242:
+-#line 1256 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 245:
++/* Line 1787 of yacc.c  */
++#line 1262 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+-				av = create_attr_sval(T_Driftfile, (yyvsp[-1].String));
++				av = create_attr_sval(T_Driftfile, (yyvsp[(1) - (2)].String));
+ 				APPEND_G_FIFO(cfgt.vars, av);
+-				av = create_attr_dval(T_WanderThreshold, (yyvsp[0].Double));
++				av = create_attr_dval(T_WanderThreshold, (yyvsp[(2) - (2)].Double));
+ 				APPEND_G_FIFO(cfgt.vars, av);
+ 			} else {
+-				YYFREE((yyvsp[-1].String));
++				YYFREE((yyvsp[(1) - (2)].String));
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 2987 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 243:
+-#line 1269 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 246:
++/* Line 1787 of yacc.c  */
++#line 1275 "../../ntpd/ntp_parser.y"
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+@@ -2997,386 +3242,386 @@ yyreduce:
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 3001 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 244:
+-#line 1282 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Set_var) = create_setvar_node((yyvsp[-3].String), (yyvsp[-1].String), (yyvsp[0].Integer)); }
+-#line 3007 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 247:
++/* Line 1787 of yacc.c  */
++#line 1288 "../../ntpd/ntp_parser.y"
++    { (yyval.Set_var) = create_setvar_node((yyvsp[(1) - (4)].String), (yyvsp[(3) - (4)].String), (yyvsp[(4) - (4)].Integer)); }
+     break;
+ 
+-  case 246:
+-#line 1288 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 249:
++/* Line 1787 of yacc.c  */
++#line 1294 "../../ntpd/ntp_parser.y"
+     { (yyval.Integer) = 0; }
+-#line 3013 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 247:
+-#line 1293 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 250:
++/* Line 1787 of yacc.c  */
++#line 1299 "../../ntpd/ntp_parser.y"
+     { (yyval.Attr_val_fifo) = NULL; }
+-#line 3019 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 248:
+-#line 1295 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 251:
++/* Line 1787 of yacc.c  */
++#line 1301 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 3028 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 249:
+-#line 1303 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 3034 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 252:
++/* Line 1787 of yacc.c  */
++#line 1309 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival((yyvsp[(1) - (2)].Integer), (yyvsp[(2) - (2)].Integer)); }
+     break;
+ 
+-  case 250:
+-#line 1305 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 253:
++/* Line 1787 of yacc.c  */
++#line 1311 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), estrdup((yyvsp[0].Address_node)->address));
+-			destroy_address_node((yyvsp[0].Address_node));
++			(yyval.Attr_val) = create_attr_sval((yyvsp[(1) - (2)].Integer), estrdup((yyvsp[(2) - (2)].Address_node)->address));
++			destroy_address_node((yyvsp[(2) - (2)].Address_node));
+ 		}
+-#line 3043 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 251:
+-#line 1313 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 254:
++/* Line 1787 of yacc.c  */
++#line 1319 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 3052 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 252:
+-#line 1318 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 255:
++/* Line 1787 of yacc.c  */
++#line 1324 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 3061 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 253:
+-#line 1326 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 256:
++/* Line 1787 of yacc.c  */
++#line 1332 "../../ntpd/ntp_parser.y"
+     {
+ 			char	prefix;
+ 			char *	type;
+ 
+-			switch ((yyvsp[0].String)[0]) {
++			switch ((yyvsp[(1) - (1)].String)[0]) {
+ 
+ 			case '+':
+ 			case '-':
+ 			case '=':
+-				prefix = (yyvsp[0].String)[0];
+-				type = (yyvsp[0].String) + 1;
++				prefix = (yyvsp[(1) - (1)].String)[0];
++				type = (yyvsp[(1) - (1)].String) + 1;
+ 				break;
+ 
+ 			default:
+ 				prefix = '=';
+-				type = (yyvsp[0].String);
++				type = (yyvsp[(1) - (1)].String);
+ 			}
+ 
+ 			(yyval.Attr_val) = create_attr_sval(prefix, estrdup(type));
+-			YYFREE((yyvsp[0].String));
++			YYFREE((yyvsp[(1) - (1)].String));
+ 		}
+-#line 3087 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 254:
+-#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 257:
++/* Line 1787 of yacc.c  */
++#line 1357 "../../ntpd/ntp_parser.y"
+     {
+ 			nic_rule_node *nrn;
+ 
+-			nrn = create_nic_rule_node((yyvsp[0].Integer), NULL, (yyvsp[-1].Integer));
++			nrn = create_nic_rule_node((yyvsp[(3) - (3)].Integer), NULL, (yyvsp[(2) - (3)].Integer));
+ 			APPEND_G_FIFO(cfgt.nic_rules, nrn);
+ 		}
+-#line 3098 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 255:
+-#line 1358 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 258:
++/* Line 1787 of yacc.c  */
++#line 1364 "../../ntpd/ntp_parser.y"
+     {
+ 			nic_rule_node *nrn;
+ 
+-			nrn = create_nic_rule_node(0, (yyvsp[0].String), (yyvsp[-1].Integer));
++			nrn = create_nic_rule_node(0, (yyvsp[(3) - (3)].String), (yyvsp[(2) - (3)].Integer));
+ 			APPEND_G_FIFO(cfgt.nic_rules, nrn);
+ 		}
+-#line 3109 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 265:
+-#line 1386 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[0].Int_fifo)); }
+-#line 3115 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 268:
++/* Line 1787 of yacc.c  */
++#line 1392 "../../ntpd/ntp_parser.y"
++    { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[(2) - (2)].Int_fifo)); }
+     break;
+ 
+-  case 266:
+-#line 1391 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 269:
++/* Line 1787 of yacc.c  */
++#line 1397 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Int_fifo) = (yyvsp[-1].Int_fifo);
+-			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
++			(yyval.Int_fifo) = (yyvsp[(1) - (2)].Int_fifo);
++			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[(2) - (2)].Integer)));
+ 		}
+-#line 3124 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 267:
+-#line 1396 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 270:
++/* Line 1787 of yacc.c  */
++#line 1402 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Int_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
++			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[(1) - (1)].Integer)));
+ 		}
+-#line 3133 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 275:
+-#line 1420 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 278:
++/* Line 1787 of yacc.c  */
++#line 1426 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer)));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[(2) - (2)].Integer)));
+ 		}
+-#line 3142 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 276:
+-#line 1425 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 279:
++/* Line 1787 of yacc.c  */
++#line 1431 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer)));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[(1) - (1)].Integer)));
+ 		}
+-#line 3151 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 277:
+-#line 1433 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 280:
++/* Line 1787 of yacc.c  */
++#line 1439 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (2)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (2)].Attr_val));
+ 		}
+-#line 3160 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 278:
+-#line 1438 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 281:
++/* Line 1787 of yacc.c  */
++#line 1444 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (1)].Attr_val));
+ 		}
+-#line 3169 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 279:
+-#line 1446 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[0].Integer)); }
+-#line 3175 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 282:
++/* Line 1787 of yacc.c  */
++#line 1452 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[(1) - (1)].Integer)); }
+     break;
+ 
+-  case 281:
+-#line 1452 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_rangeval('-', (yyvsp[-3].Integer), (yyvsp[-1].Integer)); }
+-#line 3181 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 284:
++/* Line 1787 of yacc.c  */
++#line 1458 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_rangeval('-', (yyvsp[(2) - (5)].Integer), (yyvsp[(4) - (5)].Integer)); }
+     break;
+ 
+-  case 282:
+-#line 1457 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 285:
++/* Line 1787 of yacc.c  */
++#line 1463 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.String_fifo) = (yyvsp[-1].String_fifo);
+-			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String)));
++			(yyval.String_fifo) = (yyvsp[(1) - (2)].String_fifo);
++			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[(2) - (2)].String)));
+ 		}
+-#line 3190 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 283:
+-#line 1462 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 286:
++/* Line 1787 of yacc.c  */
++#line 1468 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.String_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String)));
++			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[(1) - (1)].String)));
+ 		}
+-#line 3199 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 284:
+-#line 1470 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 287:
++/* Line 1787 of yacc.c  */
++#line 1476 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Address_fifo) = (yyvsp[-1].Address_fifo);
+-			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node));
++			(yyval.Address_fifo) = (yyvsp[(1) - (2)].Address_fifo);
++			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[(2) - (2)].Address_node));
+ 		}
+-#line 3208 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 285:
+-#line 1475 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 288:
++/* Line 1787 of yacc.c  */
++#line 1481 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Address_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node));
++			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[(1) - (1)].Address_node));
+ 		}
+-#line 3217 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 286:
+-#line 1483 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 289:
++/* Line 1787 of yacc.c  */
++#line 1489 "../../ntpd/ntp_parser.y"
+     {
+-			if ((yyvsp[0].Integer) != 0 && (yyvsp[0].Integer) != 1) {
++			if ((yyvsp[(1) - (1)].Integer) != 0 && (yyvsp[(1) - (1)].Integer) != 1) {
+ 				yyerror("Integer value is not boolean (0 or 1). Assuming 1");
+ 				(yyval.Integer) = 1;
+ 			} else {
+-				(yyval.Integer) = (yyvsp[0].Integer);
++				(yyval.Integer) = (yyvsp[(1) - (1)].Integer);
+ 			}
+ 		}
+-#line 3230 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 287:
+-#line 1491 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 290:
++/* Line 1787 of yacc.c  */
++#line 1497 "../../ntpd/ntp_parser.y"
+     { (yyval.Integer) = 1; }
+-#line 3236 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 288:
+-#line 1492 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 291:
++/* Line 1787 of yacc.c  */
++#line 1498 "../../ntpd/ntp_parser.y"
+     { (yyval.Integer) = 0; }
+-#line 3242 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 289:
+-#line 1496 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Double) = (double)(yyvsp[0].Integer); }
+-#line 3248 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 292:
++/* Line 1787 of yacc.c  */
++#line 1502 "../../ntpd/ntp_parser.y"
