Index: stable/11/UPDATING =================================================================== --- stable/11/UPDATING (revision 352864) +++ stable/11/UPDATING (revision 352865) @@ -1,1862 +1,1868 @@ Updating Information for FreeBSD current users. This file is maintained and copyrighted by M. Warner Losh . See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. These instructions assume that you basically know what you are doing. If not, then please consult the FreeBSD handbook: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20190913: + ntpd no longer by default locks its pages in memory, allowing them + to be paged out by the kernel. Use rlimit memlock to restore + historic BSD behaviour. For example, add "rlimit memlock 32" + to ntp.conf to lock up to 32 MB of ntpd address space in memory. + 20190723: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 8.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20190426: CARP now sets DSCP value CS7(Network Traffic) in the flowlabel field of packets by default instead of only setting TOS_LOWDELAY in IPv4, which was deprecated in 1998. Original behavior can be restored by setting sysctl net.inet.carp.dscp=4. 20190416: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 8.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20190226: geom_uzip(4) depends on the new module xz. If geom_uzip is statically compiled into your custom kernel, add 'device xz' statement to the kernel config. 20190220: Co-existance for Forth and Lua interpreters in bootloaders has now been merged to ease testing of lualoader. LOADER_DEFAULT_INTERP, documented in build(7), may be used to control which interpreter flavor is used in the default loader to be installed. For systems where Lua and Forth coexist, this switch can also be made on a running system by creating a link from /boot/loader{,.efi} to /boot/loader_${flavor}{,.efi} rather than requiring a rebuild. The default flavor in this branch will remain Forth. As indicated in the 20190216 UPDATING entry, booting is a complex environment; it would be prudent to assume that lualoader may not work for your setup and make provisions for backup boot methods. 20190220: zfsloader's functionality has now been folded into loader. zfsloader is no longer necesasary once you've updated your boot blocks. For a transition period, we will install a hardlink for zfsloader to loader to allow a smooth transition until the boot blocks can be updated (hard link because old zfs boot blocks don't understand symlinks). 20190216: Lualoader has been merged to facilitate testing on this branch. It's purely opt-in for now by building WITH_LOADER_LUA and WITHOUT_FORTH in /etc/src.conf, but co-existance will come shortly. Booting is a complex environment and test coverage for Lua-enabled loaders has been thin, so it would be prudent to assume it might not work and make provisions for backup boot methods. 20190216: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 7.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20181228: r342562 modifies the NFSv4 server so that it obeys vfs.nfsd.nfs_privport in the same as it is applied to NFSv2 and 3. This implies that NFSv4 servers that have vfs.nfsd.nfs_privport set will only allow mounts from clients using a reserved port#. Since both the FreeBSD and Linux NFSv4 clients use reserved port#s by default, this should not affect most NFSv4 mounts. 20181107: The '%I' format in the kern.corefile sysctl limits the number of core files that a process can generate to the number stored in the debug.ncores sysctl. The '%I' format is replaced by the single digit index. Previously, if all indexes were taken the kernel would overwrite only a core file with the highest index in a filename. Currently the system will create a new core file if there is a free index or if all slots are taken it will overwrite the oldest one. 20180818: WITH_OFED option now only enables the build for the OFED libraries and some fundamental client utilities. OpenSM and rest of the debugging tools are enabled by WITH_OFED_EXTRA build switch. WITH_OFED is turned on by default on amd64. 20180714: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 6.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20180601: The releng/11.2 branch has been created from stable/11@r334458. 20180504: The tz database (tzdb) has been updated to 2018e. This version more correctly models time stamps in time zones with negative DST such as Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and Africa/Windhoek (1994/2017). This does not affect the UT offsets, only time zone abbreviations and the tm_isdst flag. 20180409: The use of RSS hash from the network card aka flowid has been disabled by default for lagg(4) as it's currently incompatible with the lacp and loadbalance protocols. This can be re-enabled by setting the following in loader.conf: net.link.lagg.default_use_flowid="1" 20180331: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 6.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20180211: The LOADER_FIREWIRE_SUPPORT build variable as been renamed to WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed to WITH/OUT_LOADER_GELI. 20180210: The geli password typed at boot is now hidden. To restore the previous behavior, see geli(8) for configuration options. The SW_WATCHDOG option is no longer necessary to enable the hardclock-based software watchdog if no hardware watchdog is configured. As before, SW_WATCHDOG will cause the software watchdog to be enabled even if a hardware watchdog is configured. 20180108: lint(1) binaries and library are no longer built by default. To enable building them, define WITH_LINT in src.conf. If you are using a FreeBSD 12 or later system to build 11-stable, you may need to install a lint(1) binary to use WITH_LINT. 20171003: When building multiple kernels using KERNCONF, non-existent KERNCONF files will produce an error and buildkernel will fail. Previously missing KERNCONF files silently failed giving no indication as to why, only to subsequently discover during installkernel that the desired kernel was never built in the first place. 20170926: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20170822: Since the switch to GPT disk labels, fsck for UFS/FFS has been unable to automatically find alternate superblocks. As of r322806, the information needed to find alternate superblocks has been moved to the end of the area reserved for the boot block. Filesystems created with a newfs of this vintage or later will create the recovery information. If you have a filesystem created prior to this change and wish to have a recovery block created for your filesystem, you can do so by running fsck in forground mode (i.e., do not use the -p or -y options). As it starts, fsck will ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS'' to which you should answer yes. 20170629: The releng/11.1 branch has been created from stable/11@r320475. 20170518: arm64 builds now use the base system LLD 4.0.0 linker by default, instead of requiring that the aarch64-binutils port or package be installed. To continue using aarch64-binutils, set CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin . 20170529: The ctl.ko module no longer implements the iSCSI target frontend: cfiscsi.ko does instead. If building cfiscsi.ko as a kernel module, the module can be loaded via one of the following methods: - `cfiscsi_load="YES"` in loader.conf(5). - Add `cfiscsi` to `$kld_list` in rc.conf(5). - ctladm(8)/ctld(8), when compiled with iSCSI support (`WITH_ISCSI=yes` in src.conf(5)) Please see cfiscsi(4) for more details. 20170511: The mmcsd.ko module now additionally depends on geom_flashmap.ko. Also, mmc.ko and mmcsd.ko need to be a matching pair built from the same source (previously, the dependency of mmcsd.ko on mmc.ko was missing, but mmcsd.ko now will refuse to load if it is incompatible with mmc.ko). 20170414: Binds and sends to the loopback addresses, IPv6 and IPv4, will now use any explicitly assigned loopback address available in the jail instead of using the first assigned address of the jail. 20170413: As of r316810 for ipfilter, keep frags is no longer assumed when keep state is specified in a rule. r316810 aligns ipfilter with documentation in man pages separating keep frags from keep state. This allows keep state to specified without forcing keep frags and allows keep frags to be specified independently of keep state. To maintain previous behaviour, also specify keep frags with keep state (as documented in ipf.conf.5). 20170402: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20170323: The code that provides support for ZFS .zfs/ directory functionality has been reimplemented. It's not possible now to create a snapshot by mkdir under .zfs/snapshot/. That should be the only user visible change. 20170319: Many changes in the IPsec code have been merged from the FreeBSD-CURRENT branch. The IPSEC_FILTERTUNNEL kernel option is removed in favour of corresponding sysctl. The IPSEC_NAT_T kernel option is also removed, and now NAT-T is supported by default. Security associations now use the single namespace for SPI allocation, so if you use several manually configured security associations with the same SPI, this configuration needs modification. 20161217: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20161124: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20161119: The layout of the pmap structure has changed for powerpc to put the pmap statistics at the front for all CPU variations. libkvm(3) and all tools that link against it need to be recompiled. 20161030: isl(4) and cyapa(4) drivers now require a new driver, chromebook_platform(4), to work properly on Chromebook-class hardware. On other types of hardware the drivers may need to be configured using device hints. Please see the corresponding manual pages for details. 20161210: Relocatable object files with the extension of .So have been renamed to use an extension of .pico instead. The purpose of this change is to avoid a name clash with shared libraries on case-insensitive file systems. On those file systems, foo.So is the same file as foo.so. 20160811: The releng/11.0 branch has been created from stable/11@r303970. 20160708: The stable/11 branch has been created from head@r302406. 20160622: The libc stub for the pipe(2) system call has been replaced with a wrapper that calls the pipe2(2) system call and the pipe(2) system call is now only implemented by the kernels that include "options COMPAT_FREEBSD10" in their config file (this is the default). Users should ensure that this option is enabled in their kernel or upgrade userspace to r302092 before upgrading their kernel. 20160527: CAM will now strip leading spaces from SCSI disks' serial numbers. This will effect users who create UFS filesystems on SCSI disks using those disk's diskid device nodes. For example, if /etc/fstab previously contained a line like "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom transforms like gmirror may also be affected. ZFS users should generally be fine. 20160523: The bitstring(3) API has been updated with new functionality and improved performance. But it is binary-incompatible with the old API. Objects built with the new headers may not be linked against objects built with the old headers. 20160520: The brk and sbrk functions have been removed from libc on arm64. Binutils from ports has been updated to not link to these functions and should be updated to the latest version before installing a new libc. 20160517: The armv6 port now defaults to hard float ABI. Limited support for running both hardfloat and soft float on the same system is available using the libraries installed with -DWITH_LIBSOFT. This has only been tested as an upgrade path for installworld and packages may fail or need manual intervention to run. New packages will be needed. To update an existing self-hosted armv6hf system, you must add TARGET_ARCH=armv6 on the make command line for both the build and the install steps. 20160510: Kernel modules compiled outside of a kernel build now default to installing to /boot/modules instead of /boot/kernel. Many kernel modules built this way (such as those in ports) already overrode KMODDIR explicitly to install into /boot/modules. However, manually building and installing a module from /sys/modules will now install to /boot/modules instead of /boot/kernel. 20160414: The CAM I/O scheduler has been committed to the kernel. There should be no user visible impact. This does enable NCQ Trim on ada SSDs. While the list of known rogues that claim support for this but actually corrupt data is believed to be complete, be on the lookout for data corruption. The known rogue list is believed to be complete: o Crucial MX100, M550 drives with MU01 firmware. o Micron M510 and M550 drives with MU01 firmware. o Micron M500 prior to MU07 firmware o Samsung 830, 840, and 850 all firmwares o FCCT M500 all firmwares Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware with working NCQ TRIM. For Micron branded drives, see your sales rep for updated firmware. Black listed drives will work correctly because these drives work correctly so long as no NCQ TRIMs are sent to them. Given this list is the same as found in Linux, it's believed there are no other rogues in the market place. All other models from the above vendors work. To be safe, if you are at all concerned, you can quirk each of your drives to prevent NCQ from being sent by setting: kern.cam.ada.X.quirks="0x2" in loader.conf. If the drive requires the 4k sector quirk, set the quirks entry to 0x3. 20160330: The FAST_DEPEND build option has been removed and its functionality is now the one true way. The old mkdep(1) style of 'make depend' has been removed. See 20160311 for further details. 20160317: Resource range types have grown from unsigned long to uintmax_t. All drivers, and anything using libdevinfo, need to be recompiled. 20160311: WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree builds. It no longer runs mkdep(1) during 'make depend', and the 'make depend' stage can safely be skipped now as it is auto ran when building 'make all' and will generate all SRCS and DPSRCS before building anything else. Dependencies are gathered at compile time with -MF flags kept in separate .depend files per object file. Users should run 'make cleandepend' once if using -DNO_CLEAN to clean out older stale .depend files. 20160306: On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into kernel modules. Therefore, if you load any kernel modules at boot time, please install the boot loaders after you install the kernel, but before rebooting, e.g.: make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE make -C sys/boot install Then follow the usual steps, described in the General Notes section, below. 20160305: Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20160301: The AIO subsystem is now a standard part of the kernel. The VFS_AIO kernel option and aio.ko kernel module have been removed. Due to stability concerns, asynchronous I/O requests are only permitted on sockets and raw disks by default. To enable asynchronous I/O requests on all file types, set the vfs.aio.enable_unsafe sysctl to a non-zero value. 20160226: The ELF object manipulation tool objcopy is now provided by the ELF Tool Chain project rather than by GNU binutils. It should be a drop-in replacement, with the addition of arm64 support. The (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set to obtain the GNU version if necessary. 20160129: Building ZFS pools on top of zvols is prohibited by default. That feature has never worked safely; it's always been prone to deadlocks. Using a zvol as the backing store for a VM guest's virtual disk will still work, even if the guest is using ZFS. Legacy behavior can be restored by setting vfs.zfs.vol.recursive=1. 20160119: The NONE and HPN patches has been removed from OpenSSH. They are still available in the security/openssh-portable port. 20160113: With the addition of ypldap(8), a new _ypldap user is now required during installworld. "mergemaster -p" can be used to add the user prior to installworld, as documented in the handbook. 20151216: The tftp loader (pxeboot) now uses the option root-path directive. As a consequence it no longer looks for a pxeboot.4th file on the tftp server. Instead it uses the regular /boot infrastructure as with the other loaders. 20151211: The code to start recording plug and play data into the modules has been committed. While the old tools will properly build a new kernel, a number of warnings about "unknown metadata record 4" will be produced for an older kldxref. To avoid such warnings, make sure to rebuild the kernel toolchain (or world). Make sure that you have r292078 or later when trying to build 292077 or later before rebuilding. 20151207: Debug data files are now built by default with 'make buildworld' and installed with 'make installworld'. This facilitates debugging but requires more disk space both during the build and for the installed world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes in src.conf(5). 20151130: r291527 changed the internal interface between the nfsd.ko and nfscommon.ko modules. As such, they must both be upgraded to-gether. __FreeBSD_version has been bumped because of this. 20151108: Add support for unicode collation strings leads to a change of order of files listed by ls(1) for example. To get back to the old behaviour, set LC_COLLATE environment variable to "C". Databases administrators will need to reindex their databases given collation results will be different. Due to a bug in install(1) it is recommended to remove the ancient locales before running make installworld. rm -rf /usr/share/locale/* 20151030: The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring libcrypto.so.7 or libssl.so.7 must be recompiled. 20151020: Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0. Kernel modules isp_2400_multi and isp_2500_multi were removed and should be replaced with isp_2400 and isp_2500 modules respectively. 20151017: The build previously allowed using 'make -n' to not recurse into sub-directories while showing what commands would be executed, and 'make -n -n' to recursively show commands. Now 'make -n' will recurse and 'make -N' will not. 20151012: If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster and etcupdate will now use this file. A custom sendmail.cf is now updated via this mechanism rather than via installworld. If you had excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may want to remove the exclusion or change it to "always install". /etc/mail/sendmail.cf is now managed the same way regardless of whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior. 20151011: Compatibility shims for legacy ATA device names have been removed. It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.* environment variables, /dev/ad* and /dev/ar* symbolic links. 20151006: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20150924: Kernel debug files have been moved to /usr/lib/debug/boot/kernel/, and renamed from .symbols to .debug. This reduces the size requirements on the boot partition or file system and provides consistency with userland debug files. When using the supported kernel installation method the /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old) as is done with /boot/kernel. Developers wishing to maintain the historical behavior of installing debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5). 20150827: The wireless drivers had undergone changes that remove the 'parent interface' from the ifconfig -l output. The rc.d network scripts used to check presence of a parent interface in the list, so old scripts would fail to start wireless networking. Thus, etcupdate(3) or mergemaster(8) run is required after kernel update, to update your rc.d scripts in /etc. 20150827: pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl' These configurations are now automatically interpreted as 'scrub fragment reassemble'. 20150817: Kernel-loadable modules for the random(4) device are back. To use them, the kernel must have device random options RANDOM_LOADABLE kldload(8) can then be used to load random_fortuna.ko or random_yarrow.ko. Please note that due to the indirect function calls that the loadable modules need to provide, the build-in variants will be slightly more efficient. The random(4) kernel option RANDOM_DUMMY has been retired due to unpopularity. It was not all that useful anyway. 20150813: The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. Control over building the ELF Tool Chain tools is now provided by the WITHOUT_TOOLCHAIN knob. 20150810: The polarity of Pulse Per Second (PPS) capture events with the uart(4) driver has been corrected. Prior to this change the PPS "assert" event corresponded to the trailing edge of a positive PPS pulse and the "clear" event was the leading edge of the next pulse. As the width of a PPS pulse in a typical GPS receiver is on the order of 1 millisecond, most users will not notice any significant difference with this change. Anyone who has compensated for the historical polarity reversal by configuring a negative offset equal to the pulse width will need to remove that workaround. 20150809: The default group assigned to /dev/dri entries has been changed from 'wheel' to 'video' with the id of '44'. If you want to have access to the dri devices please add yourself to the video group with: # pw groupmod video -m $USER 20150806: The menu.rc and loader.rc files will now be replaced during upgrades. Please migrate local changes to menu.rc.local and loader.rc.local instead. 20150805: GNU Binutils versions of addr2line, c++filt, nm, readelf, size, strings and strip have been removed. The src.conf(5) knob WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. 20150728: As ZFS requires more kernel stack pages than is the default on some architectures e.g. i386, it now warns if KSTACK_PAGES is less than ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing). Please consider using 'options KSTACK_PAGES=X' where X is greater than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. 20150706: sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 vs IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc.) must use the same format, so make certain such configuration data is upgrading. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or the cf option UseCompressedIPv6Addresses. 20150630: The default kernel entropy-processing algorithm is now Fortuna, replacing Yarrow. Assuming you have 'device random' in your kernel config file, the configurations allow a kernel option to override this default. You may choose *ONE* of: options RANDOM_YARROW # Legacy /dev/random algorithm. options RANDOM_DUMMY # Blocking-only driver. If you have neither, you get Fortuna. For most people, read no further, Fortuna will give a /dev/random that works like it always used to, and the difference will be irrelevant. If you remove 'device random', you get *NO* kernel-processed entropy at all. This may be acceptable to folks building embedded systems, but has complications. Carry on reading, and it is assumed you know what you need. *PLEASE* read random(4) and random(9) if you are in the habit of tweaking kernel configs, and/or if you are a member of the embedded community, wanting specific and not-usual behaviour from your security subsystems. NOTE!! If you use RANDOM_DUMMY and/or have no 'device random', you will NOT have a functioning /dev/random, and many cryptographic features will not work, including SSH. You may also find strange behaviour from the random(3) set of library functions, in particular sranddev(3), srandomdev(3) and arc4random(3). The reason for this is that the KERN_ARND sysctl only returns entropy if it thinks it has some to share, and with RANDOM_DUMMY or no 'device random' this will never happen. 20150623: An additional fix for the issue described in the 20150614 sendmail entry below has been been committed in revision 284717. 20150616: FreeBSD's old make (fmake) has been removed from the system. It is available as the devel/fmake port or via pkg install fmake. 20150615: The fix for the issue described in the 20150614 sendmail entry below has been been committed in revision 284436. The work around described in that entry is no longer needed unless the default setting is overridden by a confDH_PARAMETERS configuration setting of '5' or pointing to a 512 bit DH parameter file. 20150614: ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf and devel/kyua to version 0.20+ and adjust any calling code to work with Kyuafile and kyua. 20150614: The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. To work around this interoperability, sendmail can be configured to use a 2048 bit DH parameter by: 1. Edit /etc/mail/`hostname`.mc 2. If a setting for confDH_PARAMETERS does not exist or exists and is set to a string beginning with '5', replace it with '2'. 3. If a setting for confDH_PARAMETERS exists and is set to a file path, create a new file with: openssl dhparam -out /path/to/file 2048 4. Rebuild the .cf file: cd /etc/mail/; make; make install 5. Restart sendmail: cd /etc/mail/; make restart A sendmail patch is coming, at which time this file will be updated. 20150604: Generation of legacy formatted entries have been disabled by default in pwd_mkdb(8), as all base system consumers of the legacy formatted entries were converted to use the new format by default when the new, machine independent format have been added and supported since FreeBSD 5.x. Please see the pwd_mkdb(8) manual page for further details. 20150525: Clang and llvm have been upgraded to 3.6.1 release. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0 or higher. 20150521: TI platform code switched to using vendor DTS files and this update may break existing systems running on Beaglebone, Beaglebone Black, and Pandaboard: - dtb files should be regenerated/reinstalled. Filenames are the same but content is different now - GPIO addressing was changed, now each GPIO bank (32 pins per bank) has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old addressing scheme is now pin 25 on /dev/gpioc3. - Pandaboard: /etc/ttys should be updated, serial console device is now /dev/ttyu2, not /dev/ttyu0 20150501: soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim. If you need the GNU extension from groff soelim(1), install groff from package: pkg install groff, or via ports: textproc/groff. 20150423: chmod, chflags, chown and chgrp now affect symlinks in -R mode as defined in symlink(7); previously symlinks were silently ignored. 20150415: The const qualifier has been removed from iconv(3) to comply with POSIX. The ports tree is aware of this from r384038 onwards. 20150416: Libraries specified by LIBADD in Makefiles must have a corresponding DPADD_ variable to ensure correct dependencies. This is now enforced in src.libnames.mk. 20150324: From legacy ata(4) driver was removed support for SATA controllers supported by more functional drivers ahci(4), siis(4) and mvs(4). Kernel modules ataahci and ataadaptec were removed completely, replaced by ahci and mvs modules respectively. 20150315: Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0 or higher. 20150307: The 32-bit PowerPC kernel has been changed to a position-independent executable. This can only be booted with a version of loader(8) newer than January 31, 2015, so make sure to update both world and kernel before rebooting. 20150217: If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014), but before r278950, the RNG was not seeded properly. Immediately upgrade the kernel to r278950 or later and regenerate any keys (e.g. ssh keys or openssl keys) that were generated w/ a kernel from that range. This does not affect programs that directly used /dev/random or /dev/urandom. All userland uses of arc4random(3) are affected. 20150210: The autofs(4) ABI was changed in order to restore binary compatibility with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work with the new kernel. 20150131: The powerpc64 kernel has been changed to a position-independent executable. This can only be booted with a new version of loader(8), so make sure to update both world and kernel before rebooting. 20150118: Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix only release, no new features have been added. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0. 20150107: ELF tools addr2line, elfcopy (strip), nm, size, and strings are now taken from the ELF Tool Chain project rather than GNU binutils. They should be drop-in replacements, with the addition of arm64 support. The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the binutils tools, if necessary. See 20150805 for updated information. 20150105: The default Unbound configuration now enables remote control using a local socket. Users who have already enabled the local_unbound service should regenerate their configuration by running "service local_unbound setup" as root. 20150102: The GNU texinfo and GNU info pages have been removed. To be able to view GNU info pages please install texinfo from ports. 20141231: Clang, llvm and lldb have been upgraded to 3.5.0 release. As of this release, a prerequisite for building clang, llvm and lldb is a C++11 capable compiler and C++11 standard library. This means that to be able to successfully build the cross-tools stage of buildworld, with clang as the bootstrap compiler, your system compiler or cross compiler should either be clang 3.3 or later, or gcc 4.8 or later, and your system C++ library should be libc++, or libdstdc++ from gcc 4.8 or later. On any standard FreeBSD 10.x or 11.x installation, where clang and libc++ are on by default (that is, on x86 or arm), this should work out of the box. On 9.x installations where clang is enabled by default, e.g. on x86 and powerpc, libc++ will not be enabled by default, so libc++ should be built (with clang) and installed first. If both clang and libc++ are missing, build clang first, then use it to build libc++. On 8.x and earlier installations, upgrade to 9.x first, and then follow the instructions for 9.x above. Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by default, and do not build clang. Many embedded systems are resource constrained, and will not be able to build clang in a reasonable time, or in some cases at all. In those cases, cross building bootable systems on amd64 is a workaround. This new version of clang introduces a number of new warnings, of which the following are most likely to appear: -Wabsolute-value This warns in two cases, for both C and C++: * When the code is trying to take the absolute value of an unsigned quantity, which is effectively a no-op, and almost never what was intended. The code should be fixed, if at all possible. If you are sure that the unsigned quantity can be safely cast to signed, without loss of information or undefined behavior, you can add an explicit cast, or disable the warning. * When the code is trying to take an absolute value, but the called abs() variant is for the wrong type, which can lead to truncation. If you want to disable the warning instead of fixing the code, please make sure that truncation will not occur, or it might lead to unwanted side-effects. -Wtautological-undefined-compare and -Wundefined-bool-conversion These warn when C++ code is trying to compare 'this' against NULL, while 'this' should never be NULL in well-defined C++ code. However, there is some legacy (pre C++11) code out there, which actively abuses this feature, which was less strictly defined in previous C++ versions. Squid and openjdk do this, for example. The warning can be turned off for C++98 and earlier, but compiling the code in C++11 mode might result in unexpected behavior; for example, the parts of the program that are unreachable could be optimized away. 20141222: The old NFS client and server (kernel options NFSCLIENT, NFSSERVER) kernel sources have been removed. The .h files remain, since some utilities include them. This will need to be fixed later. If "mount -t oldnfs ..." is attempted, it will fail. If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used, the utilities will report errors. 20141121: The handling of LOCAL_LIB_DIRS has been altered to skip addition of directories to top level SUBDIR variable when their parent directory is included in LOCAL_DIRS. Users with build systems with such hierarchies and without SUBDIR entries in the parent directory Makefiles should add them or add the directories to LOCAL_DIRS. 20141109: faith(4) and faithd(8) have been removed from the base system. Faith has been obsolete for a very long time. 20141104: vt(4), the new console driver, is enabled by default. It brings support for Unicode and double-width characters, as well as support for UEFI and integration with the KMS kernel video drivers. You may need to update your console settings in /etc/rc.conf, most probably the keymap. During boot, /etc/rc.d/syscons will indicate what you need to do. vt(4) still has issues and lacks some features compared to syscons(4). See the wiki for up-to-date information: https://wiki.freebsd.org/Newcons If you want to keep using syscons(4), you can do so by adding the following line to /boot/loader.conf: kern.vty=sc 20141102: pjdfstest has been integrated into kyua as an opt-in test suite. Please see share/doc/pjdfstest/README for more details on how to execute it. 20141009: gperf has been removed from the base system for architectures that use clang. Ports that require gperf will obtain it from the devel/gperf port. 20140923: pjdfstest has been moved from tools/regression/pjdfstest to contrib/pjdfstest . 20140922: At svn r271982, The default linux compat kernel ABI has been adjusted to 2.6.18 in support of the linux-c6 compat ports infrastructure update. If you wish to continue using the linux-f10 compat ports, add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are encouraged to update their linux-compat packages to linux-c6 during their next update cycle. 20140729: The ofwfb driver, used to provide a graphics console on PowerPC when using vt(4), no longer allows mmap() of all physical memory. This will prevent Xorg on PowerPC with some ATI graphics cards from initializing properly unless x11-servers/xorg-server is updated to 1.12.4_8 or newer. 20140723: The xdev targets have been converted to using TARGET and TARGET_ARCH instead of XDEV and XDEV_ARCH. 20140719: The default unbound configuration has been modified to address issues with reverse lookups on networks that use private address ranges. If you use the local_unbound service, run "service local_unbound setup" as root to regenerate your configuration, then "service local_unbound reload" to load the new configuration. 20140709: The GNU texinfo and GNU info pages are not built and installed anymore, WITH_INFO knob has been added to allow to built and install them again. UPDATE: see 20150102 entry on texinfo's removal 20140708: The GNU readline library is now an INTERNALLIB - that is, it is statically linked into consumers (GDB and variants) in the base system, and the shared library is no longer installed. The devel/readline port is available for third party software that requires readline. 20140702: The Itanium architecture (ia64) has been removed from the list of known architectures. This is the first step in the removal of the architecture. 20140701: Commit r268115 has added NFSv4.1 server support, merged from projects/nfsv4.1-server. Since this includes changes to the internal interfaces between the NFS related modules, a full build of the kernel and modules will be necessary. __FreeBSD_version has been bumped. 20140629: The WITHOUT_VT_SUPPORT kernel config knob has been renamed WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning which differs from the behaviour controlled by this knob.) 20140619: Maximal length of the serial number in CTL was increased from 16 to 64 chars, that breaks ABI. All CTL-related tools, such as ctladm and ctld, need to be rebuilt to work with a new kernel. 20140606: The libatf-c and libatf-c++ major versions were downgraded to 0 and 1 respectively to match the upstream numbers. They were out of sync because, when they were originally added to FreeBSD, the upstream versions were not respected. These libraries are private and not yet built by default, so renumbering them should be a non-issue. However, unclean source trees will yield broken test programs once the operator executes "make delete-old-libs" after a "make installworld". Additionally, the atf-sh binary was made private by moving it into /usr/libexec/. Already-built shell test programs will keep the path to the old binary so they will break after "make delete-old" is run. If you are using WITH_TESTS=yes (not the default), wipe the object tree and rebuild from scratch to prevent spurious test failures. This is only needed once: the misnumbered libraries and misplaced binaries have been added to OptionalObsoleteFiles.inc so they will be removed during a clean upgrade. 20140512: Clang and llvm have been upgraded to 3.4.1 release. 20140508: We bogusly installed src.opts.mk in /usr/share/mk. This file should be removed to avoid issues in the future (and has been added to ObsoleteFiles.inc). 20140505: /etc/src.conf now affects only builds of the FreeBSD src tree. In the past, it affected all builds that used the bsd.*.mk files. The old behavior was a bug, but people may have relied upon it. To get this behavior back, you can .include /etc/src.conf from /etc/make.conf (which is still global and isn't changed). This also changes the behavior of incremental builds inside the tree of individual directories. Set MAKESYSPATH to ".../share/mk" to do that. Although this has survived make universe and some upgrade scenarios, other upgrade scenarios may have broken. At least one form of temporary breakage was fixed with MAKESYSPATH settings for buildworld as well... In cases where MAKESYSPATH isn't working with this setting, you'll need to set it to the full path to your tree. One side effect of all this cleaning up is that bsd.compiler.mk is no longer implicitly included by bsd.own.mk. If you wish to use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk as well. 20140430: The lindev device has been removed since /dev/full has been made a standard device. __FreeBSD_version has been bumped. 20140424: The knob WITHOUT_VI was added to the base system, which controls building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1) in order to reorder files share/termcap and didn't build ex(1) as a build tool, so building/installing with WITH_VI is highly advised for build hosts for older releases. This issue has been fixed in stable/9 and stable/10 in r277022 and r276991, respectively. 20140418: The YES_HESIOD knob has been removed. It has been obsolete for a decade. Please move to using WITH_HESIOD instead or your builds will silently lack HESIOD. 