diff --git a/ChangeLog b/ChangeLog index ab145b43d..64108981f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,24 @@ --- +* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. +* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org +* [Sec 2938] ntpq saveconfig command allows dangerous characters + in filenames. perlinger@ntp.org +* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org +* [Sec 2940] Stack exhaustion in recursive traversal of restriction + list. perlinger@ntp.org +* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org +* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org +* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org +* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org + - applied patch by shenpeng11@huawei.com with minor adjustments +* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org +* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org +* Make leapsec_query debug messages less verbose. Harlan Stenn. + +--- +(4.2.8p5) 2016/01/07 Released by Harlan Stenn + * [Sec 2956] small-step/big-step. Close the panic gate earlier. HStenn. * CID 1339955: Free allocated memory in caljulian test. HStenn. * CID 1339962: Explicitly initialize variable in caljulian test. HStenn. @@ -17,16 +36,15 @@ * CID 1341681: Nits in sntp/tests/keyFile.c. HStenn. * CID 1341682: Nit in libntp/authreadkeys.c. HStenn. * CID 1341684: Nit in tests/ntpd/t-ntp_signd.c. HStenn. -* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2829] Look at pipe_fds in ntpd.c (did so. perlinger@ntp.org) * [Bug 2887] stratum -1 config results as showing value 99 + - fudge stratum should only accept values [0..16]. perlinger@ntp.org - fudge stratum only accepts values [0..16]. perlinger@ntp.org -* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn. * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray * [Bug 2944] errno is not preserved properly in ntpdate after sendto call. - applied patch by Christos Zoulas. perlinger@ntp.org +* [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault - fixed data race conditions in threaded DNS worker. perlinger@ntp.org - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org @@ -54,9 +72,10 @@ * Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn. * Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn. * Quiet a warning from clang. Harlan Stenn. +* Update the NEWS file. Harlan Stenn. +* Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. + --- -(4.2.8p4) 2015/10/21 Released by Harlan Stenn -(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn * [Sec 2899] CVE-2014-9297 perlinger@ntp.org * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's. diff --git a/NEWS b/NEWS index e16d93700..da9abb6bf 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,278 @@ +--- + +NTP 4.2.8p6 + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following X low- and Y medium-severity vulnerabilities: + +* Potential Infinite Loop in 'ntpq' + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.XX) 19 Jan 2016 + References: Sec 2548 / CVE-2015-8158 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM + Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'. + The loop's only stopping conditions are receiving a complete and + correct response or hitting a small number of error conditions. + If the packet contains incorrect values that don't trigger one of + the error conditions, the loop continues to receive new packets. + Note well, this is an attack against an instance of 'ntpq', not + 'ntpd', and this attack requires the attacker to do one of the + following: + * Own a malicious NTP server that the client trusts + * Prevent a legitimate NTP server from sending packets to + the 'ntpq' client + * MITM the 'ntpq' communications between the 'ntpq' client + and the NTP server + Mitigation: + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. + +* 0rigin: Zero Origin Timestamp Bypass + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.XX) 19 Jan 2016 + References: Sec 2545 / CVE-2015-8138 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM + (3.7 - LOW if you score AC:L) + Summary: To distinguish legitimate peer responses from forgeries, a + client attempts to verify a response packet by ensuring that the + origin timestamp in the packet matches the origin timestamp it + transmitted in its last request. A logic error exists that + allows packets with an origin timestamp of zero to bypass this + check whenever there is not an outstanding request to the server. + Mitigation: + Configure 'ntpd' to get time from multiple sources. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Monitor your 'ntpd= instances. + Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. + +* Stack exhaustion in recursive traversal of restriction list + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2940 / CVE-2015-7978 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + Summary: An unauthenticated 'ntpdc reslist' command can cause a + segmentation fault in ntpd by exhausting the call stack. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + In ntp-4.2.8, mode 7 is disabled by default. Don't enable it. + If you must enable mode 7: + configure the use of a 'requestkey' to control who can + issue mode 7 requests. + configure 'restrict noquery' to further limit mode 7 + requests to trusted sources. + Monitor your ntpd instances. + Credit: This weakness was discovered by Stephen Gray at Cisco ASIG. + +* reslist NULL pointer dereference + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2939 / CVE-2015-7977 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + Summary: An unauthenticated 'ntpdc reslist' command can cause a + segmentation fault in ntpd by causing a NULL pointer dereference. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from NTP Project Download Page or + the NTP Public Services Project Download Page. + If you are unable to upgrade: + mode 7 is disabled by default. Don't enable it. + If you must enable mode 7: + configure the use of a 'requestkey' to control who can + issue mode 7 requests. + configure 'restrict noquery' to further limit mode 7 + requests to trusted sources. + Monitor your ntpd instances. + Credit: This weakness was discovered by Stephen Gray of Cisco ASIG. + +* 'ntpq saveconfig' command allows dangerous characters in filenames. + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2938 / CVE-2015-7976 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM + Summary: The ntpq saveconfig command does not do adequate filtering + of special characters from the supplied filename. + Note well: The ability to use the saveconfig command is controlled + by the 'restrict nomodify' directive, and the recommended default + configuration is to disable this capability. If the ability to + execute a 'saveconfig' is required, it can easily (and should) be + limited and restricted to a known small number of IP addresses. + Mitigation: + Implement BCP-38. + use 'restrict default nomodify' in your 'ntp.conf' file. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page. + If you are unable to upgrade: + build NTP with 'configure --disable-saveconfig' if you will + never need this capability, or + use 'restrict default nomodify' in your 'ntp.conf' file. Be + careful about what IPs have the ability to send 'modify' + requests to 'ntpd'. + Monitor your ntpd instances. + 'saveconfig' requests are logged to syslog - monitor your syslog files. + Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. + +* nextvar() missing length check in ntpq + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2937 / CVE-2015-7975 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW + If you score A:C, this becomes 4.0. + CVSSv3: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Base Score 2.9, LOW + Summary: ntpq may call nextvar() which executes a memcpy() into the + name buffer without a proper length check against its maximum + length of 256 bytes. Note well that we're taking about ntpq here. + The usual worst-case effect of this vulnerability is that the + specific instance of ntpq will crash and the person or process + that did this will have stopped themselves. + Mitigation: + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + If you have scripts that feed input to ntpq make sure there are + some sanity checks on the input received from the "outside". + This is potentially more dangerous if ntpq is run as root. + Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG. + +* Deja Vu: Replay attack on authenticated broadcast mode + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2935 / CVE-2015-7973 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.XX + CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM + Summary: If an NTP network is configured for broadcast operations then + either a man-in-the-middle attacker or a malicious participant + that has the same trusted keys as the victim can replay time packets. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + Don't use broadcast mode if you cannot monitor your client servers. + Monitor your ntpd instances. + Credit: This weakness was discovered by Aanchal Malhotra of Boston + University. + +--- + +NTP 4.2.8p5 + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following medium-severity vulnerability: + +* Small-step/big-step. Close the panic gate earlier. + References: Sec 2956, CVE-2015-5300 + Affects: All ntp-4 releases up to, but not including 4.2.8p5, and + 4.3.0 up to, but not including 4.3.78 + CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM + Summary: If ntpd is always started with the -g option, which is + common and against long-standing recommendation, and if at the + moment ntpd is restarted an attacker can immediately respond to + enough requests from enough sources trusted by the target, which + is difficult and not common, there is a window of opportunity + where the attacker can cause ntpd to set the time to an + arbitrary value. Similarly, if an attacker is able to respond + to enough requests from enough sources trusted by the target, + the attacker can cause ntpd to abort and restart, at which + point it can tell the target to set the time to an arbitrary + value if and only if ntpd was re-started against long-standing + recommendation with the -g flag, or if ntpd was not given the + -g flag, the attacker can move the target system's time by at + most 900 seconds' time per attack. + Mitigation: + Configure ntpd to get time from multiple sources. + Upgrade to 4.2.8p5, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page + As we've long documented, only use the -g option to ntpd in + cold-start situations. + Monitor your ntpd instances. + Credit: This weakness was discovered by Aanchal Malhotra, + Isaac E. Cohen, and Sharon Goldberg at Boston University. + + NOTE WELL: The -g flag disables the limit check on the panic_gate + in ntpd, which is 900 seconds by default. The bug identified by + the researchers at Boston University is that the panic_gate + check was only re-enabled after the first change to the system + clock that was greater than 128 milliseconds, by default. The + correct behavior is that the panic_gate check should be + re-enabled after any initial time correction. + + If an attacker is able to inject consistent but erroneous time + responses to your systems via the network or "over the air", + perhaps by spoofing radio, cellphone, or navigation satellite + transmissions, they are in a great position to affect your + system's clock. There comes a point where your very best + defenses include: + + Configure ntpd to get time from multiple sources. + Monitor your ntpd instances. + +Other fixes: + +* Coverity submission process updated from Coverity 5 to Coverity 7. + The NTP codebase has been undergoing regular Coverity scans on an + ongoing basis since 2006. As part of our recent upgrade from + Coverity 5 to Coverity 7, Coverity identified 16 nits in some of + the newly-written Unity test programs. These were fixed. +* [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org +* [Bug 2887] stratum -1 config results as showing value 99 + - fudge stratum should only accept values [0..16]. perlinger@ntp.org +* [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn. +* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray +* [Bug 2944] errno is not preserved properly in ntpdate