++    { (yyval.Double) = (double)(yyvsp[(1) - (1)].Integer); }
+     break;
+ 
+-  case 291:
+-#line 1507 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 294:
++/* Line 1787 of yacc.c  */
++#line 1513 "../../ntpd/ntp_parser.y"
+     {
+ 			sim_node *sn;
+ 
+-			sn =  create_sim_node((yyvsp[-2].Attr_val_fifo), (yyvsp[-1].Sim_server_fifo));
++			sn =  create_sim_node((yyvsp[(3) - (5)].Attr_val_fifo), (yyvsp[(4) - (5)].Sim_server_fifo));
+ 			APPEND_G_FIFO(cfgt.sim_details, sn);
+ 
+ 			/* Revert from ; to \n for end-of-command */
+ 			old_config_style = 1;
+ 		}
+-#line 3262 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 292:
+-#line 1524 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 295:
++/* Line 1787 of yacc.c  */
++#line 1530 "../../ntpd/ntp_parser.y"
+     { old_config_style = 0; }
+-#line 3268 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 293:
+-#line 1529 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 296:
++/* Line 1787 of yacc.c  */
++#line 1535 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (3)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (3)].Attr_val));
+ 		}
+-#line 3277 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 294:
+-#line 1534 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 297:
++/* Line 1787 of yacc.c  */
++#line 1540 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (2)].Attr_val));
+ 		}
+-#line 3286 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 295:
+-#line 1542 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); }
+-#line 3292 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 298:
++/* Line 1787 of yacc.c  */
++#line 1548 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (3)].Integer), (yyvsp[(3) - (3)].Double)); }
+     break;
+ 
+-  case 298:
+-#line 1552 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 301:
++/* Line 1787 of yacc.c  */
++#line 1558 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Sim_server_fifo) = (yyvsp[-1].Sim_server_fifo);
+-			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server));
++			(yyval.Sim_server_fifo) = (yyvsp[(1) - (2)].Sim_server_fifo);
++			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[(2) - (2)].Sim_server));
+ 		}
+-#line 3301 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 299:
+-#line 1557 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 302:
++/* Line 1787 of yacc.c  */
++#line 1563 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Sim_server_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server));
++			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[(1) - (1)].Sim_server));
+ 		}
+-#line 3310 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 300:
+-#line 1565 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[-4].Address_node), (yyvsp[-2].Double), (yyvsp[-1].Sim_script_fifo))); }
+-#line 3316 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 303:
++/* Line 1787 of yacc.c  */
++#line 1571 "../../ntpd/ntp_parser.y"
++    { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[(1) - (5)].Address_node), (yyvsp[(3) - (5)].Double), (yyvsp[(4) - (5)].Sim_script_fifo))); }
+     break;
+ 
+-  case 301:
+-#line 1570 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Double) = (yyvsp[-1].Double); }
+-#line 3322 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 304:
++/* Line 1787 of yacc.c  */
++#line 1576 "../../ntpd/ntp_parser.y"
++    { (yyval.Double) = (yyvsp[(3) - (4)].Double); }
+     break;
+ 
+-  case 302:
+-#line 1575 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Address_node) = (yyvsp[0].Address_node); }
+-#line 3328 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 305:
++/* Line 1787 of yacc.c  */
++#line 1581 "../../ntpd/ntp_parser.y"
++    { (yyval.Address_node) = (yyvsp[(3) - (3)].Address_node); }
+     break;
+ 
+-  case 303:
+-#line 1580 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 306:
++/* Line 1787 of yacc.c  */
++#line 1586 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Sim_script_fifo) = (yyvsp[-1].Sim_script_fifo);
+-			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script));
++			(yyval.Sim_script_fifo) = (yyvsp[(1) - (2)].Sim_script_fifo);
++			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[(2) - (2)].Sim_script));
+ 		}
+-#line 3337 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 304:
+-#line 1585 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 307:
++/* Line 1787 of yacc.c  */
++#line 1591 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Sim_script_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script));
++			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[(1) - (1)].Sim_script));
+ 		}
+-#line 3346 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 305:
+-#line 1593 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[-3].Double), (yyvsp[-1].Attr_val_fifo))); }
+-#line 3352 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 308:
++/* Line 1787 of yacc.c  */
++#line 1599 "../../ntpd/ntp_parser.y"
++    { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[(3) - (6)].Double), (yyvsp[(5) - (6)].Attr_val_fifo))); }
+     break;
+ 
+-  case 306:
+-#line 1598 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 309:
++/* Line 1787 of yacc.c  */
++#line 1604 "../../ntpd/ntp_parser.y"
+     {
+-			(yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo);
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
++			(yyval.Attr_val_fifo) = (yyvsp[(1) - (3)].Attr_val_fifo);
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(2) - (3)].Attr_val));
+ 		}
+-#line 3361 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 307:
+-#line 1603 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++  case 310:
++/* Line 1787 of yacc.c  */
++#line 1609 "../../ntpd/ntp_parser.y"
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+-			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
++			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[(1) - (2)].Attr_val));
+ 		}
+-#line 3370 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+-  case 308:
+-#line 1611 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); }
+-#line 3376 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++  case 311:
++/* Line 1787 of yacc.c  */
++#line 1617 "../../ntpd/ntp_parser.y"
++    { (yyval.Attr_val) = create_attr_dval((yyvsp[(1) - (3)].Integer), (yyvsp[(3) - (3)].Double)); }
+     break;
+ 
+ 
+-#line 3380 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++/* Line 1787 of yacc.c  */
++#line 3625 "ntp_parser.c"
+       default: break;
+     }
+   /* User semantic actions sometimes alter yychar, and that requires
+@@ -3398,7 +3643,7 @@ yyreduce:
+ 
+   *++yyvsp = yyval;
+ 
+-  /* Now 'shift' the result of the reduction.  Determine what state
++  /* Now `shift' the result of the reduction.  Determine what state
+      that goes to, based on the state we popped back to and the rule
+      number reduced by.  */
+ 
+@@ -3413,9 +3658,9 @@ yyreduce:
+   goto yynewstate;
+ 
+ 
+-/*--------------------------------------.
+-| yyerrlab -- here on detecting error.  |
+-`--------------------------------------*/
++/*------------------------------------.
++| yyerrlab -- here on detecting error |
++`------------------------------------*/
+ yyerrlab:
+   /* Make sure we have latest lookahead translation.  See comments at
+      user semantic actions for why this is necessary.  */
+@@ -3466,20 +3711,20 @@ yyerrlab:
+   if (yyerrstatus == 3)
+     {
+       /* If just tried and failed to reuse lookahead token after an
+-         error, discard it.  */
++	 error, discard it.  */
+ 
+       if (yychar <= YYEOF)
+-        {
+-          /* Return failure if at end of input.  */
+-          if (yychar == YYEOF)
+-            YYABORT;
+-        }
++	{
++	  /* Return failure if at end of input.  */
++	  if (yychar == YYEOF)
++	    YYABORT;
++	}
+       else
+-        {
+-          yydestruct ("Error: discarding",
+-                      yytoken, &yylval);
+-          yychar = YYEMPTY;
+-        }
++	{
++	  yydestruct ("Error: discarding",
++		      yytoken, &yylval);
++	  yychar = YYEMPTY;
++	}
+     }
+ 
+   /* Else will try to reuse lookahead token after shifting the error
+@@ -3498,7 +3743,7 @@ yyerrorlab:
+   if (/*CONSTCOND*/ 0)
+      goto yyerrorlab;
+ 
+-  /* Do not reclaim the symbols of the rule whose action triggered
++  /* Do not reclaim the symbols of the rule which action triggered
+      this YYERROR.  */
+   YYPOPSTACK (yylen);
+   yylen = 0;
+@@ -3511,29 +3756,29 @@ yyerrorlab:
+ | yyerrlab1 -- common code for both syntax error and YYERROR.  |
+ `-------------------------------------------------------------*/
+ yyerrlab1:
+-  yyerrstatus = 3;      /* Each real token shifted decrements this.  */
++  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+ 
+   for (;;)
+     {
+       yyn = yypact[yystate];
+       if (!yypact_value_is_default (yyn))
+-        {
+-          yyn += YYTERROR;
+-          if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+-            {
+-              yyn = yytable[yyn];
+-              if (0 < yyn)
+-                break;
+-            }
+-        }
++	{
++	  yyn += YYTERROR;
++	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
++	    {
++	      yyn = yytable[yyn];
++	      if (0 < yyn)
++		break;
++	    }
++	}
+ 
+       /* Pop the current state because it cannot handle the error token.  */
+       if (yyssp == yyss)
+-        YYABORT;
++	YYABORT;
+ 
+ 
+       yydestruct ("Error: popping",
+-                  yystos[yystate], yyvsp);
++		  yystos[yystate], yyvsp);
+       YYPOPSTACK (1);
+       yystate = *yyssp;
+       YY_STACK_PRINT (yyss, yyssp);
+@@ -3584,7 +3829,7 @@ yyreturn:
+       yydestruct ("Cleanup: discarding lookahead",
+                   yytoken, &yylval);
+     }
+-  /* Do not reclaim the symbols of the rule whose action triggered
++  /* Do not reclaim the symbols of the rule which action triggered
+      this YYABORT or YYACCEPT.  */
+   YYPOPSTACK (yylen);
+   YY_STACK_PRINT (yyss, yyssp);
+@@ -3591,7 +3836,7 @@ yyreturn:
+   while (yyssp != yyss)
+     {
+       yydestruct ("Cleanup: popping",
+-                  yystos[*yyssp], yyvsp);
++		  yystos[*yyssp], yyvsp);
+       YYPOPSTACK (1);
+     }
+ #ifndef yyoverflow
+@@ -3602,11 +3847,15 @@ yyreturn:
+   if (yymsg != yymsgbuf)
+     YYSTACK_FREE (yymsg);
+ #endif
+-  return yyresult;
++  /* Make sure YYID is used.  */
++  return YYID (yyresult);
+ }
+-#line 1622 "../../ntpd/ntp_parser.y" /* yacc.c:1906  */
+ 
+ 
++/* Line 2050 of yacc.c  */
++#line 1628 "../../ntpd/ntp_parser.y"
++
++
+ void
+ yyerror(
+ 	const char *msg
+Index: contrib/ntp/ntpd/ntp_parser.h
+===================================================================
+--- contrib/ntp/ntpd/ntp_parser.h	(revision 294707)
++++ contrib/ntp/ntpd/ntp_parser.h	(working copy)
+@@ -1,19 +1,19 @@
+-/* A Bison parser, made by GNU Bison 3.0.2.  */
++/* A Bison parser, made by GNU Bison 2.7.12-4996.  */
+ 
+ /* Bison interface for Yacc-like parsers in C
+-
+-   Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+-
++   
++      Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
++   
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+-
++   
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+-
++   
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see .  */
+ 
+@@ -26,13 +26,13 @@
+    special exception, which will cause the skeleton and the resulting
+    Bison output files to be licensed under the GNU General Public
+    License without this special exception.