20140405: The uart(4) driver has been changed with respect to its handling of the low-level console. Previously the uart(4) driver prevented any process from changing the baudrate or the CLOCAL and HUPCL control flags. By removing the restrictions, operators can make changes to the serial console port without having to reboot. However, when getty(8) is started on the serial device that is associated with the low-level console, a misconfigured terminal line in /etc/ttys will now have a real impact. Before upgrading the kernel, make sure that /etc/ttys has the serial console device configured as 3wire without baudrate to preserve the previous behaviour. E.g: ttyu0 "/usr/libexec/getty 3wire" vt100 on secure 20140306: Support for libwrap (TCP wrappers) in rpcbind was disabled by default to improve performance. To re-enable it, if needed, run rpcbind with command line option -W. 20140226: Switched back to the GPL dtc compiler due to updates in the upstream dts files not being supported by the BSDL dtc compiler. You will need to rebuild your kernel toolchain to pick up the new compiler. Core dumps may result while building dtb files during a kernel build if you fail to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler. 20140216: Clang and llvm have been upgraded to 3.4 release. 20140216: The nve(4) driver has been removed. Please use the nfe(4) driver for NVIDIA nForce MCP Ethernet adapters instead. 20140212: An ABI incompatibility crept into the libc++ 3.4 import in r261283. This could cause certain C++ applications using shared libraries built against the previous version of libc++ to crash. The incompatibility has now been fixed, but any C++ applications or shared libraries built between r261283 and r261801 should be recompiled. 20140204: OpenSSH will now ignore errors caused by kernel lacking of Capsicum capability mode support. Please note that enabling the feature in kernel is still highly recommended. 20140131: OpenSSH is now built with sandbox support, and will use sandbox as the default privilege separation method. This requires Capsicum capability mode support in kernel. 20140128: The libelf and libdwarf libraries have been updated to newer versions from upstream. Shared library version numbers for these two libraries were bumped. Any ports or binaries requiring these two libraries should be recompiled. __FreeBSD_version is bumped to 1100006. 20140110: If a Makefile in a tests/ directory was auto-generating a Kyuafile instead of providing an explicit one, this would prevent such Makefile from providing its own Kyuafile in the future during NO_CLEAN builds. This has been fixed in the Makefiles but manual intervention is needed to clean an objdir if you use NO_CLEAN: # find /usr/obj -name Kyuafile | xargs rm -f 20131213: The behavior of gss_pseudo_random() for the krb5 mechanism has changed, for applications requesting a longer random string than produced by the underlying enctype's pseudo-random() function. In particular, the random string produced from a session key of enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will be different at the 17th octet and later, after this change. The counter used in the PRF+ construction is now encoded as a big-endian integer in accordance with RFC 4402. __FreeBSD_version is bumped to 1100004. 20131108: The WITHOUT_ATF build knob has been removed and its functionality has been subsumed into the more generic WITHOUT_TESTS. If you were using the former to disable the build of the ATF libraries, you should change your settings to use the latter. 20131025: The default version of mtree is nmtree which is obtained from NetBSD. The output is generally the same, but may vary slightly. If you found you need identical output adding "-F freebsd9" to the command line should do the trick. For the time being, the old mtree is available as fmtree. 20131014: libbsdyml has been renamed to libyaml and moved to /usr/lib/private. This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg 1.1.4_8 and verify bsdyml not linked in, before running "make delete-old-libs": # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean or # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml 20131010: The stable/10 branch has been created in subversion from head revision r256279. 20131010: The rc.d/jail script has been updated to support jail(8) configuration file. The "jail__*" rc.conf(5) variables for per-jail configuration are automatically converted to /var/run/jail..conf before the jail(8) utility is invoked. This is transparently backward compatible. See below about some incompatibilities and rc.conf(5) manual page for more details. These variables are now deprecated in favor of jail(8) configuration file. One can use "rc.d/jail config " command to generate a jail(8) configuration file in /var/run/jail..conf without running the jail(8) utility. The default pathname of the configuration file is /etc/jail.conf and can be specified by using $jail_conf or $jail__conf variables. Please note that jail_devfs_ruleset accepts an integer at this moment. Please consider to rewrite the ruleset name with an integer. 20130930: BIND has been removed from the base system. If all you need is a local resolver, simply enable and start the local_unbound service instead. Otherwise, several versions of BIND are available in the ports tree. The dns/bind99 port is one example. With this change, nslookup(1) and dig(1) are no longer in the base system. Users should instead use host(1) and drill(1) which are in the base system. Alternatively, nslookup and dig can be obtained by installing the dns/bind-tools port. 20130916: With the addition of unbound(8), a new unbound user is now required during installworld. "mergemaster -p" can be used to add the user prior to installworld, as documented in the handbook. 20130911: OpenSSH is now built with DNSSEC support, and will by default silently trust signed SSHFP records. This can be controlled with the VerifyHostKeyDNS client configuration setting. DNSSEC support can be disabled entirely with the WITHOUT_LDNS option in src.conf. 20130906: The GNU Compiler Collection and C++ standard library (libstdc++) are no longer built by default on platforms where clang is the system compiler. You can enable them with the WITH_GCC and WITH_GNUCXX options in src.conf. 20130905: The PROCDESC kernel option is now part of the GENERIC kernel configuration and is required for the rwhod(8) to work. If you are using custom kernel configuration, you should include 'options PROCDESC'. 20130905: The API and ABI related to the Capsicum framework was modified in backward incompatible way. The userland libraries and programs have to be recompiled to work with the new kernel. This includes the following libraries and programs, but the whole buildworld is advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl, kdump, procstat, rwho, rwhod, uniq. 20130903: AES-NI intrinsic support has been added to gcc. The AES-NI module has been updated to use this support. A new gcc is required to build the aesni module on both i386 and amd64. 20130821: The PADLOCK_RNG and RDRAND_RNG kernel options are now devices. Thus "device padlock_rng" and "device rdrand_rng" should be used instead of "options PADLOCK_RNG" & "options RDRAND_RNG". 20130813: WITH_ICONV has been split into two feature sets. WITH_ICONV now enables just the iconv* functionality and is now on by default. WITH_LIBICONV_COMPAT enables the libiconv api and link time compatibility. Set WITHOUT_ICONV to build the old way. If you have been using WITH_ICONV before, you will very likely need to turn on WITH_LIBICONV_COMPAT. 20130806: INVARIANTS option now enables DEBUG for code with OpenSolaris and Illumos origin, including ZFS. If you have INVARIANTS in your kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG explicitly. DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS) locks if WITNESS option was set. Because that generated a lot of witness(9) reports and all of them were believed to be false positives, this is no longer done. New option OPENSOLARIS_WITNESS can be used to achieve the previous behavior. 20130806: Timer values in IPv6 data structures now use time_uptime instead of time_second. Although this is not a user-visible functional change, userland utilities which directly use them---ndp(8), rtadvd(8), and rtsold(8) in the base system---need to be updated to r253970 or later. 20130802: find -delete can now delete the pathnames given as arguments, instead of only files found below them or if the pathname did not contain any slashes. Formerly, the following error message would result: find: -delete: : relative path potentially not safe Deleting the pathnames given as arguments can be prevented without error messages using -mindepth 1 or by changing directory and passing "." as argument to find. This works in the old as well as the new version of find. 20130726: Behavior of devfs rules path matching has been changed. Pattern is now always matched against fully qualified devfs path and slash characters must be explicitly matched by slashes in pattern (FNM_PATHNAME). Rulesets involving devfs subdirectories must be reviewed. 20130716: The default ARM ABI has changed to the ARM EABI. The old ABI is incompatible with the ARM EABI and all programs and modules will need to be rebuilt to work with a new kernel. To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set. NOTE: Support for the old ABI will be removed in the future and users are advised to upgrade. 20130709: pkg_install has been disconnected from the build if you really need it you should add WITH_PKGTOOLS in your src.conf(5). 20130709: Most of network statistics structures were changed to be able keep 64-bits counters. Thus all tools, that work with networking statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.) 20130618: Fix a bug that allowed a tracing process (e.g. gdb) to write to a memory-mapped file in the traced process's address space even if neither the traced process nor the tracing process had write access to that file. 20130615: CVS has been removed from the base system. An exact copy of the code is available from the devel/cvs port. 20130613: Some people report the following error after the switch to bmake: make: illegal option -- J usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable] ... *** [buildworld] Error code 2 this likely due to an old instance of make in ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE}) which src/Makefile will use that blindly, if it exists, so if you see the above error: rm -rf `make -V MAKEPATH` should resolve it. 20130516: Use bmake by default. Whereas before one could choose to build with bmake via -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old make. The goal is to remove these knobs for 10-RELEASE. It is worth noting that bmake (like gmake) treats the command line as the unit of failure, rather than statements within the command line. Thus '(cd some/where && dosomething)' is safer than 'cd some/where; dosomething'. The '()' allows consistent behavior in parallel build. 20130429: Fix a bug that allows NFS clients to issue READDIR on files. 20130426: The WITHOUT_IDEA option has been removed because the IDEA patent expired. 20130426: The sysctl which controls TRIM support under ZFS has been renamed from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been enabled by default. 20130425: The mergemaster command now uses the default MAKEOBJDIRPREFIX rather than creating it's own in the temporary directory in order allow access to bootstrapped versions of tools such as install and mtree. When upgrading from version of FreeBSD where the install command does not support -l, you will need to install a new mergemaster command if mergemaster -p is required. This can be accomplished with the command (cd src/usr.sbin/mergemaster && make install). 20130404: Legacy ATA stack, disabled and replaced by new CAM-based one since FreeBSD 9.0, completely removed from the sources. Kernel modules atadisk and atapi*, user-level tools atacontrol and burncd are removed. Kernel option `options ATA_CAM` is now permanently enabled and removed. 20130319: SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2) and socketpair(2). Software, in particular Kerberos, may automatically detect and use these during building. The resulting binaries will not work on older kernels. 20130308: CTL_DISABLE has also been added to the sparc64 GENERIC (for further information, see the respective 20130304 entry). 20130304: Recent commits to callout(9) changed the size of struct callout, so the KBI is probably heavily disturbed. Also, some functions in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced by macros. Every kernel module using it won't load, so rebuild is requested. The ctl device has been re-enabled in GENERIC for i386 and amd64, but does not initialize by default (because of the new CTL_DISABLE option) to save memory. To re-enable it, remove the CTL_DISABLE option from the kernel config file or set kern.cam.ctl.disable=0 in /boot/loader.conf. 20130301: The ctl device has been disabled in GENERIC for i386 and amd64. This was done due to the extra memory being allocated at system initialisation time by the ctl driver which was only used if a CAM target device was created. This makes a FreeBSD system unusable on 128MB or less of RAM. 20130208: A new compression method (lz4) has been merged to -HEAD. Please refer to zpool-features(7) for more information. Please refer to the "ZFS notes" section of this file for information on upgrading boot ZFS pools. 20130129: A BSD-licensed patch(1) variant has been added and is installed as bsdpatch, being the GNU version the default patch. To inverse the logic and use the BSD-licensed one as default, while having the GNU version installed as gnupatch, rebuild and install world with the WITH_BSD_PATCH knob set. 20130121: Due to the use of the new -l option to install(1) during build and install, you must take care not to directly set the INSTALL make variable in your /etc/make.conf, /etc/src.conf, or on the command line. If you wish to use the -C flag for all installs you may be able to add INSTALL+=-C to /etc/make.conf or /etc/src.conf. 20130118: The install(1) option -M has changed meaning and now takes an argument that is a file or path to append logs to. In the unlikely event that -M was the last option on the command line and the command line contained at least two files and a target directory the first file will have logs appended to it. The -M option served little practical purpose in the last decade so its use is expected to be extremely rare. 20121223: After switching to Clang as the default compiler some users of ZFS on i386 systems started to experience stack overflow kernel panics. Please consider using 'options KSTACK_PAGES=4' in such configurations. 20121222: GEOM_LABEL now mangles label names read from file system metadata. Mangling affect labels containing spaces, non-printable characters, '%' or '"'. Device names in /etc/fstab and other places may need to be updated. 20121217: By default, only the 10 most recent kernel dumps will be saved. To restore the previous behaviour (no limit on the number of kernel dumps stored in the dump directory) add the following line to /etc/rc.conf: savecore_flags="" 20121201: With the addition of auditdistd(8), a new auditdistd user is now required during installworld. "mergemaster -p" can be used to add the user prior to installworld, as documented in the handbook. 20121117: The sin6_scope_id member variable in struct sockaddr_in6 is now filled by the kernel before passing the structure to the userland via sysctl or routing socket. This means the KAME-specific embedded scope id in sin6_addr.s6_addr[2] is always cleared in userland application. This behavior can be controlled by net.inet6.ip6.deembed_scopeid. __FreeBSD_version is bumped to 1000025. 20121105: On i386 and amd64 systems WITH_CLANG_IS_CC is now the default. This means that the world and kernel will be compiled with clang and that clang will be installed as /usr/bin/cc, /usr/bin/c++, and /usr/bin/cpp. To disable this behavior and revert to building with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions of current may need to bootstrap WITHOUT_CLANG first if the clang build fails (its compatibility window doesn't extend to the 9 stable branch point). 20121102: The IPFIREWALL_FORWARD kernel option has been removed. Its functionality now turned on by default. 20121023: The ZERO_COPY_SOCKET kernel option has been removed and split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP. NB: SOCKET_SEND_COW uses the VM page based copy-on-write mechanism which is not safe and may result in kernel crashes. NB: The SOCKET_RECV_PFLIP mechanism is useless as no current driver supports disposeable external page sized mbuf storage. Proper replacements for both zero-copy mechanisms are under consideration and will eventually lead to complete removal of the two kernel options. 20121023: The IPv4 network stack has been converted to network byte order. The following modules need to be recompiled together with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4), pf(4), ipfw(4), ng_ipfw(4), stf(4). 20121022: Support for non-MPSAFE filesystems was removed from VFS. The VFS_VERSION was bumped, all filesystem modules shall be recompiled. 20121018: All the non-MPSAFE filesystems have been disconnected from the build. The full list includes: codafs, hpfs, ntfs, nwfs, portalfs, smbfs, xfs. 20121016: The interface cloning API and ABI has changed. The following modules need to be recompiled together with kernel: ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4), vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4), faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4). 20121015: The sdhci driver was split in two parts: sdhci (generic SD Host Controller logic) and sdhci_pci (actual hardware driver). No kernel config modifications are required, but if you load sdhc as a module you must switch to sdhci_pci instead. 20121014: Import the FUSE kernel and userland support into base system. 20121013: The GNU sort(1) program has been removed since the BSD-licensed sort(1) has been the default for quite some time and no serious problems have been reported. The corresponding WITH_GNU_SORT knob has also gone. 20121006: The pfil(9) API/ABI for AF_INET family has been changed. Packet filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled with new kernel. 20121001: The net80211(4) ABI has been changed to allow for improved driver PS-POLL and power-save support. All wireless drivers need to be recompiled to work with the new kernel. 20120913: The random(4) support for the VIA hardware random number generator (`PADLOCK') is no longer enabled unconditionally. Add the padlock_rng device in the custom kernel config if needed. The GENERIC kernels on i386 and amd64 do include the device, so the change only affects the custom kernel configurations. 20120908: The pf(4) packet filter ABI has been changed. pfctl(8) and snmp_pf module need to be recompiled to work with new kernel. 20120828: A new ZFS feature flag "com.delphix:empty_bpobj" has been merged to -HEAD. Pools that have empty_bpobj in active state can not be imported read-write with ZFS implementations that do not support this feature. For more information read the zpool-features(5) manual page. 20120727: The sparc64 ZFS loader has been changed to no longer try to auto- detect ZFS providers based on diskN aliases but now requires these to be explicitly listed in the OFW boot-device environment variable. 20120712: The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are configuration changes. Make sure to merge /etc/ssl/openssl.cnf. 20120712: The following sysctls and tunables have been renamed for consistency with other variables: kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered 20120628: The sort utility has been replaced with BSD sort. For now, GNU sort is also available as "gnusort" or the default can be set back to GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be installed as "bsdsort". 20120611: A new version of ZFS (pool version 5000) has been merged to -HEAD. Starting with this version the old system of ZFS pool versioning is superseded by "feature flags". This concept enables forward compatibility against certain future changes in functionality of ZFS pools. The first read-only compatible "feature flag" for ZFS pools is named "com.delphix:async_destroy". For more information read the new zpool-features(5) manual page. Please refer to the "ZFS notes" section of this file for information on upgrading boot ZFS pools. 20120417: The malloc(3) implementation embedded in libc now uses sources imported as contrib/jemalloc. The most disruptive API change is to /etc/malloc.conf. If your system has an old-style /etc/malloc.conf, delete it prior to installworld, and optionally re-create it using the new format after rebooting. See malloc.conf(5) for details (specifically the TUNING section and the "opt.*" entries in the MALLCTL NAMESPACE section). 20120328: Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is now spelled mips. This is to aid compatibility with third-party software that expects this naming scheme in uname(3). Little-endian settings are unchanged. If you are updating a big-endian mips64 machine from before this change, you may need to set MACHINE_ARCH=mips64 in your environment before the new build system will recognize your machine. 20120306: Disable by default the option VFS_ALLOW_NONMPSAFE for all supported platforms. 20120229: Now unix domain sockets behave "as expected" on nullfs(5). Previously nullfs(5) did not pass through all behaviours to the underlying layer, as a result if we bound to a socket on the lower layer we could connect only to the lower path; if we bound to the upper layer we could connect only to the upper path. The new behavior is one can connect to both the lower and the upper paths regardless what layer path one binds to. 20120211: The getifaddrs upgrade path broken with 20111215 has been restored. If you have upgraded in between 20111215 and 20120209 you need to recompile libc again with your kernel. You still need to recompile world to be able to configure CARP but this restriction already comes from 20111215. 20120114: The set_rcvar() function has been removed from /etc/rc.subr. All base and ports rc.d scripts have been updated, so if you have a port installed with a script in /usr/local/etc/rc.d you can either hand-edit the rcvar= line, or reinstall the port. An easy way to handle the mass-update of /etc/rc.d: rm /etc/rc.d/* && mergemaster -i 20120109: panic(9) now stops other CPUs in the SMP systems, disables interrupts on the current CPU and prevents other threads from running. This behavior can be reverted using the kern.stop_scheduler_on_panic tunable/sysctl. The new behavior can be incompatible with kern.sync_on_panic. 20111215: The carp(4) facility has been changed significantly. Configuration of the CARP protocol via ifconfig(8) has changed, as well as format of CARP events submitted to devd(8) has changed. See manual pages for more information. The arpbalance feature of carp(4) is currently not supported anymore. Size of struct in_aliasreq, struct in6_aliasreq has changed. User utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8), need to be recompiled. 20111122: The acpi_wmi(4) status device /dev/wmistat has been renamed to /dev/wmistat0. 20111108: The option VFS_ALLOW_NONMPSAFE option has been added in order to explicitely support non-MPSAFE filesystems. It is on by default for all supported platform at this present time. 20111101: The broken amd(4) driver has been replaced with esp(4) in the amd64, i386 and pc98 GENERIC kernel configuration files. 20110930: sysinstall has been removed 20110923: The stable/9 branch created in subversion. This corresponds to the RELENG_9 branch in CVS. COMMON ITEMS: General Notes ------------- Avoid using make -j when upgrading. While generally safe, there are sometimes problems using -j to upgrade. If your upgrade fails with -j, please try again without -j. From time to time in the past there have been problems using -j with buildworld and/or installworld. This is especially true when upgrading between "distant" versions (eg one that cross a major release boundary or several minor releases, or when several months have passed on the -current branch). Sometimes, obscure build problems are the result of environment poisoning. This can happen because the make utility reads its environment when searching for values for global variables. To run your build attempts in an "environmental clean room", prefix all make commands with 'env -i '. See the env(1) manual page for more details. When upgrading from one major version to another it is generally best to upgrade to the latest code in the currently installed branch first, then do an upgrade to the new branch. This is the best-tested upgrade path, and has the highest probability of being successful. Please try this approach before reporting problems with a major version upgrade. When upgrading a live system, having a root shell around before installing anything can help undo problems. Not having a root shell around can lead to problems if pam has changed too much from your starting point to allow continued authentication after the upgrade. This file should be read as a log of events. When a later event changes information of a prior event, the prior event should not be deleted. Instead, a pointer to the entry with the new information should be placed in the old entry. Readers of this file should also sanity check older entries before relying on them blindly. Authors of new entries should write them with this in mind. ZFS notes --------- When upgrading the boot ZFS pool to a new version, always follow these two steps: 1.) recompile and reinstall the ZFS boot loader and boot block (this is part of "make buildworld" and "make installworld") 2.) update the ZFS boot block on your boot drive The following example updates the ZFS boot block on the first partition (freebsd-boot) of a GPT partitioned drive ada0: "gpart bootcode -p /boot/gptzfsboot -i 1 ada0" Non-boot pools do not need these updates. To build a kernel ----------------- If you are updating from a prior version of FreeBSD (even one just a few days old), you should follow this procedure. It is the most failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, make kernel-toolchain make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE To test a kernel once --------------------- If you just want to boot a kernel once (because you are not sure if it works, or if you want to boot a known bad kernel to provide debugging information) run make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel nextboot -k testkernel To just build a kernel when you know that it won't mess you up -------------------------------------------------------------- This assumes you are already running a CURRENT system. Replace ${arch} with the architecture of your machine (e.g. "i386", "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc). cd src/sys/${arch}/conf config KERNEL_NAME_HERE cd ../compile/KERNEL_NAME_HERE make depend make make install If this fails, go to the "To build a kernel" section. To rebuild everything and install it on the current system. ----------------------------------------------------------- # Note: sometimes if you are running current you gotta do more than # is listed here if you are upgrading from a really old current. make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -Fp [5] make installworld mergemaster -Fi [4] make delete-old [6] To cross-install current onto a separate partition -------------------------------------------------- # In this approach we use a separate partition to hold # current's root, 'usr', and 'var' directories. A partition # holding "/", "/usr" and "/var" should be about 2GB in # size. make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd To upgrade in-place from stable to current ---------------------------------------------- make buildworld [9] make kernel KERNCONF=YOUR_KERNEL_HERE [8] [1] [3] mergemaster -Fp [5] make installworld mergemaster -Fi [4] make delete-old [6] Make sure that you've read the UPDATING file to understand the tweaks to various things you need. At this point in the life cycle of current, things change often and you are on your own to cope. The defaults can also change, so please read ALL of the UPDATING entries. Also, if you are tracking -current, you must be subscribed to freebsd-current@freebsd.org. Make sure that before you update your sources that you have read and understood all the recent messages there. If in doubt, please track -stable which has much fewer pitfalls. [1] If you have third party modules, such as vmware, you should disable them at this point so they don't crash your system on reboot. [3] From the bootblocks, boot -s, and then do fsck -p mount -u / mount -a cd src adjkerntz -i # if CMOS is wall time Also, when doing a major release upgrade, it is required that you boot into single user mode to do the installworld. [4] Note: This step is non-optional. Failure to do this step can result in a significant reduction in the functionality of the system. Attempting to do it by hand is not recommended and those that pursue this avenue should read this file carefully, as well as the archives of freebsd-current and freebsd-hackers mailing lists for potential gotchas. The -U option is also useful to consider. See mergemaster(8) for more information. [5] Usually this step is a noop. However, from time to time you may need to do this if you get unknown user in the following step. It never hurts to do it all the time. You may need to install a new mergemaster (cd src/usr.sbin/mergemaster && make install) after the buildworld before this step if you last updated from current before 20130425 or from -stable before 20130430. [6] This only deletes old files and directories. Old libraries can be deleted by "make delete-old-libs", but you have to make sure that no program is using those libraries anymore. [8] The new kernel must be able to run existing binaries used by an installworld. When upgrading across major versions, the new kernel's configuration must include the correct COMPAT_FREEBSD option for existing binaries (e.g. COMPAT_FREEBSD11 to run 11.x binaries). Failure to do so may leave you with a system that is hard to boot to recover. A GENERIC kernel will include suitable compatibility options to run binaries from older branches. Make sure that you merge any new devices from GENERIC since the last time you updated your kernel config file. [9] When checking out sources, you must include the -P flag to have cvs prune empty directories. If CPUTYPE is defined in your /etc/make.conf, make sure to use the "?=" instead of the "=" assignment operator, so that buildworld can override the CPUTYPE if it needs to. MAKEOBJDIRPREFIX must be defined in an environment variable, and not on the command line, or in /etc/make.conf. buildworld will warn if it is improperly defined. FORMAT: This file contains a list, in reverse chronological order, of major breakages in tracking -current. It is not guaranteed to be a complete list of such breakages, and only contains entries since September 23, 2011. If you need to see UPDATING entries from before that date, you will need to fetch an UPDATING file from an older FreeBSD release. Copyright information: Copyright 1998-2009 M. Warner Losh. All Rights Reserved. Redistribution, publication, translation and use, with or without modification, in full or in part, in any form or format of this document are permitted without further permission from the author. THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Contact Warner Losh if you have any questions about your use of this document. $FreeBSD$ Index: stable/11/contrib/ntp/ntpd/ntpd.c =================================================================== --- stable/11/contrib/ntp/ntpd/ntpd.c (revision 352864) +++ stable/11/contrib/ntp/ntpd/ntpd.c (revision 352865) @@ -1,1742 +1,1742 @@ /* * ntpd.c - main program for the fixed point NTP daemon */ #ifdef HAVE_CONFIG_H # include #endif #include "ntp_machine.h" #include "ntpd.h" #include "ntp_io.h" #include "ntp_stdlib.h" #include #include "ntp_config.h" #include "ntp_syslog.h" #include "ntp_assert.h" #include "isc/error.h" #include "isc/strerror.h" #include "isc/formatcheck.h" #include "iosignal.h" #ifdef SIM # include "ntpsim.h" #endif #include "ntp_libopts.h" #include "ntpd-opts.h" /* there's a short treatise below what the thread stuff is for. * [Bug 2954] enable the threading warm-up only for Linux. */ #if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS) # ifdef HAVE_PTHREAD_H # include # endif # if defined(linux) # define NEED_PTHREAD_WARMUP # endif #endif #ifdef HAVE_UNISTD_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #include #ifdef HAVE_SYS_PARAM_H # include #endif #ifdef HAVE_SYS_SIGNAL_H # include #else # include #endif #ifdef HAVE_SYS_IOCTL_H # include #endif /* HAVE_SYS_IOCTL_H */ #if defined(HAVE_RTPRIO) # ifdef HAVE_SYS_LOCK_H # include # endif # include #else # ifdef HAVE_PLOCK # ifdef HAVE_SYS_LOCK_H # include # endif # endif #endif #if defined(HAVE_SCHED_SETSCHEDULER) # ifdef HAVE_SCHED_H # include # else # ifdef HAVE_SYS_SCHED_H # include # endif # endif #endif #if defined(HAVE_SYS_MMAN_H) # include #endif #ifdef HAVE_TERMIOS_H # include #endif #ifdef SYS_DOMAINOS # include #endif /* SYS_DOMAINOS */ #include "recvbuff.h" #include "ntp_cmdargs.h" #if 0 /* HMS: I don't think we need this. 961223 */ #ifdef LOCK_PROCESS # ifdef SYS_SOLARIS # include # else # include # endif #endif #endif #ifdef SYS_WINNT # include "ntservice.h" #endif #ifdef _AIX # include #endif /* _AIX */ #ifdef SCO5_CLOCK # include #endif #ifdef HAVE_DROPROOT # include # include # include #ifdef HAVE_LINUX_CAPABILITIES # include # include #endif /* HAVE_LINUX_CAPABILITIES */ #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS) # include #endif /* HAVE_PRIV_H */ #endif /* HAVE_DROPROOT */ #if defined (LIBSECCOMP) && (KERN_SECCOMP) /* # include */ # include # include #endif /* LIBSECCOMP and KERN_SECCOMP */ #ifdef HAVE_DNSREGISTRATION # include DNSServiceRef mdns; #endif #ifdef HAVE_SETPGRP_0 # define ntp_setpgrp(x, y) setpgrp() #else # define ntp_setpgrp(x, y) setpgrp(x, y) #endif #ifdef HAVE_SOLARIS_PRIVS # define LOWPRIVS "basic,sys_time,net_privaddr,proc_setid,!proc_info,!proc_session,!proc_exec" static priv_set_t *lowprivs = NULL; static priv_set_t *highprivs = NULL; #endif /* HAVE_SOLARIS_PRIVS */ /* * Scheduling priority we run at */ #define NTPD_PRIO (-12) int priority_done = 2; /* 0 - Set priority */ /* 1 - priority is OK where it is */ /* 2 - Don't set priority */ /* 1 and 2 are pretty much the same */ int listen_to_virtual_ips = TRUE; /* * No-fork flag. If set, we do not become a background daemon. */ int nofork; /* Fork by default */ #ifdef HAVE_DNSREGISTRATION /* * mDNS registration flag. If set, we attempt to register with the mDNS system, but only * after we have synched the first time. If the attempt fails, then try again once per * minute for up to 5 times. After all, we may be starting before mDNS. */ int mdnsreg = FALSE; int mdnstries = 5; #endif /* HAVE_DNSREGISTRATION */ #ifdef HAVE_DROPROOT int droproot; int root_dropped; char *user; /* User to switch to */ char *group; /* group to switch to */ const char *chrootdir; /* directory to chroot to */ uid_t sw_uid; gid_t sw_gid; struct group *gr; struct passwd *pw; #endif /* HAVE_DROPROOT */ #ifdef HAVE_WORKING_FORK int waitsync_fd_to_close = -1; /* -w/--wait-sync */ #endif /* * Version declaration */ extern const char *Version; char const *progname; int was_alarmed; #ifdef DECL_SYSCALL /* * We put this here, since the argument profile is syscall-specific */ extern int syscall (int, ...); #endif /* DECL_SYSCALL */ #if !defined(SIM) && defined(SIGDIE1) static volatile int signalled = 0; static volatile int signo = 0; /* In an ideal world, 'finish_safe()' would declared as noreturn... */ static void finish_safe (int); static RETSIGTYPE finish (int); #endif #if !defined(SIM) && defined(HAVE_WORKING_FORK) static int wait_child_sync_if (int, long); #endif #if !defined(SIM) && !defined(SYS_WINNT) # ifdef DEBUG static RETSIGTYPE moredebug (int); static RETSIGTYPE lessdebug (int); # else /* !DEBUG follows */ static RETSIGTYPE no_debug (int); # endif /* !DEBUG */ #endif /* !SIM && !SYS_WINNT */ #ifndef WORK_FORK int saved_argc; char ** saved_argv; #endif #ifndef SIM int ntpdmain (int, char **); static void set_process_priority (void); static void assertion_failed (const char *, int, isc_assertiontype_t, const char *) __attribute__ ((__noreturn__)); static void library_fatal_error (const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); static void library_unexpected_error(const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); #endif /* !SIM */ /* Bug2332 unearthed a problem in the interaction of reduced user * privileges, the limits on memory usage and some versions of the * pthread library on Linux systems. The 'pthread_cancel()' function and * likely some others need to track the stack of the thread involved, * and uses a function that comes from GCC (--> libgcc_s.so) to do * this. Unfortunately the developers of glibc decided to load the * library on demand, which speeds up program start but can cause * trouble here: Due to all the things NTPD does to limit its resource * usage, this deferred load of libgcc_s does not always work once the * restrictions are in effect. * * One way out of this was attempting a forced link against libgcc_s * when possible because it makes the library available immediately * without deferred load. (The symbol resolution would still be dynamic * and on demand, but the code would already be in the process image.) * * This is a tricky thing to do, since it's not necessary everywhere, * not possible everywhere, has shown to break the build of other * programs in the NTP suite and is now generally frowned upon. * * So we take a different approach here: We creat a worker thread that does * actually nothing except waiting for cancellation and cancel it. If * this is done before all the limitations are put in place, the * machinery is pre-heated and all the runtime stuff should be in place * and useable when needed. * * This uses only the standard pthread API and should work with all * implementations of pthreads. It is not necessary everywhere, but it's * cheap enough to go on nearly unnoticed. * * Addendum: Bug 2954 showed that the assumption that this should work * with all OS is wrong -- at least FreeBSD bombs heavily. */ #ifdef NEED_PTHREAD_WARMUP /* simple thread function: sleep until cancelled, just to exercise * thread cancellation. */ static void* my_pthread_warmup_worker( void *thread_args) { (void)thread_args; for (;;) sleep(10); return NULL; } /* pre-heat threading: create a thread and cancel it, just to exercise * thread cancellation. */ static void my_pthread_warmup(void) { pthread_t thread; pthread_attr_t thr_attr; int rc; pthread_attr_init(&thr_attr); #if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \ defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \ defined(PTHREAD_STACK_MIN) { size_t ssmin = 32*1024; /* 32kB should be minimum */ if (ssmin < PTHREAD_STACK_MIN) ssmin = PTHREAD_STACK_MIN; rc = pthread_attr_setstacksize(&thr_attr, ssmin); if (0 != rc) msyslog(LOG_ERR, "my_pthread_warmup: pthread_attr_setstacksize() -> %s", strerror(rc)); } #endif rc = pthread_create( &thread, &thr_attr, my_pthread_warmup_worker, NULL); pthread_attr_destroy(&thr_attr); if (0 != rc) { msyslog(LOG_ERR, "my_pthread_warmup: pthread_create() -> %s", strerror(rc)); } else { pthread_cancel(thread); pthread_join(thread, NULL); } } #endif /*defined(NEED_PTHREAD_WARMUP)*/ #ifdef NEED_EARLY_FORK static void dummy_callback(void) { return; } static void fork_nonchroot_worker(void) { getaddrinfo_sometime("localhost", "ntp", NULL, INITIAL_DNS_RETRY, (gai_sometime_callback)&dummy_callback, NULL); } #endif /* NEED_EARLY_FORK */ void parse_cmdline_opts( int * pargc, char ***pargv ) { static int parsed; static int optct; if (!parsed) optct = ntpOptionProcess(&ntpdOptions, *pargc, *pargv); parsed = 1; *pargc -= optct; *pargv += optct; } #ifdef SIM int main( int argc, char *argv[] ) { progname = argv[0]; parse_cmdline_opts(&argc, &argv); #ifdef DEBUG debug = OPT_VALUE_SET_DEBUG_LEVEL; DPRINTF(1, ("%s\n", Version)); #endif return ntpsim(argc, argv); } #else /* !SIM follows */ #ifdef NO_MAIN_ALLOWED CALL(ntpd,"ntpd",ntpdmain); #else /* !NO_MAIN_ALLOWED follows */ #ifndef SYS_WINNT int main( int argc, char *argv[] ) { return ntpdmain(argc, argv); } #endif /* !SYS_WINNT */ #endif /* !NO_MAIN_ALLOWED */ #endif /* !SIM */ #ifdef _AIX /* * OK. AIX is different than solaris in how it implements plock(). * If you do NOT adjust the stack limit, you will get the MAXIMUM * stack size allocated and PINNED with you program. To check the * value, use ulimit -a. * * To fix this, we create an automatic variable and set our stack limit * to that PLUS 32KB of extra space (we need some headroom). * * This subroutine gets the stack address. * * Grover Davidson and Matt Ladendorf * */ static char * get_aix_stack(void) { char ch; return (&ch); } /* * Signal handler for SIGDANGER. */ static void catch_danger(int signo) { msyslog(LOG_INFO, "ntpd: setpgid(): %m"); /* Make the system believe we'll free something, but don't do it! */ return; } #endif /* _AIX */ /* * Set the process priority */ #ifndef SIM static void set_process_priority(void) { # ifdef DEBUG if (debug > 1) msyslog(LOG_DEBUG, "set_process_priority: %s: priority_done is <%d>", ((priority_done) ? "Leave priority alone" : "Attempt to set priority" ), priority_done); # endif /* DEBUG */ # if defined(HAVE_SCHED_SETSCHEDULER) if (!priority_done) { extern int config_priority_override, config_priority; int pmax, pmin; struct sched_param sched; pmax = sched_get_priority_max(SCHED_FIFO); sched.sched_priority = pmax; if ( config_priority_override ) { pmin = sched_get_priority_min(SCHED_FIFO); if ( config_priority > pmax ) sched.sched_priority = pmax; else if ( config_priority < pmin ) sched.sched_priority = pmin; else sched.sched_priority = config_priority; } if ( sched_setscheduler(0, SCHED_FIFO, &sched) == -1 ) msyslog(LOG_ERR, "sched_setscheduler(): %m"); else ++priority_done; } # endif /* HAVE_SCHED_SETSCHEDULER */ # ifdef HAVE_RTPRIO # ifdef RTP_SET if (!priority_done) { struct rtprio srtp; srtp.type = RTP_PRIO_REALTIME; /* was: RTP_PRIO_NORMAL */ srtp.prio = 0; /* 0 (hi) -> RTP_PRIO_MAX (31,lo) */ if (rtprio(RTP_SET, getpid(), &srtp) < 0) msyslog(LOG_ERR, "rtprio() error: %m"); else ++priority_done; } # else /* !RTP_SET follows */ if (!priority_done) { if (rtprio(0, 120) < 0) msyslog(LOG_ERR, "rtprio() error: %m"); else ++priority_done; } # endif /* !RTP_SET */ # endif /* HAVE_RTPRIO */ # if defined(NTPD_PRIO) && NTPD_PRIO != 0 # ifdef HAVE_ATT_NICE if (!priority_done) { errno = 0; if (-1 == nice (NTPD_PRIO) && errno != 0) msyslog(LOG_ERR, "nice() error: %m"); else ++priority_done; } # endif /* HAVE_ATT_NICE */ # ifdef HAVE_BSD_NICE if (!priority_done) { if (-1 == setpriority(PRIO_PROCESS, 0, NTPD_PRIO)) msyslog(LOG_ERR, "setpriority() error: %m"); else ++priority_done; } # endif /* HAVE_BSD_NICE */ # endif /* NTPD_PRIO && NTPD_PRIO != 0 */ if (!priority_done) msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority"); } #endif /* !SIM */ #if !defined(SIM) && !defined(SYS_WINNT) /* * Detach from terminal (much like daemon()) * Nothe that this function calls exit() */ # ifdef HAVE_WORKING_FORK static void detach_from_terminal( int pipe_fds[2], long wait_sync, const char *logfilename ) { int rc; int exit_code; # if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY) int fid; # endif # ifdef _AIX struct sigaction sa; # endif rc = fork(); if (-1 == rc) { exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "fork: %m"); exit(exit_code); } if (rc > 0) { /* parent */ exit_code = wait_child_sync_if(pipe_fds[0], wait_sync); exit(exit_code); } /* * child/daemon * close all open files excepting waitsync_fd_to_close. * msyslog() unreliable until after init_logging(). */ closelog(); if (syslog_file != NULL) { fclose(syslog_file); syslog_file = NULL; syslogit = TRUE; } close_all_except(waitsync_fd_to_close); INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ && 2 == dup2(0, 2)); init_logging(progname, 0, TRUE); /* we lost our logfile (if any) daemonizing */ setup_logfile(logfilename); # ifdef SYS_DOMAINOS { uid_$t puid; status_$t st; proc2_$who_am_i(&puid); proc2_$make_server(&puid, &st); } # endif /* SYS_DOMAINOS */ # ifdef HAVE_SETSID if (setsid() == (pid_t)-1) msyslog(LOG_ERR, "setsid(): %m"); # elif defined(HAVE_SETPGID) if (setpgid(0, 0) == -1) msyslog(LOG_ERR, "setpgid(): %m"); # else /* !HAVE_SETSID && !HAVE_SETPGID follows */ # ifdef TIOCNOTTY fid = open("/dev/tty", 2); if (fid >= 0) { ioctl(fid, (u_long)TIOCNOTTY, NULL); close(fid); } # endif /* TIOCNOTTY */ ntp_setpgrp(0, getpid()); # endif /* !HAVE_SETSID && !HAVE_SETPGID */ # ifdef _AIX /* Don't get killed by low-on-memory signal. */ sa.sa_handler = catch_danger; sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sigaction(SIGDANGER, &sa, NULL); # endif /* _AIX */ return; } # endif /* HAVE_WORKING_FORK */ #ifdef HAVE_DROPROOT /* * Map user name/number to user ID */ static int map_user( ) { char *endp; if (isdigit((unsigned char)*user)) { sw_uid = (uid_t)strtoul(user, &endp, 0); if (*endp != '\0') goto getuser; if ((pw = getpwuid(sw_uid)) != NULL) { free(user); user = estrdup(pw->pw_name); sw_gid = pw->pw_gid; } else { errno = 0; msyslog(LOG_ERR, "Cannot find user ID %s", user); return 0; } } else { getuser: errno = 0; if ((pw = getpwnam(user)) != NULL) { sw_uid = pw->pw_uid; sw_gid = pw->pw_gid; } else { if (errno) msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user); else msyslog(LOG_ERR, "Cannot find user `%s'", user); return 0; } } return 1; } /* * Map group name/number to group ID */ static int map_group(void) { char *endp; if (isdigit((unsigned char)*group)) { sw_gid = (gid_t)strtoul(group, &endp, 0); if (*endp != '\0') goto getgroup; } else { getgroup: if ((gr = getgrnam(group)) != NULL) { sw_gid = gr->gr_gid; } else { errno = 0; msyslog(LOG_ERR, "Cannot find group `%s'", group); return 0; } } return 1; } static int set_group_ids(void) { if (user && initgroups(user, sw_gid)) { msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); return 0; } if (group && setgid(sw_gid)) { msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); return 0; } if (group && setegid(sw_gid)) { msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); return 0; } if (group) { if (0 != setgroups(1, &sw_gid)) { msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid); return 0; } } else if (pw) if (0 != initgroups(pw->pw_name, pw->pw_gid)) { msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid); return 0; } return 1; } static int set_user_ids(void) { if (user && setuid(sw_uid)) { msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); return 0; } if (user && seteuid(sw_uid)) { msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); return 0; } return 1; } /* * Change (effective) user and group IDs, also initialize the supplementary group access list */ int set_user_group_ids(void); int set_user_group_ids(void) { /* If the the user was already mapped, no need to map it again */ if ((NULL != user) && (0 == sw_uid)) { if (0 == map_user()) exit (-1); } /* same applies for the group */ if ((NULL != group) && (0 == sw_gid)) { if (0 == map_group()) exit (-1); } if (getegid() != sw_gid && 0 == set_group_ids()) return 0; if (geteuid() != sw_uid && 0 == set_user_ids()) return 0; return 1; } #endif /* HAVE_DROPROOT */ #endif /* !SIM */ /* * Main program. Initialize us, disconnect us from the tty if necessary, * and loop waiting for I/O and/or timer expiries. */ #ifndef SIM int ntpdmain( int argc, char *argv[] ) { l_fp now; struct recvbuf *rbuf; const char * logfilename; # ifdef HAVE_UMASK mode_t uv; # endif # if defined(HAVE_GETUID) && !defined(MPE) /* MPE lacks the concept of root */ uid_t uid; # endif # if defined(HAVE_WORKING_FORK) long wait_sync = 0; int pipe_fds[2]; int rc; int exit_code; # endif /* HAVE_WORKING_FORK*/ # ifdef SCO5_CLOCK int fd; int zero; # endif # ifdef NEED_PTHREAD_WARMUP my_pthread_warmup(); # endif # ifdef HAVE_UMASK uv = umask(0); if (uv) umask(uv); else umask(022); # endif saved_argc = argc; saved_argv = argv; progname = argv[0]; initializing = TRUE; /* mark that we are initializing */ parse_cmdline_opts(&argc, &argv); # ifdef DEBUG debug = OPT_VALUE_SET_DEBUG_LEVEL; # ifdef HAVE_SETLINEBUF setlinebuf(stdout); # endif # endif if (HAVE_OPT(NOFORK) || HAVE_OPT(QUIT) # ifdef DEBUG || debug # endif || HAVE_OPT(SAVECONFIGQUIT)) nofork = TRUE; init_logging(progname, NLOG_SYNCMASK, TRUE); /* honor -l/--logfile option to log to a file */ if (HAVE_OPT(LOGFILE)) { logfilename = OPT_ARG(LOGFILE); syslogit = FALSE; change_logfile(logfilename, FALSE); } else { logfilename = NULL; if (nofork) msyslog_term = TRUE; if (HAVE_OPT(SAVECONFIGQUIT)) syslogit = FALSE; } msyslog(LOG_NOTICE, "%s: Starting", Version); { int i; char buf[1024]; /* Secret knowledge of msyslog buf length */ char *cp = buf; /* Note that every arg has an initial space character */ snprintf(cp, sizeof(buf), "Command line:"); cp += strlen(cp); for (i = 0; i < saved_argc ; ++i) { snprintf(cp, sizeof(buf) - (cp - buf), " %s", saved_argv[i]); cp += strlen(cp); } msyslog(LOG_INFO, "%s", buf); } /* * Install trap handlers to log errors and assertion failures. * Default handlers print to stderr which doesn't work if detached. */ isc_assertion_setcallback(assertion_failed); isc_error_setfatal(library_fatal_error); isc_error_setunexpected(library_unexpected_error); /* MPE lacks the concept of root */ # if defined(HAVE_GETUID) && !defined(MPE) uid = getuid(); if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { msyslog_term = TRUE; msyslog(LOG_ERR, "must be run as root, not uid %ld", (long)uid); exit(1); } # endif /* * Enable the Multi-Media Timer for Windows? */ # ifdef SYS_WINNT if (HAVE_OPT( MODIFYMMTIMER )) set_mm_timer(MM_TIMER_HIRES); # endif #ifdef HAVE_DNSREGISTRATION /* * Enable mDNS registrations? */ if (HAVE_OPT( MDNS )) { mdnsreg = TRUE; } #endif /* HAVE_DNSREGISTRATION */ if (HAVE_OPT( NOVIRTUALIPS )) listen_to_virtual_ips = 0; /* * --interface, listen on specified interfaces */ if (HAVE_OPT( INTERFACE )) { int ifacect = STACKCT_OPT( INTERFACE ); const char** ifaces = STACKLST_OPT( INTERFACE ); sockaddr_u addr; while (ifacect-- > 0) { add_nic_rule( is_ip_address(*ifaces, AF_UNSPEC, &addr) ? MATCH_IFADDR : MATCH_IFNAME, *ifaces, -1, ACTION_LISTEN); ifaces++; } } if (HAVE_OPT( NICE )) priority_done = 0; # ifdef HAVE_SCHED_SETSCHEDULER if (HAVE_OPT( PRIORITY )) { config_priority = OPT_VALUE_PRIORITY; config_priority_override = 1; priority_done = 0; } # endif # ifdef HAVE_WORKING_FORK /* make sure the FDs are initialised */ pipe_fds[0] = -1; pipe_fds[1] = -1; do { /* 'loop' once */ if (!HAVE_OPT( WAIT_SYNC )) break; wait_sync = OPT_VALUE_WAIT_SYNC; if (wait_sync <= 0) { wait_sync = 0; break; } /* -w requires a fork() even with debug > 0 */ nofork = FALSE; if (pipe(pipe_fds)) { exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "Pipe creation failed for --wait-sync: %m"); exit(exit_code); } waitsync_fd_to_close = pipe_fds[1]; } while (0); /* 'loop' once */ # endif /* HAVE_WORKING_FORK */ init_lib(); # ifdef SYS_WINNT /* * Make sure the service is initialized before we do anything else */ ntservice_init(); /* * Start interpolation thread, must occur before first * get_systime() */ init_winnt_time(); # endif /* * Initialize random generator and public key pair */ get_systime(&now); ntp_srandom((int)(now.l_i * now.l_uf)); /* * Detach us from the terminal. May need an #ifndef GIZMO. */ if (!nofork) { # ifdef HAVE_WORKING_FORK detach_from_terminal(pipe_fds, wait_sync, logfilename); # endif /* HAVE_WORKING_FORK */ } # ifdef SCO5_CLOCK /* * SCO OpenServer's system clock offers much more precise timekeeping * on the base CPU than the other CPUs (for multiprocessor systems), * so we must lock to the base CPU. */ fd = open("/dev/at1", O_RDONLY); if (fd >= 0) { zero = 0; if (ioctl(fd, ACPU_LOCK, &zero) < 0) msyslog(LOG_ERR, "cannot lock to base CPU: %m"); close(fd); } # endif /* Setup stack size in preparation for locking pages in memory. */ # if defined(HAVE_MLOCKALL) # ifdef HAVE_SETRLIMIT ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); -# ifdef RLIMIT_MEMLOCK +# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 /* * The default RLIMIT_MEMLOCK is very low on Linux systems. * Unless we increase this limit malloc calls are likely to * fail if we drop root privilege. To be useful the value * has to be larger than the largest ntpd resident set size. */ ntp_rlimit(RLIMIT_MEMLOCK, DFLT_RLIMIT_MEMLOCK * 1024 * 1024, 1024 * 1024, "MB"); # endif /* RLIMIT_MEMLOCK */ # endif /* HAVE_SETRLIMIT */ # else /* !HAVE_MLOCKALL follows */ # ifdef HAVE_PLOCK # ifdef PROCLOCK # ifdef _AIX /* * set the stack limit for AIX for plock(). * see get_aix_stack() for more info. */ if (ulimit(SET_STACKLIM, (get_aix_stack() - 8 * 4096)) < 0) msyslog(LOG_ERR, "Cannot adjust stack limit for plock: %m"); # endif /* _AIX */ # endif /* PROCLOCK */ # endif /* HAVE_PLOCK */ # endif /* !HAVE_MLOCKALL */ /* * Set up signals we pay attention to locally. */ # ifdef SIGDIE1 signal_no_reset(SIGDIE1, finish); signal_no_reset(SIGDIE2, finish); signal_no_reset(SIGDIE3, finish); signal_no_reset(SIGDIE4, finish); # endif # ifdef SIGBUS signal_no_reset(SIGBUS, finish); # endif # if !defined(SYS_WINNT) && !defined(VMS) # ifdef DEBUG (void) signal_no_reset(MOREDEBUGSIG, moredebug); (void) signal_no_reset(LESSDEBUGSIG, lessdebug); # else (void) signal_no_reset(MOREDEBUGSIG, no_debug); (void) signal_no_reset(LESSDEBUGSIG, no_debug); # endif /* DEBUG */ # endif /* !SYS_WINNT && !VMS */ /* * Set up signals we should never pay attention to. */ # ifdef SIGPIPE signal_no_reset(SIGPIPE, SIG_IGN); # endif /* * Call the init_ routines to initialize the data structures. * * Exactly what command-line options are we expecting here? */ INIT_SSL(); init_auth(); init_util(); init_restrict(); init_mon(); init_timer(); init_request(); init_control(); init_peer(); # ifdef REFCLOCK init_refclock(); # endif set_process_priority(); init_proto(); /* Call at high priority */ init_io(); init_loopfilter(); mon_start(MON_ON); /* monitor on by default now */ /* turn off in config if unwanted */ /* * Get the configuration. This is done in a separate module * since this will definitely be different for the gizmo board. */ getconfig(argc, argv); if (-1 == cur_memlock) { # if defined(HAVE_MLOCKALL) /* * lock the process into memory */ if ( !HAVE_OPT(SAVECONFIGQUIT) # ifdef RLIMIT_MEMLOCK && -1 != DFLT_RLIMIT_MEMLOCK # endif && 0 != mlockall(MCL_CURRENT|MCL_FUTURE)) msyslog(LOG_ERR, "mlockall(): %m"); # else /* !HAVE_MLOCKALL follows */ # ifdef HAVE_PLOCK # ifdef PROCLOCK /* * lock the process into memory */ if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(PROCLOCK)) msyslog(LOG_ERR, "plock(PROCLOCK): %m"); # else /* !PROCLOCK follows */ # ifdef TXTLOCK /* * Lock text into ram */ if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(TXTLOCK)) msyslog(LOG_ERR, "plock(TXTLOCK) error: %m"); # else /* !TXTLOCK follows */ msyslog(LOG_ERR, "plock() - don't know what to lock!"); # endif /* !TXTLOCK */ # endif /* !PROCLOCK */ # endif /* HAVE_PLOCK */ # endif /* !HAVE_MLOCKALL */ } loop_config(LOOP_DRIFTINIT, 0); report_event(EVNT_SYSRESTART, NULL, NULL); initializing = FALSE; # ifdef HAVE_DROPROOT if (droproot) { #ifdef NEED_EARLY_FORK fork_nonchroot_worker(); #endif /* Drop super-user privileges and chroot now if the OS supports this */ # ifdef HAVE_LINUX_CAPABILITIES /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */ if (prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1) { msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" ); exit(-1); } # elif HAVE_SOLARIS_PRIVS /* Nothing to do here */ # else /* we need a user to switch to */ if (user == NULL) { msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" ); exit(-1); } # endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */ if (user != NULL) { if (0 == map_user()) exit (-1); } if (group != NULL) { if (0 == map_group()) exit (-1); } if (chrootdir ) { /* make sure cwd is inside the jail: */ if (chdir(chrootdir)) { msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir); exit (-1); } if (chroot(chrootdir)) { msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); exit (-1); } if (chdir("/")) { msyslog(LOG_ERR, "Cannot chdir() to`root after chroot(): %m"); exit (-1); } } # ifdef HAVE_SOLARIS_PRIVS if ((lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) { msyslog(LOG_ERR, "priv_str_to_set() failed:%m"); exit(-1); } if ((highprivs = priv_allocset()) == NULL) { msyslog(LOG_ERR, "priv_allocset() failed:%m"); exit(-1); } (void) getppriv(PRIV_PERMITTED, highprivs); (void) priv_intersect(highprivs, lowprivs); if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { msyslog(LOG_ERR, "setppriv() failed:%m"); exit(-1); } # endif /* HAVE_SOLARIS_PRIVS */ if (0 == set_user_group_ids()) exit(-1); # if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) /* * for now assume that the privilege to bind to privileged ports * is associated with running with uid 0 - should be refined on * ports that allow binding to NTP_PORT with uid != 0 */ disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */ # endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */ if (disable_dynamic_updates && interface_interval) { interface_interval = 0; msyslog(LOG_INFO, "running as non-root disables dynamic interface tracking"); } # ifdef HAVE_LINUX_CAPABILITIES { /* * We may be running under non-root uid now, but we still hold full root privileges! * We drop all of them, except for the crucial one or two: cap_sys_time and * cap_net_bind_service if doing dynamic interface tracking. */ cap_t caps; char *captext; captext = (0 != interface_interval) ? "cap_sys_time,cap_net_bind_service=pe" : "cap_sys_time=pe"; caps = cap_from_text(captext); if (!caps) { msyslog(LOG_ERR, "cap_from_text(%s) failed: %m", captext); exit(-1); } if (-1 == cap_set_proc(caps)) { msyslog(LOG_ERR, "cap_set_proc() failed to drop root privs: %m"); exit(-1); } cap_free(caps); } # endif /* HAVE_LINUX_CAPABILITIES */ # ifdef HAVE_SOLARIS_PRIVS if (priv_delset(lowprivs, "proc_setid") == -1) { msyslog(LOG_ERR, "priv_delset() failed:%m"); exit(-1); } if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { msyslog(LOG_ERR, "setppriv() failed:%m"); exit(-1); } priv_freeset(lowprivs); priv_freeset(highprivs); # endif /* HAVE_SOLARIS_PRIVS */ root_dropped = TRUE; fork_deferred_worker(); } /* if (droproot) */ # endif /* HAVE_DROPROOT */ /* libssecomp sandboxing */ #if defined (LIBSECCOMP) && (KERN_SECCOMP) scmp_filter_ctx ctx; if ((ctx = seccomp_init(SCMP_ACT_KILL)) < 0) msyslog(LOG_ERR, "%s: seccomp_init(SCMP_ACT_KILL) failed: %m", __func__); else { msyslog(LOG_DEBUG, "%s: seccomp_init(SCMP_ACT_KILL) succeeded", __func__); } #ifdef __x86_64__ int scmp_sc[] = { SCMP_SYS(adjtimex), SCMP_SYS(bind), SCMP_SYS(brk), SCMP_SYS(chdir), SCMP_SYS(clock_gettime), SCMP_SYS(clock_settime), SCMP_SYS(close), SCMP_SYS(connect), SCMP_SYS(exit_group), SCMP_SYS(fstat), SCMP_SYS(fsync), SCMP_SYS(futex), SCMP_SYS(getitimer), SCMP_SYS(getsockname), SCMP_SYS(ioctl), SCMP_SYS(lseek), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(munmap), SCMP_SYS(open), SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(recvmsg), SCMP_SYS(rename), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigprocmask), SCMP_SYS(rt_sigreturn), SCMP_SYS(select), SCMP_SYS(sendto), SCMP_SYS(setitimer), SCMP_SYS(setsid), SCMP_SYS(socket), SCMP_SYS(stat), SCMP_SYS(time), SCMP_SYS(write), }; #endif #ifdef __i386__ int scmp_sc[] = { SCMP_SYS(_newselect), SCMP_SYS(adjtimex), SCMP_SYS(brk), SCMP_SYS(chdir), SCMP_SYS(clock_gettime), SCMP_SYS(clock_settime), SCMP_SYS(close), SCMP_SYS(exit_group), SCMP_SYS(fsync), SCMP_SYS(futex), SCMP_SYS(getitimer), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap), SCMP_SYS(open), SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(rename), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigprocmask), SCMP_SYS(select), SCMP_SYS(setitimer), SCMP_SYS(setsid), SCMP_SYS(sigprocmask), SCMP_SYS(sigreturn), SCMP_SYS(socketcall), SCMP_SYS(stat64), SCMP_SYS(time), SCMP_SYS(write), }; #endif { int i; for (i = 0; i < COUNTOF(scmp_sc); i++) { if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) { msyslog(LOG_ERR, "%s: seccomp_rule_add() failed: %m", __func__); } } } if (seccomp_load(ctx) < 0) msyslog(LOG_ERR, "%s: seccomp_load() failed: %m", __func__); else { msyslog(LOG_DEBUG, "%s: seccomp_load() succeeded", __func__); } #endif /* LIBSECCOMP and KERN_SECCOMP */ #ifdef SYS_WINNT ntservice_isup(); #endif # ifdef HAVE_IO_COMPLETION_PORT for (;;) { #if !defined(SIM) && defined(SIGDIE1) if (signalled) finish_safe(signo); #endif GetReceivedBuffers(); # else /* normal I/O */ BLOCK_IO_AND_ALARM(); was_alarmed = FALSE; for (;;) { #if !defined(SIM) && defined(SIGDIE1) if (signalled) finish_safe(signo); #endif if (alarm_flag) { /* alarmed? */ was_alarmed = TRUE; alarm_flag = FALSE; } /* collect async name/addr results */ if (!was_alarmed) harvest_blocking_responses(); if (!was_alarmed && !has_full_recv_buffer()) { /* * Nothing to do. Wait for something. */ io_handler(); } if (alarm_flag) { /* alarmed? */ was_alarmed = TRUE; alarm_flag = FALSE; } if (was_alarmed) { UNBLOCK_IO_AND_ALARM(); /* * Out here, signals are unblocked. Call timer routine * to process expiry. */ timer(); was_alarmed = FALSE; BLOCK_IO_AND_ALARM(); } # endif /* !HAVE_IO_COMPLETION_PORT */ # ifdef DEBUG_TIMING { l_fp pts; l_fp tsa, tsb; int bufcount = 0; get_systime(&pts); tsa = pts; # endif rbuf = get_full_recv_buffer(); while (rbuf != NULL) { if (alarm_flag) { was_alarmed = TRUE; alarm_flag = FALSE; } UNBLOCK_IO_AND_ALARM(); if (was_alarmed) { /* avoid timer starvation during lengthy I/O handling */ timer(); was_alarmed = FALSE; } /* * Call the data procedure to handle each received * packet. */ if (rbuf->receiver != NULL) { # ifdef DEBUG_TIMING l_fp dts = pts; L_SUB(&dts, &rbuf->recv_time); DPRINTF(2, ("processing timestamp delta %s (with prec. fuzz)\n", lfptoa(&dts, 9))); collect_timing(rbuf, "buffer processing delay", 1, &dts); bufcount++; # endif (*rbuf->receiver)(rbuf); } else { msyslog(LOG_ERR, "fatal: receive buffer callback NULL"); abort(); } BLOCK_IO_AND_ALARM(); freerecvbuf(rbuf); rbuf = get_full_recv_buffer(); } # ifdef DEBUG_TIMING get_systime(&tsb); L_SUB(&tsb, &tsa); if (bufcount) { collect_timing(NULL, "processing", bufcount, &tsb); DPRINTF(2, ("processing time for %d buffers %s\n", bufcount, lfptoa(&tsb, 9))); } } # endif /* * Go around again */ # ifdef HAVE_DNSREGISTRATION if (mdnsreg && (current_time - mdnsreg ) > 60 && mdnstries && sys_leap != LEAP_NOTINSYNC) { mdnsreg = current_time; msyslog(LOG_INFO, "Attempting to register mDNS"); if ( DNSServiceRegister (&mdns, 0, 0, NULL, "_ntp._udp", NULL, NULL, htons(NTP_PORT), 0, NULL, NULL, NULL) != kDNSServiceErr_NoError ) { if (!--mdnstries) { msyslog(LOG_ERR, "Unable to register mDNS, giving up."); } else { msyslog(LOG_INFO, "Unable to register mDNS, will try later."); } } else { msyslog(LOG_INFO, "mDNS service registered."); mdnsreg = FALSE; } } # endif /* HAVE_DNSREGISTRATION */ } UNBLOCK_IO_AND_ALARM(); return 1; } #endif /* !SIM */ #if !defined(SIM) && defined(SIGDIE1) /* * finish - exit gracefully */ static void finish_safe( int sig ) { const char *sig_desc; sig_desc = NULL; #ifdef HAVE_STRSIGNAL sig_desc = strsignal(sig); #endif if (sig_desc == NULL) sig_desc = ""; msyslog(LOG_NOTICE, "%s exiting on signal %d (%s)", progname, sig, sig_desc); /* See Bug 2513 and Bug 2522 re the unlink of PIDFILE */ # ifdef HAVE_DNSREGISTRATION if (mdns != NULL) DNSServiceRefDeallocate(mdns); # endif peer_cleanup(); exit(0); } static RETSIGTYPE finish( int sig ) { signalled = 1; signo = sig; } #endif /* !SIM && SIGDIE1 */ #ifndef SIM /* * wait_child_sync_if - implements parent side of -w/--wait-sync */ # ifdef HAVE_WORKING_FORK static int wait_child_sync_if( int pipe_read_fd, long wait_sync ) { int rc; int exit_code; time_t wait_end_time; time_t cur_time; time_t wait_rem; fd_set readset; struct timeval wtimeout; if (0 == wait_sync) return 0; /* waitsync_fd_to_close used solely by child */ close(waitsync_fd_to_close); wait_end_time = time(NULL) + wait_sync; do { cur_time = time(NULL); wait_rem = (wait_end_time > cur_time) ? (wait_end_time - cur_time) : 0; wtimeout.tv_sec = wait_rem; wtimeout.tv_usec = 0; FD_ZERO(&readset); FD_SET(pipe_read_fd, &readset); rc = select(pipe_read_fd + 1, &readset, NULL, NULL, &wtimeout); if (-1 == rc) { if (EINTR == errno) continue; exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "--wait-sync select failed: %m"); return exit_code; } if (0 == rc) { /* * select() indicated a timeout, but in case * its timeouts are affected by a step of the * system clock, select() again with a zero * timeout to confirm. */ FD_ZERO(&readset); FD_SET(pipe_read_fd, &readset); wtimeout.tv_sec = 0; wtimeout.tv_usec = 0; rc = select(pipe_read_fd + 1, &readset, NULL, NULL, &wtimeout); if (0 == rc) /* select() timeout */ break; else /* readable */ return 0; } else /* readable */ return 0; } while (wait_rem > 0); fprintf(stderr, "%s: -w/--wait-sync %ld timed out.\n", progname, wait_sync); return ETIMEDOUT; } # endif /* HAVE_WORKING_FORK */ /* * assertion_failed - Redirect assertion failures to msyslog(). */ static void assertion_failed( const char *file, int line, isc_assertiontype_t type, const char *cond ) { isc_assertion_setcallback(NULL); /* Avoid recursion */ msyslog(LOG_ERR, "%s:%d: %s(%s) failed", file, line, isc_assertion_typetotext(type), cond); msyslog(LOG_ERR, "exiting (due to assertion failure)"); #if defined(DEBUG) && defined(SYS_WINNT) if (debug) DebugBreak(); #endif abort(); } /* * library_fatal_error - Handle fatal errors from our libraries. */ static void library_fatal_error( const char *file, int line, const char *format, va_list args ) { char errbuf[256]; isc_error_setfatal(NULL); /* Avoid recursion */ msyslog(LOG_ERR, "%s:%d: fatal error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); msyslog(LOG_ERR, "%s", errbuf); msyslog(LOG_ERR, "exiting (due to fatal error in library)"); #if defined(DEBUG) && defined(SYS_WINNT) if (debug) DebugBreak(); #endif abort(); } /* * library_unexpected_error - Handle non fatal errors from our libraries. */ # define MAX_UNEXPECTED_ERRORS 100 int unexpected_error_cnt = 0; static void library_unexpected_error( const char *file, int line, const char *format, va_list args ) { char errbuf[256]; if (unexpected_error_cnt >= MAX_UNEXPECTED_ERRORS) return; /* avoid clutter in log */ msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); msyslog(LOG_ERR, "%s", errbuf); if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS) msyslog(LOG_ERR, "Too many errors. Shutting up."); } #endif /* !SIM */ #if !defined(SIM) && !defined(SYS_WINNT) # ifdef DEBUG /* * moredebug - increase debugging verbosity */ static RETSIGTYPE moredebug( int sig ) { int saved_errno = errno; if (debug < 255) { debug++; msyslog(LOG_DEBUG, "debug raised to %d", debug); } errno = saved_errno; } /* * lessdebug - decrease debugging verbosity */ static RETSIGTYPE lessdebug( int sig ) { int saved_errno = errno; if (debug > 0) { debug--; msyslog(LOG_DEBUG, "debug lowered to %d", debug); } errno = saved_errno; } # else /* !DEBUG follows */ /* * no_debug - We don't do the debug here. */ static RETSIGTYPE no_debug( int sig ) { int saved_errno = errno; msyslog(LOG_DEBUG, "ntpd not compiled for debugging (signal %d)", sig); errno = saved_errno; } # endif /* !DEBUG */ #endif /* !SIM && !SYS_WINNT */ Index: stable/11/etc/ntp.conf =================================================================== --- stable/11/etc/ntp.conf (revision 352864) +++ stable/11/etc/ntp.conf (revision 352865) @@ -1,104 +1,112 @@ # # $FreeBSD$ # # Default NTP servers for the FreeBSD operating system. # # Don't forget to enable ntpd in /etc/rc.conf with: # ntpd_enable="YES" # # The driftfile is by default /var/db/ntpd.drift, check # /etc/defaults/rc.conf on how to change the location. # # # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistant time. # tos minclock 3 maxclock 6 # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server # you want to sync against, comment out the above pool, uncomment # the next one, and replace CC with the country's abbreviation. # Make sure that the hostname resolves to a proper IP address! # # pool 0.CC.pool.ntp.org iburst # # To configure a specific server, such as an organization-wide local # server, add lines similar to the following. One or more specific # servers can be configured in addition to, or instead of, any server # pools specified above. When both are configured, ntpd first adds all # the specific servers, then adds servers from the pool until the tos # minclock/maxclock targets are met. # #server time.my-internal.org iburst # # Security: # # By default, only allow time queries and block all other requests # from unauthenticated clients. # # The "restrict source" line allows peers to be mobilized when added by # ntpd from a pool, but does not enable mobilizing a new peer association # by other dynamic means (broadcast, manycast, ntpq commands, etc). # # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # restrict default limited kod nomodify notrap noquery nopeer restrict source limited kod nomodify notrap noquery # # Alternatively, the following rules would block all unauthorized access. # #restrict default ignore # # In this case, all remote NTP time servers also need to be explicitly # allowed or they would not be able to exchange time information with # this server. # # Please note that this example doesn't work for the servers in # the pool.ntp.org domain since they return multiple A records. # #restrict 0.pool.ntp.org nomodify nopeer noquery notrap #restrict 1.pool.ntp.org nomodify nopeer noquery notrap #restrict 2.pool.ntp.org nomodify nopeer noquery notrap # # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict ::1 # # If a server loses sync with all upstream servers, NTP clients # no longer follow that server. The local clock can be configured # to provide a time source when this happens, but it should usually # be configured on just one server on a network. For more details see # http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock # The use of Orphan Mode may be preferable. # #server 127.127.1.0 #fudge 127.127.1.0 stratum 10 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. # for documentation regarding leapfile. Updates to the file can be obtained # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. # Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. #leapfile "/etc/ntp/leap-seconds" leapfile "/var/db/ntpd.leap-seconds.list" + +# Specify the number of megabytes of memory that should be allocated and +# locked. -1 (default) means "do not lock the process into memory". +# 0 means "lock whatever memory the process wants into memory". Any other +# number means to lock up to that number of megabytes into memory. +# 0 may result in a segfault when ASLR with stack gap randomization +# is enabled. +#rlimit memlock 32 Index: stable/11/usr.sbin/ntp/config.h =================================================================== --- stable/11/usr.sbin/ntp/config.h (revision 352864) +++ stable/11/usr.sbin/ntp/config.h (revision 352865) @@ -1,1836 +1,1836 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ /* $FreeBSD$ */ /* Define if building universal (internal helper macro) */ /* #undef AC_APPLE_UNIVERSAL_BUILD */ /* Is adjtime() accurate? */ /* #undef ADJTIME_IS_ACCURATE */ /* Support NTP Autokey protocol? */ /* #define AUTOKEY 1 */ /* why not HAVE_P_S? */ /* #undef CALL_PTHREAD_SETCONCURRENCY */ /* ACTS modem service */ #define CLOCK_ACTS 1 /* Arbiter 1088A/B GPS receiver */ #define CLOCK_ARBITER 1 /* ARCRON support? */ #define CLOCK_ARCRON_MSF 1 /* Austron 2200A/2201A GPS receiver? */ #define CLOCK_AS2201 1 /* PPS interface? */ #define CLOCK_ATOM 1 /* Datum/Bancomm bc635/VME interface? */ /* #undef CLOCK_BANC */ /* Chronolog K-series WWVB receiver? */ #define CLOCK_CHRONOLOG 1 /* CHU modem/decoder */ #define CLOCK_CHU 1 /* Diems Computime Radio Clock? */ /* #undef CLOCK_COMPUTIME */ /* Datum Programmable Time System? */ #define CLOCK_DATUM 1 /* ELV/DCF7000 clock? */ /* #undef CLOCK_DCF7000 */ /* Dumb generic hh:mm:ss local clock? */ #define CLOCK_DUMBCLOCK 1 /* Forum Graphic GPS datating station driver? */ #define CLOCK_FG 1 /* GPSD JSON receiver */ #define CLOCK_GPSDJSON 1 /* TrueTime GPS receiver/VME interface? */ /* #undef CLOCK_GPSVME */ /* Heath GC-1000 WWV/WWVH receiver? */ #define CLOCK_HEATH 1 /* HOPF 6021 clock? */ /* #undef CLOCK_HOPF6021 */ /* HOPF PCI clock device? */ #define CLOCK_HOPF_PCI 1 /* HOPF serial clock device? */ #define CLOCK_HOPF_SERIAL 1 /* HP 58503A GPS receiver? */ #define CLOCK_HPGPS 1 /* IRIG audio decoder? */ #define CLOCK_IRIG 1 /* JJY receiver? */ #define CLOCK_JJY 1 /* Rockwell Jupiter GPS clock? */ #define CLOCK_JUPITER 1 /* Leitch CSD 5300 Master Clock System Driver? */ #define CLOCK_LEITCH 1 /* local clock reference? */ #define CLOCK_LOCAL 1 /* Meinberg clocks */ #define CLOCK_MEINBERG 1 /* Magnavox MX4200 GPS receiver */ /* #undef CLOCK_MX4200 */ /* NeoClock4X */ #define CLOCK_NEOCLOCK4X 1 /* NMEA GPS receiver */ #define CLOCK_NMEA 1 /* Motorola UT Oncore GPS */ #define CLOCK_ONCORE 1 /* Palisade clock */ #define CLOCK_PALISADE 1 /* PARSE driver interface */ #define CLOCK_PARSE 1 /* Conrad parallel port radio clock */ #define CLOCK_PCF 1 /* PCL 720 clock support */ /* #undef CLOCK_PPS720 */ /* PST/Traconex 1020 WWV/WWVH receiver */ #define CLOCK_PST 1 /* DCF77 raw time code */ #define CLOCK_RAWDCF 1 /* RCC 8000 clock */ /* #undef CLOCK_RCC8000 */ /* RIPE NCC Trimble clock */ /* #undef CLOCK_RIPENCC */ /* Schmid DCF77 clock */ /* #undef CLOCK_SCHMID */ /* SEL240X protocol */ /* #undef CLOCK_SEL240X */ /* clock thru shared memory */ #define CLOCK_SHM 1 /* Spectracom 8170/Netclock/2 WWVB receiver */ #define CLOCK_SPECTRACOM 1 /* KSI/Odetics TPRO/S GPS receiver/IRIG interface */ /* #undef CLOCK_TPRO */ /* Trimble GPS receiver/TAIP protocol */ /* #undef CLOCK_TRIMTAIP */ /* Trimble GPS receiver/TSIP protocol */ /* #undef CLOCK_TRIMTSIP */ /* Kinemetrics/TrueTime receivers */ #define CLOCK_TRUETIME 1 /* Spectracom TSYNC timing board */ /* #undef CLOCK_TSYNCPCI */ /* TrueTime 560 IRIG-B decoder? */ /* #undef CLOCK_TT560 */ /* Ultralink M320 WWVB receiver? */ #define CLOCK_ULINK 1 /* VARITEXT clock */ /* #undef CLOCK_VARITEXT */ /* WHARTON 400A Series clock */ /* #undef CLOCK_WHARTON_400A */ /* WWV audio driver */ #define CLOCK_WWV 1 /* Zyfer GPStarplus */ #define CLOCK_ZYFER 1 /* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP systems. This function is required for `alloca.c' support on those systems. */ /* #undef CRAY_STACKSEG_END */ /* Define to 1 if using `alloca.c'. */ /* #undef C_ALLOCA */ /* Enable debugging code? */ /* #undef DEBUG */ /* Enable processing time debugging? */ /* #undef DEBUG_TIMING */ /* Declaration style */ /* #undef DECL_ADJTIME_0 */ /* Declaration style */ /* #undef DECL_BCOPY_0 */ /* Declaration style */ /* #undef DECL_BZERO_0 */ /* Declaration style */ /* #undef DECL_CFSETISPEED_0 */ /* Declare errno? */ /* #undef DECL_ERRNO */ /* Declaration style */ /* #undef DECL_HSTRERROR_0 */ /* Declare h_errno? */ #define DECL_H_ERRNO 1 /* Declaration style */ /* #undef DECL_INET_NTOA_0 */ /* Declaration style */ /* #undef DECL_IOCTL_0 */ /* Declaration style */ /* #undef DECL_IPC_0 */ /* Declaration style */ /* #undef DECL_MEMMOVE_0 */ /* Declaration style */ /* #undef DECL_MKSTEMP_0 */ /* Declaration style */ /* #undef DECL_MKTEMP_0 */ /* Declaration style */ /* #undef DECL_NLIST_0 */ /* Declaration style */ /* #undef DECL_PLOCK_0 */ /* Declaration style */ /* #undef DECL_RENAME_0 */ /* Declaration style */ /* #undef DECL_SELECT_0 */ /* Declaration style */ /* #undef DECL_SETITIMER_0 */ /* Declaration style */ /* #undef DECL_SETPRIORITY_0 */ /* Declaration style */ /* #undef DECL_SETPRIORITY_1 */ /* Declaration style */ /* #undef DECL_SIGVEC_0 */ /* Declaration style */ /* #undef DECL_STDIO_0 */ /* Declaration style */ /* #undef DECL_STIME_0 */ /* Declaration style */ /* #undef DECL_STIME_1 */ /* Declaration style */ /* #undef DECL_STRERROR_0 */ /* Declaration style */ /* #undef DECL_STRTOL_0 */ /* Declare syscall()? */ /* #undef DECL_SYSCALL */ /* Declaration style */ /* #undef DECL_SYSLOG_0 */ /* Declaration style */ /* #undef DECL_TIMEOFDAY_0 */ /* Declaration style */ /* #undef DECL_TIME_0 */ /* Declaration style */ /* #undef DECL_TOLOWER_0 */ /* Declaration style */ /* #undef DECL_TOUPPER_0 */ /* What is the fallback value for HZ? */ #define DEFAULT_HZ 100 /* Default number of megabytes for RLIMIT_MEMLOCK */ -#define DFLT_RLIMIT_MEMLOCK 32 +#define DFLT_RLIMIT_MEMLOCK -1 /* Default number of 4k pages for RLIMIT_STACK */ #define DFLT_RLIMIT_STACK 50 /* Directory separator character, usually / or \\ */ #define DIR_SEP '/' /* use old autokey session key behavior? */ /* #undef DISABLE_BUG1243_FIX */ /* synch TODR hourly? */ /* #undef DOSYNCTODR */ /* The number of minutes in a DST adjustment */ #define DSTMINUTES 60 /* support dynamic interleave? */ #define DYNAMIC_INTERLEAVE 0 /* number of args to el_init() */ #define EL_INIT_ARGS 4 /* Provide the explicit 127.0.0.0/8 martian filter? */ #define ENABLE_BUG3020_FIX 1 /* Enable CMAC support? */ #define ENABLE_CMAC 1 /* nls support in libopts */ /* #undef ENABLE_NLS */ /* force ntpdate to step the clock if !defined(STEP_SLEW) ? */ /* #undef FORCE_NTPDATE_STEP */ /* What is getsockname()'s socklen type? */ #define GETSOCKNAME_SOCKLEN_TYPE socklen_t /* Do we have a routing socket (rt_msghdr or rtattr)? */ #define HAS_ROUTING_SOCKET 1 /* via __adjtimex */ /* #undef HAVE_ADJTIMEX */ /* Define to 1 if you have `alloca', as a function or macro. */ #define HAVE_ALLOCA 1 /* Define to 1 if you have and it should be used (not on Ultrix). */ /* #undef HAVE_ALLOCA_H */ /* Define to 1 if you have the `arc4random_buf' function. */ #define HAVE_ARC4RANDOM_BUF 1 /* Define to 1 if you have the header file. */ #define HAVE_ARPA_NAMESER_H 1 /* Define to 1 if you have the `atomic_thread_fence' function. */ /* #undef HAVE_ATOMIC_THREAD_FENCE */ /* Do we have audio support? */ #define HAVE_AUDIO /**/ /* Define