after sendto call. + - applied patch by Christos Zoulas. perlinger@ntp.org +* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704. +* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes. + - fixed data race conditions in threaded DNS worker. perlinger@ntp.org + - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org +* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org + - accept key file only if there are no parsing errors + - fixed size_t/u_int format clash + - fixed wrong use of 'strlcpy' +* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres. +* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org + - fixed several other warnings (cast-alignment, missing const, missing prototypes) + - promote use of 'size_t' for values that express a size + - use ptr-to-const for read-only arguments + - make sure SOCKET values are not truncated (win32-specific) + - format string fixes +* [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki. +* [Bug 2967] ntpdate command suffers an assertion failure + - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org +* [Bug 2969] Seg fault from ntpq/mrulist when looking at server with + lots of clients. perlinger@ntp.org +* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call + - changed stacked/nested handling of CTRL-C. perlinger@ntp.org +* Unity cleanup for FreeBSD-6.4. Harlan Stenn. +* Unity test cleanup. Harlan Stenn. +* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. +* Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn. +* Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn. +* Quiet a warning from clang. Harlan Stenn. + --- NTP 4.2.8p4 -Focus: Security, Bug fies, enhancements. +Focus: Security, Bug fixes, enhancements. Severity: MEDIUM @@ -339,8 +610,8 @@ Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos. Backward-Incompatible changes: * [Bug 2817] Default on Linux is now "rlimit memlock -1". -While the general default of 32M is still the case, under Linux -the default value has been changed to -1 (do not lock ntpd into + While the general default of 32M is still the case, under Linux + the default value has been changed to -1 (do not lock ntpd into memory). A value of 0 means "lock ntpd into memory with whatever memory it needs." If your ntp.conf file has an explicit "rlimit memlock" value in it, that value will continue to be used. diff --git a/include/ntp.h b/include/ntp.h index 4ffc35f6f..25f681001 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -350,6 +350,7 @@ struct peer { l_fp dst; /* destination timestamp */ l_fp aorg; /* origin timestamp */ l_fp borg; /* alternate origin timestamp */ + l_fp bxmt; /* most recent broadcast transmit timestamp */ double offset; /* peer clock offset */ double delay; /* peer roundtrip delay */ double jitter; /* peer jitter (squares) */ @@ -382,7 +383,8 @@ struct peer { * Statistic counters */ u_long timereset; /* time stat counters were reset */ - u_long timereceived; /* last packet received time */ + u_long timelastrec; /* last packet received time */ + u_long timereceived; /* last (clean) packet received time */ u_long timereachable; /* last reachable/unreachable time */ u_long sent; /* packets sent */ diff --git a/libntp/systime.c b/libntp/systime.c index c89d157cb..29f1e8637 100644 --- a/libntp/systime.c +++ b/libntp/systime.c @@ -323,9 +323,18 @@ adj_systime( else quant = 1e-6; ticks = (long)(dtemp / quant + .5); - adjtv.tv_usec = (long)(ticks * quant * 1e6); - dtemp -= adjtv.tv_usec / 1e6; - sys_residual = dtemp; + adjtv.tv_usec = (long)(ticks * quant * 1.e6 + .5); + /* The rounding in the conversions could us push over the + * limits: make sure the result is properly normalised! + * note: sign comes later, all numbers non-negative here. + */ + if (adjtv.tv_usec >= 1000000) { + adjtv.tv_sec += 1; + adjtv.tv_usec -= 1000000; + dtemp -= 1.; + } + /* set the new residual with leftover from correction */ + sys_residual = dtemp - adjtv.tv_usec * 1.e-6; /* * Convert to signed seconds and microseconds for the Unix diff --git a/ntpd/invoke-ntp.conf.texi b/ntpd/invoke-ntp.conf.texi index 37427d679..32b41e69e 100644 --- a/ntpd/invoke-ntp.conf.texi +++ b/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5 +# It has been AutoGen-ed January 7, 2016 at 11:30:49 PM by AutoGen 5.18.5 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore diff --git a/ntpd/invoke-ntp.keys.texi b/ntpd/invoke-ntp.keys.texi index 33fdb8938..b755d97a4 100644 --- a/ntpd/invoke-ntp.keys.texi +++ b/ntpd/invoke-ntp.keys.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed October 21, 2015 at 12:38:19 PM by AutoGen 5.18.5 +# It has been AutoGen-ed January 7, 2016 at 11:30:52 PM by AutoGen 5.18.5 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore diff --git a/ntpd/invoke-ntpd.texi b/ntpd/invoke-ntpd.texi index a781b2668..66ce19dec 100644 --- a/ntpd/invoke-ntpd.texi +++ b/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed October 21, 2015 at 12:38:21 PM by AutoGen 5.18.5 +# It has been AutoGen-ed January 7, 2016 at 11:30:54 PM by AutoGen 5.18.5 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -142,7 +142,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.8p4 +ntpd - NTP daemon program - Ver. 4.2.8p5 Usage: ntpd [ - [] | --[@{=| @}] ]... \ [ ... ] Flg Arg Option-Name Description diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man index ee457df4c..6e6aa326b 100644 --- a/ntpd/ntp.conf.5man +++ b/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "21 Oct 2015" "4.2.8p4" "File Formats" +.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpd/ntp.conf.5mdoc b/ntpd/ntp.conf.5mdoc index a883aabaa..800e995e0 100644 --- a/ntpd/ntp.conf.5mdoc +++ b/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd October 21 2015 +.Dd January 7 2016 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntp.conf.html b/ntpd/ntp.conf.html index 1f0c81908..d10a88d4e 100644 --- a/ntpd/ntp.conf.html +++ b/ntpd/ntp.conf.html @@ -33,7 +33,7 @@

NTP's Configuration File User Manual

This document describes the configuration file for the NTP Project's ntpd program. -

This document applies to version 4.2.8p4 of ntp.conf. +

This document applies to version 4.2.8p5 of ntp.conf.