+-
++   
+    This special exception was added by the Free Software Foundation in
+    version 2.2 of Bison.  */
+ 
+-#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED
+-# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED
+-/* Debug traces.  */
++#ifndef YY_YY_NTP_PARSER_H_INCLUDED
++# define YY_YY_NTP_PARSER_H_INCLUDED
++/* Enabling traces.  */
+ #ifndef YYDEBUG
+ # define YYDEBUG 1
+ #endif
+@@ -40,203 +40,207 @@
+ extern int yydebug;
+ #endif
+ 
+-/* Token type.  */
++/* Tokens.  */
+ #ifndef YYTOKENTYPE
+ # define YYTOKENTYPE
+-  enum yytokentype
+-  {
+-    T_Abbrev = 258,
+-    T_Age = 259,
+-    T_All = 260,
+-    T_Allan = 261,
+-    T_Allpeers = 262,
+-    T_Auth = 263,
+-    T_Autokey = 264,
+-    T_Automax = 265,
+-    T_Average = 266,
+-    T_Bclient = 267,
+-    T_Beacon = 268,
+-    T_Broadcast = 269,
+-    T_Broadcastclient = 270,
+-    T_Broadcastdelay = 271,
+-    T_Burst = 272,
+-    T_Calibrate = 273,
+-    T_Ceiling = 274,
+-    T_Clockstats = 275,
+-    T_Cohort = 276,
+-    T_ControlKey = 277,
+-    T_Crypto = 278,
+-    T_Cryptostats = 279,
+-    T_Ctl = 280,
+-    T_Day = 281,
+-    T_Default = 282,
+-    T_Digest = 283,
+-    T_Disable = 284,
+-    T_Discard = 285,
+-    T_Dispersion = 286,
+-    T_Double = 287,
+-    T_Driftfile = 288,
+-    T_Drop = 289,
+-    T_Dscp = 290,
+-    T_Ellipsis = 291,
+-    T_Enable = 292,
+-    T_End = 293,
+-    T_False = 294,
+-    T_File = 295,
+-    T_Filegen = 296,
+-    T_Filenum = 297,
+-    T_Flag1 = 298,
+-    T_Flag2 = 299,
+-    T_Flag3 = 300,
+-    T_Flag4 = 301,
+-    T_Flake = 302,
+-    T_Floor = 303,
+-    T_Freq = 304,
+-    T_Fudge = 305,
+-    T_Host = 306,
+-    T_Huffpuff = 307,
+-    T_Iburst = 308,
+-    T_Ident = 309,
+-    T_Ignore = 310,
+-    T_Incalloc = 311,
+-    T_Incmem = 312,
+-    T_Initalloc = 313,
+-    T_Initmem = 314,
+-    T_Includefile = 315,
+-    T_Integer = 316,
+-    T_Interface = 317,
+-    T_Intrange = 318,
+-    T_Io = 319,
+-    T_Ipv4 = 320,
+-    T_Ipv4_flag = 321,
+-    T_Ipv6 = 322,
+-    T_Ipv6_flag = 323,
+-    T_Kernel = 324,
+-    T_Key = 325,
+-    T_Keys = 326,
+-    T_Keysdir = 327,
+-    T_Kod = 328,
+-    T_Mssntp = 329,
+-    T_Leapfile = 330,
+-    T_Leapsmearinterval = 331,
+-    T_Limited = 332,
+-    T_Link = 333,
+-    T_Listen = 334,
+-    T_Logconfig = 335,
+-    T_Logfile = 336,
+-    T_Loopstats = 337,
+-    T_Lowpriotrap = 338,
+-    T_Manycastclient = 339,
+-    T_Manycastserver = 340,
+-    T_Mask = 341,
+-    T_Maxage = 342,
+-    T_Maxclock = 343,
+-    T_Maxdepth = 344,
+-    T_Maxdist = 345,
+-    T_Maxmem = 346,
+-    T_Maxpoll = 347,
+-    T_Mdnstries = 348,
+-    T_Mem = 349,
+-    T_Memlock = 350,
+-    T_Minclock = 351,
+-    T_Mindepth = 352,
+-    T_Mindist = 353,
+-    T_Minimum = 354,
+-    T_Minpoll = 355,
+-    T_Minsane = 356,
+-    T_Mode = 357,
+-    T_Mode7 = 358,
+-    T_Monitor = 359,
+-    T_Month = 360,
+-    T_Mru = 361,
+-    T_Multicastclient = 362,
+-    T_Nic = 363,
+-    T_Nolink = 364,
+-    T_Nomodify = 365,
+-    T_Nomrulist = 366,
+-    T_None = 367,
+-    T_Nonvolatile = 368,
+-    T_Nopeer = 369,
+-    T_Noquery = 370,
+-    T_Noselect = 371,
+-    T_Noserve = 372,
+-    T_Notrap = 373,
+-    T_Notrust = 374,
+-    T_Ntp = 375,
+-    T_Ntpport = 376,
+-    T_NtpSignDsocket = 377,
+-    T_Orphan = 378,
+-    T_Orphanwait = 379,
+-    T_Panic = 380,
+-    T_Peer = 381,
+-    T_Peerstats = 382,
+-    T_Phone = 383,
+-    T_Pid = 384,
+-    T_Pidfile = 385,
+-    T_Pool = 386,
+-    T_Port = 387,
+-    T_Preempt = 388,
+-    T_Prefer = 389,
+-    T_Protostats = 390,
+-    T_Pw = 391,
+-    T_Randfile = 392,
+-    T_Rawstats = 393,
+-    T_Refid = 394,
+-    T_Requestkey = 395,
+-    T_Reset = 396,
+-    T_Restrict = 397,
+-    T_Revoke = 398,
+-    T_Rlimit = 399,
+-    T_Saveconfigdir = 400,
+-    T_Server = 401,
+-    T_Setvar = 402,
+-    T_Source = 403,
+-    T_Stacksize = 404,
+-    T_Statistics = 405,
+-    T_Stats = 406,
+-    T_Statsdir = 407,
+-    T_Step = 408,
+-    T_Stepback = 409,
+-    T_Stepfwd = 410,
+-    T_Stepout = 411,
+-    T_Stratum = 412,
+-    T_String = 413,
+-    T_Sys = 414,
+-    T_Sysstats = 415,
+-    T_Tick = 416,
+-    T_Time1 = 417,
+-    T_Time2 = 418,
+-    T_Timer = 419,
+-    T_Timingstats = 420,
+-    T_Tinker = 421,
+-    T_Tos = 422,
+-    T_Trap = 423,
+-    T_True = 424,
+-    T_Trustedkey = 425,
+-    T_Ttl = 426,
+-    T_Type = 427,
+-    T_U_int = 428,
+-    T_Unconfig = 429,
+-    T_Unpeer = 430,
+-    T_Version = 431,
+-    T_WanderThreshold = 432,
+-    T_Week = 433,
+-    T_Wildcard = 434,
+-    T_Xleave = 435,
+-    T_Year = 436,
+-    T_Flag = 437,
+-    T_EOC = 438,
+-    T_Simulate = 439,
+-    T_Beep_Delay = 440,
+-    T_Sim_Duration = 441,
+-    T_Server_Offset = 442,
+-    T_Duration = 443,
+-    T_Freq_Offset = 444,
+-    T_Wander = 445,
+-    T_Jitter = 446,
+-    T_Prop_Delay = 447,
+-    T_Proc_Delay = 448
+-  };
++   /* Put the tokens into the symbol table, so that GDB and other debuggers
++      know about them.  */
++   enum yytokentype {
++     T_Abbrev = 258,
++     T_Age = 259,
++     T_All = 260,
++     T_Allan = 261,
++     T_Allpeers = 262,
++     T_Auth = 263,
++     T_Autokey = 264,
++     T_Automax = 265,
++     T_Average = 266,
++     T_Bclient = 267,
++     T_Beacon = 268,
++     T_Broadcast = 269,
++     T_Broadcastclient = 270,
++     T_Broadcastdelay = 271,
++     T_Burst = 272,
++     T_Calibrate = 273,
++     T_Ceiling = 274,
++     T_Clockstats = 275,
++     T_Cohort = 276,
++     T_ControlKey = 277,
++     T_Crypto = 278,
++     T_Cryptostats = 279,
++     T_Ctl = 280,
++     T_Day = 281,
++     T_Default = 282,
++     T_Digest = 283,
++     T_Disable = 284,
++     T_Discard = 285,
++     T_Dispersion = 286,
++     T_Double = 287,
++     T_Driftfile = 288,
++     T_Drop = 289,
++     T_Dscp = 290,
++     T_Ellipsis = 291,
++     T_Enable = 292,
++     T_End = 293,
++     T_False = 294,
++     T_File = 295,
++     T_Filegen = 296,
++     T_Filenum = 297,
++     T_Flag1 = 298,
++     T_Flag2 = 299,
++     T_Flag3 = 300,
++     T_Flag4 = 301,
++     T_Flake = 302,
++     T_Floor = 303,
++     T_Freq = 304,
++     T_Fudge = 305,
++     T_Host = 306,
++     T_Huffpuff = 307,