to 1 if you have the header file. */ /* #undef HAVE_BSTRING_H */ /* Define to 1 if you have the `canonicalize_file_name' function. */ /* #undef HAVE_CANONICALIZE_FILE_NAME */ /* Define to 1 if you have the `chmod' function. */ #define HAVE_CHMOD 1 /* Do we have the CIOGETEV ioctl (SunOS, Linux)? */ /* #undef HAVE_CIOGETEV */ /* Define to 1 if you have the `clock_getres' function. */ #define HAVE_CLOCK_GETRES 1 /* Define to 1 if you have the `clock_gettime' function. */ #define HAVE_CLOCK_GETTIME 1 /* Define to 1 if you have the `clock_settime' function. */ #define HAVE_CLOCK_SETTIME 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_CTHREADS_H */ /* Define to 1 if you have the `daemon' function. */ #define HAVE_DAEMON 1 /* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you don't. */ #define HAVE_DECL_SIGLONGJMP 1 /* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you don't. */ #define HAVE_DECL_SIGSETJMP 1 /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you don't. */ #define HAVE_DECL_STRERROR_R 1 /* Define to 1 if you have the header file, and it defines `DIR'. */ #define HAVE_DIRENT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 /* Use Rendezvous/DNS-SD registration */ /* #undef HAVE_DNSREGISTRATION */ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ /* #undef HAVE_DOPRNT */ /* Can we drop root privileges? */ /* #undef HAVE_DROPROOT */ /* Define to 1 if you have the header file. */ #define HAVE_ERRNO_H 1 /* Define to 1 if you have the `EVP_MD_do_all_sorted' function. */ #define HAVE_EVP_MD_DO_ALL_SORTED 1 /* Define to 1 if you have the `fchmod' function. */ #define HAVE_FCHMOD 1 /* Define to 1 if you have the header file. */ #define HAVE_FCNTL_H 1 /* Define to 1 if you have the `finite' function. */ /* #undef HAVE_FINITE */ /* Define to 1 if you have the `fnmatch' function. */ #define HAVE_FNMATCH 1 /* Define to 1 if you have the header file. */ #define HAVE_FNMATCH_H 1 /* Define to 1 if you have the `fork' function. */ #define HAVE_FORK 1 /* Define to 1 if you have the `fstat' function. */ #define HAVE_FSTAT 1 /* Define to 1 if you have the `getbootfile' function. */ #define HAVE_GETBOOTFILE 1 /* Define to 1 if you have the `getclock' function. */ /* #undef HAVE_GETCLOCK */ /* Define to 1 if you have the `getdtablesize' function. */ #define HAVE_GETDTABLESIZE 1 /* Define to 1 if you have the `getifaddrs' function. */ #define HAVE_GETIFADDRS 1 /* Define to 1 if you have the `getpassphrase' function. */ /* #undef HAVE_GETPASSPHRASE */ /* Define to 1 if you have the `getrusage' function. */ #define HAVE_GETRUSAGE 1 /* Define to 1 if you have the `getuid' function. */ #define HAVE_GETUID 1 /* if you have GNU Pth */ /* #undef HAVE_GNU_PTH */ /* Define to 1 if you have the header file. */ #define HAVE_HISTEDIT_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_HISTORY_H */ /* Obvious */ #define HAVE_HZ_IN_STRUCT_CLOCKINFO 1 /* Define to 1 if you have the header file. */ #define HAVE_IEEEFP_H 1 /* have iflist_sysctl? */ #define HAVE_IFLIST_SYSCTL 1 /* Define to 1 if you have the `if_nametoindex' function. */ #define HAVE_IF_NAMETOINDEX 1 /* inline keyword or macro available */ #define HAVE_INLINE 1 /* Define to 1 if the system has the type `int16_t'. */ #define HAVE_INT16_T 1 /* Define to 1 if the system has the type `int32'. */ /* #undef HAVE_INT32 */ /* int32 type in DNS headers, not others. */ /* #undef HAVE_INT32_ONLY_WITH_DNS */ /* Define to 1 if the system has the type `int32_t'. */ #define HAVE_INT32_T 1 /* Define to 1 if the system has the type `int8_t'. */ #define HAVE_INT8_T 1 /* Define to 1 if the system has the type `intmax_t'. */ /* #undef HAVE_INTMAX_T */ /* Define to 1 if the system has the type `intptr_t'. */ #define HAVE_INTPTR_T 1 /* Define to 1 if you have the header file. */ #define HAVE_INTTYPES_H 1 /* Define to 1 if you have the `isfinite' function. */ #define HAVE_ISFINITE 1 /* Define to 1 if you have the header file. */ #define HAVE_KVM_H 1 /* Define to 1 if you have the `kvm_open' function. */ /* #undef HAVE_KVM_OPEN */ /* Define to 1 if you have the `gen' library (-lgen). */ /* #undef HAVE_LIBGEN */ /* Define to 1 if you have the header file. */ #define HAVE_LIBGEN_H 1 /* Define to 1 if you have the `intl' library (-lintl). */ /* #undef HAVE_LIBINTL */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBINTL_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBSCF_H */ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 /* using Linux pthread? */ /* #undef HAVE_LINUXTHREADS */ /* Do we have Linux capabilities? */ /* #undef HAVE_LINUX_CAPABILITIES */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LINUX_IF_ADDR_H */ /* if you have LinuxThreads */ /* #undef HAVE_LINUX_THREADS */ /* Define to 1 if you have the `localeconv' function. */ /* #undef HAVE_LOCALECONV */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LOCALE_H */ /* Define to 1 if the system has the type `long double'. */ /* #undef HAVE_LONG_DOUBLE */ /* Define to 1 if the system has the type `long long'. */ #define HAVE_LONG_LONG 1 /* Define to 1 if the system has the type `long long int'. */ /* #undef HAVE_LONG_LONG_INT */ /* if you have SunOS LWP package */ /* #undef HAVE_LWP */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LWP_LWP_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACHINE_INLINE_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACHINE_SOUNDCARD_H */ /* define if you have Mach Cthreads */ /* #undef HAVE_MACH_CTHREADS */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACH_CTHREADS_H */ /* Define to 1 if you have the header file. */ #define HAVE_MATH_H 1 /* Define to 1 if you have the `MD5Init' function. */ #define HAVE_MD5INIT 1 /* Define to 1 if you have the header file. */ #define HAVE_MD5_H 1 /* Define to 1 if you have the `memlk' function. */ /* #undef HAVE_MEMLK */ /* Define to 1 if you have the header file. */ #define HAVE_MEMORY_H 1 /* Define to 1 if you have the `mkstemp' function. */ #define HAVE_MKSTEMP 1 /* Define to 1 if you have the `mktime' function. */ #define HAVE_MKTIME 1 /* Define to 1 if you have the `mlockall' function. */ #define HAVE_MLOCKALL 1 /* Define to 1 if you have the `mmap' function. */ #define HAVE_MMAP 1 /* Define to 1 if you have the `nanosleep' function. */ #define HAVE_NANOSLEEP 1 /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_NDIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_NETDB_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_NETINET_IN_SYSTEM_H */ /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_SYSTM_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_VAR_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IP_H 1 /* NetInfo support? */ /* #undef HAVE_NETINFO */ /* Define to 1 if you have the header file. */ /* #undef HAVE_NETINFO_NI_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_NET_IF6_H */ /* Define to 1 if you have the header file. */ #define HAVE_NET_IF_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NET_IF_VAR_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NET_ROUTE_H 1 /* Define to 1 if you have the `nice' function. */ #define HAVE_NICE 1 /* Define to 1 if you have the header file. */ #define HAVE_NLIST_H 1 /* via __adjtimex */ #define HAVE_NTP_ADJTIME 1 /* via __ntp_gettime */ #define HAVE_NTP_GETTIME 1 /* Do we want support for Samba's signing daemon? */ #define HAVE_NTP_SIGND 1 /* if you have NT Event Log */ /* #undef HAVE_NT_EVENT_LOG */ /* if you have NT Service Manager */ /* #undef HAVE_NT_SERVICE_MANAGER */ /* if you have NT Threads */ /* #undef HAVE_NT_THREADS */ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_CMAC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_HMAC_H 1 /* Define to 1 if the system has the type `pid_t'. */ #define HAVE_PID_T 1 /* Define to 1 if you have the `plock' function. */ /* #undef HAVE_PLOCK */ /* Define to 1 if you have the header file. */ #define HAVE_POLL_H 1 /* Do we have the PPS API per the Draft RFC? */ #define HAVE_PPSAPI 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_PRIV_H */ /* Define if you have POSIX threads libraries and header files. */ /* #undef HAVE_PTHREAD */ /* define to pthreads API spec revision */ #define HAVE_PTHREADS 10 /* Define to 1 if you have the `pthread_attr_getstacksize' function. */ #define HAVE_PTHREAD_ATTR_GETSTACKSIZE 1 /* Define to 1 if you have the `pthread_attr_setstacksize' function. */ #define HAVE_PTHREAD_ATTR_SETSTACKSIZE 1 /* define if you have pthread_detach function */ #define HAVE_PTHREAD_DETACH 1 /* Define to 1 if you have the `pthread_getconcurrency' function. */ #define HAVE_PTHREAD_GETCONCURRENCY 1 /* Define to 1 if you have the header file. */ #define HAVE_PTHREAD_H 1 /* Define to 1 if you have the `pthread_kill' function. */ #define HAVE_PTHREAD_KILL 1 /* Define to 1 if you have the `pthread_kill_other_threads_np' function. */ /* #undef HAVE_PTHREAD_KILL_OTHER_THREADS_NP */ /* define if you have pthread_rwlock_destroy function */ #define HAVE_PTHREAD_RWLOCK_DESTROY 1 /* Define to 1 if you have the `pthread_setconcurrency' function. */ #define HAVE_PTHREAD_SETCONCURRENCY 1 /* Define to 1 if you have the `pthread_yield' function. */ #define HAVE_PTHREAD_YIELD 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_PTH_H */ /* Define to 1 if the system has the type `ptrdiff_t'. */ #define HAVE_PTRDIFF_T 1 /* Define to 1 if you have the `pututline' function. */ /* #undef HAVE_PUTUTLINE */ /* Define to 1 if you have the `pututxline' function. */ #define HAVE_PUTUTXLINE 1 /* Define to 1 if you have the `RAND_bytes' function. */ #define HAVE_RAND_BYTES 1 /* Define to 1 if you have the `RAND_poll' function. */ #define HAVE_RAND_POLL 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_READLINE_H */ /* Define if your readline library has \`add_history' */ #define HAVE_READLINE_HISTORY 1 /* Define to 1 if you have the header file. */ #define HAVE_READLINE_HISTORY_H 1 /* Define to 1 if you have the header file. */ #define HAVE_READLINE_READLINE_H 1 /* Define to 1 if you have the `readlink' function. */ #define HAVE_READLINK 1 /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 /* Define to 1 if you have the header file. */ #define HAVE_RESOLV_H 1 /* Define to 1 if you have the `res_init' function. */ #define HAVE_RES_INIT 1 /* Do we have Linux routing socket? */ /* #undef HAVE_RTNETLINK */ /* Define to 1 if you have the `rtprio' function. */ #define HAVE_RTPRIO 1 /* Define to 1 if you have the header file. */ #define HAVE_RUNETYPE_H 1 /* Obvious */ #define HAVE_SA_SIGACTION_IN_STRUCT_SIGACTION 1 /* Define to 1 if you have the header file. */ #define HAVE_SCHED_H 1 /* Define to 1 if you have the `sched_setscheduler' function. */ #define HAVE_SCHED_SETSCHEDULER 1 /* Define to 1 if you have the `sched_yield' function. */ #define HAVE_SCHED_YIELD 1 /* Define to 1 if you have the header file. */ #define HAVE_SEMAPHORE_H 1 /* Define to 1 if you have the `sem_timedwait' function. */ #define HAVE_SEM_TIMEDWAIT 1 /* Define to 1 if you have the header file. */ #define HAVE_SETJMP_H 1 /* Define to 1 if you have the `setlinebuf' function. */ #define HAVE_SETLINEBUF 1 /* Define to 1 if you have the `setpgid' function. */ #define HAVE_SETPGID 1 /* define if setpgrp takes 0 arguments */ /* #undef HAVE_SETPGRP_0 */ /* Define to 1 if you have the `setpriority' function. */ #define HAVE_SETPRIORITY 1 /* Define to 1 if you have the `setrlimit' function. */ #define HAVE_SETRLIMIT 1 /* Define to 1 if you have the `setsid' function. */ #define HAVE_SETSID 1 /* Define to 1 if you have the `settimeofday' function. */ #define HAVE_SETTIMEOFDAY 1 /* Define to 1 if you have the `setvbuf' function. */ #define HAVE_SETVBUF 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SGTTY_H */ /* Define to 1 if you have the `sigaction' function. */ #define HAVE_SIGACTION 1 /* Can we use SIGIO for tcp and udp IO? */ /* #undef HAVE_SIGNALED_IO */ /* Define to 1 if you have the `sigset' function. */ #define HAVE_SIGSET 1 /* Define to 1 if you have the `sigvec' function. */ #define HAVE_SIGVEC 1 /* sigwait() available? */ #define HAVE_SIGWAIT 1 /* Define to 1 if the system has the type `size_t'. */ #define HAVE_SIZE_T 1 /* Define if C99-compliant `snprintf' is available. */ #define HAVE_SNPRINTF 1 /* Define to 1 if you have the `socketpair' function. */ #define HAVE_SOCKETPAIR 1 /* Are Solaris privileges available? */ /* #undef HAVE_SOLARIS_PRIVS */ /* Define to 1 if you have the header file. */ #define HAVE_STDARG_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STDATOMIC_H 1 /* Define to 1 if stdbool.h conforms to C99. */ #define HAVE_STDBOOL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_STDDEF_H */ /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define to 1 if you have the `stime' function. */ /* #undef HAVE_STIME */ /* Define to 1 if you have the `strchr' function. */ #define HAVE_STRCHR 1 /* Define to 1 if you have the `strdup' function. */ #define HAVE_STRDUP 1 /* Define to 1 if you have the `strerror' function. */ #define HAVE_STRERROR 1 /* Define to 1 if you have the `strerror_r' function. */ #define HAVE_STRERROR_R 1 /* Define to 1 if you have the header file. */ #define HAVE_STRINGS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the `strlcat' function. */ #define HAVE_STRLCAT 1 /* Define to 1 if you have the `strlcpy' function. */ #define HAVE_STRLCPY 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_STROPTS_H */ /* Define to 1 if you have the `strrchr' function. */ #define HAVE_STRRCHR 1 /* Define to 1 if you have the `strsignal' function. */ #define HAVE_STRSIGNAL 1 /* Define to 1 if you have the `strtoll' function. */ #define HAVE_STRTOLL 1 /* Define to 1 if `decimal_point' is a member of `struct lconv'. */ /* #undef HAVE_STRUCT_LCONV_DECIMAL_POINT */ /* Define to 1 if `thousands_sep' is a member of `struct lconv'. */ /* #undef HAVE_STRUCT_LCONV_THOUSANDS_SEP */ /* Do we have struct ntptimeval? */ #define HAVE_STRUCT_NTPTIMEVAL 1 /* Define to 1 if `time.tv_nsec' is a member of `struct ntptimeval'. */ #define HAVE_STRUCT_NTPTIMEVAL_TIME_TV_NSEC 1 /* Does a system header define struct ppsclockev? */ /* #undef HAVE_STRUCT_PPSCLOCKEV */ /* Do we have struct snd_size? */ #define HAVE_STRUCT_SND_SIZE 1 /* Does a system header define struct sockaddr_storage? */ #define HAVE_STRUCT_SOCKADDR_STORAGE 1 /* struct timespec declared? */ #define HAVE_STRUCT_TIMESPEC 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SUN_AUDIOIO_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYNCH_H */ /* Define to 1 if you have the `sysconf' function. */ #define HAVE_SYSCONF 1 /* Define to 1 if you have the header file. */ #define HAVE_SYSEXITS_H 1 /* */ #define HAVE_SYSLOG_FACILITYNAMES 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_AUDIOIO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_CAPABILITY_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_CLOCKCTL_H */ /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_SYS_DIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_FILE_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_I8253_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_IOCTL_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_IPC_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_LIMITS_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_LOCK_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_MAC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_MMAN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_MODEM_H */ /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_SYS_NDIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_PARAM_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PCL720_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_POLL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PPSCLOCK_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PPSTIME_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PRCTL_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PROCSET_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_PROC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_RESOURCE_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SCHED_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_SELECT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SHM_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SIGNAL_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOCKET_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOCKIO_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOUNDCARD_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_STREAM_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_STROPTS_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_SYSCTL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SYSSGI_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SYSTUNE_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TERMIOS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMEPPS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMERS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMEX_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIME_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_TPRO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Use sys/uio.h for struct iovec help */ /* #undef HAVE_SYS_UIO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_UN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_VAR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_WAIT_H 1 /* Define to 1 if the system has the type `s_char'. */ /* #undef HAVE_S_CHAR */ /* Define to 1 if you have the header file. */ #define HAVE_TERMIOS_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_TERMIO_H */ /* if you have Solaris LWP (thr) package */ /* #undef HAVE_THR */ /* Define to 1 if you have the header file. */ /* #undef HAVE_THREAD_H */ /* Define to 1 if you have the `thr_getconcurrency' function. */ /* #undef HAVE_THR_GETCONCURRENCY */ /* Define to 1 if you have the `thr_setconcurrency' function. */ /* #undef HAVE_THR_SETCONCURRENCY */ /* Define to 1 if you have the `thr_yield' function. */ /* #undef HAVE_THR_YIELD */ /* Obvious */ #define HAVE_TICKADJ_IN_STRUCT_CLOCKINFO 1 /* Define to 1 if you have the `timegm' function. */ #define HAVE_TIMEGM 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_TIMEPPS_H */ /* Define to 1 if you have the `timer_create' function. */ /* #undef HAVE_TIMER_CREATE */ /* Define to 1 if you have the header file. */ /* #undef HAVE_TIMEX_H */ /* Define to 1 if you have the header file. */ #define HAVE_TIME_H 1 /* Do we have the TIOCGPPSEV ioctl (Solaris)? */ /* #undef HAVE_TIOCGPPSEV */ /* Do we have the TIOCSPPS ioctl (Solaris)? */ /* #undef HAVE_TIOCSPPS */ /* Do we have the TIO serial stuff? */ /* #undef HAVE_TIO_SERIAL_STUFF */ /* Define to 1 if the system has the type `uint16_t'. */ #define HAVE_UINT16_T 1 /* Define to 1 if the system has the type `uint32_t'. */ #define HAVE_UINT32_T 1 /* Define to 1 if the system has the type `uint8_t'. */ #define HAVE_UINT8_T 1 /* Define to 1 if the system has the type `uintmax_t'. */ /* #undef HAVE_UINTMAX_T */ /* Define to 1 if the system has the type `uintptr_t'. */ #define HAVE_UINTPTR_T 1 /* Define to 1 if the system has the type `uint_t'. */ /* #undef HAVE_UINT_T */ /* Define to 1 if you have the `umask' function. */ #define HAVE_UMASK 1 /* Define to 1 if you have the `uname' function. */ #define HAVE_UNAME 1 /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 /* deviant sigwait? */ /* #undef HAVE_UNIXWARE_SIGWAIT */ /* Define to 1 if the system has the type `unsigned long long int'. */ #define HAVE_UNSIGNED_LONG_LONG_INT 1 /* Define to 1 if you have the `updwtmp' function. */ /* #undef HAVE_UPDWTMP */ /* Define to 1 if you have the `updwtmpx' function. */ /* #undef HAVE_UPDWTMPX */ /* Define to 1 if you have the header file. */ #define HAVE_UTIME_H 1 /* Define to 1 if you have the header file. */ #define HAVE_UTMPX_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_UTMP_H */ /* Define to 1 if the system has the type `u_int32'. */ /* #undef HAVE_U_INT32 */ /* u_int32 type in DNS headers, not others. */ /* #undef HAVE_U_INT32_ONLY_WITH_DNS */ /* Define to 1 if you have the header file. */ /* #undef HAVE_VALUES_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_VARARGS_H */ /* Define to 1 if you have the `vfork' function. */ #define HAVE_VFORK 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_VFORK_H */ /* Define to 1 if you have the `vprintf' function. */ #define HAVE_VPRINTF 1 /* Define if C99-compliant `vsnprintf' is available. */ #define HAVE_VSNPRINTF 1 /* Define to 1 if you have the header file. */ #define HAVE_WCHAR_H 1 /* Define to 1 if the system has the type `wchar_t'. */ #define HAVE_WCHAR_T 1 /* Define to 1 if the system has the type `wint_t'. */ #define HAVE_WINT_T 1 /* Define to 1 if `fork' works. */ #define HAVE_WORKING_FORK 1 /* Define to 1 if `vfork' works. */ #define HAVE_WORKING_VFORK 1 /* define if select implicitly yields */ #define HAVE_YIELDING_SELECT 1 /* Define to 1 if the system has the type `_Bool'. */ #define HAVE__BOOL 1 /* Define to 1 if you have the `_exit' function. */ #define HAVE__EXIT 1 /* Define to 1 if you have the header file. */ /* #undef HAVE__SYS_SYNC_QUEUE_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE__SYS_SYNC_SEMA_H */ /* Define to 1 if you have the `__adjtimex' function. */ /* #undef HAVE___ADJTIMEX */ /* defined if C compiler supports __attribute__((...)) */ #define HAVE___ATTRIBUTE__ /**/ /* define away __attribute__() if unsupported */ #ifndef HAVE___ATTRIBUTE__ # define __attribute__(x) /* empty */ #endif #define ISC_PLATFORM_NORETURN_PRE #define ISC_PLATFORM_NORETURN_POST __attribute__((__noreturn__)) /* Define to 1 if you have the `__ntp_gettime' function. */ /* #undef HAVE___NTP_GETTIME */ /* Define to 1 if you have the `__res_init' function. */ /* #undef HAVE___RES_INIT */ /* Does struct sockaddr_storage have __ss_family? */ /* #undef HAVE___SS_FAMILY_IN_SS */ /* Handle sockaddr_storage.__ss_family */ #ifdef HAVE___SS_FAMILY_IN_SS # define ss_family __ss_family #endif /* HAVE___SS_FAMILY_IN_SS */ /* Define to provide `rpl_snprintf' function. */ /* #undef HW_WANT_RPL_SNPRINTF */ /* Define to provide `rpl_vsnprintf' function. */ /* #undef HW_WANT_RPL_VSNPRINTF */ /* Retry queries on _any_ DNS error? */ /* #undef IGNORE_DNS_ERRORS */ /* Should we use the IRIG sawtooth filter? */ /* #undef IRIG_SUCKS */ /* Enclose PTHREAD_ONCE_INIT in extra braces? */ /* #undef ISC_PLATFORM_BRACEPTHREADONCEINIT */ /* Do we need to fix in6isaddr? */ /* #undef ISC_PLATFORM_FIXIN6ISADDR */ /* ISC: do we have if_nametoindex()? */ #define ISC_PLATFORM_HAVEIFNAMETOINDEX 1 /* have struct if_laddrconf? */ /* #undef ISC_PLATFORM_HAVEIF_LADDRCONF */ /* have struct if_laddrreq? */ /* #undef ISC_PLATFORM_HAVEIF_LADDRREQ */ /* have struct in6_pktinfo? */ #define ISC_PLATFORM_HAVEIN6PKTINFO 1 /* have IPv6? */ #define ISC_PLATFORM_HAVEIPV6 1 /* struct sockaddr has sa_len? */ #define ISC_PLATFORM_HAVESALEN 1 /* sin6_scope_id? */ #define ISC_PLATFORM_HAVESCOPEID 1 /* missing in6addr_any? */ /* #undef ISC_PLATFORM_NEEDIN6ADDRANY */ /* Do we need netinet6/in6.h? */ /* #undef ISC_PLATFORM_NEEDNETINET6IN6H */ /* ISC: provide inet_ntop() */ /* #undef ISC_PLATFORM_NEEDNTOP */ /* Declare in_port_t? */ /* #undef ISC_PLATFORM_NEEDPORTT */ /* ISC: provide inet_pton() */ /* #undef ISC_PLATFORM_NEEDPTON */ /* enable libisc thread support? */ #define ISC_PLATFORM_USETHREADS 1 /* Does the kernel have an FLL bug? */ /* #undef KERNEL_FLL_BUG */ /* Does the kernel support precision time discipline? */ #define KERNEL_PLL 1 /* Define to use libseccomp system call filtering. */ /* #undef KERN_SECCOMP */ /* What is (probably) the name of DOSYNCTODR in the kernel? */ #define K_DOSYNCTODR_NAME "_dosynctodr" /* What is (probably) the name of NOPRINTF in the kernel? */ #define K_NOPRINTF_NAME "_noprintf" /* What is the name of TICKADJ in the kernel? */ #define K_TICKADJ_NAME "_tickadj" /* What is the name of TICK in the kernel? */ #define K_TICK_NAME "_tick" /* define to 1 if library is thread safe */ #define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1 /* leap smear mechanism */ #define LEAP_SMEAR 1 /* Define to any value to include libseccomp sandboxing. */ /* #undef LIBSECCOMP */ /* Should we align with the NIST lockclock scheme? */ /* #undef LOCKCLOCK */ /* Define to the sub-directory where libtool stores uninstalled libraries. */ #define LT_OBJDIR ".libs/" /* Does the target support multicast IP? */ #define MCAST 1 /* Should we recommend a minimum value for tickadj? */ /* #undef MIN_REC_TICKADJ */ /* Define to 1 if the compiler does not support C99's structure initialization. */ /* #undef MISSING_C99_STRUCT_INIT */ /* having to fork the DNS worker early when doing chroot? */ /* #undef NEED_EARLY_FORK */ /* Do we need HPUX adjtime() library support? */ /* #undef NEED_HPUX_ADJTIME */ /* Do we want the HPUX FindConfig()? */ /* #undef NEED_HPUX_FINDCONFIG */ /* We need to provide netsnmp_daemonize() */ /* #undef NEED_NETSNMP_DAEMONIZE */ /* pthread_init() required? */ /* #undef NEED_PTHREAD_INIT */ /* use PTHREAD_SCOPE_SYSTEM? */ /* #undef NEED_PTHREAD_SCOPE_SYSTEM */ /* Do we need the qnx adjtime call? */ /* #undef NEED_QNX_ADJTIME */ /* Do we need extra room for SO_RCVBUF? (HPUX < 8) */ /* #undef NEED_RCVBUF_SLOP */ /* Do we need an s_char typedef? */ #define NEED_S_CHAR_TYPEDEF 1 /* Might nlist() values require an extra level of indirection (AIX)? */ /* #undef NLIST_EXTRA_INDIRECTION */ /* does struct nlist use a name union? */ /* #undef NLIST_NAME_UNION */ /* nlist stuff */ #define NLIST_STRUCT 1 /* Should we NOT read /dev/kmem? */ #define NOKMEM 1 /* Should we avoid #warning on option name collisions? */ /* #undef NO_OPTION_NAME_WARNINGS */ /* Is there a problem using PARENB and IGNPAR? */ /* #undef NO_PARENB_IGNPAR */ /* define if you have (or want) no threads */ /* #undef NO_THREADS */ /* Default location of crypto key info */ #define NTP_KEYSDIR "/etc/ntp" /* Path to sign daemon rendezvous socket */ #define NTP_SIGND_PATH "/var/run/ntp_signd" /* Do we have ntp_{adj,get}time in libc? */ #define NTP_SYSCALLS_LIBC 1 /* Do we have ntp_{adj,get}time in the kernel? */ /* #undef NTP_SYSCALLS_STD */ /* Do we have support for SHMEM_STATUS? */ #define ONCORE_SHMEM_STATUS 1 /* Use OpenSSL? */ /* #define OPENSSL */ /* Should we open the broadcast socket? */ #define OPEN_BCAST_SOCKET 1 /* need to recreate sockets on changed routing? */ /* #undef OS_MISSES_SPECIFIC_ROUTE_UPDATES */ /* wildcard socket needs REUSEADDR to bind interface addresses */ /* #undef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ /* Do we need to override the system's idea of HZ? */ #define OVERRIDE_HZ 1 /* Name of package */ #define PACKAGE "ntp" /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "http://bugs.ntp.org./" /* Define to the full name of this package. */ #define PACKAGE_NAME "ntp" /* Define to the full name and version of this package. */ #define PACKAGE_STRING "ntp 4.2.8p12" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "ntp" /* Define to the home page for this package. */ #define PACKAGE_URL "http://www.ntp.org./" /* Define to the version of this package. */ #define PACKAGE_VERSION "4.2.8p12" /* data dir */ #define PERLLIBDIR "/usr/share/ntp/lib" /* define to a working POSIX compliant shell */ #define POSIX_SHELL "/bin/sh" /* PARSE kernel PLL PPS support */ /* #undef PPS_SYNC */ /* Preset a value for 'tick'? */ #define PRESET_TICK 1000000L/hz /* Preset a value for 'tickadj'? */ #define PRESET_TICKADJ 500/hz /* Should we not IGNPAR (Linux)? */ /* #undef RAWDCF_NO_IGNPAR */ /* enable thread safety */ #define REENTRANT 1 /* Basic refclock support? */ #define REFCLOCK 1 /* Do we want the ReliantUNIX clock hacks? */ /* #undef RELIANTUNIX_CLOCK */ /* define if sched_yield yields the entire process */ /* #undef REPLACE_BROKEN_YIELD */ /* Define as the return type of signal handlers (`int' or `void'). */ #define RETSIGTYPE void /* saveconfig mechanism */ #define SAVECONFIG 1 /* Do we want the SCO clock hacks? */ /* #undef SCO5_CLOCK */ /* The size of `char *', as computed by sizeof. */ #ifdef __LP64__ #define SIZEOF_CHARP 8 #else #define SIZEOF_CHARP 4 #endif /* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 /* The size of `long', as computed by sizeof. */ #ifdef __LP64__ #define SIZEOF_LONG 8 #else #define SIZEOF_LONG 4 #endif /* The size of `long long', as computed by sizeof. */ #define SIZEOF_LONG_LONG 8 /* The size of `pthread_t', as computed by sizeof. */ #define SIZEOF_PTHREAD_T 8 /* The size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 /* The size of `signed char', as computed by sizeof. */ #define SIZEOF_SIGNED_CHAR 1 /* The size of `time_t', as computed by sizeof. */ #if defined(__i386__) || defined(__powerpc__) #define SIZEOF_TIME_T 4 #else #define SIZEOF_TIME_T 8 #endif /* Does SIOCGIFCONF return size in the buffer? */ /* #undef SIZE_RETURNED_IN_BUFFER */ /* Slew always? */ /* #undef SLEWALWAYS */ /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be automatically deduced at runtime. STACK_DIRECTION > 0 => grows toward higher addresses STACK_DIRECTION < 0 => grows toward lower addresses STACK_DIRECTION = 0 => direction of growth unknown */ /* #undef STACK_DIRECTION */ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Step, then slew the clock? */ /* #undef STEP_SLEW */ /* Define to 1 if strerror_r returns char *. */ /* #undef STRERROR_R_CHAR_P */ /* canonical system (cpu-vendor-os) of where we should run */ #if defined(__alpha__) #define STR_SYSTEM "alpha-undermydesk-freebsd" #elif defined(__sparc64__) #define STR_SYSTEM "sparc64-undermydesk-freebsd" #elif defined(__amd64__) #define STR_SYSTEM "amd64-undermydesk-freebsd" #elif defined(__powerpc64__) #define STR_SYSTEM "powerpc64-undermydesk-freebsd" #elif defined(__powerpc__) #define STR_SYSTEM "powerpc-undermydesk-freebsd" #elif defined(__mips64) #define STR_SYSTEM "mips64-undermydesk-freebsd" #elif defined(__mips__) #define STR_SYSTEM "mips-undermydesk-freebsd" #elif defined(__aarch64__) #define STR_SYSTEM "arm64-undermydesk-freebsd" #elif defined(__arm__) #define STR_SYSTEM "arm-undermydesk-freebsd" #elif defined(__sparc64__) #define STR_SYSTEM "sparc64-undermydesk-freebsd" #elif defined(__sparc__) #define STR_SYSTEM "sparc-undermydesk-freebsd" #elif defined(__ia64__) #define STR_SYSTEM "ia64-undermydesk-freebsd" #else #define STR_SYSTEM "i386-undermydesk-freebsd" #endif /* Does Xettimeofday take 1 arg? */ /* #undef SYSV_TIMEOFDAY */ /* Do we need to #define _SVID3 when we #include ? */ /* #undef TERMIOS_NEEDS__SVID3 */ /* enable thread safety */ #define THREADSAFE 1 /* enable thread safety */ #define THREAD_SAFE 1 /* Is K_TICKADJ_NAME in nanoseconds? */ /* #undef TICKADJ_NANO */ /* Is K_TICK_NAME in nanoseconds? */ /* #undef TICK_NANO */ /* Define to 1 if you can safely include both and . */ #define TIME_WITH_SYS_TIME 1 /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ /* Provide a typedef for uintptr_t? */ #ifndef HAVE_UINTPTR_T typedef unsigned int uintptr_t; #define HAVE_UINTPTR_T 1 #endif /* What type to use for setsockopt */ #define TYPEOF_IP_MULTICAST_LOOP u_char /* Do we set process groups with -pid? */ /* #undef UDP_BACKWARDS_SETOWN */ /* Must we have a CTTY for fsetown? */ #define USE_FSETOWNCTTY 1 /* Use OpenSSL's crypto random functions */ /* #define USE_OPENSSL_CRYPTO_RAND 1 */ /* OK to use snprintb()? */ /* #undef USE_SNPRINTB */ /* Can we use SIGPOLL for tty IO? */ /* #undef USE_TTY_SIGPOLL */ /* Can we use SIGPOLL for UDP? */ /* #undef USE_UDP_SIGPOLL */ /* Version number of package */ #define VERSION "4.2.8p12" /* vsnprintf expands "%m" to strerror(errno) */ #define VSNPRINTF_PERCENT_M 1 /* configure --enable-ipv6 */ #define WANT_IPV6 1 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined(__ARMEB__) || defined(__MIPSEB__) || defined(__powerpc__) || \ defined(__powerpc64__) || defined(__sparc64__) #define WORDS_BIGENDIAN 1 #endif /* routine worker child proc uses to exit. */ #define WORKER_CHILD_EXIT exit /* Define to 1 if on MINIX. */ /* #undef _MINIX */ /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ /* #undef _POSIX_1_SOURCE */ /* Define to 1 if you need to in order for `stat' and other things to work. */ /* #undef _POSIX_SOURCE */ /* enable thread safety */ #define _REENTRANT 1 /* enable thread safety */ #define _SGI_MP_SOURCE 1 /* enable thread safety */ #define _THREADSAFE 1 /* enable thread safety */ #define _THREAD_SAFE 1 /* Define to 500 only on HP-UX. */ /* #undef _XOPEN_SOURCE */ /* Are we _special_? */ /* #undef __APPLE_USE_RFC_3542 */ /* Define to 1 if type `char' is unsigned and you are not using gcc. */ #ifndef __CHAR_UNSIGNED__ /* # undef __CHAR_UNSIGNED__ */ #endif /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # define _ALL_SOURCE 1 #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # define _GNU_SOURCE 1 #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # define _POSIX_PTHREAD_SEMANTICS 1 #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # define _TANDEM_SOURCE 1 #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # define __EXTENSIONS__ 1 #endif /* deviant */ /* #undef adjtimex */ /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ /* Define to `int' if doesn't define. */ /* #undef gid_t */ /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus /* #undef inline */ #endif /* Define to the widest signed integer type if and do not define. */ /* #undef intmax_t */ /* deviant */ /* #undef ntp_adjtime */ /* deviant */ /* #undef ntp_gettime */ /* Define to `long int' if does not define. */ /* #undef off_t */ /* Define to `int' if does not define. */ /* #undef pid_t */ /* Define to `unsigned int' if does not define. */ /* #undef size_t */ #if !defined(_KERNEL) && !defined(PARSESTREAM) /* * stdio.h must be included after _GNU_SOURCE is defined * but before #define snprintf rpl_snprintf */ # include #endif /* Define to rpl_snprintf if the replacement function should be used. */ /* #undef snprintf */ /* Define to `int' if doesn't define. */ /* #undef uid_t */ /* Define to the widest unsigned integer type if and do not define. */ /* #undef uintmax_t */ /* Define to the type of an unsigned integer type wide enough to hold a pointer, if such a type exists, and if the system does not define it. */ /* #undef uintptr_t */ /* Define as `fork' if `vfork' does not work. */ /* #undef vfork */ /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ /* #undef volatile */ /* Define to rpl_vsnprintf if the replacement function should be used. */ /* #undef vsnprintf */ #ifndef MPINFOU_PREDECLARED # define MPINFOU_PREDECLARED typedef union mpinfou { struct pdk_mpinfo *pdkptr; struct mpinfo *pikptr; } mpinfou_t; #endif #if !defined(_KERNEL) && !defined(PARSESTREAM) # if defined(HW_WANT_RPL_VSNPRINTF) # if defined(__cplusplus) extern "C" { # endif # include int rpl_vsnprintf(char *, size_t, const char *, va_list); # if defined(__cplusplus) } # endif # endif # if defined(HW_WANT_RPL_SNPRINTF) # if defined(__cplusplus) extern "C" { # endif int rpl_snprintf(char *, size_t, const char *, ...); # if defined(__cplusplus) } # endif # endif #endif /* !defined(_KERNEL) && !defined(PARSESTREAM) */ /* * FreeBSD specific: Explicitly specify date/time for reproducible build. */ #define MKREPRO_DATE "Aug 19 2018" #define MKREPRO_TIME "01:24:29" Index: stable/11 =================================================================== --- stable/11 (revision 352864) +++ stable/11 (revision 352865) Property changes on: stable/11 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r352304,352540 Index: stable/12/UPDATING =================================================================== --- stable/12/UPDATING (revision 352864) +++ stable/12/UPDATING (revision 352865) @@ -1,1968 +1,1974 @@ Updating Information for FreeBSD current users. This file is maintained and copyrighted by M. Warner Losh . See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. These instructions assume that you basically know what you are doing. If not, then please consult the FreeBSD handbook: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20190913: + ntpd no longer by default locks its pages in memory, allowing them + to be paged out by the kernel. Use rlimit memlock to restore + historic BSD behaviour. For example, add "rlimit memlock 32" + to ntp.conf to lock up to 32 MB of ntpd address space in memory. + 20190914: The vfs.fusefs.sync_unmount and vfs.fusefs.init_backgrounded sysctls and the "-o sync_unmount" and "-o init_backgrounded" mount options have been removed from mount_fusefs(8). You can safely remove them from your scripts, because they had no effect. The vfs.fusefs.fix_broken_io, vfs.fusefs.sync_resize, vfs.fusefs.refresh_size, vfs.fusefs.mmap_enable, vfs.fusefs.reclaim_revoked, and vfs.fusefs.data_cache_invalidate sysctls have been removed. If you felt the need to set any of them to a non-default value, please tell asomers@FreeBSD.org why. 20190906: The fuse(4) module has been renamed to fusefs(4) for consistency with other filesystems. You should update any kld_load="fuse" entries in /etc/rc.conf, fuse_load="YES" entries in /boot/loader.conf, and "options FUSE" enties in kernel config files. 20190811: Default permissions on the /var/account/acct file (and copies of it rotated by periodic daily scripts) are changed from 0644 to 0640 because the file contains sensitive information that should not be world-readable. If the /var/account directory must be created by rc.d/accounting, the mode used is now 0750. Admins who use the accounting feature are encouraged to change the mode of an existing /var/account directory to 0750 or 0700. 20190723: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 8.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20190413: Now Clang 8 has been merged (see the 20190412 entry below), the ifunc functionality needed for the RETPOLINE option should work properly again. The RETPOLINE option has been removed from BROKEN_OPTIONS. 20190412: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 8.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20190307: The RETPOLINE option produces non-functional ifunc-using binaries with Clang 7.0.1, and has been forced off (via BROKEN_OPTIONS). Once Clang 8 is merged it may be enabled again. 20190216: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 7.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20190226: geom_uzip(4) depends on the new module xz. If geom_uzip is statically compiled into your custom kernel, add 'device xz' statement to the kernel config. 20190214: Iflib is no longer unconditionally compiled into the kernel. Drivers using iflib and statically compiled into the kernel, now require the 'device iflib' config option. For the same drivers loaded as modules on kernels not having 'device iflib', the iflib.ko module is loaded automatically. 20181228: r342561 modifies the NFSv4 server so that it obeys vfs.nfsd.nfs_privport in the same as it is applied to NFSv2 and 3. This implies that NFSv4 servers that have vfs.nfsd.nfs_privport set will only allow mounts from clients using a reserved port#. Since both the FreeBSD and Linux NFSv4 clients use reserved port#s by default, this should not affect most NFSv4 mounts. 