MFV r344878:

4.2.8p12 --> 4.2.8p13

MFC after:	immediately
Security:	CVE-2019-8936
		VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from:	nwtime.org

7 files changed, 130 insertions, 8 deletions

diff --git a/contrib/ntp/libntp/Makefile.am b/contrib/ntp/libntp/Makefile.am
index 6f3c0ba459e3..04b53b0cbe97 100644
--- a/contrib/ntp/libntp/Makefile.am
+++ b/contrib/ntp/libntp/Makefile.am
@@ -110,6 +110,7 @@ libntp_a_SRCS =						\
 	vint64ops.c					\
 	work_fork.c					\
 	work_thread.c					\
+	xsbprintf.c					\
 	ymd2yd.c					\
 	$(libisc_SRCS)					\
 	$(NULL)
diff --git a/contrib/ntp/libntp/Makefile.in b/contrib/ntp/libntp/Makefile.in
index 2bef7878b829..fefd9d2f126c 100644
--- a/contrib/ntp/libntp/Makefile.in
+++ b/contrib/ntp/libntp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -160,7 +160,7 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \
 	snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
 	statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
 	timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
-	ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
+	xsbprintf.c ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
 	$(srcdir)/../lib/isc/buffer.c \
 	$(srcdir)/../lib/isc/backtrace-emptytbl.c \
 	$(srcdir)/../lib/isc/backtrace.c \
@@ -224,8 +224,8 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \
 	ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \
 	strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \
 	timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \
-	work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \
-	$(am__objects_3) $(am__objects_1)
+	work_fork.$(OBJEXT) work_thread.$(OBJEXT) xsbprintf.$(OBJEXT) \
+	ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1)
 am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4)
 libntp_a_OBJECTS = $(am_libntp_a_OBJECTS)
 libntpsim_a_AR = $(AR) $(ARFLAGS)
@@ -244,7 +244,7 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \
 	snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \
 	statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \
 	timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \
-	ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
+	xsbprintf.c ymd2yd.c $(srcdir)/../lib/isc/assertions.c \
 	$(srcdir)/../lib/isc/buffer.c \
 	$(srcdir)/../lib/isc/backtrace-emptytbl.c \
 	$(srcdir)/../lib/isc/backtrace.c \
@@ -704,6 +704,7 @@ libntp_a_SRCS = \
 	vint64ops.c					\
 	work_fork.c					\
 	work_thread.c					\
+	xsbprintf.c					\
 	ymd2yd.c					\
 	$(libisc_SRCS)					\
 	$(NULL)
@@ -876,6 +877,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vint64ops.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/work_fork.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/work_thread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xsbprintf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ymd2yd.Po@am__quote@
 
 .c.o:
diff --git a/contrib/ntp/libntp/authreadkeys.c b/contrib/ntp/libntp/authreadkeys.c
index bd98ab21ab10..48c5c4d5ec6e 100644
--- a/contrib/ntp/libntp/authreadkeys.c
+++ b/contrib/ntp/libntp/authreadkeys.c
@@ -221,12 +221,14 @@ authreadkeys(
 			log_maybe(NULL,
 				  "authreadkeys: invalid type for key %d",
 				  keyno);
+#  ifdef ENABLE_CMAC
 		} else if (NID_cmac != keytype &&
 				EVP_get_digestbynid(keytype) == NULL) {
 			log_maybe(NULL,
 				  "authreadkeys: no algorithm for key %d",
 				  keyno);
 			keytype = 0;
+#  endif /* ENABLE_CMAC */
 		}
 #else	/* !OPENSSL follows */
 		/*
diff --git a/contrib/ntp/libntp/calyearstart.c b/contrib/ntp/libntp/calyearstart.c
index 9e3f58fb393d..5616c8195aa9 100644
--- a/contrib/ntp/libntp/calyearstart.c
+++ b/contrib/ntp/libntp/calyearstart.c
@@ -54,7 +54,7 @@ calmonthstart(u_int32 ntptime, const time_t *pivot)
 }
 
 /*
- * calweekstart - get NTP time at midnight of the last monday on or
+ * calweekstart - get NTP time at midnight of the last Monday on or
  * before the current date.
  */
 u_int32
diff --git a/contrib/ntp/libntp/ntp_calendar.c b/contrib/ntp/libntp/ntp_calendar.c
index f8b7db4ea501..79742688a2bd 100644
--- a/contrib/ntp/libntp/ntp_calendar.c
+++ b/contrib/ntp/libntp/ntp_calendar.c
@@ -1832,6 +1832,7 @@ isocal_date_to_ntp(
  */
 
 static int32_t s_baseday = NTP_TO_UNIX_DAYS;
+static int32_t s_gpsweek = 0;
 
 int32_t
 basedate_eval_buildstamp(void)
@@ -1901,6 +1902,7 @@ basedate_set_day(
 	struct calendar	jd;
 	int32_t		retv;
 