Short Contents

diff --git a/ntpd/ntp.conf.man.in b/ntpd/ntp.conf.man.in index 7c8a39f46..f701b41fd 100644 --- a/ntpd/ntp.conf.man.in +++ b/ntpd/ntp.conf.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5 "21 Oct 2015" "4.2.8p4" "File Formats" +.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpd/ntp.conf.mdoc.in b/ntpd/ntp.conf.mdoc.in index 613ee7a84..7ad4cc1b3 100644 --- a/ntpd/ntp.conf.mdoc.in +++ b/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd October 21 2015 +.Dd January 7 2016 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntp.keys.5man b/ntpd/ntp.keys.5man index 3e5cb54d9..bb0028bd1 100644 --- a/ntpd/ntp.keys.5man +++ b/ntpd/ntp.keys.5man @@ -1,8 +1,8 @@ -.TH ntp.keys 5man "21 Oct 2015" "4.2.8p4" "File Formats" +.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME diff --git a/ntpd/ntp.keys.5mdoc b/ntpd/ntp.keys.5mdoc index 6355a39ca..9524989cb 100644 --- a/ntpd/ntp.keys.5mdoc +++ b/ntpd/ntp.keys.5mdoc @@ -1,9 +1,9 @@ -.Dd October 21 2015 +.Dd January 7 2016 .Dt NTP_KEYS 5mdoc File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/ntpd/ntp.keys.html b/ntpd/ntp.keys.html index 3671aaaac..738f9e03e 100644 --- a/ntpd/ntp.keys.html +++ b/ntpd/ntp.keys.html @@ -33,7 +33,7 @@

NTP's Symmetric Key File User Manual

This document describes the symmetric key file for the NTP Project's ntpd program. -

This document applies to version 4.2.8p4 of ntp.keys. +

This document applies to version 4.2.8p5 of ntp.keys.

Short Contents

diff --git a/ntpd/ntp.keys.man.in b/ntpd/ntp.keys.man.in index bd64756a0..78d5f091d 100644 --- a/ntpd/ntp.keys.man.in +++ b/ntpd/ntp.keys.man.in @@ -1,8 +1,8 @@ -.TH ntp.keys 5 "21 Oct 2015" "4.2.8p4" "File Formats" +.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME diff --git a/ntpd/ntp.keys.mdoc.in b/ntpd/ntp.keys.mdoc.in index 6600d57d5..40c821e51 100644 --- a/ntpd/ntp.keys.mdoc.in +++ b/ntpd/ntp.keys.mdoc.in @@ -1,9 +1,9 @@ -.Dd October 21 2015 +.Dd January 7 2016 .Dt NTP_KEYS 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 2e174d021..e5a567e78 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -75,6 +75,7 @@ static void ctl_putarray (const char *, double *, int); static void ctl_putsys (int); static void ctl_putpeer (int, struct peer *); static void ctl_putfs (const char *, tstamp_t); +static void ctl_printf (const char *, ...) NTP_PRINTF(1, 2); #ifdef REFCLOCK static void ctl_putclock (int, struct refclockstat *, int); #endif /* REFCLOCK */ @@ -111,6 +112,8 @@ static void unset_trap (struct recvbuf *, int); static struct ctl_trap *ctlfindtrap(sockaddr_u *, struct interface *); +int/*BOOL*/ is_safe_filename(const char * name); + static const struct ctl_proc control_codes[] = { { CTL_OP_UNSPEC, NOAUTH, control_unspec }, { CTL_OP_READSTAT, NOAUTH, read_status }, @@ -873,10 +876,66 @@ ctl_error( CTL_HEADER_LEN); } +int/*BOOL*/ +is_safe_filename(const char * name) +{ + /* We need a strict validation of filenames we should write: The + * daemon might run with special permissions and is remote + * controllable, so we better take care what we allow as file + * name! + * + * The first character must be digit or a letter from the ASCII + * base plane or a '_' ([_A-Za-z0-9]), the following characters + * must be from [-._+A-Za-z0-9]. + * + * We do not trust the character classification much here: Since + * the NTP protocol makes no provisions for UTF-8 or local code + * pages, we strictly require the 7bit ASCII code page. + * + * The following table is a packed bit field of 128 two-bit + * groups. The LSB in each group tells us if a character is + * acceptable at the first position, the MSB if the character is + * accepted at any other position. + * + * This does not ensure that the file name is syntactically + * correct (multiple dots will not work with VMS...) but it will + * exclude potential globbing bombs and directory traversal. It + * also rules out drive selection. (For systems that have this + * notion, like Windows or VMS.) + */ + static const uint32_t chclass[8] = { + 0x00000000, 0x00000000, + 0x28800000, 0x000FFFFF, + 0xFFFFFFFC, 0xC03FFFFF, + 0xFFFFFFFC, 0x003FFFFF + }; + + u_int widx, bidx, mask; + if (!