20181129: On amd64, arm64 and armv7 (architectures that install LLVM's ld.lld linker as /usr/bin/ld) GNU ld is no longer installed as ld.bfd, as it produces broken binaries when ifuncs are in use. Users needing GNU ld should install the binutils port or package. 20181115: The set of CTM commands (ctm, ctm_smail, ctm_rmail, ctm_dequeue) has been converted to a port (misc/ctm) and will be removed from FreeBSD-13. A depreciation warning will be printed to stderr by the ctm command, but the functionality will remain in base for all FreeBSD-12 releases. 20181019: The stable/12 branch has been created in subversion from head revision r339432. 20181015: Ports for the DRM modules have been simplified. Now, amd64 users should just install the drm-kmod port. All others should install drm-legacy-kmod. Graphics hardware that's newer than about 2010 usually works with drm-kmod. For hardware older than 2013, however, some users will need to use drm-legacy-kmod if drm-kmod doesn't work for them. Hardware older than 2008 usually only works in drm-legacy-kmod. The graphics team can only commit to hardware made since 2013 due to the complexity of the market and difficulty to test all the older cards effectively. If you have hardware supported by drm-kmod, you are strongly encouraged to use that as you will get better support. Other than KPI chasing, drm-legacy-kmod will not be updated. As outlined elsewhere, the drm and drm2 modules will be eliminated from the src base soon (with a limited exception for arm). Please update to the package asap and report any issues to x11@freebsd.org. Generally, anybody using the drm*-kmod packages should add WITHOUT_DRM_MODULE=t and WITHOUT_DRM2_MODULE=t to avoid nasty cross-threading surprises, especially with automatic driver loading from X11 startup. These will become the defaults in 13-current shortly. 20181012: The ixlv(4) driver has been renamed to iavf(4). As a consequence, custom kernel and module loading configuration files must be updated accordingly. Moreover, interfaces previous presented as ixlvN to the system are now exposed as iavfN and network configuration files must be adjusted as necessary. 20181009: OpenSSL has been updated to version 1.1.1. This update included additional various API changes througout the base system. It is important to rebuild third-party software after upgrading. The value of __FreeBSD_version has been bumped accordingly. 20181006: The legacy DRM modules and drivers have now been added to the loader's module blacklist, in favor of loading them with kld_list in rc.conf(5). The module blacklist may be overridden with the loader.conf(5) 'module_blacklist' variable, but loading them via rc.conf(5) is strongly encouraged. 20181002: The cam(4) based nda(4) driver will be used over nvd(4) by default on powerpc64. You may set 'options NVME_USE_NVD=1' in your kernel conf or loader tunable 'hw.nvme.use_nvd=1' if you wish to use the existing driver. Make sure to edit /boot/etc/kboot.conf and fstab to use the nda device name. 20180913: Reproducible build mode is now on by default, in preparation for FreeBSD 12.0. This eliminates build metadata such as the user, host, and time from the kernel (and uname), unless the working tree corresponds to a modified checkout from a version control system. The previous behavior can be obtained by setting the /etc/src.conf knob WITHOUT_REPRODUCIBLE_BUILD. 20180826: The Yarrow CSPRNG has been removed from the kernel as it has not been supported by its designers since at least 2003. Fortuna has been the default since FreeBSD-11. 20180822: devctl freeze/thaw have gone into the tree, the rc scripts have been updated to use them and devmatch has been changed. You should update kernel, userland and rc scripts all at the same time. 20180818: The default interpreter has been switched from 4th to Lua. LOADER_DEFAULT_INTERP, documented in build(7), will override the default interpreter. If you have custom FORTH code you will need to set LOADER_DEFAULT_INTERP=4th (valid values are 4th, lua or simp) in src.conf for the build. This will create default hard links between loader and loader_4th instead of loader and loader_lua, the new default. If you are using UEFI it will create the proper hard link to loader.efi. bhyve uses userboot.so. It remains 4th-only until some issues are solved regarding coexisting with multiple versions of FreeBSD are resolved. 20180815: ls(1) now respects the COLORTERM environment variable used in other systems and software to indicate that a colored terminal is both supported and desired. If ls(1) is suddenly emitting colors, they may be disabled again by either removing the unwanted COLORTERM from your environment, or using `ls --color=never`. The ls(1) specific CLICOLOR may not be observed in a future release. 20180808: The default pager for most commands has been changed to "less". To restore the old behavior, set PAGER="more" and MANPAGER="more -s" in your environment. 20180731: The jedec_ts(4) driver has been removed. A superset of its functionality is available in the jedec_dimm(4) driver, and the manpage for that driver includes migration instructions. If you have "device jedec_ts" in your kernel configuration file, it must be removed. 20180730: amd64/GENERIC now has EFI runtime services, EFIRT, enabled by default. This should have no effect if the kernel is booted via BIOS/legacy boot. EFIRT may be disabled via a loader tunable, efi.rt.disabled, if a system has a buggy firmware that prevents a successful boot due to use of runtime services. 20180727: Atmel AT91RM9200 and AT91SAM9, Cavium CNS 11xx and XScale support has been removed from the tree. These ports were obsolete and/or known to be broken for many years. 20180723: loader.efi has been augmented to participate more fully in the UEFI boot manager protocol. loader.efi will now look at the BootXXXX environment variable to determine if a specific kernel or root partition was specified. XXXX is derived from BootCurrent. efibootmgr(8) manages these standard UEFI variables. 20180720: zfsloader's functionality has now been folded into loader. zfsloader is no longer necessary once you've updated your boot blocks. For a transition period, we will install a hardlink for zfsloader to loader to allow a smooth transition until the boot blocks can be updated (hard link because old zfs boot blocks don't understand symlinks). 20180719: ARM64 now have efifb support, if you want to have serial console on your arm64 board when an screen is connected and the bootloader setup a frambuffer for us to use, just add : boot_serial=YES boot_multicons=YES in /boot/loader.conf For Raspberry Pi 3 (RPI) users, this is needed even if you don't have an screen connected as the firmware will setup a framebuffer are that u-boot will expose as an EFI framebuffer. 20180719: New uid:gid added, ntpd:ntpd (123:123). Be sure to run mergemaster or take steps to update /etc/passwd before doing installworld on existing systems. Do not skip the "mergemaster -Fp" step before installworld, as described in the update procedures near the bottom of this document. Also, rc.d/ntpd now starts ntpd(8) as user ntpd if the new mac_ntpd(4) policy is available, unless ntpd_flags or the ntp config file contain options that change file/dir locations. When such options (e.g., "statsdir" or "crypto") are used, ntpd can still be run as non-root by setting ntpd_user=ntpd in rc.conf, after taking steps to ensure that all required files/dirs are accessible by the ntpd user. 20180717: Big endian arm support has been removed. 20180711: The static environment setup in kernel configs is no longer mutually exclusive with the loader(8) environment by default. In order to restore the previous default behavior of disabling the loader(8) environment if a static environment is present, you must specify loader_env.disabled=1 in the static environment. 20180705: The ABI of syscalls used by management tools like sockstat and netstat has been broken to allow 32-bit binaries to work on 64-bit kernels without modification. These programs will need to match the kernel in order to function. External programs may require minor modifications to accommodate a change of type in structures from pointers to 64-bit virtual addresses. 20180702: On i386 and amd64 atomics are now inlined. Out of tree modules using atomics will need to be rebuilt. 20180701: The '%I' format in the kern.corefile sysctl limits the number of core files that a process can generate to the number stored in the debug.ncores sysctl. The '%I' format is replaced by the single digit index. Previously, if all indexes were taken the kernel would overwrite only a core file with the highest index in a filename. Currently the system will create a new core file if there is a free index or if all slots are taken it will overwrite the oldest one. 20180630: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 6.0.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20180628: r335753 introduced a new quoting method. However, etc/devd/devmatch.conf needed to be changed to work with it. This change was made with r335763 and requires a mergemaster / etcupdate / etc to update the installed file. 20180612: r334930 changed the interface between the NFS modules, so they all need to be rebuilt. r335018 did a __FreeBSD_version bump for this. 20180530: As of r334391 lld is the default amd64 system linker; it is installed as /usr/bin/ld. Kernel build workarounds (see 20180510 entry) are no longer necessary. 20180530: The kernel / userland interface for devinfo changed, so you'll need a new kernel and userland as a pair for it to work (rebuilding lib/libdevinfo is all that's required). devinfo and devmatch will not work, but everything else will when there's a mismatch. 20180523: The on-disk format for hwpmc callchain records has changed to include threadid corresponding to a given record. This changes the field offsets and thus requires that libpmcstat be rebuilt before using a kernel later than r334108. 20180517: The vxge(4) driver has been removed. This driver was introduced into HEAD one week before the Exar left the Ethernet market and is not known to be used. If you have device vxge in your kernel config file it must be removed. 20180510: The amd64 kernel now requires a ld that supports ifunc to produce a working kernel, either lld or a newer binutils. lld is built by default on amd64, and the 'buildkernel' target uses it automatically. However, it is not the default linker, so building the kernel the traditional way requires LD=ld.lld on the command line (or LD=/usr/local/bin/ld for binutils port/package). lld will soon be default, and this requirement will go away. NOTE: As of r334391 lld is the default system linker on amd64, and no workaround is necessary. 20180508: The nxge(4) driver has been removed. This driver was for PCI-X 10g cards made by s2io/Neterion. The company was aquired by Exar and no longer sells or supports Ethernet products. If you have device nxge in your kernel config file it must be removed. 20180504: The tz database (tzdb) has been updated to 2018e. This version more correctly models time stamps in time zones with negative DST such as Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and Africa/Windhoek (1994/2017). This does not affect the UT offsets, only time zone abbreviations and the tm_isdst flag. 20180502: The ixgb(4) driver has been removed. This driver was for an early and uncommon legacy PCI 10GbE for a single ASIC, Intel 82597EX. Intel quickly shifted to the long lived ixgbe family. If you have device ixgb in your kernel config file it must be removed. 20180501: The lmc(4) driver has been removed. This was a WAN interface card that was already reportedly rare in 2003, and had an ambiguous license. If you have device lmc in your kernel config file it must be removed. 20180413: Support for Arcnet networks has been removed. If you have device arcnet or device cm in your kernel config file they must be removed. 20180411: Support for FDDI networks has been removed. If you have device fddi or device fpa in your kernel config file they must be removed. 20180406: In addition to supporting RFC 3164 formatted messages, the syslogd(8) service is now capable of parsing RFC 5424 formatted log messages. The main benefit of using RFC 5424 is that clients may now send log messages with timestamps containing year numbers, microseconds and time zone offsets. Similarly, the syslog(3) C library function has been altered to send RFC 5424 formatted messages to the local system logging daemon. On systems using syslogd(8), this change should have no negative impact, as long as syslogd(8) and the C library are updated at the same time. On systems using a different system logging daemon, it may be necessary to make configuration adjustments, depending on the software used. When using syslog-ng, add the 'syslog-protocol' flag to local input sources to enable parsing of RFC 5424 formatted messages: source src { unix-dgram("/var/run/log" flags(syslog-protocol)); } When using rsyslog, disable the 'SysSock.UseSpecialParser' option of the 'imuxsock' module to let messages be processed by the regular RFC 3164/5424 parsing pipeline: module(load="imuxsock" SysSock.UseSpecialParser="off") Do note that these changes only affect communication between local applications and syslogd(8). The format that syslogd(8) uses to store messages on disk or forward messages to other systems remains unchanged. syslogd(8) still uses RFC 3164 for these purposes. Options to customize this behaviour will be added in the future. Utilities that process log files stored in /var/log are thus expected to continue to function as before. __FreeBSD_version has been incremented to 1200061 to denote this change. 20180328: Support for token ring networks has been removed. If you have "device token" in your kernel config you should remove it. No device drivers supported token ring. 20180323: makefs was modified to be able to tag ISO9660 El Torito boot catalog entries as EFI instead of overloading the i386 tag as done previously. The amd64 mkisoimages.sh script used to build amd64 ISO images for release was updated to use this. This may mean that makefs must be updated before "make cdrom" can be run in the release directory. This should be as simple as: $ cd $SRCDIR/usr.sbin/makefs $ make depend all install 20180212: FreeBSD boot loader enhanced with Lua scripting. It's purely opt-in for now by building WITH_LOADER_LUA and WITHOUT_FORTH in /etc/src.conf. Co-existance for the transition period will come shortly. Booting is a complex environment and test coverage for Lua-enabled loaders has been thin, so it would be prudent to assume it might not work and make provisions for backup boot methods. 20180211: devmatch functionality has been turned on in devd. It will automatically load drivers for unattached devices. This may cause unexpected drivers to be loaded. Please report any problems to current@ and imp@freebsd.org. 20180114: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to 6.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20180110: LLVM's lld linker is now used as the FreeBSD/amd64 bootstrap linker. This means it is used to link the kernel and userland libraries and executables, but is not yet installed as /usr/bin/ld by default. To revert to ld.bfd as the bootstrap linker, in /etc/src.conf set WITHOUT_LLD_BOOTSTRAP=yes 20180110: On i386, pmtimer has been removed. Its functionality has been folded into apm. It was a no-op on ACPI in current for a while now (but was still needed on i386 in FreeBSD 11 and earlier). Users may need to remove it from kernel config files. 20180104: The use of RSS hash from the network card aka flowid has been disabled by default for lagg(4) as it's currently incompatible with the lacp and loadbalance protocols. This can be re-enabled by setting the following in loader.conf: net.link.lagg.default_use_flowid="1" 20180102: The SW_WATCHDOG option is no longer necessary to enable the hardclock-based software watchdog if no hardware watchdog is configured. As before, SW_WATCHDOG will cause the software watchdog to be enabled even if a hardware watchdog is configured. 20171215: r326887 fixes the issue described in the 20171214 UPDATING entry. r326888 flips the switch back to building GELI support always. 20171214: r362593 broke ZFS + GELI support for reasons unknown. However, it also broke ZFS support generally, so GELI has been turned off by default as the lesser evil in r326857. If you boot off ZFS and/or GELI, it might not be a good time to update. 20171125: PowerPC users must update loader(8) by rebuilding world before installing a new kernel, as the protocol connecting them has changed. Without the update, loader metadata will not be passed successfully to the kernel and users will have to enter their root partition at the kernel mountroot prompt to continue booting. Newer versions of loader can boot old kernels without issue. 20171110: The LOADER_FIREWIRE_SUPPORT build variable as been renamed to WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed to WITH/OUT_LOADER_GELI. 20171106: The naive and non-compliant support of posix_fallocate(2) in ZFS has been removed as of r325320. The system call now returns EINVAL when used on a ZFS file. Although the new behavior complies with the standard, some consumers are not prepared to cope with it. One known victim is lld prior to r325420. 20171102: Building in a FreeBSD src checkout will automatically create object directories now rather than store files in the current directory if 'make obj' was not ran. Calling 'make obj' is no longer necessary. This feature can be disabled by setting WITHOUT_AUTO_OBJ=yes in /etc/src-env.conf (not /etc/src.conf), or passing the option in the environment. 20171101: The default MAKEOBJDIR has changed from /usr/obj/ for native builds, and /usr/obj// for cross-builds, to a unified /usr/obj//. This behavior can be changed to the old format by setting WITHOUT_UNIFIED_OBJDIR=yes in /etc/src-env.conf, the environment, or with -DWITHOUT_UNIFIED_OBJDIR when building. The UNIFIED_OBJDIR option is a transitional feature that will be removed for 12.0 release; please migrate to the new format for any tools by looking up the OBJDIR used by 'make -V .OBJDIR' means rather than hardcoding paths. 20171028: The native-xtools target no longer installs the files by default to the OBJDIR. Use the native-xtools-install target with a DESTDIR to install to ${DESTDIR}/${NXTP} where NXTP defaults to /nxb-bin. 20171021: As part of the boot loader infrastructure cleanup, LOADER_*_SUPPORT options are changing from controlling the build if defined / undefined to controlling the build with explicit 'yes' or 'no' values. They will shift to WITH/WITHOUT options to match other options in the system. 20171010: libstand has turned into a private library for sys/boot use only. It is no longer supported as a public interface outside of sys/boot. 20171005: The arm port has split armv6 into armv6 and armv7. armv7 is now a valid TARGET_ARCH/MACHINE_ARCH setting. If you have an armv7 system and are running a kernel from before r324363, you will need to add MACHINE_ARCH=armv7 to 'make buildworld' to do a native build. 20171003: When building multiple kernels using KERNCONF, non-existent KERNCONF files will produce an error and buildkernel will fail. Previously missing KERNCONF files silently failed giving no indication as to why, only to subsequently discover during installkernel that the desired kernel was never built in the first place. 20170912: The default serial number format for CTL LUNs has changed. This will affect users who use /dev/diskid/* device nodes, or whose FibreChannel or iSCSI clients care about their LUNs' serial numbers. Users who require serial number stability should hardcode serial numbers in /etc/ctl.conf . 20170912: For 32-bit arm compiled for hard-float support, soft-floating point binaries now always get their shared libraries from LD_SOFT_LIBRARY_PATH (in the past, this was only used if /usr/libsoft also existed). Only users with a hard-float ld.so, but soft-float everything else should be affected. 20170826: The geli password typed at boot is now hidden. To restore the previous behavior, see geli(8) for configuration options. 20170825: Move PMTUD blackhole counters to TCPSTATS and remove them from bare sysctl values. Minor nit, but requires a rebuild of both world/kernel to complete. 20170814: "make check" behavior (made in ^/head@r295380) has been changed to execute from a limited sandbox, as opposed to executing from ${TESTSDIR}. Behavioral changes: - The "beforecheck" and "aftercheck" targets are now specified. - ${CHECKDIR} (added in commit noted above) has been removed. - Legacy behavior can be enabled by setting WITHOUT_MAKE_CHECK_USE_SANDBOX in src.conf(5) or the environment. If the limited sandbox mode is enabled, "make check" will execute "make distribution", then install, execute the tests, and clean up the sandbox if successful. The "make distribution" and "make install" targets are typically run as root to set appropriate permissions and ownership at installation time. The end-user should set "WITH_INSTALL_AS_USER" in src.conf(5) or the environment if executing "make check" with limited sandbox mode using an unprivileged user. 20170808: Since the switch to GPT disk labels, fsck for UFS/FFS has been unable to automatically find alternate superblocks. As of r322297, the information needed to find alternate superblocks has been moved to the end of the area reserved for the boot block. Filesystems created with a newfs of this vintage or later will create the recovery information. If you have a filesystem created prior to this change and wish to have a recovery block created for your filesystem, you can do so by running fsck in foreground mode (i.e., do not use the -p or -y options). As it starts, fsck will ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS'' to which you should answer yes. 20170728: As of r321665, an NFSv4 server configuration that services Kerberos mounts or clients that do not support the uid/gid in owner/owner_group string capability, must explicitly enable the nfsuserd daemon by adding nfsuserd_enable="YES" to the machine's /etc/rc.conf file. 20170722: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20170701: WITHOUT_RCMDS is now the default. Set WITH_RCMDS if you need the r-commands (rlogin, rsh, etc.) to be built with the base system. 20170625: The FreeBSD/powerpc platform now uses a 64-bit type for time_t. This is a very major ABI incompatible change, so users of FreeBSD/powerpc must be careful when performing source upgrades. It is best to run 'make installworld' from an alternate root system, either a live CD/memory stick, or a temporary root partition. Additionally, all ports must be recompiled. powerpc64 is largely unaffected, except in the case of 32-bit compatibility. All 32-bit binaries will be affected. 20170623: Forward compatibility for the "ino64" project have been committed. This will allow most new binaries to run on older kernels in a limited fashion. This prevents many of the common foot-shooting actions in the upgrade as well as the limited ability to roll back the kernel across the ino64 upgrade. Complicated use cases may not work properly, though enough simpler ones work to allow recovery in most situations. 20170620: Switch back to the BSDL dtc (Device Tree Compiler). Set WITH_GPL_DTC if you require the GPL compiler. 20170618: The internal ABI used for communication between the NFS kernel modules was changed by r320085, so __FreeBSD_version was bumped to ensure all the NFS related modules are updated together. 20170617: The ABI of struct event was changed by extending the data member to 64bit and adding ext fields. For upgrade, same precautions as for the entry 20170523 "ino64" must be followed. 20170531: The GNU roff toolchain has been removed from base. To render manpages which are not supported by mandoc(1), man(1) can fallback on GNU roff from ports (and recommends to install it). To render roff(7) documents, consider using GNU roff from ports or the heirloom doctools roff toolchain from ports via pkg install groff or via pkg install heirloom-doctools. 20170524: The ath(4) and ath_hal(4) modules now build piecemeal to allow for smaller runtime footprint builds. This is useful for embedded systems which only require one chipset support. If you load it as a module, make sure this is in /boot/loader.conf: if_ath_load="YES" This will load the HAL, all chip/RF backends and if_ath_pci. If you have if_ath_pci in /boot/loader.conf, ensure it is after if_ath or it will not load any HAL chipset support. If you want to selectively load things (eg on ye cheape ARM/MIPS platforms where RAM is at a premium) you should: * load ath_hal * load the chip modules in question * load ath_rate, ath_dfs * load ath_main * load if_ath_pci and/or if_ath_ahb depending upon your particular bus bind type - this is where probe/attach is done. For further comments/feedback, poke adrian@ . 20170523: The "ino64" 64-bit inode project has been committed, which extends a number of types to 64 bits. Upgrading in place requires care and adherence to the documented upgrade procedure. If using a custom kernel configuration ensure that the COMPAT_FREEBSD11 option is included (as during the upgrade the system will be running the ino64 kernel with the existing world). For the safest in-place upgrade begin by removing previous build artifacts via "rm -rf /usr/obj/*". Then, carefully follow the full procedure documented below under the heading "To rebuild everything and install it on the current system." Specifically, a reboot is required after installing the new kernel before installing world. 20170424: The NATM framework including the en(4), fatm(4), hatm(4), and patm(4) devices has been removed. Consumers should plan a migration before the end-of-life date for FreeBSD 11. 20170420: GNU diff has been replaced by a BSD licensed diff. Some features of GNU diff has not been implemented, if those are needed a newer version of GNU diff is available via the diffutils package under the gdiff name. 20170413: As of r316810 for ipfilter, keep frags is no longer assumed when keep state is specified in a rule. r316810 aligns ipfilter with documentation in man pages separating keep frags from keep state. This allows keep state to be specified without forcing keep frags and allows keep frags to be specified independently of keep state. To maintain previous behaviour, also specify keep frags with keep state (as documented in ipf.conf.5). 20170407: arm64 builds now use the base system LLD 4.0.0 linker by default, instead of requiring that the aarch64-binutils port or package be installed. To continue using aarch64-binutils, set CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin . 20170405: The UDP optimization in entry 20160818 that added the sysctl net.inet.udp.require_l2_bcast has been reverted. L2 broadcast packets will no longer be treated as L3 broadcast packets. 20170331: Binds and sends to the loopback addresses, IPv6 and IPv4, will now use any explicitly assigned loopback address available in the jail instead of using the first assigned address of the jail. 20170329: The ctl.ko module no longer implements the iSCSI target frontend: cfiscsi.ko does instead. If building cfiscsi.ko as a kernel module, the module can be loaded via one of the following methods: - `cfiscsi_load="YES"` in loader.conf(5). - Add `cfiscsi` to `$kld_list` in rc.conf(5). - ctladm(8)/ctld(8), when compiled with iSCSI support (`WITH_ISCSI=yes` in src.conf(5)) Please see cfiscsi(4) for more details. 20170316: The mmcsd.ko module now additionally depends on geom_flashmap.ko. Also, mmc.ko and mmcsd.ko need to be a matching pair built from the same source (previously, the dependency of mmcsd.ko on mmc.ko was missing, but mmcsd.ko now will refuse to load if it is incompatible with mmc.ko). 20170315: The syntax of ipfw(8) named states was changed to avoid ambiguity. If you have used named states in the firewall rules, you need to modify them after installworld and before rebooting. Now named states must be prefixed with colon. 20170311: The old drm (sys/dev/drm/) drivers for i915 and radeon have been removed as the userland we provide cannot use them. The KMS version (sys/dev/drm2) supports the same hardware. 20170302: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20170221: The code that provides support for ZFS .zfs/ directory functionality has been reimplemented. It's not possible now to create a snapshot by mkdir under .zfs/snapshot/. That should be the only user visible change. 20170216: EISA bus support has been removed. The WITH_EISA option is no longer valid. 20170215: MCA bus support has been removed. 20170127: The WITH_LLD_AS_LD / WITHOUT_LLD_AS_LD build knobs have been renamed WITH_LLD_IS_LD / WITHOUT_LLD_IS_LD, for consistency with CLANG_IS_CC. 20170112: The EM_MULTIQUEUE kernel configuration option is deprecated now that the em(4) driver conforms to iflib specifications. 20170109: The igb(4), em(4) and lem(4) ethernet drivers are now implemented via IFLIB. If you have a custom kernel configuration that excludes em(4) but you use igb(4), you need to re-add em(4) to your custom configuration. 20161217: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20161124: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20161119: The layout of the pmap structure has changed for powerpc to put the pmap statistics at the front for all CPU variations. libkvm(3) and all tools that link against it need to be recompiled. 20161030: isl(4) and cyapa(4) drivers now require a new driver, chromebook_platform(4), to work properly on Chromebook-class hardware. On other types of hardware the drivers may need to be configured using device hints. Please see the corresponding manual pages for details. 20161017: The urtwn(4) driver was merged into rtwn(4) and now consists of rtwn(4) main module + rtwn_usb(4) and rtwn_pci(4) bus-specific parts. Also, firmware for RTL8188CE was renamed due to possible name conflict (rtwnrtl8192cU(B) -> rtwnrtl8192cE(B)) 20161015: GNU rcs has been removed from base. It is available as packages: - rcs: Latest GPLv3 GNU rcs version. - rcs57: Copy of the latest version of GNU rcs (GPLv2) before it was removed from base. 20161008: Use of the cc_cdg, cc_chd, cc_hd, or cc_vegas congestion control modules now requires that the kernel configuration contain the TCP_HHOOK option. (This option is included in the GENERIC kernel.) 20161003: The WITHOUT_ELFCOPY_AS_OBJCOPY src.conf(5) knob has been retired. ELF Tool Chain's elfcopy is always installed as /usr/bin/objcopy. 20160924: Relocatable object files with the extension of .So have been renamed to use an extension of .pico instead. The purpose of this change is to avoid a name clash with shared libraries on case-insensitive file systems. On those file systems, foo.So is the same file as foo.so. 20160918: GNU rcs has been turned off by default. It can (temporarily) be built again by adding WITH_RCS knob in src.conf. Otherwise, GNU rcs is available from packages: - rcs: Latest GPLv3 GNU rcs version. - rcs57: Copy of the latest version of GNU rcs (GPLv2) from base. 20160918: The backup_uses_rcs functionality has been removed from rc.subr. 20160908: The queue(3) debugging macro, QUEUE_MACRO_DEBUG, has been split into two separate components, QUEUE_MACRO_DEBUG_TRACE and QUEUE_MACRO_DEBUG_TRASH. Define both for the original QUEUE_MACRO_DEBUG behavior. 20160824: r304787 changed some ioctl interfaces between the iSCSI userspace programs and the kernel. ctladm, ctld, iscsictl, and iscsid must be rebuilt to work with new kernels. __FreeBSD_version has been bumped to 1200005. 20160818: The UDP receive code has been updated to only treat incoming UDP packets that were addressed to an L2 broadcast address as L3 broadcast packets. It is not expected that this will affect any standards-conforming UDP application. The new behaviour can be disabled by setting the sysctl net.inet.udp.require_l2_bcast to 0. 20160818: Remove the openbsd_poll system call. __FreeBSD_version has been bumped because of this. 20160708: The stable/11 branch has been created from head@r302406. 20160622: The libc stub for the pipe(2) system call has been replaced with a wrapper that calls the pipe2(2) system call and the pipe(2) system call is now only implemented by the kernels that include "options COMPAT_FREEBSD10" in their config file (this is the default). Users should ensure that this option is enabled in their kernel or upgrade userspace to r302092 before upgrading their kernel. 20160527: CAM will now strip leading spaces from SCSI disks' serial numbers. This will affect users who create UFS filesystems on SCSI disks using those disk's diskid device nodes. For example, if /etc/fstab previously contained a line like "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom transforms like gmirror may also be affected. ZFS users should generally be fine. 20160523: The bitstring(3) API has been updated with new functionality and improved performance. But it is binary-incompatible with the old API. Objects built with the new headers may not be linked against objects built with the old headers. 20160520: The brk and sbrk functions have been removed from libc on arm64. Binutils from ports has been updated to not link to these functions and should be updated to the latest version before installing a new libc. 20160517: The armv6 port now defaults to hard float ABI. Limited support for running both hardfloat and soft float on the same system is available using the libraries installed with -DWITH_LIBSOFT. This has only been tested as an upgrade path for installworld and packages may fail or need manual intervention to run. New packages will be needed. To update an existing self-hosted armv6hf system, you must add TARGET_ARCH=armv6 on the make command line for both the build and the install steps. 20160510: Kernel modules compiled outside of a kernel build now default to installing to /boot/modules instead of /boot/kernel. Many kernel modules built this way (such as those in ports) already overrode KMODDIR explicitly to install into /boot/modules. However, manually building and installing a module from /sys/modules will now install to /boot/modules instead of /boot/kernel. 20160414: The CAM I/O scheduler has been committed to the kernel. There should be no user visible impact. This does enable NCQ Trim on ada SSDs. While the list of known rogues that claim support for this but actually corrupt data is believed to be complete, be on the lookout for data corruption. The known rogue list is believed to be complete: o Crucial MX100, M550 drives with MU01 firmware. o Micron M510 and M550 drives with MU01 firmware. o Micron M500 prior to MU07 firmware o Samsung 830, 840, and 850 all firmwares o FCCT M500 all firmwares Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware with working NCQ TRIM. For Micron branded drives, see your sales rep for updated firmware. Black listed drives will work correctly because these drives work correctly so long as no NCQ TRIMs are sent to them. Given this list is the same as found in Linux, it's believed there are no other rogues in the market place. All other models from the above vendors work. To be safe, if you are at all concerned, you can quirk each of your drives to prevent NCQ from being sent by setting: kern.cam.ada.X.quirks="0x2" in loader.conf. If the drive requires the 4k sector quirk, set the quirks entry to 0x3. 20160330: The FAST_DEPEND build option has been removed and its functionality is now the one true way. The old mkdep(1) style of 'make depend' has been removed. See 20160311 for further details. 20160317: Resource range types have grown from unsigned long to uintmax_t. All drivers, and anything using libdevinfo, need to be recompiled. 20160311: WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree builds. It no longer runs mkdep(1) during 'make depend', and the 'make depend' stage can safely be skipped now as it is auto ran when building 'make all' and will generate all SRCS and DPSRCS before building anything else. Dependencies are gathered at compile time with -MF flags kept in separate .depend files per object file. Users should run 'make cleandepend' once if using -DNO_CLEAN to clean out older stale .depend files. 20160306: On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into kernel modules. Therefore, if you load any kernel modules at boot time, please install the boot loaders after you install the kernel, but before rebooting, e.g.: make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installkernel KERNCONF=YOUR_KERNEL_HERE make -C sys/boot install Then follow the usual steps, described in the General Notes section, below. 20160305: Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20160301: The AIO subsystem is now a standard part of the kernel. The VFS_AIO kernel option and aio.ko kernel module have been removed. Due to stability concerns, asynchronous I/O requests are only permitted on sockets and raw disks by default. To enable asynchronous I/O requests on all file types, set the vfs.aio.enable_unsafe sysctl to a non-zero value. 20160226: The ELF object manipulation tool objcopy is now provided by the ELF Tool Chain project rather than by GNU binutils. It should be a drop-in replacement, with the addition of arm64 support. The (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set to obtain the GNU version if necessary. 20160129: Building ZFS pools on top of zvols is prohibited by default. That feature has never worked safely; it's always been prone to deadlocks. Using a zvol as the backing store for a VM guest's virtual disk will still work, even if the guest is using ZFS. Legacy behavior can be restored by setting vfs.zfs.vol.recursive=1. 20160119: The NONE and HPN patches has been removed from OpenSSH. They are still available in the security/openssh-portable port. 20160113: With the addition of ypldap(8), a new _ypldap user is now required during installworld. "mergemaster -p" can be used to add the user prior to installworld, as documented in the handbook. 20151216: The tftp loader (pxeboot) now uses the option root-path directive. As a consequence it no longer looks for a pxeboot.4th file on the tftp server. Instead it uses the regular /boot infrastructure as with the other loaders. 20151211: The code to start recording plug and play data into the modules has been committed. While the old tools will properly build a new kernel, a number of warnings about "unknown metadata record 4" will be produced for an older kldxref. To avoid such warnings, make sure to rebuild the kernel toolchain (or world). Make sure that you have r292078 or later when trying to build 292077 or later before rebuilding. 20151207: Debug data files are now built by default with 'make buildworld' and installed with 'make installworld'. This facilitates debugging but requires more disk space both during the build and for the installed world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes in src.conf(5). 