++     T_Iburst = 308,
++     T_Ident = 309,
++     T_Ignore = 310,
++     T_Incalloc = 311,
++     T_Incmem = 312,
++     T_Initalloc = 313,
++     T_Initmem = 314,
++     T_Includefile = 315,
++     T_Integer = 316,
++     T_Interface = 317,
++     T_Intrange = 318,
++     T_Io = 319,
++     T_Ipv4 = 320,
++     T_Ipv4_flag = 321,
++     T_Ipv6 = 322,
++     T_Ipv6_flag = 323,
++     T_Kernel = 324,
++     T_Key = 325,
++     T_Keys = 326,
++     T_Keysdir = 327,
++     T_Kod = 328,
++     T_Mssntp = 329,
++     T_Leapfile = 330,
++     T_Leapsmearinterval = 331,
++     T_Limited = 332,
++     T_Link = 333,
++     T_Listen = 334,
++     T_Logconfig = 335,
++     T_Logfile = 336,
++     T_Loopstats = 337,
++     T_Lowpriotrap = 338,
++     T_Manycastclient = 339,
++     T_Manycastserver = 340,
++     T_Mask = 341,
++     T_Maxage = 342,
++     T_Maxclock = 343,
++     T_Maxdepth = 344,
++     T_Maxdist = 345,
++     T_Maxmem = 346,
++     T_Maxpoll = 347,
++     T_Mdnstries = 348,
++     T_Mem = 349,
++     T_Memlock = 350,
++     T_Minclock = 351,
++     T_Mindepth = 352,
++     T_Mindist = 353,
++     T_Minimum = 354,
++     T_Minpoll = 355,
++     T_Minsane = 356,
++     T_Mode = 357,
++     T_Mode7 = 358,
++     T_Monitor = 359,
++     T_Month = 360,
++     T_Mru = 361,
++     T_Multicastclient = 362,
++     T_Nic = 363,
++     T_Nolink = 364,
++     T_Nomodify = 365,
++     T_Nomrulist = 366,
++     T_None = 367,
++     T_Nonvolatile = 368,
++     T_Nopeer = 369,
++     T_Noquery = 370,
++     T_Noselect = 371,
++     T_Noserve = 372,
++     T_Notrap = 373,
++     T_Notrust = 374,
++     T_Ntp = 375,
++     T_Ntpport = 376,
++     T_NtpSignDsocket = 377,
++     T_Orphan = 378,
++     T_Orphanwait = 379,
++     T_Panic = 380,
++     T_Peer = 381,
++     T_Peerstats = 382,
++     T_Phone = 383,
++     T_Pid = 384,
++     T_Pidfile = 385,
++     T_Pool = 386,
++     T_Port = 387,
++     T_Preempt = 388,
++     T_Prefer = 389,
++     T_Protostats = 390,
++     T_Pw = 391,
++     T_Randfile = 392,
++     T_Rawstats = 393,
++     T_Refid = 394,
++     T_Requestkey = 395,
++     T_Reset = 396,
++     T_Restrict = 397,
++     T_Revoke = 398,
++     T_Rlimit = 399,
++     T_Saveconfigdir = 400,
++     T_Server = 401,
++     T_Setvar = 402,
++     T_Source = 403,
++     T_Stacksize = 404,
++     T_Statistics = 405,
++     T_Stats = 406,
++     T_Statsdir = 407,
++     T_Step = 408,
++     T_Stepback = 409,
++     T_Stepfwd = 410,
++     T_Stepout = 411,
++     T_Stratum = 412,
++     T_String = 413,
++     T_Sys = 414,
++     T_Sysstats = 415,
++     T_Tick = 416,
++     T_Time1 = 417,
++     T_Time2 = 418,
++     T_Timer = 419,
++     T_Timingstats = 420,
++     T_Tinker = 421,
++     T_Tos = 422,
++     T_Trap = 423,
++     T_True = 424,
++     T_Trustedkey = 425,
++     T_Ttl = 426,
++     T_Type = 427,
++     T_U_int = 428,
++     T_UEcrypto = 429,
++     T_UEcryptonak = 430,
++     T_UEdigest = 431,
++     T_Unconfig = 432,
++     T_Unpeer = 433,
++     T_Version = 434,
++     T_WanderThreshold = 435,
++     T_Week = 436,
++     T_Wildcard = 437,
++     T_Xleave = 438,
++     T_Year = 439,
++     T_Flag = 440,
++     T_EOC = 441,
++     T_Simulate = 442,
++     T_Beep_Delay = 443,
++     T_Sim_Duration = 444,
++     T_Server_Offset = 445,
++     T_Duration = 446,
++     T_Freq_Offset = 447,
++     T_Wander = 448,
++     T_Jitter = 449,
++     T_Prop_Delay = 450,
++     T_Proc_Delay = 451
++   };
+ #endif
+ /* Tokens.  */
+ #define T_Abbrev 258
+@@ -410,33 +414,37 @@ extern int yydebug;
+ #define T_Ttl 426
+ #define T_Type 427
+ #define T_U_int 428
+-#define T_Unconfig 429
+-#define T_Unpeer 430
+-#define T_Version 431
+-#define T_WanderThreshold 432
+-#define T_Week 433
+-#define T_Wildcard 434
+-#define T_Xleave 435
+-#define T_Year 436
+-#define T_Flag 437
+-#define T_EOC 438
+-#define T_Simulate 439
+-#define T_Beep_Delay 440
+-#define T_Sim_Duration 441
+-#define T_Server_Offset 442
+-#define T_Duration 443
+-#define T_Freq_Offset 444
+-#define T_Wander 445
+-#define T_Jitter 446
+-#define T_Prop_Delay 447
+-#define T_Proc_Delay 448
++#define T_UEcrypto 429
++#define T_UEcryptonak 430
++#define T_UEdigest 431
++#define T_Unconfig 432
++#define T_Unpeer 433
++#define T_Version 434
++#define T_WanderThreshold 435
++#define T_Week 436
++#define T_Wildcard 437
++#define T_Xleave 438
++#define T_Year 439
++#define T_Flag 440
++#define T_EOC 441
++#define T_Simulate 442
++#define T_Beep_Delay 443
++#define T_Sim_Duration 444
++#define T_Server_Offset 445
++#define T_Duration 446
++#define T_Freq_Offset 447
++#define T_Wander 448
++#define T_Jitter 449
++#define T_Prop_Delay 450
++#define T_Proc_Delay 451
+ 
+-/* Value type.  */
++
++
+ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+-typedef union YYSTYPE YYSTYPE;
+-union YYSTYPE
++typedef union YYSTYPE
+ {
+-#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909  */
++/* Line 2053 of yacc.c  */
++#line 51 "../../ntpd/ntp_parser.y"
+ 
+ 	char *			String;
+ 	double			Double;
+@@ -455,15 +463,29 @@ extern int yydebug;
+ 	script_info *		Sim_script;
+ 	script_info_fifo *	Sim_script_fifo;
+ 
+-#line 459 "../../ntpd/ntp_parser.h" /* yacc.c:1909  */
+-};
++
++/* Line 2053 of yacc.c  */
++#line 469 "ntp_parser.h"
++} YYSTYPE;
+ # define YYSTYPE_IS_TRIVIAL 1
++# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+ # define YYSTYPE_IS_DECLARED 1
+ #endif
+ 
+-
+ extern YYSTYPE yylval;
+ 
++#ifdef YYPARSE_PARAM
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void *YYPARSE_PARAM);
++#else
++int yyparse ();
++#endif
++#else /* ! YYPARSE_PARAM */
++#if defined __STDC__ || defined __cplusplus
+ int yyparse (void);
++#else
++int yyparse ();
++#endif
++#endif /* ! YYPARSE_PARAM */
+ 
+-#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED  */
++#endif /* !YY_YY_NTP_PARSER_H_INCLUDED  */
+Index: contrib/ntp/ntpd/ntp_proto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_proto.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_proto.c	(working copy)
+@@ -153,6 +153,19 @@ u_long	sys_declined;		/* declined */
+ u_long	sys_limitrejected;	/* rate exceeded */
+ u_long	sys_kodsent;		/* KoD sent */
+ 
++/*
++ * Mechanism knobs: how soon do we unpeer()?