+	/* set NTP base date for NTP era unfolding */
 	if (day < NTP_TO_UNIX_DAYS) {
 		msyslog(LOG_WARNING,
 			"baseday_set_day: invalid day (%lu), UNIX epoch substituted",
@@ -1912,6 +1914,17 @@ basedate_set_day(
 	ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
 	msyslog(LOG_INFO, "basedate set to %04hu-%02hu-%02hu",
 		jd.year, (u_short)jd.month, (u_short)jd.monthday);
+
+	/* set GPS base week for GPS week unfolding */
+	day = ntpcal_weekday_ge(day + DAY_NTP_STARTS, CAL_SUNDAY)
+	    - DAY_NTP_STARTS;
+	if (day < NTP_TO_GPS_DAYS)
+	    day = NTP_TO_GPS_DAYS;
+	s_gpsweek = (day - NTP_TO_GPS_DAYS) / DAYSPERWEEK;
+	ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
+	msyslog(LOG_INFO, "gps base set to %04hu-%02hu-%02hu (week %d)",
+		jd.year, (u_short)jd.month, (u_short)jd.monthday, s_gpsweek);
+	
 	return retv;
 }
 
@@ -1934,4 +1947,29 @@ basedate_get_erabase(void)
 	return retv;
 }
 
+uint32_t
+basedate_get_gpsweek(void)
+{
+    return s_gpsweek;
+}
+
+uint32_t
+basedate_expand_gpsweek(
+    unsigned short weekno
+    )
+{
+    /* We do a fast modulus expansion here. Since all quantities are
+     * unsigned and we cannot go before the start of the GPS epoch
+     * anyway, and since the truncated GPS week number is 10 bit, the
+     * expansion becomes a simple sub/and/add sequence.
+     */
+    #if GPSWEEKS != 1024
+    # error GPSWEEKS defined wrong -- should be 1024!
+    #endif
+    
+    uint32_t diff;
+    diff = ((uint32_t)weekno - s_gpsweek) & (GPSWEEKS - 1);
+    return s_gpsweek + diff;
+}
+
 /* -*-EOF-*- */
diff --git a/contrib/ntp/libntp/work_fork.c b/contrib/ntp/libntp/work_fork.c
index cce686f239cc..1dd9e13d668f 100644
--- a/contrib/ntp/libntp/work_fork.c
+++ b/contrib/ntp/libntp/work_fork.c
@@ -89,7 +89,9 @@ netwrite(
 }
 
 
-int set_user_group_ids(void);
+#if defined(HAVE_DROPROOT)
+extern int set_user_group_ids(void);
+#endif
 
 /* === functions === */
 /*
@@ -594,7 +596,9 @@ fork_blocking_child(
 	init_logging("ntp_intres", 0, FALSE);
 	setup_logfile(NULL);
 
+#ifdef HAVE_DROPROOT
 	(void) set_user_group_ids();
+#endif
 
 	/*
 	 * And now back to the portable code
diff --git a/contrib/ntp/libntp/xsbprintf.c b/contrib/ntp/libntp/xsbprintf.c
new file mode 100644
index 000000000000..4586758bc88a
--- /dev/null
+++ b/contrib/ntp/libntp/xsbprintf.c
@@ -0,0 +1,75 @@
+/*
+ * xsbprintf.c - string buffer formatting helpers
+ *
+ * Written by Juergen Perlinger (perlinger@ntp.org) for the NTP project.
+ * The contents of 'html/copyright.html' apply.
+ */
+
+#include <config.h>
+#include <sys/types.h>
+
+#include "ntp_stdlib.h"
+
+/* eXtended Varlist String Buffer printf
+ *
+ * Formats via 'vsnprintf' into a string buffer, with some semantic
+ * specialties:
+ *
+ * - The start of the buffer pointer is updated according to the number
+ *   of characters written.
+ * - If the buffer is insufficient to format the number of charactes,
+ *   the partial result will be be discarded, and zero is returned to
+ *   indicate nothing was written to the buffer.
+ * - On successful formatting, the return code is the return value of
+ *   the inner call to 'vsnprintf()'.
+ * - If there is any error, the state of the buffer will not be
+ *   changed. (Bytes in the buffer might be smashed, but the buffer
+ *   position does not change, and the NUL marker stays in place at the
+ *   current buffer position.)
+ * - If '(*ppbuf - pend) <= 0' (or ppbuf is NULL), fail with EINVAL.
+ */
+int
+xvsbprintf(
+	char       **ppbuf,	/* pointer to buffer pointer (I/O) */
+	char * const pend,	/* buffer end (I)		   */
+	char const  *pfmt,	/* printf-like format string       */
+	va_list      va		/* formatting args for above       */
+	)
+{
+	char *pbuf = (ppbuf) ? *ppbuf : NULL;
+	int   rc   = -1;
+	if (pbuf && (pend - pbuf > 0)) {
+		size_t blen = (size_t)(pend - pbuf);
+		rc = vsnprintf(pbuf, blen, pfmt, va);
+		if (rc > 0) {
+		    if ((size_t)rc >= blen)
+			rc = 0;
+		    pbuf += rc;
+		}
+		*pbuf = '\0'; /* fear of bad vsnprintf */
+		*ppbuf = pbuf;
+	} else {
+		errno = EINVAL;
+	}
+	return rc;
+}
+
+/* variadic wrapper around the buffer string formatter */
+int
+xsbprintf(
+	char       **ppbuf,	/* pointer to buffer pointer (I/O) */
+	char * const pend,	/* buffer end (I)		   */
+	char const  *pfmt,	/* printf-like format string       */
+	...			/* formatting args for above       */
+	)
+{
+	va_list va;
+	int     rc;
+	
+	va_start(va, pfmt);
+	rc = xvsbprintf(ppbuf, pend, pfmt, va);
+	va_end(va);
+	return rc;
+}
+
+/* that's all folks! */