20151130: r291527 changed the internal interface between the nfsd.ko and nfscommon.ko modules. As such, they must both be upgraded to-gether. __FreeBSD_version has been bumped because of this. 20151108: Add support for unicode collation strings leads to a change of order of files listed by ls(1) for example. To get back to the old behaviour, set LC_COLLATE environment variable to "C". Databases administrators will need to reindex their databases given collation results will be different. Due to a bug in install(1) it is recommended to remove the ancient locales before running make installworld. rm -rf /usr/share/locale/* 20151030: The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring libcrypto.so.7 or libssl.so.7 must be recompiled. 20151020: Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0. Kernel modules isp_2400_multi and isp_2500_multi were removed and should be replaced with isp_2400 and isp_2500 modules respectively. 20151017: The build previously allowed using 'make -n' to not recurse into sub-directories while showing what commands would be executed, and 'make -n -n' to recursively show commands. Now 'make -n' will recurse and 'make -N' will not. 20151012: If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster and etcupdate will now use this file. A custom sendmail.cf is now updated via this mechanism rather than via installworld. If you had excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may want to remove the exclusion or change it to "always install". /etc/mail/sendmail.cf is now managed the same way regardless of whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior. 20151011: Compatibility shims for legacy ATA device names have been removed. It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.* environment variables, /dev/ad* and /dev/ar* symbolic links. 20151006: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. 20150924: Kernel debug files have been moved to /usr/lib/debug/boot/kernel/, and renamed from .symbols to .debug. This reduces the size requirements on the boot partition or file system and provides consistency with userland debug files. When using the supported kernel installation method the /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old) as is done with /boot/kernel. Developers wishing to maintain the historical behavior of installing debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5). 20150827: The wireless drivers had undergone changes that remove the 'parent interface' from the ifconfig -l output. The rc.d network scripts used to check presence of a parent interface in the list, so old scripts would fail to start wireless networking. Thus, etcupdate(3) or mergemaster(8) run is required after kernel update, to update your rc.d scripts in /etc. 20150827: pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl' These configurations are now automatically interpreted as 'scrub fragment reassemble'. 20150817: Kernel-loadable modules for the random(4) device are back. To use them, the kernel must have device random options RANDOM_LOADABLE kldload(8) can then be used to load random_fortuna.ko or random_yarrow.ko. Please note that due to the indirect function calls that the loadable modules need to provide, the build-in variants will be slightly more efficient. The random(4) kernel option RANDOM_DUMMY has been retired due to unpopularity. It was not all that useful anyway. 20150813: The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. Control over building the ELF Tool Chain tools is now provided by the WITHOUT_TOOLCHAIN knob. 20150810: The polarity of Pulse Per Second (PPS) capture events with the uart(4) driver has been corrected. Prior to this change the PPS "assert" event corresponded to the trailing edge of a positive PPS pulse and the "clear" event was the leading edge of the next pulse. As the width of a PPS pulse in a typical GPS receiver is on the order of 1 millisecond, most users will not notice any significant difference with this change. Anyone who has compensated for the historical polarity reversal by configuring a negative offset equal to the pulse width will need to remove that workaround. 20150809: The default group assigned to /dev/dri entries has been changed from 'wheel' to 'video' with the id of '44'. If you want to have access to the dri devices please add yourself to the video group with: # pw groupmod video -m $USER 20150806: The menu.rc and loader.rc files will now be replaced during upgrades. Please migrate local changes to menu.rc.local and loader.rc.local instead. 20150805: GNU Binutils versions of addr2line, c++filt, nm, readelf, size, strings and strip have been removed. The src.conf(5) knob WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools. 20150728: As ZFS requires more kernel stack pages than is the default on some architectures e.g. i386, it now warns if KSTACK_PAGES is less than ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing). Please consider using 'options KSTACK_PAGES=X' where X is greater than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations. 20150706: sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 vs IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc.) must use the same format, so make certain such configuration data is upgrading. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or the cf option UseCompressedIPv6Addresses. 20150630: The default kernel entropy-processing algorithm is now Fortuna, replacing Yarrow. Assuming you have 'device random' in your kernel config file, the configurations allow a kernel option to override this default. You may choose *ONE* of: options RANDOM_YARROW # Legacy /dev/random algorithm. options RANDOM_DUMMY # Blocking-only driver. If you have neither, you get Fortuna. For most people, read no further, Fortuna will give a /dev/random that works like it always used to, and the difference will be irrelevant. If you remove 'device random', you get *NO* kernel-processed entropy at all. This may be acceptable to folks building embedded systems, but has complications. Carry on reading, and it is assumed you know what you need. *PLEASE* read random(4) and random(9) if you are in the habit of tweaking kernel configs, and/or if you are a member of the embedded community, wanting specific and not-usual behaviour from your security subsystems. NOTE!! If you use RANDOM_DUMMY and/or have no 'device random', you will NOT have a functioning /dev/random, and many cryptographic features will not work, including SSH. You may also find strange behaviour from the random(3) set of library functions, in particular sranddev(3), srandomdev(3) and arc4random(3). The reason for this is that the KERN_ARND sysctl only returns entropy if it thinks it has some to share, and with RANDOM_DUMMY or no 'device random' this will never happen. 20150623: An additional fix for the issue described in the 20150614 sendmail entry below has been committed in revision 284717. 20150616: FreeBSD's old make (fmake) has been removed from the system. It is available as the devel/fmake port or via pkg install fmake. 20150615: The fix for the issue described in the 20150614 sendmail entry below has been committed in revision 284436. The work around described in that entry is no longer needed unless the default setting is overridden by a confDH_PARAMETERS configuration setting of '5' or pointing to a 512 bit DH parameter file. 20150614: ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf and devel/kyua to version 0.20+ and adjust any calling code to work with Kyuafile and kyua. 20150614: The import of openssl to address the FreeBSD-SA-15:10.openssl security advisory includes a change which rejects handshakes with DH parameters below 768 bits. sendmail releases prior to 8.15.2 (not yet released), defaulted to a 512 bit DH parameter setting for client connections. To work around this interoperability, sendmail can be configured to use a 2048 bit DH parameter by: 1. Edit /etc/mail/`hostname`.mc 2. If a setting for confDH_PARAMETERS does not exist or exists and is set to a string beginning with '5', replace it with '2'. 3. If a setting for confDH_PARAMETERS exists and is set to a file path, create a new file with: openssl dhparam -out /path/to/file 2048 4. Rebuild the .cf file: cd /etc/mail/; make; make install 5. Restart sendmail: cd /etc/mail/; make restart A sendmail patch is coming, at which time this file will be updated. 20150604: Generation of legacy formatted entries have been disabled by default in pwd_mkdb(8), as all base system consumers of the legacy formatted entries were converted to use the new format by default when the new, machine independent format have been added and supported since FreeBSD 5.x. Please see the pwd_mkdb(8) manual page for further details. 20150525: Clang and llvm have been upgraded to 3.6.1 release. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0 or higher. 20150521: TI platform code switched to using vendor DTS files and this update may break existing systems running on Beaglebone, Beaglebone Black, and Pandaboard: - dtb files should be regenerated/reinstalled. Filenames are the same but content is different now - GPIO addressing was changed, now each GPIO bank (32 pins per bank) has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old addressing scheme is now pin 25 on /dev/gpioc3. - Pandaboard: /etc/ttys should be updated, serial console device is now /dev/ttyu2, not /dev/ttyu0 20150501: soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim. If you need the GNU extension from groff soelim(1), install groff from package: pkg install groff, or via ports: textproc/groff. 20150423: chmod, chflags, chown and chgrp now affect symlinks in -R mode as defined in symlink(7); previously symlinks were silently ignored. 20150415: The const qualifier has been removed from iconv(3) to comply with POSIX. The ports tree is aware of this from r384038 onwards. 20150416: Libraries specified by LIBADD in Makefiles must have a corresponding DPADD_ variable to ensure correct dependencies. This is now enforced in src.libnames.mk. 20150324: From legacy ata(4) driver was removed support for SATA controllers supported by more functional drivers ahci(4), siis(4) and mvs(4). Kernel modules ataahci and ataadaptec were removed completely, replaced by ahci and mvs modules respectively. 20150315: Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0 or higher. 20150307: The 32-bit PowerPC kernel has been changed to a position-independent executable. This can only be booted with a version of loader(8) newer than January 31, 2015, so make sure to update both world and kernel before rebooting. 20150217: If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014), but before r278950, the RNG was not seeded properly. Immediately upgrade the kernel to r278950 or later and regenerate any keys (e.g. ssh keys or openssl keys) that were generated w/ a kernel from that range. This does not affect programs that directly used /dev/random or /dev/urandom. All userland uses of arc4random(3) are affected. 20150210: The autofs(4) ABI was changed in order to restore binary compatibility with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work with the new kernel. 20150131: The powerpc64 kernel has been changed to a position-independent executable. This can only be booted with a new version of loader(8), so make sure to update both world and kernel before rebooting. 20150118: Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix only release, no new features have been added. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0. 20150107: ELF tools addr2line, elfcopy (strip), nm, size, and strings are now taken from the ELF Tool Chain project rather than GNU binutils. They should be drop-in replacements, with the addition of arm64 support. The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the binutils tools, if necessary. See 20150805 for updated information. 20150105: The default Unbound configuration now enables remote control using a local socket. Users who have already enabled the local_unbound service should regenerate their configuration by running "service local_unbound setup" as root. 20150102: The GNU texinfo and GNU info pages have been removed. To be able to view GNU info pages please install texinfo from ports. 20141231: Clang, llvm and lldb have been upgraded to 3.5.0 release. As of this release, a prerequisite for building clang, llvm and lldb is a C++11 capable compiler and C++11 standard library. This means that to be able to successfully build the cross-tools stage of buildworld, with clang as the bootstrap compiler, your system compiler or cross compiler should either be clang 3.3 or later, or gcc 4.8 or later, and your system C++ library should be libc++, or libdstdc++ from gcc 4.8 or later. On any standard FreeBSD 10.x or 11.x installation, where clang and libc++ are on by default (that is, on x86 or arm), this should work out of the box. On 9.x installations where clang is enabled by default, e.g. on x86 and powerpc, libc++ will not be enabled by default, so libc++ should be built (with clang) and installed first. If both clang and libc++ are missing, build clang first, then use it to build libc++. On 8.x and earlier installations, upgrade to 9.x first, and then follow the instructions for 9.x above. Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by default, and do not build clang. Many embedded systems are resource constrained, and will not be able to build clang in a reasonable time, or in some cases at all. In those cases, cross building bootable systems on amd64 is a workaround. This new version of clang introduces a number of new warnings, of which the following are most likely to appear: -Wabsolute-value This warns in two cases, for both C and C++: * When the code is trying to take the absolute value of an unsigned quantity, which is effectively a no-op, and almost never what was intended. The code should be fixed, if at all possible. If you are sure that the unsigned quantity can be safely cast to signed, without loss of information or undefined behavior, you can add an explicit cast, or disable the warning. * When the code is trying to take an absolute value, but the called abs() variant is for the wrong type, which can lead to truncation. If you want to disable the warning instead of fixing the code, please make sure that truncation will not occur, or it might lead to unwanted side-effects. -Wtautological-undefined-compare and -Wundefined-bool-conversion These warn when C++ code is trying to compare 'this' against NULL, while 'this' should never be NULL in well-defined C++ code. However, there is some legacy (pre C++11) code out there, which actively abuses this feature, which was less strictly defined in previous C++ versions. Squid and openjdk do this, for example. The warning can be turned off for C++98 and earlier, but compiling the code in C++11 mode might result in unexpected behavior; for example, the parts of the program that are unreachable could be optimized away. 20141222: The old NFS client and server (kernel options NFSCLIENT, NFSSERVER) kernel sources have been removed. The .h files remain, since some utilities include them. This will need to be fixed later. If "mount -t oldnfs ..." is attempted, it will fail. If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used, the utilities will report errors. 20141121: The handling of LOCAL_LIB_DIRS has been altered to skip addition of directories to top level SUBDIR variable when their parent directory is included in LOCAL_DIRS. Users with build systems with such hierarchies and without SUBDIR entries in the parent directory Makefiles should add them or add the directories to LOCAL_DIRS. 20141109: faith(4) and faithd(8) have been removed from the base system. Faith has been obsolete for a very long time. 20141104: vt(4), the new console driver, is enabled by default. It brings support for Unicode and double-width characters, as well as support for UEFI and integration with the KMS kernel video drivers. You may need to update your console settings in /etc/rc.conf, most probably the keymap. During boot, /etc/rc.d/syscons will indicate what you need to do. vt(4) still has issues and lacks some features compared to syscons(4). See the wiki for up-to-date information: https://wiki.freebsd.org/Newcons If you want to keep using syscons(4), you can do so by adding the following line to /boot/loader.conf: kern.vty=sc 20141102: pjdfstest has been integrated into kyua as an opt-in test suite. Please see share/doc/pjdfstest/README for more details on how to execute it. 20141009: gperf has been removed from the base system for architectures that use clang. Ports that require gperf will obtain it from the devel/gperf port. 20140923: pjdfstest has been moved from tools/regression/pjdfstest to contrib/pjdfstest . 20140922: At svn r271982, The default linux compat kernel ABI has been adjusted to 2.6.18 in support of the linux-c6 compat ports infrastructure update. If you wish to continue using the linux-f10 compat ports, add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are encouraged to update their linux-compat packages to linux-c6 during their next update cycle. 20140729: The ofwfb driver, used to provide a graphics console on PowerPC when using vt(4), no longer allows mmap() of all physical memory. This will prevent Xorg on PowerPC with some ATI graphics cards from initializing properly unless x11-servers/xorg-server is updated to 1.12.4_8 or newer. 20140723: The xdev targets have been converted to using TARGET and TARGET_ARCH instead of XDEV and XDEV_ARCH. 20140719: The default unbound configuration has been modified to address issues with reverse lookups on networks that use private address ranges. If you use the local_unbound service, run "service local_unbound setup" as root to regenerate your configuration, then "service local_unbound reload" to load the new configuration. 20140709: The GNU texinfo and GNU info pages are not built and installed anymore, WITH_INFO knob has been added to allow to built and install them again. UPDATE: see 20150102 entry on texinfo's removal 20140708: The GNU readline library is now an INTERNALLIB - that is, it is statically linked into consumers (GDB and variants) in the base system, and the shared library is no longer installed. The devel/readline port is available for third party software that requires readline. 20140702: The Itanium architecture (ia64) has been removed from the list of known architectures. This is the first step in the removal of the architecture. 20140701: Commit r268115 has added NFSv4.1 server support, merged from projects/nfsv4.1-server. Since this includes changes to the internal interfaces between the NFS related modules, a full build of the kernel and modules will be necessary. __FreeBSD_version has been bumped. 20140629: The WITHOUT_VT_SUPPORT kernel config knob has been renamed WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning which differs from the behaviour controlled by this knob.) 20140619: Maximal length of the serial number in CTL was increased from 16 to 64 chars, that breaks ABI. All CTL-related tools, such as ctladm and ctld, need to be rebuilt to work with a new kernel. 20140606: The libatf-c and libatf-c++ major versions were downgraded to 0 and 1 respectively to match the upstream numbers. They were out of sync because, when they were originally added to FreeBSD, the upstream versions were not respected. These libraries are private and not yet built by default, so renumbering them should be a non-issue. However, unclean source trees will yield broken test programs once the operator executes "make delete-old-libs" after a "make installworld". Additionally, the atf-sh binary was made private by moving it into /usr/libexec/. Already-built shell test programs will keep the path to the old binary so they will break after "make delete-old" is run. If you are using WITH_TESTS=yes (not the default), wipe the object tree and rebuild from scratch to prevent spurious test failures. This is only needed once: the misnumbered libraries and misplaced binaries have been added to OptionalObsoleteFiles.inc so they will be removed during a clean upgrade. 20140512: Clang and llvm have been upgraded to 3.4.1 release. 20140508: We bogusly installed src.opts.mk in /usr/share/mk. This file should be removed to avoid issues in the future (and has been added to ObsoleteFiles.inc). 20140505: /etc/src.conf now affects only builds of the FreeBSD src tree. In the past, it affected all builds that used the bsd.*.mk files. The old behavior was a bug, but people may have relied upon it. To get this behavior back, you can .include /etc/src.conf from /etc/make.conf (which is still global and isn't changed). This also changes the behavior of incremental builds inside the tree of individual directories. Set MAKESYSPATH to ".../share/mk" to do that. Although this has survived make universe and some upgrade scenarios, other upgrade scenarios may have broken. At least one form of temporary breakage was fixed with MAKESYSPATH settings for buildworld as well... In cases where MAKESYSPATH isn't working with this setting, you'll need to set it to the full path to your tree. One side effect of all this cleaning up is that bsd.compiler.mk is no longer implicitly included by bsd.own.mk. If you wish to use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk as well. 20140430: The lindev device has been removed since /dev/full has been made a standard device. __FreeBSD_version has been bumped. 20140424: The knob WITHOUT_VI was added to the base system, which controls building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1) in order to reorder files share/termcap and didn't build ex(1) as a build tool, so building/installing with WITH_VI is highly advised for build hosts for older releases. This issue has been fixed in stable/9 and stable/10 in r277022 and r276991, respectively. 20140418: The YES_HESIOD knob has been removed. It has been obsolete for a decade. Please move to using WITH_HESIOD instead or your builds will silently lack HESIOD. 20140405: The uart(4) driver has been changed with respect to its handling of the low-level console. Previously the uart(4) driver prevented any process from changing the baudrate or the CLOCAL and HUPCL control flags. By removing the restrictions, operators can make changes to the serial console port without having to reboot. However, when getty(8) is started on the serial device that is associated with the low-level console, a misconfigured terminal line in /etc/ttys will now have a real impact. Before upgrading the kernel, make sure that /etc/ttys has the serial console device configured as 3wire without baudrate to preserve the previous behaviour. E.g: ttyu0 "/usr/libexec/getty 3wire" vt100 on secure 20140306: Support for libwrap (TCP wrappers) in rpcbind was disabled by default to improve performance. To re-enable it, if needed, run rpcbind with command line option -W. 20140226: Switched back to the GPL dtc compiler due to updates in the upstream dts files not being supported by the BSDL dtc compiler. You will need to rebuild your kernel toolchain to pick up the new compiler. Core dumps may result while building dtb files during a kernel build if you fail to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler. 20140216: Clang and llvm have been upgraded to 3.4 release. 20140216: The nve(4) driver has been removed. Please use the nfe(4) driver for NVIDIA nForce MCP Ethernet adapters instead. 20140212: An ABI incompatibility crept into the libc++ 3.4 import in r261283. This could cause certain C++ applications using shared libraries built against the previous version of libc++ to crash. The incompatibility has now been fixed, but any C++ applications or shared libraries built between r261283 and r261801 should be recompiled. 20140204: OpenSSH will now ignore errors caused by kernel lacking of Capsicum capability mode support. Please note that enabling the feature in kernel is still highly recommended. 20140131: OpenSSH is now built with sandbox support, and will use sandbox as the default privilege separation method. This requires Capsicum capability mode support in kernel. 20140128: The libelf and libdwarf libraries have been updated to newer versions from upstream. Shared library version numbers for these two libraries were bumped. Any ports or binaries requiring these two libraries should be recompiled. __FreeBSD_version is bumped to 1100006. 20140110: If a Makefile in a tests/ directory was auto-generating a Kyuafile instead of providing an explicit one, this would prevent such Makefile from providing its own Kyuafile in the future during NO_CLEAN builds. This has been fixed in the Makefiles but manual intervention is needed to clean an objdir if you use NO_CLEAN: # find /usr/obj -name Kyuafile | xargs rm -f 20131213: The behavior of gss_pseudo_random() for the krb5 mechanism has changed, for applications requesting a longer random string than produced by the underlying enctype's pseudo-random() function. In particular, the random string produced from a session key of enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will be different at the 17th octet and later, after this change. The counter used in the PRF+ construction is now encoded as a big-endian integer in accordance with RFC 4402. __FreeBSD_version is bumped to 1100004. 20131108: The WITHOUT_ATF build knob has been removed and its functionality has been subsumed into the more generic WITHOUT_TESTS. If you were using the former to disable the build of the ATF libraries, you should change your settings to use the latter. 20131025: The default version of mtree is nmtree which is obtained from NetBSD. The output is generally the same, but may vary slightly. If you found you need identical output adding "-F freebsd9" to the command line should do the trick. For the time being, the old mtree is available as fmtree. 20131014: libbsdyml has been renamed to libyaml and moved to /usr/lib/private. This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg 1.1.4_8 and verify bsdyml not linked in, before running "make delete-old-libs": # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean or # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml 20131010: The stable/10 branch has been created in subversion from head revision r256279. COMMON ITEMS: General Notes ------------- Avoid using make -j when upgrading. While generally safe, there are sometimes problems using -j to upgrade. If your upgrade fails with -j, please try again without -j. From time to time in the past there have been problems using -j with buildworld and/or installworld. This is especially true when upgrading between "distant" versions (eg one that cross a major release boundary or several minor releases, or when several months have passed on the -current branch). Sometimes, obscure build problems are the result of environment poisoning. This can happen because the make utility reads its environment when searching for values for global variables. To run your build attempts in an "environmental clean room", prefix all make commands with 'env -i '. See the env(1) manual page for more details. When upgrading from one major version to another it is generally best to upgrade to the latest code in the currently installed branch first, then do an upgrade to the new branch. This is the best-tested upgrade path, and has the highest probability of being successful. Please try this approach if you encounter problems with a major version upgrade. Since the stable 4.x branch point, one has generally been able to upgrade from anywhere in the most recent stable branch to head / current (or even the last couple of stable branches). See the top of this file when there's an exception. When upgrading a live system, having a root shell around before installing anything can help undo problems. Not having a root shell around can lead to problems if pam has changed too much from your starting point to allow continued authentication after the upgrade. This file should be read as a log of events. When a later event changes information of a prior event, the prior event should not be deleted. Instead, a pointer to the entry with the new information should be placed in the old entry. Readers of this file should also sanity check older entries before relying on them blindly. Authors of new entries should write them with this in mind. ZFS notes --------- When upgrading the boot ZFS pool to a new version, always follow these two steps: 1.) recompile and reinstall the ZFS boot loader and boot block (this is part of "make buildworld" and "make installworld") 2.) update the ZFS boot block on your boot drive The following example updates the ZFS boot block on the first partition (freebsd-boot) of a GPT partitioned drive ada0: "gpart bootcode -p /boot/gptzfsboot -i 1 ada0" Non-boot pools do not need these updates. To build a kernel ----------------- If you are updating from a prior version of FreeBSD (even one just a few days old), you should follow this procedure. It is the most failsafe as it uses a /usr/obj tree with a fresh mini-buildworld, make kernel-toolchain make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE To test a kernel once --------------------- If you just want to boot a kernel once (because you are not sure if it works, or if you want to boot a known bad kernel to provide debugging information) run make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel nextboot -k testkernel To rebuild everything and install it on the current system. ----------------------------------------------------------- # Note: sometimes if you are running current you gotta do more than # is listed here if you are upgrading from a really old current. make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installkernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -Fp [5] make installworld mergemaster -Fi [4] make delete-old [6] To cross-install current onto a separate partition -------------------------------------------------- # In this approach we use a separate partition to hold # current's root, 'usr', and 'var' directories. A partition # holding "/", "/usr" and "/var" should be about 2GB in # size. make buildworld make buildkernel KERNCONF=YOUR_KERNEL_HERE make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT} cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd To upgrade in-place from stable to current ---------------------------------------------- make buildworld [9] make buildkernel KERNCONF=YOUR_KERNEL_HERE [8] make installkernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -Fp [5] make installworld mergemaster -Fi [4] make delete-old [6] Make sure that you've read the UPDATING file to understand the tweaks to various things you need. At this point in the life cycle of current, things change often and you are on your own to cope. The defaults can also change, so please read ALL of the UPDATING entries. Also, if you are tracking -current, you must be subscribed to freebsd-current@freebsd.org. Make sure that before you update your sources that you have read and understood all the recent messages there. If in doubt, please track -stable which has much fewer pitfalls. [1] If you have third party modules, such as vmware, you should disable them at this point so they don't crash your system on reboot. [3] From the bootblocks, boot -s, and then do fsck -p mount -u / mount -a cd src adjkerntz -i # if CMOS is wall time Also, when doing a major release upgrade, it is required that you boot into single user mode to do the installworld. [4] Note: This step is non-optional. Failure to do this step can result in a significant reduction in the functionality of the system. Attempting to do it by hand is not recommended and those that pursue this avenue should read this file carefully, as well as the archives of freebsd-current and freebsd-hackers mailing lists for potential gotchas. The -U option is also useful to consider. See mergemaster(8) for more information. [5] Usually this step is a no-op. However, from time to time you may need to do this if you get unknown user in the following step. It never hurts to do it all the time. You may need to install a new mergemaster (cd src/usr.sbin/mergemaster && make install) after the buildworld before this step if you last updated from current before 20130425 or from -stable before 20130430. [6] This only deletes old files and directories. Old libraries can be deleted by "make delete-old-libs", but you have to make sure that no program is using those libraries anymore. [8] The new kernel must be able to run existing binaries used by an installworld. When upgrading across major versions, the new kernel's configuration must include the correct COMPAT_FREEBSD option for existing binaries (e.g. COMPAT_FREEBSD11 to run 11.x binaries). Failure to do so may leave you with a system that is hard to boot to recover. A GENERIC kernel will include suitable compatibility options to run binaries from older branches. Make sure that you merge any new devices from GENERIC since the last time you updated your kernel config file. [9] If CPUTYPE is defined in your /etc/make.conf, make sure to use the "?=" instead of the "=" assignment operator, so that buildworld can override the CPUTYPE if it needs to. MAKEOBJDIRPREFIX must be defined in an environment variable, and not on the command line, or in /etc/make.conf. buildworld will warn if it is improperly defined. FORMAT: This file contains a list, in reverse chronological order, of major breakages in tracking -current. It is not guaranteed to be a complete list of such breakages, and only contains entries since September 23, 2011. If you need to see UPDATING entries from before that date, you will need to fetch an UPDATING file from an older FreeBSD release. Copyright information: Copyright 1998-2009 M. Warner Losh. All Rights Reserved. Redistribution, publication, translation and use, with or without modification, in full or in part, in any form or format of this document are permitted without further permission from the author. THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Contact Warner Losh if you have any questions about your use of this document. $FreeBSD$ Index: stable/12/contrib/ntp/ntpd/ntpd.c =================================================================== --- stable/12/contrib/ntp/ntpd/ntpd.c (revision 352864) +++ stable/12/contrib/ntp/ntpd/ntpd.c (revision 352865) @@ -1,1760 +1,1760 @@ /* * ntpd.c - main program for the fixed point NTP daemon */ #ifdef HAVE_CONFIG_H # include #endif #include "ntp_machine.h" #include "ntpd.h" #include "ntp_io.h" #include "ntp_stdlib.h" #include #include "ntp_config.h" #include "ntp_syslog.h" #include "ntp_assert.h" #include "isc/error.h" #include "isc/strerror.h" #include "isc/formatcheck.h" #include "iosignal.h" #ifdef SIM # include "ntpsim.h" #endif #include "ntp_libopts.h" #include "ntpd-opts.h" /* there's a short treatise below what the thread stuff is for. * [Bug 2954] enable the threading warm-up only for Linux. */ #if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS) # ifdef HAVE_PTHREAD_H # include # endif # if defined(linux) # define NEED_PTHREAD_WARMUP # endif #endif #ifdef HAVE_UNISTD_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #include #ifdef HAVE_SYS_PARAM_H # include #endif #ifdef HAVE_SYS_SIGNAL_H # include #else # include #endif #ifdef HAVE_SYS_IOCTL_H # include #endif /* HAVE_SYS_IOCTL_H */ #if defined(HAVE_RTPRIO) # ifdef HAVE_SYS_LOCK_H # include # endif # include #else # ifdef HAVE_PLOCK # ifdef HAVE_SYS_LOCK_H # include # endif # endif #endif #if defined(HAVE_SCHED_SETSCHEDULER) # ifdef HAVE_SCHED_H # include # else # ifdef HAVE_SYS_SCHED_H # include # endif # endif #endif #if defined(HAVE_SYS_MMAN_H) # include #endif #ifdef HAVE_TERMIOS_H # include #endif #ifdef SYS_DOMAINOS # include #endif /* SYS_DOMAINOS */ #include "recvbuff.h" #include "ntp_cmdargs.h" #if 0 /* HMS: I don't think we need this. 961223 */ #ifdef LOCK_PROCESS # ifdef SYS_SOLARIS # include # else # include # endif #endif #endif #ifdef SYS_WINNT # include "ntservice.h" #endif #ifdef _AIX # include #endif /* _AIX */ #ifdef SCO5_CLOCK # include #endif #ifdef HAVE_DROPROOT # include # include # include #ifdef HAVE_LINUX_CAPABILITIES # include # include #endif /* HAVE_LINUX_CAPABILITIES */ #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS) # include #endif /* HAVE_PRIV_H */ #if defined(HAVE_TRUSTEDBSD_MAC) # include #endif /* HAVE_TRUSTEDBSD_MAC */ #endif /* HAVE_DROPROOT */ #if defined (LIBSECCOMP) && (KERN_SECCOMP) /* # include */ # include # include #endif /* LIBSECCOMP and KERN_SECCOMP */ #ifdef HAVE_DNSREGISTRATION # include DNSServiceRef mdns; #endif #ifdef HAVE_SETPGRP_0 # define ntp_setpgrp(x, y) setpgrp() #else # define ntp_setpgrp(x, y) setpgrp(x, y) #endif #ifdef HAVE_SOLARIS_PRIVS # define LOWPRIVS "basic,sys_time,net_privaddr,proc_setid,!proc_info,!proc_session,!proc_exec" static priv_set_t *lowprivs = NULL; static priv_set_t *highprivs = NULL; #endif /* HAVE_SOLARIS_PRIVS */ /* * Scheduling priority we run at */ #define NTPD_PRIO (-12) int priority_done = 2; /* 0 - Set priority */ /* 1 - priority is OK where it is */ /* 2 - Don't set priority */ /* 1 and 2 are pretty much the same */ int listen_to_virtual_ips = TRUE; /* * No-fork flag. If set, we do not become a background daemon. */ int nofork; /* Fork by default */ #ifdef HAVE_DNSREGISTRATION /* * mDNS registration flag. If set, we attempt to register with the mDNS system, but only * after we have synched the first time. If the attempt fails, then try again once per * minute for up to 5 times. After all, we may be starting before mDNS. */ int mdnsreg = FALSE; int mdnstries = 5; #endif /* HAVE_DNSREGISTRATION */ #ifdef HAVE_DROPROOT int droproot; int root_dropped; char *user; /* User to switch to */ char *group; /* group to switch to */ const char *chrootdir; /* directory to chroot to */ uid_t sw_uid; gid_t sw_gid; struct group *gr; struct passwd *pw; #endif /* HAVE_DROPROOT */ #ifdef HAVE_WORKING_FORK int waitsync_fd_to_close = -1; /* -w/--wait-sync */ #endif /* * Version declaration */ extern const char *Version; char const *progname; int was_alarmed; #ifdef DECL_SYSCALL /* * We put this here, since the argument profile is syscall-specific */ extern int syscall (int, ...); #endif /* DECL_SYSCALL */ #if !defined(SIM) && defined(SIGDIE1) static volatile int signalled = 0; static volatile int signo = 0; /* In an ideal world, 'finish_safe()' would declared as noreturn... */ static void finish_safe (int); static RETSIGTYPE finish (int); #endif #if !defined(SIM) && defined(HAVE_WORKING_FORK) static int wait_child_sync_if (int, long); #endif #if !defined(SIM) && !defined(SYS_WINNT) # ifdef DEBUG static RETSIGTYPE moredebug (int); static RETSIGTYPE lessdebug (int); # else /* !DEBUG follows */ static RETSIGTYPE no_debug (int); # endif /* !DEBUG */ #endif /* !SIM && !SYS_WINNT */ #ifndef WORK_FORK int saved_argc; char ** saved_argv; #endif #ifndef SIM int ntpdmain (int, char **); static void set_process_priority (void); static void assertion_failed (const char *, int, isc_assertiontype_t, const char *) __attribute__ ((__noreturn__)); static void library_fatal_error (const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); static void library_unexpected_error(const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); #endif /* !SIM */ /* Bug2332 unearthed a problem in the