++ *
++ * The default way is "on-receipt".  If this was a packet from a
++ * well-behaved source, on-receipt will offer the fastest recovery.
++ * If this was from a DoS attack, the default way makes it easier
++ * for a bad-guy to DoS us.  So look and see what bites you harder
++ * and choose according to your environment.
++ */
++int unpeer_crypto_early		= 1;	/* bad crypto (TEST9) */
++int unpeer_crypto_nak_early	= 1;	/* crypto_NAK (TEST5) */
++int unpeer_digest_early		= 1;	/* bad digest (TEST5) */
++
+ static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
+ static	double	root_distance	(struct peer *);
+ static	void	clock_combine	(peer_select *, int, int);
+@@ -1157,6 +1170,7 @@ receive(
+ 
+ 			} else {
+ 				peer->delay = sys_bdelay;
++				peer->bxmt = p_xmt;
+ 			}
+ 			break;
+ 		}
+@@ -1177,6 +1191,7 @@ receive(
+ 			sys_restricted++;
+ 			return;			/* ignore duplicate */
+ 		}
++		peer->bxmt = p_xmt;
+ #ifdef AUTOKEY
+ 		if (skeyid > NTP_MAXKEY)
+ 			crypto_recv(peer, rbufp);
+@@ -1286,6 +1301,73 @@ receive(
+ 			return;
+ 		}
+ #endif /* AUTOKEY */
++
++		if (MODE_BROADCAST == hismode) {
++			u_char poll;
++			int bail = 0;
++			l_fp tdiff;
++
++			DPRINTF(2, ("receive: PROCPKT/BROADCAST: prev pkt %ld seconds ago, ppoll: %d, %d secs\n",
++				    (current_time - peer->timelastrec),
++				    peer->ppoll, (1 << peer->ppoll)
++				    ));
++			/* Things we can check:
++			 *
++			 * Did the poll interval change?
++			 * Is the poll interval in the packet in-range?
++			 * Did this packet arrive too soon?
++			 * Is the timestamp in this packet monotonic
++			 *  with respect to the previous packet?
++			 */
++
++			/* This is noteworthy, not error-worthy */
++			if (pkt->ppoll != peer->ppoll) {
++				msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud",
++					stoa(&rbufp->recv_srcadr),
++					peer->ppoll, pkt->ppoll);
++			}
++
++			poll = min(peer->maxpoll,
++				   max(peer->minpoll, pkt->ppoll));
++
++			/* This is error-worthy */
++			if (pkt->ppoll != poll) {
++				msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!",
++					pkt->ppoll, stoa(&rbufp->recv_srcadr),
++					peer->minpoll, peer->maxpoll);
++				++bail;
++			}
++
++			if (  (current_time - peer->timelastrec)
++			    < (1 << pkt->ppoll)) {
++				msyslog(LOG_INFO, "receive: broadcast packet from %s arrived after %ld, not %d seconds!",
++					stoa(&rbufp->recv_srcadr),
++					(current_time - peer->timelastrec),
++					(1 << pkt->ppoll)
++					);
++				++bail;
++			}
++
++			tdiff = p_xmt;
++			L_SUB(&tdiff, &peer->bxmt);
++			if (tdiff.l_i < 0) {
++				msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
++					stoa(&rbufp->recv_srcadr),
++					peer->bxmt.l_ui, peer->bxmt.l_uf,
++					p_xmt.l_ui, p_xmt.l_uf
++					);
++				++bail;
++			}
++
++			peer->bxmt = p_xmt;
++
++			if (bail) {
++				peer->timelastrec = current_time;
++				sys_declined++;
++				return;
++			}
++		}
++
+ 		break;
+ 
+ 	/*
+@@ -1362,7 +1444,12 @@ receive(
+ 	/*
+ 	 * Basic mode checks:
+ 	 *
+-	 * If there is no origin timestamp, it's an initial packet.
++	 * If there is no origin timestamp, it's either an initial packet
++	 * or we've already received a response to our query.  Of course,
++	 * should 'aorg' be all-zero because this really was the original
++	 * transmit timestamp, we'll drop the reply.  There is a window of
++	 * one nanosecond once every 136 years' time where this is possible.
++	 * We currently ignore this situation.
+ 	 *
+ 	 * Otherwise, check for bogus packet in basic mode.
+ 	 * If it is bogus, switch to interleaved mode and resynchronize,
+@@ -1375,7 +1462,8 @@ receive(
+ 	} else if (peer->flip == 0) {
+ 		if (0 < hisstratum && L_ISZERO(&p_org)) {
+ 			L_CLR(&peer->aorg);
+-		} else if (!L_ISEQU(&p_org, &peer->aorg)) {
++		} else if (    L_ISZERO(&peer->aorg)
++			   || !L_ISEQU(&p_org, &peer->aorg)) {
+ 			peer->bogusorg++;
+ 			peer->flash |= TEST2;	/* bogus */
+ 			msyslog(LOG_INFO,
+@@ -1424,7 +1512,9 @@ receive(
+ 		peer->flash |= TEST5;		/* bad auth */
+ 		peer->badauth++;
+ 		if (peer->flags & FLAG_PREEMPT) {
+-			unpeer(peer);
++			if (unpeer_crypto_nak_early) {
++				unpeer(peer);
++			}
+ 			return;
+ 		}
+ #ifdef AUTOKEY
+@@ -1450,7 +1540,9 @@ receive(
+ 		    && (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
+ 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
+ 		if (peer->flags & FLAG_PREEMPT) {
+-			unpeer(peer);
++			if (unpeer_digest_early) {
++				unpeer(peer);
++			}
+ 			return;
+ 		}
+ #ifdef AUTOKEY
+@@ -1505,12 +1597,47 @@ receive(
+ 		return;		/* Drop any other kiss code packets */
+ 	}
+ 
++	/*
++	 * If:
++	 *	- this is a *cast (uni-, broad-, or m-) server packet
++	 *	- and it's authenticated
++	 * then see if the sender's IP is trusted for this keyid.
++	 * If it is, great - nothing special to do here.
++	 * Otherwise, we should report and bail.
++	 */
+ 
++	switch (hismode) {
++	    case MODE_SERVER:		/* server mode */
++	    case MODE_BROADCAST:	/* broadcast mode */
++	    case MODE_ACTIVE:		/* symmetric active mode */
++		if (   is_authentic == AUTH_OK
++		    && !authistrustedip(skeyid, &peer->srcadr)) {
++			report_event(PEVNT_AUTH, peer, "authIP");
++			peer->badauth++;
++			return;
++		}
++	    	break;
++
++	    case MODE_UNSPEC:		/* unspecified (old version) */
++	    case MODE_PASSIVE:		/* symmetric passive mode */
++	    case MODE_CLIENT:		/* client mode */
++#if 0		/* At this point, MODE_CONTROL is overloaded by MODE_BCLIENT */
++	    case MODE_CONTROL:		/* control mode */
++#endif
++	    case MODE_PRIVATE:		/* private mode */
++	    case MODE_BCLIENT:		/* broadcast client mode */
++	    	break;
++	    default:
++	    	break;
++	}
++
++
+ 	/*
+ 	 * That was hard and I am sweaty, but the packet is squeaky
+ 	 * clean. Get on with real work.
+ 	 */
+ 	peer->timereceived = current_time;
++	peer->timelastrec = current_time;
+ 	if (is_authentic == AUTH_OK)
+ 		peer->flags |= FLAG_AUTHENTIC;
+ 	else
+@@ -1560,8 +1687,11 @@ receive(
+ 				    "crypto error");
+ 				peer_clear(peer, "CRYP");
+ 				peer->flash |= TEST9;	/* bad crypt */
+-				if (peer->flags & FLAG_PREEMPT)
+-					unpeer(peer);
++				if (peer->flags & FLAG_PREEMPT) {
++					if (unpeer_crypto_early) {
++						unpeer(peer);
++					}
++				}
+ 			}
+ 			return;
+ 		}
+@@ -4358,6 +4488,22 @@ proto_config(
+ 			io_multicast_del(svalue);
+ 		break;
+ 
++	/*
++	 * Unpeer Early policy choices
++	 */
++
++	case PROTO_UECRYPTO:	/* Crypto */
++		unpeer_crypto_early = value;
++		break;
++
++	case PROTO_UECRYPTONAK:	/* Crypto_NAK */
++		unpeer_crypto_nak_early = value;
++		break;
++
++	case PROTO_UEDIGEST:	/* Digest */
++		unpeer_digest_early = value;
++		break;
++
+ 	default:
+ 		msyslog(LOG_NOTICE,
+ 		    "proto: unsupported option %d", item);
+Index: contrib/ntp/ntpd/ntp_request.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_request.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_request.c	(working copy)
+@@ -81,8 +81,8 @@ static	void	do_unconf	(sockaddr_u *, endpt *, stru
+ static	void	set_sys_flag	(sockaddr_u *, endpt *, struct req_pkt *);
+ static	void	clr_sys_flag	(sockaddr_u *, endpt *, struct req_pkt *);
+ static	void	setclr_flags	(sockaddr_u *, endpt *, struct req_pkt *, u_long);
+-static	void	list_restrict4	(restrict_u *, struct info_restrict **);
+-static	void	list_restrict6	(restrict_u *, struct info_restrict **);
++static	void	list_restrict4	(const restrict_u *, struct info_restrict **);
++static	void	list_restrict6	(const restrict_u *, struct info_restrict **);
+ static	void	list_restrict	(sockaddr_u *, endpt *, struct req_pkt *);
+ static	void	do_resaddflags	(sockaddr_u *, endpt *, struct req_pkt *);
+ static	void	do_ressubflags	(sockaddr_u *, endpt *, struct req_pkt *);
+@@ -667,43 +667,35 @@ list_peers(
+ 	struct req_pkt *inpkt
+ 	)
+ {
+-	struct info_peer_list *ip;
+-	struct peer *pp;
+-	int skip = 0;
++	struct info_peer_list *	ip;
++	const struct peer *	pp;
+ 
+ 	ip = (struct info_peer_list *)prepare_pkt(srcadr, inter, inpkt,
+ 	    v6sizeof(struct info_peer_list));
+ 	for (pp = peer_list; pp != NULL && ip != NULL; pp = pp->p_link) {
+ 		if (IS_IPV6(&pp->srcadr)) {
+-			if (client_v6_capable) {
+-				ip->addr6 = SOCK_ADDR6(&pp->srcadr);
+-				ip->v6_flag = 1;
+-				skip = 0;
+-			} else {
+-				skip = 1;
+-				break;
+-			}
++			if (!client_v6_capable)
++				continue;			
++			ip->addr6 = SOCK_ADDR6(&pp->srcadr);
++			ip->v6_flag = 1;
+ 		} else {
+ 			ip->addr = NSRCADR(&pp->srcadr);
+ 			if (client_v6_capable)
+ 				ip->v6_flag = 0;
+-			skip = 0;
+ 		}
+ 
+-		if (!skip) {
+-			ip->port = NSRCPORT(&pp->srcadr);
+-			ip->hmode = pp->hmode;
+-			ip->flags = 0;
+-			if (pp->flags & FLAG_CONFIG)
+-				ip->flags |= INFO_FLAG_CONFIG;
+-			if (pp == sys_peer)
+-				ip->flags |= INFO_FLAG_SYSPEER;
+-			if (pp->status == CTL_PST_SEL_SYNCCAND)
+-				ip->flags |= INFO_FLAG_SEL_CANDIDATE;
+-			if (pp->status >= CTL_PST_SEL_SYSPEER)
+-				ip->flags |= INFO_FLAG_SHORTLIST;
+-			ip = (struct info_peer_list *)more_pkt();
+-		}
++		ip->port = NSRCPORT(&pp->srcadr);
++		ip->hmode = pp->hmode;
++		ip->flags = 0;
++		if (pp->flags & FLAG_CONFIG)
++			ip->flags |= INFO_FLAG_CONFIG;
++		if (pp == sys_peer)
++			ip->flags |= INFO_FLAG_SYSPEER;
++		if (pp->status == CTL_PST_SEL_SYNCCAND)
++			ip->flags |= INFO_FLAG_SEL_CANDIDATE;
++		if (pp->status >= CTL_PST_SEL_SYSPEER)
++			ip->flags |= INFO_FLAG_SHORTLIST;
++		ip = (struct info_peer_list *)more_pkt();
+ 	}	/* for pp */
+ 
+ 	flush_pkt();
+@@ -720,10 +712,9 @@ list_peers_sum(
+ 	struct req_pkt *inpkt
+ 	)
+ {
+-	register struct info_peer_summary *ips;
+-	register struct peer *pp;
+-	l_fp ltmp;
+-	register int skip;
++	struct info_peer_summary *	ips;
++	const struct peer *		pp;
++	l_fp 				ltmp;
+ 
+ 	DPRINTF(3, ("wants peer list summary\n"));
+ 
+@@ -736,18 +727,14 @@ list_peers_sum(
+ 		 * want only v4.
+ 		 */
+ 		if (IS_IPV6(&pp->srcadr)) {
+-			if (client_v6_capable) {
+-				ips->srcadr6 = SOCK_ADDR6(&pp->srcadr);
+-				ips->v6_flag = 1;
+-				if (pp->dstadr)
+-					ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin);
+-				else
+-					ZERO(ips->dstadr6);
+-				skip = 0;
+-			} else {
+-				skip = 1;
+-				break;
+-			}
++			if (!client_v6_capable)
++				continue;
++			ips->srcadr6 = SOCK_ADDR6(&pp->srcadr);
++			ips->v6_flag = 1;
++			if (pp->dstadr)
++				ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin);
++			else
++				ZERO(ips->dstadr6);
+ 		} else {
+ 			ips->srcadr = NSRCADR(&pp->srcadr);
+ 			if (client_v6_capable)
+@@ -765,39 +752,37 @@ list_peers_sum(
+ 							ips->dstadr = NSRCADR(&pp->dstadr->bcast);
+ 					}
+ 				}
+-			} else
++			} else {
+ 				ips->dstadr = 0;
+-
+-			skip = 0;
++			}
+ 		}
+ 		
+-		if (!skip) { 
+-			ips->srcport = NSRCPORT(&pp->srcadr);
+-			ips->stratum = pp->stratum;
+-			ips->hpoll = pp->hpoll;
+-			ips->ppoll = pp->ppoll;
+-			ips->reach = pp->reach;
+-			ips->flags = 0;
+-			if (pp == sys_peer)
+-				ips->flags |= INFO_FLAG_SYSPEER;
+-			if (pp->flags & FLAG_CONFIG)
+-				ips->flags |= INFO_FLAG_CONFIG;
+-			if (pp->flags & FLAG_REFCLOCK)
+-				ips->flags |= INFO_FLAG_REFCLOCK;
+-			if (pp->flags & FLAG_PREFER)
+-				ips->flags |= INFO_FLAG_PREFER;
+-			if (pp->flags & FLAG_BURST)
+-				ips->flags |= INFO_FLAG_BURST;
+-			if (pp->status == CTL_PST_SEL_SYNCCAND)
+-				ips->flags |= INFO_FLAG_SEL_CANDIDATE;
+-			if (pp->status >= CTL_PST_SEL_SYSPEER)
+-				ips->flags |= INFO_FLAG_SHORTLIST;
+-			ips->hmode = pp->hmode;
+-			ips->delay = HTONS_FP(DTOFP(pp->delay));
+-			DTOLFP(pp->offset, <mp);
+-			HTONL_FP(<mp, &ips->offset);
+-			ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
+-		}	
++		ips->srcport = NSRCPORT(&pp->srcadr);
++		ips->stratum = pp->stratum;
++		ips->hpoll = pp->hpoll;
++		ips->ppoll = pp->ppoll;
++		ips->reach = pp->reach;
++		ips->flags = 0;
++		if (pp == sys_peer)
++			ips->flags |= INFO_FLAG_SYSPEER;
++		if (pp->flags & FLAG_CONFIG)
++			ips->flags |= INFO_FLAG_CONFIG;
++		if (pp->flags & FLAG_REFCLOCK)
++			ips->flags |= INFO_FLAG_REFCLOCK;
++		if (pp->flags & FLAG_PREFER)
++			ips->flags |= INFO_FLAG_PREFER;
++		if (pp->flags & FLAG_BURST)
++			ips->flags |= INFO_FLAG_BURST;
++		if (pp->status == CTL_PST_SEL_SYNCCAND)
++			ips->flags |= INFO_FLAG_SEL_CANDIDATE;
++		if (pp->status >= CTL_PST_SEL_SYSPEER)
++			ips->flags |= INFO_FLAG_SHORTLIST;
++		ips->hmode = pp->hmode;
++		ips->delay = HTONS_FP(DTOFP(pp->delay));
++		DTOLFP(pp->offset, <mp);
++		HTONL_FP(<mp, &ips->offset);
++		ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
++
+ 		ips = (struct info_peer_summary *)more_pkt();
+ 	}	/* for pp */
+ 
+@@ -1197,7 +1182,7 @@ mem_stats(
+ 		ms->hashcount[i] = (u_char)
+ 		    max((u_int)peer_hash_count[i], UCHAR_MAX);
+ 
+-	more_pkt();
++	(void) more_pkt();
+ 	flush_pkt();
+ }
+ 
+@@ -1285,7 +1270,7 @@ loop_info(
+ 	li->compliance = htonl((u_int32)(tc_counter));
+ 	li->watchdog_timer = htonl((u_int32)(current_time - sys_epoch));
+ 
+-	more_pkt();
++	(void) more_pkt();
+ 	flush_pkt();
+ }
+ 
+@@ -1571,56 +1556,143 @@ setclr_flags(
+ 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+ }
+ 
++/* There have been some issues with the restrict list processing,
++ * ranging from problems with deep recursion (resulting in stack
++ * overflows) and overfull reply buffers.
++ *
++ * To avoid this trouble the list reversal is done iteratively using a
++ * scratch pad.