interaction of reduced user * privileges, the limits on memory usage and some versions of the * pthread library on Linux systems. The 'pthread_cancel()' function and * likely some others need to track the stack of the thread involved, * and uses a function that comes from GCC (--> libgcc_s.so) to do * this. Unfortunately the developers of glibc decided to load the * library on demand, which speeds up program start but can cause * trouble here: Due to all the things NTPD does to limit its resource * usage, this deferred load of libgcc_s does not always work once the * restrictions are in effect. * * One way out of this was attempting a forced link against libgcc_s * when possible because it makes the library available immediately * without deferred load. (The symbol resolution would still be dynamic * and on demand, but the code would already be in the process image.) * * This is a tricky thing to do, since it's not necessary everywhere, * not possible everywhere, has shown to break the build of other * programs in the NTP suite and is now generally frowned upon. * * So we take a different approach here: We creat a worker thread that does * actually nothing except waiting for cancellation and cancel it. If * this is done before all the limitations are put in place, the * machinery is pre-heated and all the runtime stuff should be in place * and useable when needed. * * This uses only the standard pthread API and should work with all * implementations of pthreads. It is not necessary everywhere, but it's * cheap enough to go on nearly unnoticed. * * Addendum: Bug 2954 showed that the assumption that this should work * with all OS is wrong -- at least FreeBSD bombs heavily. */ #ifdef NEED_PTHREAD_WARMUP /* simple thread function: sleep until cancelled, just to exercise * thread cancellation. */ static void* my_pthread_warmup_worker( void *thread_args) { (void)thread_args; for (;;) sleep(10); return NULL; } /* pre-heat threading: create a thread and cancel it, just to exercise * thread cancellation. */ static void my_pthread_warmup(void) { pthread_t thread; pthread_attr_t thr_attr; int rc; pthread_attr_init(&thr_attr); #if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \ defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \ defined(PTHREAD_STACK_MIN) { size_t ssmin = 32*1024; /* 32kB should be minimum */ if (ssmin < PTHREAD_STACK_MIN) ssmin = PTHREAD_STACK_MIN; rc = pthread_attr_setstacksize(&thr_attr, ssmin); if (0 != rc) msyslog(LOG_ERR, "my_pthread_warmup: pthread_attr_setstacksize() -> %s", strerror(rc)); } #endif rc = pthread_create( &thread, &thr_attr, my_pthread_warmup_worker, NULL); pthread_attr_destroy(&thr_attr); if (0 != rc) { msyslog(LOG_ERR, "my_pthread_warmup: pthread_create() -> %s", strerror(rc)); } else { pthread_cancel(thread); pthread_join(thread, NULL); } } #endif /*defined(NEED_PTHREAD_WARMUP)*/ #ifdef NEED_EARLY_FORK static void dummy_callback(void) { return; } static void fork_nonchroot_worker(void) { getaddrinfo_sometime("localhost", "ntp", NULL, INITIAL_DNS_RETRY, (gai_sometime_callback)&dummy_callback, NULL); } #endif /* NEED_EARLY_FORK */ void parse_cmdline_opts( int * pargc, char ***pargv ) { static int parsed; static int optct; if (!parsed) optct = ntpOptionProcess(&ntpdOptions, *pargc, *pargv); parsed = 1; *pargc -= optct; *pargv += optct; } #ifdef SIM int main( int argc, char *argv[] ) { progname = argv[0]; parse_cmdline_opts(&argc, &argv); #ifdef DEBUG debug = OPT_VALUE_SET_DEBUG_LEVEL; DPRINTF(1, ("%s\n", Version)); #endif return ntpsim(argc, argv); } #else /* !SIM follows */ #ifdef NO_MAIN_ALLOWED CALL(ntpd,"ntpd",ntpdmain); #else /* !NO_MAIN_ALLOWED follows */ #ifndef SYS_WINNT int main( int argc, char *argv[] ) { return ntpdmain(argc, argv); } #endif /* !SYS_WINNT */ #endif /* !NO_MAIN_ALLOWED */ #endif /* !SIM */ #ifdef _AIX /* * OK. AIX is different than solaris in how it implements plock(). * If you do NOT adjust the stack limit, you will get the MAXIMUM * stack size allocated and PINNED with you program. To check the * value, use ulimit -a. * * To fix this, we create an automatic variable and set our stack limit * to that PLUS 32KB of extra space (we need some headroom). * * This subroutine gets the stack address. * * Grover Davidson and Matt Ladendorf * */ static char * get_aix_stack(void) { char ch; return (&ch); } /* * Signal handler for SIGDANGER. */ static void catch_danger(int signo) { msyslog(LOG_INFO, "ntpd: setpgid(): %m"); /* Make the system believe we'll free something, but don't do it! */ return; } #endif /* _AIX */ /* * Set the process priority */ #ifndef SIM static void set_process_priority(void) { # ifdef DEBUG if (debug > 1) msyslog(LOG_DEBUG, "set_process_priority: %s: priority_done is <%d>", ((priority_done) ? "Leave priority alone" : "Attempt to set priority" ), priority_done); # endif /* DEBUG */ # if defined(HAVE_SCHED_SETSCHEDULER) if (!priority_done) { extern int config_priority_override, config_priority; int pmax, pmin; struct sched_param sched; pmax = sched_get_priority_max(SCHED_FIFO); sched.sched_priority = pmax; if ( config_priority_override ) { pmin = sched_get_priority_min(SCHED_FIFO); if ( config_priority > pmax ) sched.sched_priority = pmax; else if ( config_priority < pmin ) sched.sched_priority = pmin; else sched.sched_priority = config_priority; } if ( sched_setscheduler(0, SCHED_FIFO, &sched) == -1 ) msyslog(LOG_ERR, "sched_setscheduler(): %m"); else ++priority_done; } # endif /* HAVE_SCHED_SETSCHEDULER */ # ifdef HAVE_RTPRIO # ifdef RTP_SET if (!priority_done) { struct rtprio srtp; srtp.type = RTP_PRIO_REALTIME; /* was: RTP_PRIO_NORMAL */ srtp.prio = 0; /* 0 (hi) -> RTP_PRIO_MAX (31,lo) */ if (rtprio(RTP_SET, getpid(), &srtp) < 0) msyslog(LOG_ERR, "rtprio() error: %m"); else ++priority_done; } # else /* !RTP_SET follows */ if (!priority_done) { if (rtprio(0, 120) < 0) msyslog(LOG_ERR, "rtprio() error: %m"); else ++priority_done; } # endif /* !RTP_SET */ # endif /* HAVE_RTPRIO */ # if defined(NTPD_PRIO) && NTPD_PRIO != 0 # ifdef HAVE_ATT_NICE if (!priority_done) { errno = 0; if (-1 == nice (NTPD_PRIO) && errno != 0) msyslog(LOG_ERR, "nice() error: %m"); else ++priority_done; } # endif /* HAVE_ATT_NICE */ # ifdef HAVE_BSD_NICE if (!priority_done) { if (-1 == setpriority(PRIO_PROCESS, 0, NTPD_PRIO)) msyslog(LOG_ERR, "setpriority() error: %m"); else ++priority_done; } # endif /* HAVE_BSD_NICE */ # endif /* NTPD_PRIO && NTPD_PRIO != 0 */ if (!priority_done) msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority"); } #endif /* !SIM */ #if !defined(SIM) && !defined(SYS_WINNT) /* * Detach from terminal (much like daemon()) * Nothe that this function calls exit() */ # ifdef HAVE_WORKING_FORK static void detach_from_terminal( int pipe_fds[2], long wait_sync, const char *logfilename ) { int rc; int exit_code; # if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY) int fid; # endif # ifdef _AIX struct sigaction sa; # endif rc = fork(); if (-1 == rc) { exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "fork: %m"); exit(exit_code); } if (rc > 0) { /* parent */ exit_code = wait_child_sync_if(pipe_fds[0], wait_sync); exit(exit_code); } /* * child/daemon * close all open files excepting waitsync_fd_to_close. * msyslog() unreliable until after init_logging(). */ closelog(); if (syslog_file != NULL) { fclose(syslog_file); syslog_file = NULL; syslogit = TRUE; } close_all_except(waitsync_fd_to_close); INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ && 2 == dup2(0, 2)); init_logging(progname, 0, TRUE); /* we lost our logfile (if any) daemonizing */ setup_logfile(logfilename); # ifdef SYS_DOMAINOS { uid_$t puid; status_$t st; proc2_$who_am_i(&puid); proc2_$make_server(&puid, &st); } # endif /* SYS_DOMAINOS */ # ifdef HAVE_SETSID if (setsid() == (pid_t)-1) msyslog(LOG_ERR, "setsid(): %m"); # elif defined(HAVE_SETPGID) if (setpgid(0, 0) == -1) msyslog(LOG_ERR, "setpgid(): %m"); # else /* !HAVE_SETSID && !HAVE_SETPGID follows */ # ifdef TIOCNOTTY fid = open("/dev/tty", 2); if (fid >= 0) { ioctl(fid, (u_long)TIOCNOTTY, NULL); close(fid); } # endif /* TIOCNOTTY */ ntp_setpgrp(0, getpid()); # endif /* !HAVE_SETSID && !HAVE_SETPGID */ # ifdef _AIX /* Don't get killed by low-on-memory signal. */ sa.sa_handler = catch_danger; sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sigaction(SIGDANGER, &sa, NULL); # endif /* _AIX */ return; } # endif /* HAVE_WORKING_FORK */ #ifdef HAVE_DROPROOT /* * Map user name/number to user ID */ static int map_user( ) { char *endp; if (isdigit((unsigned char)*user)) { sw_uid = (uid_t)strtoul(user, &endp, 0); if (*endp != '\0') goto getuser; if ((pw = getpwuid(sw_uid)) != NULL) { free(user); user = estrdup(pw->pw_name); sw_gid = pw->pw_gid; } else { errno = 0; msyslog(LOG_ERR, "Cannot find user ID %s", user); return 0; } } else { getuser: errno = 0; if ((pw = getpwnam(user)) != NULL) { sw_uid = pw->pw_uid; sw_gid = pw->pw_gid; } else { if (errno) msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user); else msyslog(LOG_ERR, "Cannot find user `%s'", user); return 0; } } return 1; } /* * Map group name/number to group ID */ static int map_group(void) { char *endp; if (isdigit((unsigned char)*group)) { sw_gid = (gid_t)strtoul(group, &endp, 0); if (*endp != '\0') goto getgroup; } else { getgroup: if ((gr = getgrnam(group)) != NULL) { sw_gid = gr->gr_gid; } else { errno = 0; msyslog(LOG_ERR, "Cannot find group `%s'", group); return 0; } } return 1; } static int set_group_ids(void) { if (user && initgroups(user, sw_gid)) { msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); return 0; } if (group && setgid(sw_gid)) { msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); return 0; } if (group && setegid(sw_gid)) { msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); return 0; } if (group) { if (0 != setgroups(1, &sw_gid)) { msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid); return 0; } } else if (pw) if (0 != initgroups(pw->pw_name, pw->pw_gid)) { msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid); return 0; } return 1; } static int set_user_ids(void) { if (user && setuid(sw_uid)) { msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); return 0; } if (user && seteuid(sw_uid)) { msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); return 0; } return 1; } /* * Change (effective) user and group IDs, also initialize the supplementary group access list */ int set_user_group_ids(void); int set_user_group_ids(void) { /* If the the user was already mapped, no need to map it again */ if ((NULL != user) && (0 == sw_uid)) { if (0 == map_user()) exit (-1); } /* same applies for the group */ if ((NULL != group) && (0 == sw_gid)) { if (0 == map_group()) exit (-1); } if (getegid() != sw_gid && 0 == set_group_ids()) return 0; if (geteuid() != sw_uid && 0 == set_user_ids()) return 0; return 1; } #endif /* HAVE_DROPROOT */ #endif /* !SIM */ /* * Main program. Initialize us, disconnect us from the tty if necessary, * and loop waiting for I/O and/or timer expiries. */ #ifndef SIM int ntpdmain( int argc, char *argv[] ) { l_fp now; struct recvbuf *rbuf; const char * logfilename; # ifdef HAVE_UMASK mode_t uv; # endif # if defined(HAVE_GETUID) && !defined(MPE) /* MPE lacks the concept of root */ uid_t uid; # endif # if defined(HAVE_WORKING_FORK) long wait_sync = 0; int pipe_fds[2]; int rc; int exit_code; # endif /* HAVE_WORKING_FORK*/ # ifdef SCO5_CLOCK int fd; int zero; # endif # ifdef NEED_PTHREAD_WARMUP my_pthread_warmup(); # endif # ifdef HAVE_UMASK uv = umask(0); if (uv) umask(uv); else umask(022); # endif saved_argc = argc; saved_argv = argv; progname = argv[0]; initializing = TRUE; /* mark that we are initializing */ parse_cmdline_opts(&argc, &argv); # ifdef DEBUG debug = OPT_VALUE_SET_DEBUG_LEVEL; # ifdef HAVE_SETLINEBUF setlinebuf(stdout); # endif # endif if (HAVE_OPT(NOFORK) || HAVE_OPT(QUIT) # ifdef DEBUG || debug # endif || HAVE_OPT(SAVECONFIGQUIT)) nofork = TRUE; init_logging(progname, NLOG_SYNCMASK, TRUE); /* honor -l/--logfile option to log to a file */ if (HAVE_OPT(LOGFILE)) { logfilename = OPT_ARG(LOGFILE); syslogit = FALSE; change_logfile(logfilename, FALSE); } else { logfilename = NULL; if (nofork) msyslog_term = TRUE; if (HAVE_OPT(SAVECONFIGQUIT)) syslogit = FALSE; } msyslog(LOG_NOTICE, "%s: Starting", Version); { int i; char buf[1024]; /* Secret knowledge of msyslog buf length */ char *cp = buf; /* Note that every arg has an initial space character */ snprintf(cp, sizeof(buf), "Command line:"); cp += strlen(cp); for (i = 0; i < saved_argc ; ++i) { snprintf(cp, sizeof(buf) - (cp - buf), " %s", saved_argv[i]); cp += strlen(cp); } msyslog(LOG_INFO, "%s", buf); } /* * Install trap handlers to log errors and assertion failures. * Default handlers print to stderr which doesn't work if detached. */ isc_assertion_setcallback(assertion_failed); isc_error_setfatal(library_fatal_error); isc_error_setunexpected(library_unexpected_error); /* MPE lacks the concept of root */ # if defined(HAVE_GETUID) && !defined(MPE) uid = getuid(); if (uid && !HAVE_OPT( SAVECONFIGQUIT ) # if defined(HAVE_TRUSTEDBSD_MAC) /* We can run as non-root if the mac_ntpd policy is enabled. */ && mac_is_present("ntpd") != 1 # endif ) { msyslog_term = TRUE; msyslog(LOG_ERR, "must be run as root, not uid %ld", (long)uid); exit(1); } # endif /* * Enable the Multi-Media Timer for Windows? */ # ifdef SYS_WINNT if (HAVE_OPT( MODIFYMMTIMER )) set_mm_timer(MM_TIMER_HIRES); # endif #ifdef HAVE_DNSREGISTRATION /* * Enable mDNS registrations? */ if (HAVE_OPT( MDNS )) { mdnsreg = TRUE; } #endif /* HAVE_DNSREGISTRATION */ if (HAVE_OPT( NOVIRTUALIPS )) listen_to_virtual_ips = 0; /* * --interface, listen on specified interfaces */ if (HAVE_OPT( INTERFACE )) { int ifacect = STACKCT_OPT( INTERFACE ); const char** ifaces = STACKLST_OPT( INTERFACE ); sockaddr_u addr; while (ifacect-- > 0) { add_nic_rule( is_ip_address(*ifaces, AF_UNSPEC, &addr) ? MATCH_IFADDR : MATCH_IFNAME, *ifaces, -1, ACTION_LISTEN); ifaces++; } } if (HAVE_OPT( NICE )) priority_done = 0; # ifdef HAVE_SCHED_SETSCHEDULER if (HAVE_OPT( PRIORITY )) { config_priority = OPT_VALUE_PRIORITY; config_priority_override = 1; priority_done = 0; } # endif # ifdef HAVE_WORKING_FORK /* make sure the FDs are initialised */ pipe_fds[0] = -1; pipe_fds[1] = -1; do { /* 'loop' once */ if (!HAVE_OPT( WAIT_SYNC )) break; wait_sync = OPT_VALUE_WAIT_SYNC; if (wait_sync <= 0) { wait_sync = 0; break; } /* -w requires a fork() even with debug > 0 */ nofork = FALSE; if (pipe(pipe_fds)) { exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "Pipe creation failed for --wait-sync: %m"); exit(exit_code); } waitsync_fd_to_close = pipe_fds[1]; } while (0); /* 'loop' once */ # endif /* HAVE_WORKING_FORK */ init_lib(); # ifdef SYS_WINNT /* * Make sure the service is initialized before we do anything else */ ntservice_init(); /* * Start interpolation thread, must occur before first * get_systime() */ init_winnt_time(); # endif /* * Initialize random generator and public key pair */ get_systime(&now); ntp_srandom((int)(now.l_i * now.l_uf)); /* * Detach us from the terminal. May need an #ifndef GIZMO. */ if (!nofork) { # ifdef HAVE_WORKING_FORK detach_from_terminal(pipe_fds, wait_sync, logfilename); # endif /* HAVE_WORKING_FORK */ } # ifdef SCO5_CLOCK /* * SCO OpenServer's system clock offers much more precise timekeeping * on the base CPU than the other CPUs (for multiprocessor systems), * so we must lock to the base CPU. */ fd = open("/dev/at1", O_RDONLY); if (fd >= 0) { zero = 0; if (ioctl(fd, ACPU_LOCK, &zero) < 0) msyslog(LOG_ERR, "cannot lock to base CPU: %m"); close(fd); } # endif /* Setup stack size in preparation for locking pages in memory. */ # if defined(HAVE_MLOCKALL) # ifdef HAVE_SETRLIMIT ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); -# ifdef RLIMIT_MEMLOCK +# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 /* * The default RLIMIT_MEMLOCK is very low on Linux systems. * Unless we increase this limit malloc calls are likely to * fail if we drop root privilege. To be useful the value * has to be larger than the largest ntpd resident set size. */ ntp_rlimit(RLIMIT_MEMLOCK, DFLT_RLIMIT_MEMLOCK * 1024 * 1024, 1024 * 1024, "MB"); # endif /* RLIMIT_MEMLOCK */ # endif /* HAVE_SETRLIMIT */ # else /* !HAVE_MLOCKALL follows */ # ifdef HAVE_PLOCK # ifdef PROCLOCK # ifdef _AIX /* * set the stack limit for AIX for plock(). * see get_aix_stack() for more info. */ if (ulimit(SET_STACKLIM, (get_aix_stack() - 8 * 4096)) < 0) msyslog(LOG_ERR, "Cannot adjust stack limit for plock: %m"); # endif /* _AIX */ # endif /* PROCLOCK */ # endif /* HAVE_PLOCK */ # endif /* !HAVE_MLOCKALL */ /* * Set up signals we pay attention to locally. */ # ifdef SIGDIE1 signal_no_reset(SIGDIE1, finish); signal_no_reset(SIGDIE2, finish); signal_no_reset(SIGDIE3, finish); signal_no_reset(SIGDIE4, finish); # endif # ifdef SIGBUS signal_no_reset(SIGBUS, finish); # endif # if !defined(SYS_WINNT) && !defined(VMS) # ifdef DEBUG (void) signal_no_reset(MOREDEBUGSIG, moredebug); (void) signal_no_reset(LESSDEBUGSIG, lessdebug); # else (void) signal_no_reset(MOREDEBUGSIG, no_debug); (void) signal_no_reset(LESSDEBUGSIG, no_debug); # endif /* DEBUG */ # endif /* !SYS_WINNT && !VMS */ /* * Set up signals we should never pay attention to. */ # ifdef SIGPIPE signal_no_reset(SIGPIPE, SIG_IGN); # endif /* * Call the init_ routines to initialize the data structures. * * Exactly what command-line options are we expecting here? */ INIT_SSL(); init_auth(); init_util(); init_restrict(); init_mon(); init_timer(); init_request(); init_control(); init_peer(); # ifdef REFCLOCK init_refclock(); # endif set_process_priority(); init_proto(); /* Call at high priority */ init_io(); init_loopfilter(); mon_start(MON_ON); /* monitor on by default now */ /* turn off in config if unwanted */ /* * Get the configuration. This is done in a separate module * since this will definitely be different for the gizmo board. */ getconfig(argc, argv); if (-1 == cur_memlock) { # if defined(HAVE_MLOCKALL) /* * lock the process into memory */ if ( !HAVE_OPT(SAVECONFIGQUIT) # ifdef RLIMIT_MEMLOCK && -1 != DFLT_RLIMIT_MEMLOCK # endif && 0 != mlockall(MCL_CURRENT|MCL_FUTURE)) msyslog(LOG_ERR, "mlockall(): %m"); # else /* !HAVE_MLOCKALL follows */ # ifdef HAVE_PLOCK # ifdef PROCLOCK /* * lock the process into memory */ if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(PROCLOCK)) msyslog(LOG_ERR, "plock(PROCLOCK): %m"); # else /* !PROCLOCK follows */ # ifdef TXTLOCK /* * Lock text into ram */ if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(TXTLOCK)) msyslog(LOG_ERR, "plock(TXTLOCK) error: %m"); # else /* !TXTLOCK follows */ msyslog(LOG_ERR, "plock() - don't know what to lock!"); # endif /* !TXTLOCK */ # endif /* !PROCLOCK */ # endif /* HAVE_PLOCK */ # endif /* !HAVE_MLOCKALL */ } loop_config(LOOP_DRIFTINIT, 0); report_event(EVNT_SYSRESTART, NULL, NULL); initializing = FALSE; # ifdef HAVE_DROPROOT if (droproot) { #ifdef NEED_EARLY_FORK fork_nonchroot_worker(); #endif /* Drop super-user privileges and chroot now if the OS supports this */ # ifdef HAVE_LINUX_CAPABILITIES /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */ if (prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1) { msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" ); exit(-1); } # elif HAVE_SOLARIS_PRIVS /* Nothing to do here */ # else /* we need a user to switch to */ if (user == NULL) { msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" ); exit(-1); } # endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */ if (user != NULL) { if (0 == map_user()) exit (-1); } if (group != NULL) { if (0 == map_group()) exit (-1); } if (chrootdir ) { /* make sure cwd is inside the jail: */ if (chdir(chrootdir)) { msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir); exit (-1); } if (chroot(chrootdir)) { msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); exit (-1); } if (chdir("/")) { msyslog(LOG_ERR, "Cannot chdir() to`root after chroot(): %m"); exit (-1); } } # ifdef HAVE_SOLARIS_PRIVS if ((lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) { msyslog(LOG_ERR, "priv_str_to_set() failed:%m"); exit(-1); } if ((highprivs = priv_allocset()) == NULL) { msyslog(LOG_ERR, "priv_allocset() failed:%m"); exit(-1); } (void) getppriv(PRIV_PERMITTED, highprivs); (void) priv_intersect(highprivs, lowprivs); if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { msyslog(LOG_ERR, "setppriv() failed:%m"); exit(-1); } # endif /* HAVE_SOLARIS_PRIVS */ if (0 == set_user_group_ids()) exit(-1); # if defined(HAVE_TRUSTEDBSD_MAC) /* * To manipulate system time and (re-)bind to NTP_PORT as needed * following interface changes, we must either run as uid 0 or * the mac_ntpd policy module must be enabled. */ if (sw_uid != 0 && mac_is_present("ntpd") != 1) { msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges"); exit (-1); } # elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) /* * for now assume that the privilege to bind to privileged ports * is associated with running with uid 0 - should be refined on * ports that allow binding to NTP_PORT with uid != 0 */ disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */ # endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */ if (disable_dynamic_updates && interface_interval) { interface_interval = 0; msyslog(LOG_INFO, "running as non-root disables dynamic interface tracking"); } # ifdef HAVE_LINUX_CAPABILITIES { /* * We may be running under non-root uid now, but we still hold full root privileges! * We drop all of them, except for the crucial one or two: cap_sys_time and * cap_net_bind_service if doing dynamic interface tracking. */ cap_t caps; char *captext; captext = (0 != interface_interval) ? "cap_sys_time,cap_net_bind_service=pe" : "cap_sys_time=pe"; caps = cap_from_text(captext); if (!caps) { msyslog(LOG_ERR, "cap_from_text(%s) failed: %m", captext); exit(-1); } if (-1 == cap_set_proc(caps)) { msyslog(LOG_ERR, "cap_set_proc() failed to drop root privs: %m"); exit(-1); } cap_free(caps); } # endif /* HAVE_LINUX_CAPABILITIES */ # ifdef HAVE_SOLARIS_PRIVS if (priv_delset(lowprivs, "proc_setid") == -1) { msyslog(LOG_ERR, "priv_delset() failed:%m"); exit(-1); } if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { msyslog(LOG_ERR, "setppriv() failed:%m"); exit(-1); } priv_freeset(lowprivs); priv_freeset(highprivs); # endif /* HAVE_SOLARIS_PRIVS */ root_dropped = TRUE; fork_deferred_worker(); } /* if (droproot) */ # endif /* HAVE_DROPROOT */ /* libssecomp sandboxing */ #if defined (LIBSECCOMP) && (KERN_SECCOMP) scmp_filter_ctx ctx; if ((ctx = seccomp_init(SCMP_ACT_KILL)) < 0) msyslog(LOG_ERR, "%s: seccomp_init(SCMP_ACT_KILL) failed: %m", __func__); else { msyslog(LOG_DEBUG, "%s: seccomp_init(SCMP_ACT_KILL) succeeded", __func__); } #ifdef __x86_64__ int scmp_sc[] = { SCMP_SYS(adjtimex), SCMP_SYS(bind), SCMP_SYS(brk), SCMP_SYS(chdir), SCMP_SYS(clock_gettime), SCMP_SYS(clock_settime), SCMP_SYS(close), SCMP_SYS(connect), SCMP_SYS(exit_group), SCMP_SYS(fstat), SCMP_SYS(fsync), SCMP_SYS(futex), SCMP_SYS(getitimer), SCMP_SYS(getsockname), SCMP_SYS(ioctl), SCMP_SYS(lseek), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(munmap), SCMP_SYS(open), SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(recvmsg), SCMP_SYS(rename), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigprocmask), SCMP_SYS(rt_sigreturn), SCMP_SYS(select), SCMP_SYS(sendto), SCMP_SYS(setitimer), SCMP_SYS(setsid), SCMP_SYS(socket), SCMP_SYS(stat), SCMP_SYS(time), SCMP_SYS(write), }; #endif #ifdef __i386__ int scmp_sc[] = { SCMP_SYS(_newselect), SCMP_SYS(adjtimex), SCMP_SYS(brk), SCMP_SYS(chdir), SCMP_SYS(clock_gettime), SCMP_SYS(clock_settime), SCMP_SYS(close), SCMP_SYS(exit_group), SCMP_SYS(fsync), SCMP_SYS(futex), SCMP_SYS(getitimer), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap), SCMP_SYS(open), SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(rename), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigprocmask), SCMP_SYS(select), SCMP_SYS(setitimer), SCMP_SYS(setsid), SCMP_SYS(sigprocmask), SCMP_SYS(sigreturn), SCMP_SYS(socketcall), SCMP_SYS(stat64), SCMP_SYS(time), SCMP_SYS(write), }; #endif { int i; for (i = 0; i < COUNTOF(scmp_sc); i++) { if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) { msyslog(LOG_ERR, "%s: seccomp_rule_add() failed: %m", __func__); } } } if (seccomp_load(ctx) < 0) msyslog(LOG_ERR, "%s: seccomp_load() failed: %m", __func__); else { msyslog(LOG_DEBUG, "%s: seccomp_load() succeeded", __func__); } #endif /* LIBSECCOMP and KERN_SECCOMP */ #ifdef SYS_WINNT ntservice_isup(); #endif # ifdef HAVE_IO_COMPLETION_PORT for (;;) { #if !defined(SIM) && defined(SIGDIE1) if (signalled) finish_safe(signo); #endif GetReceivedBuffers(); # else /* normal I/O */ BLOCK_IO_AND_ALARM(); was_alarmed = FALSE; for (;;) { #if !defined(SIM) && defined(SIGDIE1) if (signalled) finish_safe(signo); #endif if (alarm_flag) { /* alarmed? */ was_alarmed = TRUE; alarm_flag = FALSE; } /* collect async name/addr results */ if (!was_alarmed) harvest_blocking_responses(); if (!was_alarmed && !has_full_recv_buffer()) { /* * Nothing to do. Wait for something. */ io_handler(); } if (alarm_flag) { /* alarmed? */ was_alarmed = TRUE; alarm_flag = FALSE; } if (was_alarmed) { UNBLOCK_IO_AND_ALARM(); /* * Out here, signals are unblocked. Call timer routine * to process expiry. */ timer(); was_alarmed = FALSE; BLOCK_IO_AND_ALARM(); } # endif /* !HAVE_IO_COMPLETION_PORT */ # ifdef DEBUG_TIMING { l_fp pts; l_fp tsa, tsb; int bufcount = 0; get_systime(&pts); tsa = pts; # endif rbuf = get_full_recv_buffer(); while (rbuf != NULL) { if (alarm_flag) { was_alarmed = TRUE; alarm_flag = FALSE; } UNBLOCK_IO_AND_ALARM(); if (was_alarmed) { /* avoid timer starvation during lengthy I/O handling */ timer(); was_alarmed = FALSE; } /* * Call the data procedure to handle each received * packet. */ if (rbuf->receiver != NULL) { # ifdef DEBUG_TIMING l_fp dts = pts; L_SUB(&dts, &rbuf->recv_time); DPRINTF(2, ("processing timestamp delta %s (with prec. fuzz)\n", lfptoa(&dts, 9))); collect_timing(rbuf, "buffer processing delay", 1, &dts); bufcount++; # endif (*rbuf->receiver)(rbuf); } else { msyslog(LOG_ERR, "fatal: receive buffer callback NULL"); abort(); } BLOCK_IO_AND_ALARM(); freerecvbuf(rbuf); rbuf = get_full_recv_buffer(); } # ifdef DEBUG_TIMING get_systime(&tsb); L_SUB(&tsb, &tsa); if (bufcount) { collect_timing(NULL, "processing", bufcount, &tsb); DPRINTF(2, ("processing time for %d buffers %s\n", bufcount, lfptoa(&tsb, 9))); } } # endif /* * Go around again */ # ifdef HAVE_DNSREGISTRATION if (mdnsreg && (current_time - mdnsreg ) > 60 && mdnstries && sys_leap != LEAP_NOTINSYNC) { mdnsreg = current_time; msyslog(LOG_INFO, "Attempting to register mDNS"); if ( DNSServiceRegister (&mdns, 0, 0, NULL, "_ntp._udp", NULL, NULL, htons(NTP_PORT), 0, NULL, NULL, NULL) != kDNSServiceErr_NoError ) { if (!--mdnstries) { msyslog(LOG_ERR, "Unable to register mDNS, giving up."); } else { msyslog(LOG_INFO, "Unable to register mDNS, will try later."); } } else { msyslog(LOG_INFO, "mDNS service registered."); mdnsreg = FALSE; } } # endif /* HAVE_DNSREGISTRATION */ } UNBLOCK_IO_AND_ALARM(); return 1; } #endif /* !SIM */ #if !defined(SIM) && defined(SIGDIE1) /* * finish - exit gracefully */ static void finish_safe( int sig ) { const char *sig_desc; sig_desc = NULL; #ifdef HAVE_STRSIGNAL sig_desc = strsignal(sig); #endif if (sig_desc == NULL) sig_desc = ""; msyslog(LOG_NOTICE, "%s exiting on signal %d (%s)", progname, sig, sig_desc); /* See Bug 2513 and Bug 2522 re the unlink of PIDFILE */ # ifdef HAVE_DNSREGISTRATION if (mdns != NULL) DNSServiceRefDeallocate(mdns); # endif peer_cleanup(); exit(0); } static RETSIGTYPE finish( int sig ) { signalled = 1; signo = sig; } #endif /* !SIM && SIGDIE1 */ #ifndef SIM /* * wait_child_sync_if - implements parent side of -w/--wait-sync */ # ifdef HAVE_WORKING_FORK static int wait_child_sync_if( int pipe_read_fd, long wait_sync ) { int rc; int exit_code; time_t wait_end_time; time_t cur_time; time_t wait_rem; fd_set readset; struct timeval wtimeout; if (0 == wait_sync) return 0; /* waitsync_fd_to_close used solely by child */ close(waitsync_fd_to_close); wait_end_time = time(NULL) + wait_sync; do { cur_time = time(NULL); wait_rem = (wait_end_time > cur_time) ? (wait_end_time - cur_time) : 0; wtimeout.tv_sec = wait_rem; wtimeout.tv_usec = 0; FD_ZERO(&readset); FD_SET(pipe_read_fd, &readset); rc = select(pipe_read_fd + 1, &readset, NULL, NULL, &wtimeout); if (-1 == rc) { if (EINTR == errno) continue; exit_code = (errno) ? errno : -1; msyslog(LOG_ERR, "--wait-sync select failed: %m"); return exit_code; } if (0 == rc) { /* * select() indicated a timeout, but in case * its timeouts are affected by a step of the * system clock, select() again with a zero * timeout to confirm. */ FD_ZERO(&readset); FD_SET(pipe_read_fd, &readset); wtimeout.tv_sec = 0; wtimeout.tv_usec = 0; rc = select(pipe_read_fd + 1, &readset, NULL, NULL, &wtimeout); if (0 == rc) /* select() timeout */ break; else /* readable */ return 0; } else /* readable */ return 0; } while (wait_rem > 0); fprintf(stderr, "%s: -w/--wait-sync %ld timed out.\n", progname, wait_sync); return ETIMEDOUT; } # endif /* HAVE_WORKING_FORK */ /* * assertion_failed - Redirect assertion failures to msyslog(). */ static void assertion_failed( const char *file, int line, isc_assertiontype_t type, const char *cond ) { isc_assertion_setcallback(NULL); /* Avoid recursion */ msyslog(LOG_ERR, "%s:%d: %s(%s) failed", file, line, isc_assertion_typetotext(type), cond); msyslog(LOG_ERR, "exiting (due to assertion failure)"); #if defined(DEBUG) && defined(SYS_WINNT) if (debug) DebugBreak(); #endif abort(); } /* * library_fatal_error - Handle fatal errors from our libraries. */ static void library_fatal_error( const char *file, int line, const char *format, va_list args ) { char errbuf[256]; isc_error_setfatal(NULL); /* Avoid recursion */ msyslog(LOG_ERR, "%s:%d: fatal error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); msyslog(LOG_ERR, "%s", errbuf); msyslog(LOG_ERR, "exiting (due to fatal error in library)"); #if defined(DEBUG) && defined(SYS_WINNT) if (debug) DebugBreak(); #endif abort(); } /* * library_unexpected_error - Handle non fatal errors from our libraries. */ # define MAX_UNEXPECTED_ERRORS 100 int unexpected_error_cnt = 0; static void library_unexpected_error( const char *file, int line, const char *format, va_list args ) { char errbuf[256]; if (unexpected_error_cnt >= MAX_UNEXPECTED_ERRORS) return; /* avoid clutter in log */ msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); msyslog(LOG_ERR, "%s", errbuf); if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS) msyslog(LOG_ERR, "Too many errors. Shutting up."); } #endif /* !SIM */ #if !defined(SIM) && !defined(SYS_WINNT) # ifdef DEBUG /* * moredebug - increase debugging verbosity */ static RETSIGTYPE moredebug( int sig ) { int saved_errno = errno; if (debug < 255) { debug++; msyslog(LOG_DEBUG, "debug raised to %d", debug); } errno = saved_errno; } /* * lessdebug - decrease debugging verbosity */ static RETSIGTYPE lessdebug( int sig ) { int saved_errno = errno; if (debug > 0) { debug--; msyslog(LOG_DEBUG, "debug lowered to %d", debug); } errno = saved_errno; } # else /* !DEBUG follows */ /* * no_debug - We don't do the debug here. */ static RETSIGTYPE no_debug( int sig ) { int saved_errno = errno; msyslog(LOG_DEBUG, "ntpd not compiled for debugging (signal %d)", sig); errno = saved_errno; } # endif /* !DEBUG */ #endif /* !SIM && !SYS_WINNT */ Index: stable/12/usr.sbin/ntp/config.h =================================================================== --- stable/12/usr.sbin/ntp/config.h (revision 352864) +++ stable/12/usr.sbin/ntp/config.h (revision 352865) @@ -1,1839 +1,1839 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ /* $FreeBSD$ */ /* Define if building universal (internal helper macro) */ /* #undef AC_APPLE_UNIVERSAL_BUILD */ /* Is adjtime() accurate? */ /* #undef ADJTIME_IS_ACCURATE */ /* Support NTP Autokey protocol? */ /* #define AUTOKEY 1 */ /* why not HAVE_P_S? */ /* #undef CALL_PTHREAD_SETCONCURRENCY */ /* ACTS modem service */ #define CLOCK_ACTS 1 /* Arbiter 1088A/B GPS receiver */ #define CLOCK_ARBITER 1 /* ARCRON support? */ #define CLOCK_ARCRON_MSF 1 /* Austron 2200A/2201A GPS receiver? */ #define CLOCK_AS2201 1 /* PPS interface? */ #define CLOCK_ATOM 1 /* Datum/Bancomm bc635/VME interface? */ /* #undef CLOCK_BANC */ /* Chronolog K-series WWVB receiver? */ #define CLOCK_CHRONOLOG 1 /* CHU modem/decoder */ #define CLOCK_CHU 1 /* Diems Computime Radio Clock? */ /* #undef CLOCK_COMPUTIME */ /* Datum Programmable Time System? */ #define CLOCK_DATUM 1 /* ELV/DCF7000 clock? */ /* #undef CLOCK_DCF7000 */ /* Dumb generic hh:mm:ss local clock? */ #define CLOCK_DUMBCLOCK 1 /* Forum Graphic GPS datating station driver? */ #define CLOCK_FG 1 /* GPSD JSON receiver */ #define CLOCK_GPSDJSON 1 /* TrueTime GPS receiver/VME interface? */ /* #undef CLOCK_GPSVME */ /* Heath GC-1000 WWV/WWVH receiver? */ #define CLOCK_HEATH 1 /* HOPF 6021 clock? */ /* #undef CLOCK_HOPF6021 */ /* HOPF PCI clock device? */ #define CLOCK_HOPF_PCI 1 /* HOPF serial clock device? */ #define CLOCK_HOPF_SERIAL 1 /* HP 58503A GPS receiver? */ #define CLOCK_HPGPS 1 /* IRIG audio decoder? */ #define CLOCK_IRIG 1 /* JJY receiver? */ #define CLOCK_JJY 1 /* Rockwell Jupiter GPS clock? */ #define CLOCK_JUPITER 1 /* Leitch CSD 5300 Master Clock System Driver? */ #define CLOCK_LEITCH 1 /* local clock reference? */ #define CLOCK_LOCAL 1 /* Meinberg clocks */ #define CLOCK_MEINBERG 1 /* Magnavox MX4200 GPS receiver */ /* #undef CLOCK_MX4200 */ /* NeoClock4X */ #define CLOCK_NEOCLOCK4X 1 /* NMEA GPS receiver */ #define CLOCK_NMEA 1 /* Motorola UT Oncore GPS */ #define CLOCK_ONCORE 1 /* Palisade clock */ #define CLOCK_PALISADE 1 /* PARSE driver interface */ #define CLOCK_PARSE 1 /* Conrad parallel port radio clock */ #define CLOCK_PCF 1 /* PCL 720 clock support */ /* #undef CLOCK_PPS720 */ /* PST/Traconex 1020 WWV/WWVH receiver */ #define CLOCK_PST 1 /* DCF77 raw time code */ #define CLOCK_RAWDCF 1 /* RCC 8000 clock */ /* #undef CLOCK_RCC8000 */ /* RIPE NCC Trimble clock */ /* #undef CLOCK_RIPENCC */ /* Schmid DCF77 clock */ /* #undef CLOCK_SCHMID */ /* SEL240X protocol */ /* #undef CLOCK_SEL240X */ /* clock thru shared memory */ #define CLOCK_SHM 1 /* Spectracom 8170/Netclock/2 WWVB receiver */ #define CLOCK_SPECTRACOM 1 /* KSI/Odetics TPRO/S GPS receiver/IRIG interface */ /* #undef CLOCK_TPRO */ /* Trimble GPS receiver/TAIP protocol */ /* #undef CLOCK_TRIMTAIP */ /* Trimble GPS receiver/TSIP protocol */ /* #undef CLOCK_TRIMTSIP */ /* Kinemetrics/TrueTime receivers */ #define CLOCK_TRUETIME 1 /* Spectracom TSYNC timing board */ /* #undef CLOCK_TSYNCPCI */ /* TrueTime 560 IRIG-B decoder? */ /* #undef CLOCK_TT560 */ /* Ultralink M320 WWVB receiver? */ #define CLOCK_ULINK 1 /* VARITEXT clock */ /* #undef CLOCK_VARITEXT */ /* WHARTON 400A Series clock */ /* #undef CLOCK_WHARTON_400A */ /* WWV audio driver */ #define CLOCK_WWV 1 /* Zyfer GPStarplus */ #define CLOCK_ZYFER 1 /* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP systems. This function is required for `alloca.c' support on those systems. */ /* #undef CRAY_STACKSEG_END */ /* Define to 1 if using `alloca.c'. */ /* #undef C_ALLOCA */ /* Enable debugging code? */ /* #undef DEBUG */ /* Enable processing time debugging? */ /* #undef DEBUG_TIMING */ /* Declaration style */ /* #undef DECL_ADJTIME_0 */ /* Declaration style */ /* #undef DECL_BCOPY_0 */ /* Declaration style */ /* #undef DECL_BZERO_0 */ /* Declaration style */ /* #undef DECL_CFSETISPEED_0 */ /* Declare errno? */ /* #undef DECL_ERRNO */ /* Declaration style */ /* #undef DECL_HSTRERROR_0 */ /* Declare h_errno? */ #define DECL_H_ERRNO 1 /* Declaration style */ /* #undef DECL_INET_NTOA_0 */ /* Declaration style */ /* #undef DECL_IOCTL_0 */ /* Declaration style */ /* #undef DECL_IPC_0 */ /* Declaration style */ /* #undef DECL_MEMMOVE_0 */ /* Declaration style */ /* #undef DECL_MKSTEMP_0 */ /* Declaration style */ /* #undef DECL_MKTEMP_0 */ /* Declaration style */ /* #undef DECL_NLIST_0 */ /* Declaration style */ /* #undef DECL_PLOCK_0 */ /* Declaration style */ /* #undef DECL_RENAME_0 */ /* Declaration style */ /* #undef DECL_SELECT_0 */ /* Declaration style */ /* #undef DECL_SETITIMER_0 */ /* Declaration style */ /* #undef DECL_SETPRIORITY_0 */ /* Declaration style */ /* #undef DECL_SETPRIORITY_1 */ /* Declaration style */ /* #undef DECL_SIGVEC_0 */ /* Declaration style */ /* #undef DECL_STDIO_0 */ /* Declaration style */ /* #undef DECL_STIME_0 */ /* Declaration style */ /* #undef DECL_STIME_1 */ /* Declaration style */ /* #undef DECL_STRERROR_0 */ /* Declaration style */ /* #undef DECL_STRTOL_0 */ /* Declare syscall()? */ /* #undef DECL_SYSCALL */ /* Declaration style */ /* #undef DECL_SYSLOG_0 */ /* Declaration style */ /* #undef DECL_TIMEOFDAY_0 */ /* Declaration style */ /* #undef DECL_TIME_0 */ /* Declaration style */ /* #undef DECL_TOLOWER_0 */ /* Declaration style */ /* #undef DECL_TOUPPER_0 */ /* What is the fallback value for HZ? */ #define DEFAULT_HZ 100 /* Default number of megabytes for RLIMIT_MEMLOCK */ -#define DFLT_RLIMIT_MEMLOCK 32 +#define DFLT_RLIMIT_MEMLOCK -1 /* Default number of 4k pages for RLIMIT_STACK */ #define DFLT_RLIMIT_STACK 50 /* Directory separator character, usually / or \\ */ #define DIR_SEP '/' /* use old autokey session key behavior? */ /* #undef DISABLE_BUG1243_FIX */ /* synch TODR hourly? */ /* #undef DOSYNCTODR */ /* The number of minutes in a DST adjustment */ #define DSTMINUTES 60 /* support dynamic interleave? */ #define DYNAMIC_INTERLEAVE 0 /* number of args to el_init() */ #define EL_INIT_ARGS 4 /* Provide the explicit 127.0.0.0/8 martian filter? */ #define ENABLE_BUG3020_FIX 1 /* Enable CMAC support? */ #define ENABLE_CMAC 1 /* nls support in libopts */ /* #undef ENABLE_NLS */ /* force ntpdate to step the clock if !defined(STEP_SLEW) ? */ /* #undef FORCE_NTPDATE_STEP */ /* What is getsockname()'s socklen type? */ #define GETSOCKNAME_SOCKLEN_TYPE socklen_t /* Do we have a routing socket (rt_msghdr or rtattr)? */ #define HAS_ROUTING_SOCKET 1 /* via __adjtimex */ /* #undef HAVE_ADJTIMEX */ /* Define to 1 if you have `alloca', as a function or macro. */ #define HAVE_ALLOCA 1 /* Define to 1 if you have and it should be used (not on Ultrix). */ /* #undef HAVE_ALLOCA_H */ /* Define to 1 if you have the `arc4random_buf' function. */ #define HAVE_ARC4RANDOM_BUF 1 /* Define to 1 if you have the header file. */ #define HAVE_ARPA_NAMESER_H 1 /* Define to 1 if you have the `atomic_thread_fence' function. */ /* #undef HAVE_ATOMIC_THREAD_FENCE */ /* Do we have audio support? */ #define HAVE_AUDIO /**/ /* Define to 1 if you have the header file. */ /* #undef HAVE_BSTRING_H */ /* Define to 1 if you have the `canonicalize_file_name' function. */ /* #undef HAVE_CANONICALIZE_FILE_NAME */ /* Define to 1 if you have the `chmod' function. */ #define HAVE_CHMOD 1 /* Do we have the CIOGETEV ioctl (SunOS, Linux)? */ /* #undef HAVE_CIOGETEV */ /* Define to 1 if you have the `clock_getres' function. */ #define HAVE_CLOCK_GETRES 1 /* Define to 1 if you have the `clock_gettime' function. */ #define HAVE_CLOCK_GETTIME 1 /* Define to 1 if you have the `clock_settime' function. */ #define HAVE_CLOCK_SETTIME 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_CTHREADS_H */ /* Define to 1 if you have the `daemon' function. */ #define HAVE_DAEMON 1 /* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you don't. */ #define HAVE_DECL_SIGLONGJMP 1 /* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you don't. */ #define HAVE_DECL_SIGSETJMP 1 /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you don't. */ #define HAVE_DECL_STRERROR_R 1 /* Define to 1 if you have the header file, and it defines `DIR'. */ #define HAVE_DIRENT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 /* Use Rendezvous/DNS-SD registration */ /* #undef HAVE_DNSREGISTRATION */ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ /* #undef HAVE_DOPRNT */ /* Can we drop root privileges? */ #define HAVE_DROPROOT /* Define to 1 if you have the header file. */ #define HAVE_ERRNO_H 1 /* Define to 1 if you have the `EVP_MD_do_all_sorted' function. */ #define HAVE_EVP_MD_DO_ALL_SORTED 1 /* Define to 1 if you have the `fchmod' function. */ #define HAVE_FCHMOD 1 /* Define to 1 if you have the header file. */ #define HAVE_FCNTL_H 1 /* Define to 1 if you have the `finite' function. */ /* #undef HAVE_FINITE */ /* Define to 1 if you have the `fnmatch' function. */ #define HAVE_FNMATCH 1 /* Define to 1 if you have the header file. */ #define HAVE_FNMATCH_H 1 /* Define to 1 if you have the `fork' function. */ #define HAVE_FORK 1 /* Define to 1 if you have the `fstat' function. */ #define HAVE_FSTAT 1 /* Define to 1 if you have the `getbootfile' function. */ #define HAVE_GETBOOTFILE 1 /* Define to 1 if you have the `getclock' function. */ /* #undef HAVE_GETCLOCK */ /* Define to 1 if you have the `getdtablesize' function. */ #define HAVE_GETDTABLESIZE 1 /* Define to 1 if you have the `getifaddrs' function. */ #define HAVE_GETIFADDRS 1 /* Define to 1 if you have the `getpassphrase' function. */ /* #undef HAVE_GETPASSPHRASE */ /* Define to 1 if you have the `getrusage' function. */ #define HAVE_GETRUSAGE 1 /* Define to 1 if you have the `getuid' function. */ #define HAVE_GETUID 1 /* if you have GNU Pth */ /* #undef HAVE_GNU_PTH */ /* Define to 1 if you have the header file. */ #define HAVE_HISTEDIT_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_HISTORY_H */ /* Obvious */ #define HAVE_HZ_IN_STRUCT_CLOCKINFO 1 /* Define to 1 if you have the header file. */ #define HAVE_IEEEFP_H 1 /* have iflist_sysctl? */ #define HAVE_IFLIST_SYSCTL 1 /* Define to 1 if you have the `if_nametoindex' function. */ #define HAVE_IF_NAMETOINDEX 1 /* inline keyword or macro available */ #define HAVE_INLINE 1 /* Define to 1 if the system has the type `int16_t'. */ #define HAVE_INT16_T 1 /* Define to 1 if the system has the type `int32'. */ /* #undef HAVE_INT32 */ /* int32 type in DNS headers, not others. */ /* #undef HAVE_INT32_ONLY_WITH_DNS */ /* Define to 1 if the system has the type `int32_t'. */ #define HAVE_INT32_T 1 /* Define to 1 if the system has the type `int8_t'. */ #define HAVE_INT8_T 1 /* Define to 1 if the system has the type `intmax_t'. */ /* #undef HAVE_INTMAX_T */ /* Define to 1 if the system has the type `intptr_t'. */ #define HAVE_INTPTR_T 1 /* Define to 1 if you have the header file. */ #define HAVE_INTTYPES_H 1 /* Define to 1 if you have the `isfinite' function. */ #define HAVE_ISFINITE 1 /* Define to 1 if you have the header file. */ #define HAVE_KVM_H 1 /* Define to 1 if you have the `kvm_open' function. */ /* #undef HAVE_KVM_OPEN */ /* Define to 1 if you have the `gen' library (-lgen). */ /* #undef HAVE_LIBGEN */ /* Define to 1 if you have the header file. */ #define HAVE_LIBGEN_H 1 /* Define to 1 if you have the `intl' library (-lintl). */ /* #undef HAVE_LIBINTL */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBINTL_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBSCF_H */ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 /* using Linux pthread? */ /* #undef HAVE_LINUXTHREADS */ /* Do we have Linux capabilities? */ /* #undef HAVE_LINUX_CAPABILITIES */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LINUX_IF_ADDR_H */ /* if you have LinuxThreads */ /* #undef HAVE_LINUX_THREADS */ /* Define to 1 if you have the `localeconv' function. */ /* #undef HAVE_LOCALECONV */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LOCALE_H */ /* Define to 1 if the system has the type `long double'. */ /* #undef HAVE_LONG_DOUBLE */ /* Define to 1 if the system has the type `long long'. */ #define HAVE_LONG_LONG 1 /* Define to 1 if the system has the type `long long int'. */ /* #undef HAVE_LONG_LONG_INT */ /* if you have SunOS LWP package */ /* #undef HAVE_LWP */ /* Define to 1 if you have the header file. */ /* #undef HAVE_LWP_LWP_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACHINE_INLINE_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACHINE_SOUNDCARD_H */ /* define if you have Mach Cthreads */ /* #undef HAVE_MACH_CTHREADS */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACH_CTHREADS_H */ /* Define to 1 if you have the header file. */ #define HAVE_MATH_H 1 /* Define to 1 if you have the `MD5Init' function. */ #define HAVE_MD5INIT 1 /* Define to 1 if you have the header file. */ #define HAVE_MD5_H 1 /* Define to 1 if you have the `memlk' function. */ /* #undef HAVE_MEMLK */ /* Define to 1 if you have the header file. */ #define HAVE_MEMORY_H 1 /* Define to 1 if you have the `mkstemp' function. */ #define HAVE_MKSTEMP 1 /* Define to 1 if you have the `mktime' function. */ #define HAVE_MKTIME 1 /* Define to 1 if you have the `mlockall' function. */ #define HAVE_MLOCKALL 1 /* Define to 1 if you have the `mmap' function. */ #define HAVE_MMAP 1 /* Define to 1 if you have the `nanosleep' function. */ #define HAVE_NANOSLEEP 1 /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_NDIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_NETDB_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_NETINET_IN_SYSTEM_H */ /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_SYSTM_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IN_VAR_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NETINET_IP_H 1 /* NetInfo support? */ /* #undef HAVE_NETINFO */ /* Define to 1 if you have the header file. */ /* #undef HAVE_NETINFO_NI_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_NET_IF6_H */ /* Define to 1 if you have the header file. */ #define HAVE_NET_IF_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NET_IF_VAR_H 1 /* Define to 1 if you have the header file. */ #define HAVE_NET_ROUTE_H 1 /* Define to 1 if you have the `nice' function. */ #define HAVE_NICE 1 /* Define to 1 if you have the header file. */ #define HAVE_NLIST_H 1 /* via __adjtimex */ #define HAVE_NTP_ADJTIME 1 /* via __ntp_gettime */ #define HAVE_NTP_GETTIME 1 /* Do we want support for Samba's signing daemon? */ #define HAVE_NTP_SIGND 1 /* if you have NT Event Log */ /* #undef HAVE_NT_EVENT_LOG */ /* if you have NT Service Manager */ /* #undef HAVE_NT_SERVICE_MANAGER */ /* if you have NT Threads */ /* #undef HAVE_NT_THREADS */ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_CMAC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_HMAC_H 1 /* Define to 1 if the system has the type `pid_t'. */ #define HAVE_PID_T 1 /* Define to 1 if you have the `plock' function. */ /* #undef HAVE_PLOCK */ /* Define to 1 if you have the header file. */ #define HAVE_POLL_H 1 /* Do we have the PPS API per the Draft RFC? */ #define HAVE_PPSAPI 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_PRIV_H */ /* Define if you have POSIX threads libraries and header files. */ /* #undef HAVE_PTHREAD */ /* define to pthreads API spec revision */ #define HAVE_PTHREADS 10 /* Define to 1 if you have the `pthread_attr_getstacksize' function. */ #define HAVE_PTHREAD_ATTR_GETSTACKSIZE 1 /* Define to 1 if you have the `pthread_attr_setstacksize' function. */ #define HAVE_PTHREAD_ATTR_SETSTACKSIZE 1 /* define if you have pthread_detach function */ #define HAVE_PTHREAD_DETACH 1 /* Define to 1 if you have the `pthread_getconcurrency' function. */ #define HAVE_PTHREAD_GETCONCURRENCY 1 /* Define to 1 if you have the header file. */ #define HAVE_PTHREAD_H 1 /* Define to 1 if you have the `pthread_kill' function. */ #define HAVE_PTHREAD_KILL 1 /* Define to 1 if you have the `pthread_kill_other_threads_np' function. */ /* #undef HAVE_PTHREAD_KILL_OTHER_THREADS_NP */ /* define if you have pthread_rwlock_destroy function */ #define HAVE_PTHREAD_RWLOCK_DESTROY 1 /* Define to 1 if you have the `pthread_setconcurrency' function. */ #define HAVE_PTHREAD_SETCONCURRENCY 1 /* Define to 1 if you have the `pthread_yield' function. */ #define HAVE_PTHREAD_YIELD 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_PTH_H */ /* Define to 1 if the system has the type `ptrdiff_t'. */ #define HAVE_PTRDIFF_T 1 /* Define to 1 if you have the `pututline' function. */ /* #undef HAVE_PUTUTLINE */ /* Define to 1 if you have the `pututxline' function. */ #define HAVE_PUTUTXLINE 1 /* Define to 1 if you have the `RAND_bytes' function. */ #define HAVE_RAND_BYTES 1 /* Define to 1 if you have the `RAND_poll' function. */ #define HAVE_RAND_POLL 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_READLINE_H */ /* Define if your readline library has \`add_history' */ #define HAVE_READLINE_HISTORY 1 /* Define to 1 if you have the header file. */ #define HAVE_READLINE_HISTORY_H 1 /* Define to 1 if you have the header file. */ #define HAVE_READLINE_READLINE_H 1 /* Define to 1 if you have the `readlink' function. */ #define HAVE_READLINK 1 /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 /* Define to 1 if you have the header file. */ #define HAVE_RESOLV_H 1 /* Define to 1 if you have the `res_init' function. */ #define HAVE_RES_INIT 1 /* Do we have Linux routing socket? */ /* #undef HAVE_RTNETLINK */ /* Define to 1 if you have the `rtprio' function. */ #define HAVE_RTPRIO 1 /* Define to 1 if you have the header file. */ #define HAVE_RUNETYPE_H 1 /* Obvious */ #define HAVE_SA_SIGACTION_IN_STRUCT_SIGACTION 1 /* Define to 1 if you have the header file. */ #define HAVE_SCHED_H 1 /* Define to 1 if you have the `sched_setscheduler' function. */ #define HAVE_SCHED_SETSCHEDULER 1 /* Define to 1 if you have the `sched_yield' function. */ #define HAVE_SCHED_YIELD 1 /* Define to 1 if you have the header file. */ #define HAVE_SEMAPHORE_H 1 /* Define to 1 if you have the `sem_timedwait' function. */ #define HAVE_SEM_TIMEDWAIT 1 /* Define to 1 if you have the header file. */ #define HAVE_SETJMP_H 1 /* Define to 1 if you have the `setlinebuf' function. */ #define HAVE_SETLINEBUF 1 /* Define to 1 if you have the `setpgid' function. */ #define HAVE_SETPGID 1 /* define if setpgrp takes 0 arguments */ /* #undef HAVE_SETPGRP_0 */ /* Define to 1 if you have the `setpriority' function. */ #define HAVE_SETPRIORITY 1 /* Define to 1 if you have the `setrlimit' function. */ #define HAVE_SETRLIMIT 1 /* Define to 1 if you have the `setsid' function. */ #define HAVE_SETSID 1 /* Define to 1 if you have the `settimeofday' function. */ #define HAVE_SETTIMEOFDAY 1 /* Define to 1 if you have the `setvbuf' function. */ #define HAVE_SETVBUF 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SGTTY_H */ /* Define to 1 if you have the `sigaction' function. */ #define HAVE_SIGACTION 1 /* Can we use SIGIO for tcp and udp IO? */ /* #undef HAVE_SIGNALED_IO */ /* Define to 1 if you have the `sigset' function. */ #define HAVE_SIGSET 1 /* Define to 1 if you have the `sigvec' function. */ #define HAVE_SIGVEC 1 /* sigwait() available? */ #define HAVE_SIGWAIT 1 /* Define to 1 if the system has the type `size_t'. */ #define HAVE_SIZE_T 1 /* Define if C99-compliant `snprintf' is available. */ #define HAVE_SNPRINTF 1 /* Define to 1 if you have the `socketpair' function. */ #define HAVE_SOCKETPAIR 1 /* Are Solaris privileges available? */ /* #undef HAVE_SOLARIS_PRIVS */ /* Define to 1 if you have the header file. */ #define HAVE_STDARG_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STDATOMIC_H 1 /* Define to 1 if stdbool.h conforms to C99. */ #define HAVE_STDBOOL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_STDDEF_H */ /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define to 1 if you have the `stime' function. */ /* #undef HAVE_STIME */ /* Define to 1 if you have the `strchr' function. */ #define HAVE_STRCHR 1 /* Define to 1 if you have the `strdup' function. */ #define HAVE_STRDUP 1 /* Define to 1 if you have the `strerror' function. */ #define HAVE_STRERROR 1 /* Define to 1 if you have the `strerror_r' function. */ #define HAVE_STRERROR_R 1 /* Define to 1 if you have the header file. */ #define HAVE_STRINGS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the `strlcat' function. */ #define HAVE_STRLCAT 1 /* Define to 1 if you have the `strlcpy' function. */ #define HAVE_STRLCPY 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_STROPTS_H */ /* Define to 1 if you have the `strrchr' function. */ #define HAVE_STRRCHR 1 /* Define to 1 if you have the `strsignal' function. */ #define HAVE_STRSIGNAL 1 /* Define to 1 if you have the `strtoll' function. */ #define HAVE_STRTOLL 1 /* Define to 1 if `decimal_point' is a member of `struct lconv'. */ /* #undef HAVE_STRUCT_LCONV_DECIMAL_POINT */ /* Define to 1 if `thousands_sep' is a member of `struct lconv'. */ /* #undef HAVE_STRUCT_LCONV_THOUSANDS_SEP */ /* Do we have struct ntptimeval? */ #define HAVE_STRUCT_NTPTIMEVAL 1 /* Define to 1 if `time.tv_nsec' is a member of `struct ntptimeval'. */ #define HAVE_STRUCT_NTPTIMEVAL_TIME_TV_NSEC 1 /* Does a system header define struct ppsclockev? */ /* #undef HAVE_STRUCT_PPSCLOCKEV */ /* Do we have struct snd_size? */ #define HAVE_STRUCT_SND_SIZE 1 /* Does a system header define struct sockaddr_storage? */ #define HAVE_STRUCT_SOCKADDR_STORAGE 1 /* struct timespec declared? */ #define HAVE_STRUCT_TIMESPEC 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SUN_AUDIOIO_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYNCH_H */ /* Define to 1 if you have the `sysconf' function. */ #define HAVE_SYSCONF 1 /* Define to 1 if you have the header file. */ #define HAVE_SYSEXITS_H 1 /* */ #define HAVE_SYSLOG_FACILITYNAMES 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_AUDIOIO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_CAPABILITY_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_CLOCKCTL_H */ /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_SYS_DIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_FILE_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_I8253_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_IOCTL_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_IPC_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_LIMITS_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_LOCK_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_MAC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_MMAN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_MODEM_H */ /* Define to 1 if you have the header file, and it defines `DIR'. */ /* #undef HAVE_SYS_NDIR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_PARAM_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PCL720_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_POLL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PPSCLOCK_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PPSTIME_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PRCTL_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PROCSET_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_PROC_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_RESOURCE_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SCHED_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_SELECT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SHM_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SIGNAL_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOCKET_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOCKIO_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_SOUNDCARD_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_STREAM_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_STROPTS_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_SYSCTL_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SYSSGI_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SYSTUNE_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TERMIOS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMEPPS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMERS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMEX_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIME_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_TPRO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Use sys/uio.h for struct iovec help */ /* #undef HAVE_SYS_UIO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_UN_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_VAR_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_WAIT_H 1 /* Define to 1 if the system has the type `s_char'. */ /* #undef HAVE_S_CHAR */ /* Define to 1 if you have the header file. */ #define HAVE_TERMIOS_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_TERMIO_H */ /* if you have Solaris LWP (thr) package */ /* #undef HAVE_THR */ /* Define to 1 if you have the header file. */ /* #undef HAVE_THREAD_H */ /* Define to 1 if you have the `thr_getconcurrency' function. */ /* #undef HAVE_THR_GETCONCURRENCY */ /* Define to 1 if you have the `thr_setconcurrency' function. */ /* #undef HAVE_THR_SETCONCURRENCY */ /* Define to 1 if you have the `thr_yield' function. */ /* #undef HAVE_THR_YIELD */ /* Obvious */ #define HAVE_TICKADJ_IN_STRUCT_CLOCKINFO 1 /* Define to 1 if you have the `timegm' function. */ #define HAVE_TIMEGM 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_TIMEPPS_H */ /* Define to 1 if you have the `timer_create' function. */ /* #undef HAVE_TIMER_CREATE */ /* Define to 1 if you have the header file. */ /* #undef HAVE_TIMEX_H */ /* Define to 1 if you have the header file. */ #define HAVE_TIME_H 1 /* Do we have the TIOCGPPSEV ioctl (Solaris)? */ /* #undef HAVE_TIOCGPPSEV */ /* Do we have the TIOCSPPS ioctl (Solaris)? */ /* #undef HAVE_TIOCSPPS */ /* Do we have the TIO serial stuff? */ /* #undef HAVE_TIO_SERIAL_STUFF */ /* Are TrustedBSD MAC policy privileges available? */ #define HAVE_TRUSTEDBSD_MAC 1 /* Define to 1 if the system has the type `uint16_t'. */ #define HAVE_UINT16_T 1 /* Define to 1 if the system has the type `uint32_t'. */ #define HAVE_UINT32_T 1 /* Define to 1 if the system has the type `uint8_t'. */ #define HAVE_UINT8_T 1 /* Define to 1 if the system has the type `uintmax_t'. */ /* #undef HAVE_UINTMAX_T */ /* Define to 1 if the system has the type `uintptr_t'. */ #define HAVE_UINTPTR_T 1 /* Define to 1 if the system has the type `uint_t'. */ /* #undef HAVE_UINT_T */ /* Define to 1 if you have the `umask' function. */ #define HAVE_UMASK 1 /* Define to 1 if you have the `uname' function. */ #define HAVE_UNAME 1 /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 /* deviant sigwait? */ /* #undef HAVE_UNIXWARE_SIGWAIT */ /* Define to 1 if the system has the type `unsigned long long int'. */ #define HAVE_UNSIGNED_LONG_LONG_INT 1 /* Define to 1 if you have the `updwtmp' function. */ /* #undef HAVE_UPDWTMP */ /* Define to 1 if you have the `updwtmpx' function. */ /* #undef HAVE_UPDWTMPX */ /* Define to 1 if you have the header file. */ #define HAVE_UTIME_H 1 /* Define to 1 if you have the header file. */ #define HAVE_UTMPX_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_UTMP_H */ /* Define to 1 if the system has the type `u_int32'. */ /* #undef HAVE_U_INT32 */ /* u_int32 type in DNS headers, not others. */ /* #undef HAVE_U_INT32_ONLY_WITH_DNS */ /* Define to 1 if you have the header file. */ /* #undef HAVE_VALUES_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_VARARGS_H */ /* Define to 1 if you have the `vfork' function. */ #define HAVE_VFORK 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_VFORK_H */ /* Define to 1 if you have the `vprintf' function. */ #define HAVE_VPRINTF 1 /* Define if C99-compliant `vsnprintf' is available. */ #define HAVE_VSNPRINTF 1 /* Define to 1 if you have the header file. */ #define HAVE_WCHAR_H 1 /* Define to 1 if the system has the type `wchar_t'. */ #define HAVE_WCHAR_T 1 /* Define to 1 if the system has the type `wint_t'. */ #define HAVE_WINT_T 1 /* Define to 1 if `fork' works. */ #define HAVE_WORKING_FORK 1 /* Define to 1 if `vfork' works. */ #define HAVE_WORKING_VFORK 1 /* define if select implicitly yields */ #define HAVE_YIELDING_SELECT 1 /* Define to 1 if the system has the type `_Bool'. */ #define HAVE__BOOL 1 /* Define to 1 if you have the `_exit' function. */ #define HAVE__EXIT 1 /* Define to 1 if you have the header file. */ /* #undef HAVE__SYS_SYNC_QUEUE_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE__SYS_SYNC_SEMA_H */ /* Define to 1 if you have the `__adjtimex' function. */ /* #undef HAVE___ADJTIMEX */ /* defined if C compiler supports __attribute__((...)) */ #define HAVE___ATTRIBUTE__ /**/ /* define away __attribute__() if unsupported */ #ifndef HAVE___ATTRIBUTE__ # define __attribute__(x) /* empty */ #endif #define ISC_PLATFORM_NORETURN_PRE #define ISC_PLATFORM_NORETURN_POST __attribute__((__noreturn__)) /* Define to 1 if you have the `__ntp_gettime' function. */ /* #undef HAVE___NTP_GETTIME */ /* Define to 1 if you have the `__res_init' function. */ /* #undef HAVE___RES_INIT */ /* Does struct sockaddr_storage have __ss_family? */ /* #undef HAVE___SS_FAMILY_IN_SS */ /* Handle sockaddr_storage.__ss_family */ #ifdef HAVE___SS_FAMILY_IN_SS # define ss_family __ss_family #endif /* HAVE___SS_FAMILY_IN_SS */ /* Define to provide `rpl_snprintf' function. */ /* #undef HW_WANT_RPL_SNPRINTF */ /* Define to provide `rpl_vsnprintf' function. */ /* #undef HW_WANT_RPL_VSNPRINTF */ /* Retry queries on _any_ DNS error? */ /* #undef IGNORE_DNS_ERRORS */ /* Should we use the IRIG sawtooth filter? */ /* #undef IRIG_SUCKS */ /* Enclose PTHREAD_ONCE_INIT in extra braces? */ /* #undef ISC_PLATFORM_BRACEPTHREADONCEINIT */ /* Do we need to fix in6isaddr? */ /* #undef ISC_PLATFORM_FIXIN6ISADDR */ /* ISC: do we have if_nametoindex()? */ #define ISC_PLATFORM_HAVEIFNAMETOINDEX 1 /* have struct if_laddrconf? */ /* #undef ISC_PLATFORM_HAVEIF_LADDRCONF */ /* have struct if_laddrreq? */ /* #undef ISC_PLATFORM_HAVEIF_LADDRREQ */ /* have struct in6_pktinfo? */ #define ISC_PLATFORM_HAVEIN6PKTINFO 1 /* have IPv6? */ #define ISC_PLATFORM_HAVEIPV6 1 /* struct sockaddr has sa_len? */ #define ISC_PLATFORM_HAVESALEN 1 /* sin6_scope_id? */ #define ISC_PLATFORM_HAVESCOPEID 1 /* missing in6addr_any? */ /* #undef ISC_PLATFORM_NEEDIN6ADDRANY */ /* Do we need netinet6/in6.h? */ /* #undef ISC_PLATFORM_NEEDNETINET6IN6H */ /* ISC: provide inet_ntop() */ /* #undef ISC_PLATFORM_NEEDNTOP */ /* Declare in_port_t? */ /* #undef ISC_PLATFORM_NEEDPORTT */ /* ISC: provide inet_pton() */ /* #undef ISC_PLATFORM_NEEDPTON */ /* enable libisc thread support? */ #define ISC_PLATFORM_USETHREADS 1 /* Does the kernel have an FLL bug? */ /* #undef KERNEL_FLL_BUG */ /* Does the kernel support precision time discipline? */ #define KERNEL_PLL 1 /* Define to use libseccomp system call filtering. */ /* #undef KERN_SECCOMP */ /* What is (probably) the name of DOSYNCTODR in the kernel? */ #define K_DOSYNCTODR_NAME "_dosynctodr" /* What is (probably) the name of NOPRINTF in the kernel? */ #define K_NOPRINTF_NAME "_noprintf" /* What is the name of TICKADJ in the kernel? */ #define K_TICKADJ_NAME "_tickadj" /* What is the name of TICK in the kernel? */ #define K_TICK_NAME "_tick" /* define to 1 if library is thread safe */ #define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1 /* leap smear mechanism */ #define LEAP_SMEAR 1 /* Define to any value to include libseccomp sandboxing. */ /* #undef LIBSECCOMP */ /* Should we align with the NIST lockclock scheme? */ /* #undef LOCKCLOCK */ /* Define to the sub-directory where libtool stores uninstalled libraries. */ #define LT_OBJDIR ".libs/" /* Does the target support multicast IP? */ #define MCAST 1 /* Should we recommend a minimum value for tickadj? */ /* #undef MIN_REC_TICKADJ */ /* Define to 1 if the compiler does not support C99's structure initialization. */ /* #undef MISSING_C99_STRUCT_INIT */ /* having to fork the DNS worker early when doing chroot? */ /* #undef NEED_EARLY_FORK */ /* Do we need HPUX adjtime() library support? */ /* #undef NEED_HPUX_ADJTIME */ /* Do we want the HPUX FindConfig()? */ /* #undef NEED_HPUX_FINDCONFIG */ /* We need to provide netsnmp_daemonize() */ /* #undef NEED_NETSNMP_DAEMONIZE */ /* pthread_init() required? */ /* #undef NEED_PTHREAD_INIT */ /* use PTHREAD_SCOPE_SYSTEM? */ /* #undef NEED_PTHREAD_SCOPE_SYSTEM */ /* Do we need the qnx adjtime call? */ /* #undef NEED_QNX_ADJTIME */ /* Do we need extra room for SO_RCVBUF? (HPUX < 8) */ /* #undef NEED_RCVBUF_SLOP */ /* Do we need an s_char typedef? */ #define NEED_S_CHAR_TYPEDEF 1 /* Might nlist() values require an extra level of indirection (AIX)? */ /* #undef NLIST_EXTRA_INDIRECTION */ /* does struct nlist use a name union? */ /* #undef NLIST_NAME_UNION */ /* nlist stuff */ #define NLIST_STRUCT 1 /* Should we NOT read /dev/kmem? */ #define NOKMEM 1 /* Should we avoid #warning on option name collisions? */ /* #undef NO_OPTION_NAME_WARNINGS */ /* Is there a problem using PARENB and IGNPAR? */ /* #undef NO_PARENB_IGNPAR */ /* define if you have (or want) no threads */ /* #undef NO_THREADS */ /* Default location of crypto key info */ #define NTP_KEYSDIR "/etc/ntp" /* Path to sign daemon rendezvous socket */ #define NTP_SIGND_PATH "/var/run/ntp_signd" /* Do we have ntp_{adj,get}time in libc? */ #define NTP_SYSCALLS_LIBC 1 /* Do we have ntp_{adj,get}time in the kernel? */ /* #undef NTP_SYSCALLS_STD */ /* Do we have support for SHMEM_STATUS? */ #define ONCORE_SHMEM_STATUS 1 /* Use OpenSSL? */ /* #define OPENSSL */ /* Should we open the broadcast socket? */ #define OPEN_BCAST_SOCKET 1 /* need to recreate sockets on changed routing? */ /* #undef OS_MISSES_SPECIFIC_ROUTE_UPDATES */ /* wildcard socket needs REUSEADDR to bind interface addresses */ /* #undef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ /* Do we need to override the system's idea of HZ? */ #define OVERRIDE_HZ 1 /* Name of package */ #define PACKAGE "ntp" /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "http://bugs.ntp.org./" /* Define to the full name of this package. */ #define PACKAGE_NAME "ntp" /* Define to the full name and version of this package. */ #define PACKAGE_STRING "ntp 4.2.8p12" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "ntp" /* Define to the home page for this package. */ #define PACKAGE_URL "http://www.ntp.org./" /* Define to the version of this package. */ #define PACKAGE_VERSION "4.2.8p12" /* data dir */ #define PERLLIBDIR "/usr/share/ntp/lib" /* define to a working POSIX compliant shell */ #define POSIX_SHELL "/bin/sh" /* PARSE kernel PLL PPS support */ /* #undef PPS_SYNC */ /* Preset a value for 'tick'? */ #define PRESET_TICK 1000000L/hz /* Preset a value for 'tickadj'? */ #define PRESET_TICKADJ 500/hz /* Should we not IGNPAR (Linux)? */ /* #undef RAWDCF_NO_IGNPAR */ /* enable thread safety */ #define REENTRANT 1 /* Basic refclock support? */ #define REFCLOCK 1 /* Do we want the ReliantUNIX clock hacks? */ /* #undef RELIANTUNIX_CLOCK */ /* define if sched_yield yields the entire process */ /* #undef REPLACE_BROKEN_YIELD */ /* Define as the return type of signal handlers (`int' or `void'). */ #define RETSIGTYPE void /* saveconfig mechanism */ #define SAVECONFIG 1 /* Do we want the SCO clock hacks? */ /* #undef SCO5_CLOCK */ /* The size of `char *', as computed by sizeof. */ #ifdef __LP64__ #define SIZEOF_CHARP 8 #else #define SIZEOF_CHARP 4 #endif /* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 /* The size of `long', as computed by sizeof. */ #ifdef __LP64__ #define SIZEOF_LONG 8 #else #define SIZEOF_LONG 4 #endif /* The size of `long long', as computed by sizeof. */ #define SIZEOF_LONG_LONG 8 /* The size of `pthread_t', as computed by sizeof. */ #define SIZEOF_PTHREAD_T 8 /* The size of `short', as computed by sizeof. */ #define SIZEOF_SHORT 2 /* The size of `signed char', as computed by sizeof. */ #define SIZEOF_SIGNED_CHAR 1 /* The size of `time_t', as computed by sizeof. */ #if defined(__i386__) || defined(__powerpc__) #define SIZEOF_TIME_T 4 #else #define SIZEOF_TIME_T 8 #endif /* Does SIOCGIFCONF return size in the buffer? */ /* #undef SIZE_RETURNED_IN_BUFFER */ /* Slew always? */ /* #undef SLEWALWAYS */ /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be automatically deduced at runtime. STACK_DIRECTION > 0 => grows toward higher addresses STACK_DIRECTION < 0 => grows toward lower addresses STACK_DIRECTION = 0 => direction of growth unknown */ /* #undef STACK_DIRECTION */ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Step, then slew the clock? */ /* #undef STEP_SLEW */ /* Define to 1 if strerror_r returns char *. */ /* #undef STRERROR_R_CHAR_P */ /* canonical system (cpu-vendor-os) of where we should run */ #if defined(__alpha__) #define STR_SYSTEM "alpha-undermydesk-freebsd" #elif defined(__sparc64__) #define STR_SYSTEM "sparc64-undermydesk-freebsd" #elif defined(__amd64__) #define STR_SYSTEM "amd64-undermydesk-freebsd" #elif defined(__powerpc64__) #define STR_SYSTEM "powerpc64-undermydesk-freebsd" #elif defined(__powerpc__) #define STR_SYSTEM "powerpc-undermydesk-freebsd" #elif defined(__mips64) #define STR_SYSTEM "mips64-undermydesk-freebsd" #elif defined(__mips__) #define STR_SYSTEM "mips-undermydesk-freebsd" #elif defined(__aarch64__) #define STR_SYSTEM "arm64-undermydesk-freebsd" #elif defined(__arm__) #define STR_SYSTEM "arm-undermydesk-freebsd" #elif defined(__sparc64__) #define STR_SYSTEM "sparc64-undermydesk-freebsd" #elif defined(__sparc__) #define STR_SYSTEM "sparc-undermydesk-freebsd" #elif defined(__ia64__) #define STR_SYSTEM "ia64-undermydesk-freebsd" #else #define STR_SYSTEM "i386-undermydesk-freebsd" #endif /* Does Xettimeofday take 1 arg? */ /* #undef SYSV_TIMEOFDAY */ /* Do we need to #define _SVID3 when we #include ? */ /* #undef TERMIOS_NEEDS__SVID3 */ /* enable thread safety */ #define THREADSAFE 1 /* enable thread safety */ #define THREAD_SAFE 1 /* Is K_TICKADJ_NAME in nanoseconds? */ /* #undef TICKADJ_NANO */ /* Is K_TICK_NAME in nanoseconds? */ /* #undef TICK_NANO */ /* Define to 1 if you can safely include both and . */ #define TIME_WITH_SYS_TIME 1 /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ /* Provide a typedef for uintptr_t? */ #ifndef HAVE_UINTPTR_T typedef unsigned int uintptr_t; #define HAVE_UINTPTR_T 1 #endif /* What type to use for setsockopt */ #define TYPEOF_IP_MULTICAST_LOOP u_char /* Do we set process groups with -pid? */ /* #undef UDP_BACKWARDS_SETOWN */ /* Must we have a CTTY for fsetown? */ #define USE_FSETOWNCTTY 1 /* Use OpenSSL's crypto random functions */ /* #define USE_OPENSSL_CRYPTO_RAND 1 */ /* OK to use snprintb()? */ /* #undef USE_SNPRINTB */ /* Can we use SIGPOLL for tty IO? */ /* #undef USE_TTY_SIGPOLL */ /* Can we use SIGPOLL for UDP? */ /* #undef USE_UDP_SIGPOLL */ /* Version number of package */ #define VERSION "4.2.8p12" /* vsnprintf expands "%m" to strerror(errno) */ #define VSNPRINTF_PERCENT_M 1 /* configure --enable-ipv6 */ #define WANT_IPV6 1 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined(__ARMEB__) || defined(__MIPSEB__) || defined(__powerpc__) || \ defined(__powerpc64__) || defined(__sparc64__) #define WORDS_BIGENDIAN 1 #endif /* routine worker child proc uses to exit. */ #define WORKER_CHILD_EXIT exit /* Define to 1 if on MINIX. */ /* #undef _MINIX */ /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ /* #undef _POSIX_1_SOURCE */ /* Define to 1 if you need to in order for `stat' and other things to work. */ /* #undef _POSIX_SOURCE */ /* enable thread safety */ #define _REENTRANT 1 /* enable thread safety */ #define _SGI_MP_SOURCE 1 /* enable thread safety */ #define _THREADSAFE 1 /* enable thread safety */ #define _THREAD_SAFE 1 /* Define to 500 only on HP-UX. */ /* #undef _XOPEN_SOURCE */ /* Are we _special_? */ /* #undef __APPLE_USE_RFC_3542 */ /* Define to 1 if type `char' is unsigned and you are not using gcc. */ #ifndef __CHAR_UNSIGNED__ /* # undef __CHAR_UNSIGNED__ */ #endif /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # define _ALL_SOURCE 1 #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # define _GNU_SOURCE 1 #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # define _POSIX_PTHREAD_SEMANTICS 1 #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # define _TANDEM_SOURCE 1 #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # define __EXTENSIONS__ 1 #endif /* deviant */ /* #undef adjtimex */ /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ /* Define to `int' if doesn't define. */ /* #undef gid_t */ /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus /* #undef inline */ #endif /* Define to the widest signed integer type if and do not define. */ /* #undef intmax_t */ /* deviant */ /* #undef ntp_adjtime */ /* deviant */ /* #undef ntp_gettime */ /* Define to `long int' if does not define. */ /* #undef off_t */ /* Define to `int' if does not define. */ /* #undef pid_t */ /* Define to `unsigned int' if does not define. */ /* #undef size_t */ #if !defined(_KERNEL) && !defined(PARSESTREAM) /* * stdio.h must be included after _GNU_SOURCE is defined * but before #define snprintf rpl_snprintf */ # include #endif /* Define to rpl_snprintf if the replacement function should be used. */ /* #undef snprintf */ /* Define to `int' if doesn't define. */ /* #undef uid_t */ /* Define to the widest unsigned integer type if and do not define. */ /* #undef uintmax_t */ /* Define to the type of an unsigned integer type wide enough to hold a pointer, if such a type exists, and if the system does not define it. */ /* #undef uintptr_t */ /* Define as `fork' if `vfork' does not work. */ /* #undef vfork */ /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ /* #undef volatile */ /* Define to rpl_vsnprintf if the replacement function should be used. */ /* #undef vsnprintf */ #ifndef MPINFOU_PREDECLARED # define MPINFOU_PREDECLARED typedef union mpinfou { struct pdk_mpinfo *pdkptr; struct mpinfo *pikptr; } mpinfou_t; #endif #if !defined(_KERNEL) && !defined(PARSESTREAM) # if defined(HW_WANT_RPL_VSNPRINTF) # if defined(__cplusplus) extern "C" { # endif # include int rpl_vsnprintf(char *, size_t, const char *, va_list); # if defined(__cplusplus) } # endif # endif # if defined(HW_WANT_RPL_SNPRINTF) # if defined(__cplusplus) extern "C" { # endif int rpl_snprintf(char *, size_t, const char *, ...); # if defined(__cplusplus) } # endif # endif #endif /* !defined(_KERNEL) && !defined(PARSESTREAM) */ /* * FreeBSD specific: Explicitly specify date/time for reproducible build. */ #define MKREPRO_DATE "Aug 19 2018" #define MKREPRO_TIME "01:24:29" Index: stable/12/usr.sbin/ntp/ntpd/ntp.conf =================================================================== --- stable/12/usr.sbin/ntp/ntpd/ntp.conf (revision 352864) +++ stable/12/usr.sbin/ntp/ntpd/ntp.conf (revision 352865) @@ -1,104 +1,112 @@ # # $FreeBSD$ # # Default NTP servers for the FreeBSD operating system. # # Don't forget to enable ntpd in /etc/rc.conf with: # ntpd_enable="YES" # # The driftfile is by default /var/db/ntpd.drift, check # /etc/defaults/rc.conf on how to change the location. # # # Set the target and limit for adding servers configured via pool statements # or discovered dynamically via mechanisms such as broadcast and manycast. # Ntpd automatically adds maxclock-1 servers from configured pools, and may # add as many as maxclock*2 if necessary to ensure that at least minclock # servers are providing good consistant time. # tos minclock 3 maxclock 6 # # The following pool statement will give you a random set of NTP servers # geographically close to you. A single pool statement adds multiple # servers from the pool, according to the tos minclock/maxclock targets. # See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # pool 0.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server # you want to sync against, comment out the above pool, uncomment # the next one, and replace CC with the country's abbreviation. # Make sure that the hostname resolves to a proper IP address! # # pool 0.CC.pool.ntp.org iburst # # To configure a specific server, such as an organization-wide local # server, add lines similar to the following. One or more specific # servers can be configured in addition to, or instead of, any server # pools specified above. When both are configured, ntpd first adds all # the specific servers, then adds servers from the pool until the tos # minclock/maxclock targets are met. # #server time.my-internal.org iburst # # Security: # # By default, only allow time queries and block all other requests # from unauthenticated clients. # # The "restrict source" line allows peers to be mobilized when added by # ntpd from a pool, but does not enable mobilizing a new peer association # by other dynamic means (broadcast, manycast, ntpq commands, etc). # # See http://support.ntp.org/bin/view/Support/AccessRestrictions # for more information. # restrict default limited kod nomodify notrap noquery nopeer restrict source limited kod nomodify notrap noquery # # Alternatively, the following rules would block all unauthorized access. # #restrict default ignore # # In this case, all remote NTP time servers also need to be explicitly # allowed or they would not be able to exchange time information with # this server. # # Please note that this example doesn't work for the servers in # the pool.ntp.org domain since they return multiple A records. # #restrict 0.pool.ntp.org nomodify nopeer noquery notrap #restrict 1.pool.ntp.org nomodify nopeer noquery notrap #restrict 2.pool.ntp.org nomodify nopeer noquery notrap # # The following settings allow unrestricted access from the localhost restrict 127.0.0.1 restrict ::1 # # If a server loses sync with all upstream servers, NTP clients # no longer follow that server. The local clock can be configured # to provide a time source when this happens, but it should usually # be configured on just one server on a network. For more details see # http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock # The use of Orphan Mode may be preferable. # #server 127.127.1.0 #fudge 127.127.1.0 stratum 10 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. # for documentation regarding leapfile. Updates to the file can be obtained # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. # Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. #leapfile "/etc/ntp/leap-seconds" leapfile "/var/db/ntpd.leap-seconds.list" + +# Specify the number of megabytes of memory that should be allocated and +# locked. -1 (default) means "do not lock the process into memory". +# 0 means "lock whatever memory the process wants into memory". Any other +# number means to lock up to that number of megabytes into memory. +# 0 may result in a segfault when ASLR with stack gap randomization +# is enabled. +#rlimit memlock 32 Index: stable/12 =================================================================== --- stable/12 (revision 352864) +++ stable/12 (revision 352865) Property changes on: stable/12 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r352304,352540