++ */
++typedef struct RestrictStack RestrictStackT;
++struct RestrictStack {
++	RestrictStackT   *link;
++	size_t            fcnt;
++	const restrict_u *pres[63];
++};
++
++static size_t
++getStackSheetSize(
++	RestrictStackT *sp
++	)
++{
++	if (sp)
++		return sizeof(sp->pres)/sizeof(sp->pres[0]);
++	return 0u;
++}
++
++static int/*BOOL*/
++pushRestriction(
++	RestrictStackT  **spp,
++	const restrict_u *ptr
++	)
++{
++	RestrictStackT *sp;
++
++	if (NULL == (sp = *spp) || 0 == sp->fcnt) {
++		/* need another sheet in the scratch pad */
++		sp = emalloc(sizeof(*sp));
++		sp->link = *spp;
++		sp->fcnt = getStackSheetSize(sp);
++		*spp = sp;
++	}
++	sp->pres[--sp->fcnt] = ptr;
++	return TRUE;
++}
++
++static int/*BOOL*/
++popRestriction(
++	RestrictStackT   **spp,
++	const restrict_u **opp
++	)
++{
++	RestrictStackT *sp;
++
++	if (NULL == (sp = *spp) || sp->fcnt >= getStackSheetSize(sp))
++		return FALSE;
++	
++	*opp = sp->pres[sp->fcnt++];
++	if (sp->fcnt >= getStackSheetSize(sp)) {
++		/* discard sheet from scratch pad */
++		*spp = sp->link;
++		free(sp);
++	}
++	return TRUE;
++}
++
++static void
++flushRestrictionStack(
++	RestrictStackT **spp
++	)
++{
++	RestrictStackT *sp;
++
++	while (NULL != (sp = *spp)) {
++		*spp = sp->link;
++		free(sp);
++	}
++}
++
+ /*
+- * list_restrict4 - recursive helper for list_restrict dumps IPv4
++ * list_restrict4 - iterative helper for list_restrict dumps IPv4
+  *		    restriction list in reverse order.
+  */
+ static void
+ list_restrict4(
+-	restrict_u *		res,
++	const restrict_u *	res,
+ 	struct info_restrict **	ppir
+ 	)
+ {
++	RestrictStackT *	rpad;
+ 	struct info_restrict *	pir;
+ 
+-	if (res->link != NULL)
+-		list_restrict4(res->link, ppir);
+-
+ 	pir = *ppir;
+-	pir->addr = htonl(res->u.v4.addr);
+-	if (client_v6_capable) 
+-		pir->v6_flag = 0;
+-	pir->mask = htonl(res->u.v4.mask);
+-	pir->count = htonl(res->count);
+-	pir->flags = htons(res->flags);
+-	pir->mflags = htons(res->mflags);
+-	*ppir = (struct info_restrict *)more_pkt();
++	for (rpad = NULL; res; res = res->link)
++		if (!pushRestriction(&rpad, res))
++			break;
++	
++	while (pir && popRestriction(&rpad, &res)) {
++		pir->addr = htonl(res->u.v4.addr);
++		if (client_v6_capable) 
++			pir->v6_flag = 0;
++		pir->mask = htonl(res->u.v4.mask);
++		pir->count = htonl(res->count);
++		pir->flags = htons(res->flags);
++		pir->mflags = htons(res->mflags);
++		pir = (struct info_restrict *)more_pkt();
++	}
++	flushRestrictionStack(&rpad);
++	*ppir = pir;
+ }
+ 
+-
+ /*
+- * list_restrict6 - recursive helper for list_restrict dumps IPv6
++ * list_restrict6 - iterative helper for list_restrict dumps IPv6
+  *		    restriction list in reverse order.
+  */
+ static void
+ list_restrict6(
+-	restrict_u *		res,
++	const restrict_u *	res,
+ 	struct info_restrict **	ppir
+ 	)
+ {
++	RestrictStackT *	rpad;
+ 	struct info_restrict *	pir;
+ 
+-	if (res->link != NULL)
+-		list_restrict6(res->link, ppir);
++	pir = *ppir;
++	for (rpad = NULL; res; res = res->link)
++		if (!pushRestriction(&rpad, res))
++			break;
+ 
+-	pir = *ppir;
+-	pir->addr6 = res->u.v6.addr; 
+-	pir->mask6 = res->u.v6.mask;
+-	pir->v6_flag = 1;
+-	pir->count = htonl(res->count);
+-	pir->flags = htons(res->flags);
+-	pir->mflags = htons(res->mflags);
+-	*ppir = (struct info_restrict *)more_pkt();
++	while (pir && popRestriction(&rpad, &res)) {
++		pir->addr6 = res->u.v6.addr; 
++		pir->mask6 = res->u.v6.mask;
++		pir->v6_flag = 1;
++		pir->count = htonl(res->count);
++		pir->flags = htons(res->flags);
++		pir->mflags = htons(res->mflags);
++		pir = (struct info_restrict *)more_pkt();
++	}
++	flushRestrictionStack(&rpad);
++	*ppir = pir;
+ }
+ 
+ 
+@@ -1644,8 +1716,7 @@ list_restrict(
+ 	/*
+ 	 * The restriction lists are kept sorted in the reverse order
+ 	 * than they were originally.  To preserve the output semantics,
+-	 * dump each list in reverse order.  A recursive helper function
+-	 * achieves that.
++	 * dump each list in reverse order. The workers take care of that.
+ 	 */
+ 	list_restrict4(restrictlist4, &ir);
+ 	if (client_v6_capable)
+@@ -2010,7 +2081,7 @@ do_trustkey(
+ 	register int items;
+ 
+ 	items = INFO_NITEMS(inpkt->err_nitems);
+-	kp = (uint32_t*)&inpkt->u;
++	kp = (uint32_t *)&inpkt->u;
+ 	while (items-- > 0) {
+ 		authtrust(*kp, trust);
+ 		kp++;
+@@ -2089,7 +2160,7 @@ req_get_traps(
+ 	it = (struct info_trap *)prepare_pkt(srcadr, inter, inpkt,
+ 	    v6sizeof(struct info_trap));
+ 
+-	for (i = 0, tr = ctl_traps; i < COUNTOF(ctl_traps); i++, tr++) {
++	for (i = 0, tr = ctl_traps; it && i < COUNTOF(ctl_traps); i++, tr++) {
+ 		if (tr->tr_flags & TRAP_INUSE) {
+ 			if (IS_IPV4(&tr->tr_addr)) {
+ 				if (tr->tr_localaddr == any_interface)
+@@ -2405,7 +2476,7 @@ get_clock_info(
+ 	ic = (struct info_clock *)prepare_pkt(srcadr, inter, inpkt,
+ 					      sizeof(struct info_clock));
+ 
+-	while (items-- > 0) {
++	while (items-- > 0 && ic) {
+ 		NSRCADR(&addr) = *clkaddr++;
+ 		if (!ISREFCLOCKADR(&addr) || NULL ==
+ 		    findexistingpeer(&addr, NULL, NULL, -1, 0)) {
+@@ -2544,7 +2615,7 @@ get_clkbug_info(
+ 	ic = (struct info_clkbug *)prepare_pkt(srcadr, inter, inpkt,
+ 					       sizeof(struct info_clkbug));
+ 
+-	while (items-- > 0) {
++	while (items-- > 0 && ic) {
+ 		NSRCADR(&addr) = *clkaddr++;
+ 		if (!ISREFCLOCKADR(&addr) || NULL ==
+ 		    findexistingpeer(&addr, NULL, NULL, -1, 0)) {
+@@ -2592,13 +2663,15 @@ fill_info_if_stats(void *data, interface_info_t *i
+ 	struct info_if_stats **ifsp = (struct info_if_stats **)data;
+ 	struct info_if_stats *ifs = *ifsp;
+ 	endpt *ep = interface_info->ep;
++
++	if (NULL == ifs)
++		return;
+ 	
+ 	ZERO(*ifs);
+ 	
+ 	if (IS_IPV6(&ep->sin)) {
+-		if (!client_v6_capable) {
++		if (!client_v6_capable)
+ 			return;
+-		}
+ 		ifs->v6_flag = 1;
+ 		ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin);
+ 		ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast);
+Index: contrib/ntp/ntpd/ntp_scanner.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_scanner.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_scanner.c	(working copy)
+@@ -669,7 +669,7 @@ int
+ yylex(void)
+ {
+ 	static follby	followedby = FOLLBY_TOKEN;
+-	int		i;
++	size_t		i;
+ 	int		instring;
+ 	int		yylval_was_set;
+ 	int		converted;
+Index: contrib/ntp/ntpd/ntp_timer.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_timer.c	(revision 294707)
++++ contrib/ntp/ntpd/ntp_timer.c	(working copy)
+@@ -549,14 +549,16 @@ check_leapsec(
+ #ifdef LEAP_SMEAR
+ 	leap_smear.enabled = leap_smear_intv != 0;
+ #endif
+-	if (reset)	{
++	if (reset) {
+ 		lsprox = LSPROX_NOWARN;
+ 		leapsec_reset_frame();
+ 		memset(&lsdata, 0, sizeof(lsdata));
+ 	} else {
+-	  int fired = leapsec_query(&lsdata, now, tpiv);
++	  int fired;
+ 
+-	  DPRINTF(1, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
++	  fired = leapsec_query(&lsdata, now, tpiv);
++
++	  DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
+ 		  fired, now, now, lsdata.tai_diff, lsdata.ddist));
+ 
+ #ifdef LEAP_SMEAR
+@@ -572,8 +574,7 @@ check_leapsec(
+ 				DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n",
+ 					leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end));
+ 			}
+-		}
+-		else {
++		} else {
+ 			if (leap_smear.interval)
+ 				DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n"));
+ 			leap_smear.interval = 0;
+@@ -655,10 +656,10 @@ check_leapsec(
+ 		sys_tai = lsdata.tai_offs;
+ 	  } else {
+ #ifdef AUTOKEY
+-		update_autokey = (sys_tai != lsdata.tai_offs);
++		  update_autokey = (sys_tai != (u_int)lsdata.tai_offs);
+ #endif
+-		lsprox  = lsdata.proximity;
+-		sys_tai = lsdata.tai_offs;
++		  lsprox  = lsdata.proximity;
++		  sys_tai = lsdata.tai_offs;
+ 	  }
+ 	}
+ 
+Index: contrib/ntp/ntpd/ntpd-opts.c
+===================================================================
+--- contrib/ntp/ntpd/ntpd-opts.c	(revision 294707)
++++ contrib/ntp/ntpd/ntpd-opts.c	(working copy)
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.c)
+  *
+- *  It has been AutoGen-ed  January  7, 2016 at 11:28:29 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January 20, 2016 at 04:15:45 AM by AutoGen 5.18.5
+  *  From the definitions    ntpd-opts.def
+  *  and the template file   options
+  *
+@@ -18,7 +18,7 @@
+  * The ntpd program is copyrighted and licensed
+  * under the following terms:
+  *
+- *  Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
++ *  Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
+  *  This is free software. It is licensed for use, modification and
+  *  redistribution under the terms of the NTP License, copies of which
+  *  can be seen at:
+@@ -75,8 +75,8 @@ extern FILE * option_usage_fp;
+  *  static const strings for ntpd options
+  */
+ static char const ntpd_opt_strs[3129] =
+-/*     0 */ "ntpd 4.2.8p5\n"
+-            "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
++/*     0 */ "ntpd 4.2.8p6\n"
++            "Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+             "can be seen at:\n"
+@@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
+ /*  2900 */ "output version information and exit\0"
+ /*  2936 */ "version\0"
+ /*  2944 */ "NTPD\0"
+-/*  2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n"
++/*  2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p6\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... \\\n"
+             "\t\t[  ...  ]\n\0"
+ /*  3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  3114 */ "\n\0"
+-/*  3116 */ "ntpd 4.2.8p5";
++/*  3116 */ "ntpd 4.2.8p6";
+ 
+ /**
+  *  ipv4 option description with
+@@ -1529,8 +1529,8 @@ static void bogus_function(void) {
+      translate option names.
+    */
+   /* referenced via ntpdOptions.pzCopyright */
+-  puts(_("ntpd 4.2.8p5\n\
+-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
++  puts(_("ntpd 4.2.8p6\n\
++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+ can be seen at:\n"));
+@@ -1670,7 +1670,7 @@ implied warranty.\n"));
+   puts(_("output version information and exit"));
+ 
+   /* referenced via ntpdOptions.pzUsageTitle */
+-  puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\
++  puts(_("ntpd - NTP daemon program - Ver. 4.2.8p6\n\
+ Usage:  %s [ - [] | --[{=| }] ]... \\\n\
+ \t\t[  ...  ]\n"));
+ 
+@@ -1678,7 +1678,7 @@ Usage:  %s [ - [] | --[{=| }
+   puts(_("\n"));
+ 
+   /* referenced via ntpdOptions.pzFullVersion */
+-  puts(_("ntpd 4.2.8p5"));
++  puts(_("ntpd 4.2.8p6"));
+ 
+   /* referenced via ntpdOptions.pzFullUsage */
+   puts(_("<<>>"));
+Index: contrib/ntp/ntpd/ntpd-opts.h
+===================================================================
+--- contrib/ntp/ntpd/ntpd-opts.h	(revision 294707)
++++ contrib/ntp/ntpd/ntpd-opts.h	(working copy)
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.h)
+  *
+- *  It has been AutoGen-ed  January  7, 2016 at 11:28:28 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January 20, 2016 at 04:15:43 AM by AutoGen 5.18.5
+  *  From the definitions    ntpd-opts.def
+  *  and the template file   options
+  *
+@@ -18,7 +18,7 @@
+  * The ntpd program is copyrighted and licensed
+  * under the following terms:
+  *
+- *  Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
++ *  Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
+  *  This is free software. It is licensed for use, modification and
+  *  redistribution under the terms of the NTP License, copies of which
+  *  can be seen at:
+@@ -106,9 +106,9 @@ typedef enum {
+ /** count of all options for ntpd */
+ #define OPTION_CT    38
+ /** ntpd version */
+-#define NTPD_VERSION       "4.2.8p5"
++#define NTPD_VERSION       "4.2.8p6"
+ /** Full ntpd version text */
+-#define NTPD_FULL_VERSION  "ntpd 4.2.8p5"
++#define NTPD_FULL_VERSION  "ntpd 4.2.8p6"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+Index: contrib/ntp/ntpd/ntpd.1ntpdman
+===================================================================
+--- contrib/ntp/ntpd/ntpd.1ntpdman	(revision 294707)
++++ contrib/ntp/ntpd/ntpd.1ntpdman	(working copy)
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands"
++.TH ntpd 1ntpdman "20 Jan 2016" "4.2.8p6" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9JaiRS/ag-jKaaQS)
+ .\"
+-.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 20, 2016 at 04:17:54 AM by AutoGen 5.18.5
+ .\" From the definitions ntpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+@@ -979,7 +979,7 @@ RFC5908
+ .SH "AUTHORS"
+ The University of Delaware and Network Time Foundation
+ .SH "COPYRIGHT"
+-Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
++Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
+ This program is released under the terms of the NTP license, .
+ .SH BUGS
+ The
+Index: contrib/ntp/ntpd/ntpd.1ntpdmdoc
+===================================================================
+--- contrib/ntp/ntpd/ntpd.1ntpdmdoc	(revision 294707)
++++ contrib/ntp/ntpd/ntpd.1ntpdmdoc	(working copy)
+@@ -1,9 +1,9 @@
+-.Dd January 7 2016
++.Dd January 20 2016
+ .Dt NTPD 1ntpdmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January 20, 2016 at 04:18:12 AM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+@@ -886,7 +886,7 @@ A snapshot of this documentation is available in H
+ .Sh "AUTHORS"
+ The University of Delaware and Network Time Foundation
+ .Sh "COPYRIGHT"
+-Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
++Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
+ This program is released under the terms of the NTP license, .
+ .Sh BUGS
+ The
+Index: contrib/ntp/ntpd/ntpd.c
+===================================================================
+--- contrib/ntp/ntpd/ntpd.c	(revision 294707)
++++ contrib/ntp/ntpd/ntpd.c	(working copy)
+@@ -209,6 +209,11 @@ extern int syscall	(int, ...);
+ 
+ 
+ #if !defined(SIM) && defined(SIGDIE1)
++static volatile int signalled	= 0;
++static volatile int signo	= 0;
++
++/* In an ideal world, 'finish_safe()' would declared as noreturn... */
++static	void		finish_safe	(int);
+ static	RETSIGTYPE	finish		(int);
+ #endif
+ 
+@@ -298,11 +303,28 @@ my_pthread_warmup_worker(
+ static void
+ my_pthread_warmup(void)
+ {
+-	pthread_t thread;
+-	int       rc;
++	pthread_t 	thread;
++	pthread_attr_t	thr_attr;
++	int       	rc;
++	
++	pthread_attr_init(&thr_attr);
++#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
++    defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
++    defined(PTHREAD_STACK_MIN)
++	rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
++	if (0 != rc)
++		msyslog(LOG_ERR,
++			"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
++			strerror(rc));
++#endif
+ 	rc = pthread_create(
+-		&thread, NULL, my_pthread_warmup_worker, NULL);
+-	if (0 == rc) {
++		&thread, &thr_attr, my_pthread_warmup_worker, NULL);
++	pthread_attr_destroy(&thr_attr);
++	if (0 != rc) {
++		msyslog(LOG_ERR,
++			"my_pthread_warmup: pthread_create() -> %s",
++			strerror(rc));
++	} else {
+ 		pthread_cancel(thread);
+ 		pthread_join(thread, NULL);
+ 	}
+@@ -1204,6 +1226,10 @@ int scmp_sc[] = {
+ # ifdef HAVE_IO_COMPLETION_PORT
+ 
+ 	for (;;) {
++#if !defined(SIM) && defined(SIGDIE1)
++		if (signalled)
++			finish_safe(signo);
++#endif
+ 		GetReceivedBuffers();
+ # else /* normal I/O */
+ 
+@@ -1211,11 +1237,19 @@ int scmp_sc[] = {
+ 	was_alarmed = FALSE;
+ 
+ 	for (;;) {
++#if !defined(SIM) && defined(SIGDIE1)
++		if (signalled)
++			finish_safe(signo);
++#endif		
+ 		if (alarm_flag) {	/* alarmed? */
+ 			was_alarmed = TRUE;
+ 			alarm_flag = FALSE;
+ 		}
+ 
++		/* collect async name/addr results */
++		if (!was_alarmed)
++		    harvest_blocking_responses();
++		
+ 		if (!was_alarmed && !has_full_recv_buffer()) {
+ 			/*
+ 			 * Nothing to do.  Wait for something.
+@@ -1330,9 +1364,9 @@ int scmp_sc[] = {
+ /*
+  * finish - exit gracefully
+  */
+-static RETSIGTYPE
+-finish(
+-	int sig
++static void
++finish_safe(
++	int	sig
+ 	)
+ {
+ 	const char *sig_desc;
+@@ -1353,6 +1387,16 @@ int scmp_sc[] = {
+ 	peer_cleanup();
+ 	exit(0);
+ }
++
++static RETSIGTYPE
++finish(
++	int	sig
++	)
++{
++	signalled = 1;
++	signo = sig;
++}
++
+ #endif	/* !SIM && SIGDIE1 */
+ 
+ 
+Index: contrib/ntp/ntpd/ntpd.html
+===================================================================
+--- contrib/ntp/ntpd/ntpd.html	(revision 294707)
++++ contrib/ntp/ntpd/ntpd.html	(working copy)
+@@ -39,7 +39,7 @@ The program can operate in any of several modes, i
+ symmetric and broadcast modes, and with both symmetric-key and public-key
+ cryptography.
+ 
+-  
This document applies to version 4.2.8p5 of ntpd.
++  
This document applies to version 4.2.8p6 of ntpd.
+ 
+