*name) + return FALSE; + + mask = 1u; + while (0 != (widx = (u_char)*name++)) { + bidx = (widx & 15) << 1; + widx = widx >> 4; + if (widx >= sizeof(chclass)) + return FALSE; + if (0 == ((chclass[widx] >> bidx) & mask)) + return FALSE; + mask |= 2u; + } + return TRUE; +} + + /* * save_config - Implements ntpq -c "saveconfig " * Writes current configuration including any runtime * changes by ntpq's :config or config-from-file + * + * Note: There should be no buffer overflow or truncation in the + * processing of file names -- both cause security problems. This is bit + * painful to code but essential here. */ void save_config( @@ -904,24 +963,38 @@ save_config( "\\/" /* separator and critical char for POSIX */ #endif ; - - char reply[128]; #ifdef SAVECONFIG + static const char savedconfig_eq[] = "savedconfig="; + + /* Build a safe open mode from the available mode flags. We want + * to create a new file and write it in text mode (when + * applicable -- only Windows does this...) + */ + static const int openmode = O_CREAT | O_TRUNC | O_WRONLY +# if defined(O_EXCL) /* posix, vms */ + | O_EXCL +# elif defined(_O_EXCL) /* windows is alway very special... */ + | _O_EXCL +# endif +# if defined(_O_TEXT) /* windows, again */ + | _O_TEXT +#endif + ; + char filespec[128]; char filename[128]; char fullpath[512]; - const char savedconfig_eq[] = "savedconfig="; char savedconfig[sizeof(savedconfig_eq) + sizeof(filename)]; time_t now; int fd; FILE *fptr; + int prc; + size_t reqlen; #endif if (RES_NOMODIFY & restrict_mask) { - snprintf(reply, sizeof(reply), - "saveconfig prohibited by restrict ... nomodify"); - ctl_putdata(reply, strlen(reply), 0); + ctl_printf("%s", "saveconfig prohibited by restrict ... nomodify"); ctl_flushpkt(0); NLOG(NLOG_SYSINFO) msyslog(LOG_NOTICE, @@ -933,9 +1006,7 @@ save_config( #ifdef SAVECONFIG if (NULL == saveconfigdir) { - snprintf(reply, sizeof(reply), - "saveconfig prohibited, no saveconfigdir configured"); - ctl_putdata(reply, strlen(reply), 0); + ctl_printf("%s", "saveconfig prohibited, no saveconfigdir configured"); ctl_flushpkt(0); NLOG(NLOG_SYSINFO) msyslog(LOG_NOTICE, @@ -944,21 +1015,79 @@ save_config( return; } - if (0 == reqend - reqpt) + /* The length checking stuff gets serious. Do not assume a NUL + * byte can be found, but if so, use it to calculate the needed + * buffer size. If the available buffer is too short, bail out; + * likewise if there is no file spec. (The latter will not + * happen when using NTPQ, but there are other ways to craft a + * network packet!) + */ + reqlen = (size_t)(reqend - reqpt); + if (0 != reqlen) { + char * nulpos = (char*)memchr(reqpt, 0, reqlen); + if (NULL != nulpos) + reqlen = (size_t)(nulpos - reqpt); + } + if (0 == reqlen) return; + if (reqlen >= sizeof(filespec)) { + ctl_printf("saveconfig exceeded maximum raw name length (%u)", + (u_int)sizeof(filespec)); + ctl_flushpkt(0); + msyslog(LOG_NOTICE, + "saveconfig exceeded maximum raw name length from %s", + stoa(&rbufp->recv_srcadr)); + return; + } - strlcpy(filespec, reqpt, sizeof(filespec)); - time(&now); - + /* copy data directly as we exactly know the size */ + memcpy(filespec, reqpt, reqlen); + filespec[reqlen] = '\0'; + /* * allow timestamping of the saved config filename with * strftime() format such as: * ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf" * XXX: Nice feature, but not too safe. + * YYY: The check for permitted characters in file names should + * weed out the worst. Let's hope 'strftime()' does not + * develop pathological problems. */ + time(&now); if (0 == strftime(filename, sizeof(filename), filespec, - localtime(&now))) + localtime(&now))) + { + /* + * If we arrive here, 'strftime()' balked; most likely + * the buffer was too short. (Or it encounterd an empty + * format, or just a format that expands to an empty + * string.) We try to use the original name, though this + * is very likely to fail later if there are format + * specs in the string. Note that truncation cannot + * happen here as long as both buffers have the same + * size! + */ strlcpy(filename, filespec, sizeof(filename)); + } + + /* + * Check the file name for sanity. This might/will rule out file + * names that would be legal but problematic, and it blocks + * directory traversal. + */ + if (!is_safe_filename(filename)) { + ctl_printf("saveconfig rejects unsafe file name '%s'", + filename); + ctl_flushpkt(0); + msyslog(LOG_NOTICE, + "saveconfig rejects unsafe file name from %s", + stoa(&rbufp->recv_srcadr)); + return; + } + + /* + * XXX: This next test may not be needed with is_safe_filename() + */ /* block directory/drive traversal */ /* TALOS-CAN-0062: block directory traversal for VMS, too */ @@ -968,38 +1097,49 @@ save_config( ctl_putdata(reply, strlen(reply), 0); ctl_flushpkt(0); msyslog(LOG_NOTICE, - "saveconfig with path from %s rejected", + "saveconfig rejects unsafe file name from %s", stoa(&rbufp->recv_srcadr)); return; } - snprintf(fullpath, sizeof(fullpath), "%s%s", - saveconfigdir, filename); + /* concatenation of directory and path can cause another + * truncation... + */ + prc = snprintf(fullpath, sizeof(fullpath), "%s%s", + saveconfigdir, filename); + if (prc < 0 || prc >= sizeof(fullpath)) { + ctl_printf("saveconfig exceeded maximum path length (%u)", + (u_int)sizeof(fullpath)); + ctl_flushpkt(0); + msyslog(LOG_NOTICE, + "saveconfig exceeded maximum path length from %s", + stoa(&rbufp->recv_srcadr)); + return; + } - fd = open(fullpath, O_CREAT | O_TRUNC | O_WRONLY, - S_IRUSR | S_IWUSR); + fd = open(fullpath, openmode, S_IRUSR | S_IWUSR); if (-1 == fd) fptr = NULL; else fptr = fdopen(fd, "w"); if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) { - snprintf(reply, sizeof(reply), - "Unable to save configuration to file %s", - filename); + ctl_printf("Unable to save configuration to file '%s': %m", + filename); msyslog(LOG_ERR, "saveconfig %s from %s failed", filename, stoa(&rbufp->recv_srcadr)); } else { - snprintf(reply, sizeof(reply), - "Configuration saved to %s", filename); + ctl_printf("Configuration saved to '%s'", filename); msyslog(LOG_NOTICE, - "Configuration saved to %s (requested by %s)", + "Configuration saved to '%s' (requested by %s)", fullpath, stoa(&rbufp->recv_srcadr)); /* * save the output filename in system variable * savedconfig, retrieved with: * ntpq -c "rv 0 savedconfig" + * Note: the way 'savedconfig' is defined makes overflow + * checks unnecessary here. */ snprintf(savedconfig, sizeof(savedconfig), "%s%s", savedconfig_eq, filename); @@ -1009,11 +1149,9 @@ save_config( if (NULL != fptr) fclose(fptr); #else /* !SAVECONFIG follows */ - snprintf(reply, sizeof(reply), - "saveconfig unavailable, configured with --disable-saveconfig"); -#endif - - ctl_putdata(reply, strlen(reply), 0); + ctl_printf("%s", + "saveconfig unavailable, configured with --disable-saveconfig"); +#endif ctl_flushpkt(0); } @@ -1757,6 +1895,29 @@ ctl_putarray( ctl_putdata(buffer, (unsigned)(cp - buffer), 0); } +/* + * ctl_printf - put a formatted string into the data buffer + */ +static void +ctl_printf( + const char * fmt, + ... + ) +{ + static const char * ellipsis = "[...]"; + va_list va; + char fmtbuf[128]; + int rc; + + va_start(va, fmt); + rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va); + va_end(va); + if (rc < 0 || rc >= sizeof(fmtbuf)) + strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1, + ellipsis); + ctl_putdata(fmtbuf, strlen(fmtbuf), 0); +} + /* * ctl_putsys - output a system variable diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index b1f74de84..cae08c5e8 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -15,6 +15,7 @@ #include "ntp_string.h" #include "ntp_leapsec.h" #include "refidsmear.h" +#include "lib_strbuf.h" #include #ifdef HAVE_LIBSCF_H @@ -172,8 +173,14 @@ void pool_name_resolved (int, int, void *, const char *, const struct addrinfo *); #endif /* WORKER */ +const char * amtoa (int am); + + void -set_sys_leap(u_char new_sys_leap) { +set_sys_leap( + u_char new_sys_leap + ) +{ sys_leap = new_sys_leap; xmt_leap = sys_leap; @@ -189,8 +196,9 @@ set_sys_leap(u_char new_sys_leap) { #ifdef LEAP_SMEAR else { /* - * If leap smear is enabled in general we must never send a leap second warning - * to clients, so make sure we only send "in sync". + * If leap smear is enabled in general we must + * never send a leap second warning to clients, + * so make sure we only send "in sync". */ if (leap_smear.enabled) xmt_leap = LEAP_NOWARNING; @@ -199,34 +207,39 @@ set_sys_leap(u_char new_sys_leap) { } } + /* * Kiss Code check */ -int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid) { +int +kiss_code_check( + u_char hisleap, + u_char hisstratum, + u_char hismode, + u_int32 refid + ) +{ - if ( hismode == MODE_SERVER - && hisleap == LEAP_NOTINSYNC - && hisstratum == STRATUM_UNSPEC) { - if(memcmp(&refid,"RATE", 4) == 0) { - return (RATEKISS); - } - else if(memcmp(&refid,"DENY", 4) == 0) { - return (DENYKISS); - } - else if(memcmp(&refid,"RSTR", 4) == 0) { - return (RSTRKISS); - } - else if(memcmp(&refid,"X", 1) == 0) { - return (XKISS); - } - else { - return (UNKNOWNKISS); - } - } - else { - return (NOKISS); + if ( hismode == MODE_SERVER + && hisleap == LEAP_NOTINSYNC + && hisstratum == STRATUM_UNSPEC) { + if(memcmp(&refid,"RATE", 4) == 0) { + return (RATEKISS); + } else if(memcmp(&refid,"DENY", 4) == 0) { + return (DENYKISS); + } else if(memcmp(&refid,"RSTR", 4) == 0) { + return (RSTRKISS); + } else if(memcmp(&refid,"X", 1) == 0) { + return (XKISS); + } else { + return (UNKNOWNKISS); } + } else { + return (NOKISS); + } } + + /* * transmit - transmit procedure called by poll timeout */ @@ -303,7 +316,7 @@ transmit( peer->outdate = current_time; if ( (peer_associations <= 2 * sys_maxclock) && ( peer_associations < sys_maxclock - || sys_survivors < sys_minclock)) + || sys_survivors < sys_minclock)) pool_xmit(peer); poll_update(peer, hpoll); return; @@ -416,6 +429,33 @@ transmit( if (peer->hmode != MODE_BCLIENT) peer_xmit(peer); poll_update(peer, hpoll); + + return; +} + + +const char * +amtoa( + int am + ) +{ + char *bp; + + switch(am) { + case AM_ERR: return "AM_ERR"; + case AM_NOMATCH: return "AM_NOMATCH"; + case AM_PROCPKT: return "AM_PROCPKT"; + case AM_BCST: return "AM_BCST"; + case AM_FXMIT: return "AM_FXMIT"; + case AM_MANYCAST: return "AM_MANYCAST"; + case AM_NEWPASS: return "AM_NEWPASS"; + case AM_NEWBCL: return "AM_NEWBCL"; + case AM_POSSBCL: return "AM_POSSBCL"; + default: + LIB_GETBUF(bp); + snprintf(bp, LIB_BUFLENGTH, "AM_#%d", am); + return bp; + } } @@ -434,16 +474,18 @@ receive( u_char hismode; /* packet mode */ u_char hisstratum; /* packet stratum */ u_short restrict_mask; /* restrict bits */ - int kissCode = NOKISS; /* Kiss Code */ + const char *hm_str; /* hismode string */ + const char *am_str; /* association match string */ + int kissCode = NOKISS; /* Kiss Code */ int has_mac; /* length of MAC field */ int authlen; /* offset of MAC field */ int is_authentic = 0; /* cryptosum ok */ int retcode = AM_NOMATCH; /* match code */ keyid_t skeyid = 0; /* key IDs */ u_int32 opcode = 0; /* extension field opcode */ - sockaddr_u *dstadr_sin; /* active runway */ + sockaddr_u *dstadr_sin; /* active runway */ struct peer *peer2; /* aux peer structure pointer */ - endpt * match_ep; /* newpeer() local address */ + endpt *match_ep; /* newpeer() local address */ l_fp p_org; /* origin timestamp */ l_fp p_rec; /* receive timestamp */ l_fp p_xmt; /* transmit timestamp */ @@ -474,11 +516,12 @@ receive( return; /* bogus port */ } restrict_mask = restrictions(&rbufp->recv_srcadr); - DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x\n", - current_time, stoa(&rbufp->dstadr->sin), - stoa(&rbufp->recv_srcadr), - rbufp->dstadr->flags, restrict_mask)); pkt = &rbufp->recv_pkt; + DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x org %#010x.%08x xmt %#010x.%08x\n", + current_time, stoa(&rbufp->dstadr->sin), + stoa(&rbufp->recv_srcadr), rbufp->dstadr->flags, + restrict_mask, ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); hisversion = PKT_VERSION(pkt->li_vn_mode); hisleap = PKT_LEAP(pkt->li_vn_mode); hismode = (int)PKT_MODE(pkt->li_vn_mode); @@ -685,6 +728,8 @@ receive( NTOHL_FP(&pkt->org, &p_org); NTOHL_FP(&pkt->rec, &p_rec); NTOHL_FP(&pkt->xmt, &p_xmt); + hm_str = modetoa(hismode); + am_str = amtoa(retcode); /* * Authentication is conditioned by three switches: @@ -713,25 +758,21 @@ receive( if (has_mac == 0) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_NONE; /* not required */ -#ifdef DEBUG - if (debug) - printf( - "receive: at %ld %s<-%s mode %d len %d\n", + DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n", current_time, stoa(dstadr_sin), - stoa(&rbufp->recv_srcadr), hismode, - authlen); -#endif + stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, + authlen, + ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); } else if (has_mac == 4) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_CRYPTO; /* crypto-NAK */ -#ifdef DEBUG - if (debug) - printf( - "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n", + DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n", current_time, stoa(dstadr_sin), - stoa(&rbufp->recv_srcadr), hismode, skeyid, - authlen + has_mac, is_authentic); -#endif + stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, + skeyid, authlen + has_mac, is_authentic, + ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); #ifdef HAVE_NTP_SIGND /* @@ -747,7 +788,7 @@ receive( && (restrict_mask & RES_MSSNTP) && (retcode == AM_FXMIT || retcode == AM_NEWPASS) && (memcmp(zero_key, (char *)pkt + authlen + 4, - MAX_MD5_LEN - 4) == 0)) { + MAX_MD5_LEN - 4) == 0)) { is_authentic = AUTH_NONE; #endif /* HAVE_NTP_SIGND */ @@ -856,14 +897,12 @@ receive( if (crypto_flags && skeyid > NTP_MAXKEY) authtrust(skeyid, 0); #endif /* AUTOKEY */ -#ifdef DEBUG - if (debug) - printf( - "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n", + DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n", current_time, stoa(dstadr_sin), - stoa(&rbufp->recv_srcadr), hismode, skeyid, - authlen + has_mac, is_authentic); -#endif + stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, + skeyid, authlen + has_mac, is_authentic, + ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); } /* @@ -1118,6 +1157,7 @@ receive( } else { peer->delay = sys_bdelay; + peer->bxmt = p_xmt; } break; } @@ -1138,6 +1178,7 @@ receive( sys_restricted++; return; /* ignore duplicate */ } + peer->bxmt = p_xmt; #ifdef AUTOKEY if (skeyid > NTP_MAXKEY) crypto_recv(peer, rbufp); @@ -1194,11 +1235,11 @@ receive( * debug-printed and not logged to avoid log * flooding. */ - DPRINTF(1, ("receive: at %ld refusing to mobilize passive association" - " with unknown peer %s mode %d keyid %08x len %d auth %d\n", + DPRINTF(2, ("receive: at %ld refusing to mobilize passive association" + " with unknown peer %s mode %d/%s:%s keyid %08x len %d auth %d\n", current_time, stoa(&rbufp->recv_srcadr), - hismode, skeyid, (authlen + has_mac), - is_authentic)); + hismode, hm_str, am_str, skeyid, + (authlen + has_mac), is_authentic)); sys_declined++; return; } @@ -1247,6 +1288,73 @@ receive( return; } #endif /* AUTOKEY */ + + if (MODE_BROADCAST == hismode) { + u_char poll; + int bail = 0; + l_fp tdiff; + + DPRINTF(2, ("receive: PROCPKT/BROADCAST: prev pkt %ld seconds ago, ppoll: %d, %d secs\n", + (current_time - peer->timelastrec), + peer->ppoll, (1 << peer->ppoll) + )); + /* Things we can check: + * + * Did the poll interval change? + * Is the poll interval in the packet in-range? + * Did this packet arrive too soon? + * Is the timestamp in this packet monotonic + * with respect to the previous packet? + */ + + /* This is noteworthy, not error-worthy */ + if (pkt->ppoll != peer->ppoll) { + msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud", + stoa(&rbufp->recv_srcadr), + peer->ppoll, pkt->ppoll); + } + + poll = min(peer->maxpoll, + max(peer->minpoll, pkt->ppoll)); + + /* This is error-worthy */ + if (pkt->ppoll != poll) { + msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!", + pkt->ppoll, stoa(&rbufp->recv_srcadr), + peer->minpoll, peer->maxpoll); + ++bail; + } + + if ( (current_time - peer->timelastrec) + < (1 << pkt->ppoll)) { + msyslog(LOG_INFO, "receive: broadcast packet from %s arrived after %ld, not %d seconds!", + stoa(&rbufp->recv_srcadr), + (current_time - peer->timelastrec), + (1 << pkt->ppoll) + ); + ++bail; + } + + tdiff = p_xmt; + L_SUB(&tdiff, &peer->bxmt); + if (tdiff.l_i < 0) { + msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x", + stoa(&rbufp->recv_srcadr), + peer->bxmt.l_ui, peer->bxmt.l_uf, + p_xmt.l_ui, p_xmt.l_uf + ); + ++bail; + } + + peer->bxmt = p_xmt; + + if (bail) { + peer->timelastrec = current_time; + sys_declined++; + return; + } + } + break; /* @@ -1321,26 +1429,42 @@ receive( } /* - * Check for bogus packet in basic mode. If found, switch to - * interleaved mode and resynchronize, but only after confirming - * the packet is not bogus in symmetric interleaved mode. + * Basic mode checks: + * + * If there is no origin timestamp, it's either an initial packet + * or we've already received a response to our query. Of course, + * should 'aorg' be all-zero because this really was the original + * transmit timestamp, we'll drop the reply. There is a window of + * one nanosecond once every 136 years' time where this is possible. + * We currently ignore this situation. + * + * Otherwise, check for bogus packet in basic mode. + * If it is bogus, switch to interleaved mode and resynchronize, + * but only after confirming the packet is not bogus in + * symmetric interleaved mode. * * This could also mean somebody is forging packets claiming to * be from us, attempting to cause our server to KoD us. */ } else if (peer->flip == 0) { - if (!L_ISEQU(&p_org, &peer->aorg)) { + if (0 < hisstratum && L_ISZERO(&p_org)) { + L_CLR(&peer->aorg); + } else if ( L_ISZERO(&peer->aorg) + || !L_ISEQU(&p_org, &peer->aorg)) { peer->bogusorg++; peer->flash |= TEST2; /* bogus */ msyslog(LOG_INFO, - "receive: Unexpected origin timestamp from %s", - ntoa(&peer->srcadr)); + "receive: Unexpected origin timestamp %#010x.%08x from %s xmt %#010x.%08x", + ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), + ntoa(&peer->srcadr), + ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)); if ( !L_ISZERO(&peer->dst) && L_ISEQU(&p_org, &peer->dst)) { + /* Might be the start of an interleave */ peer->flip = 1; report_event(PEVNT_XLEAVE, peer, NULL); } - return; /* Bogus packet, we are done */ + return; /* Bogus or possible interleave packet */ } else { L_CLR(&peer->aorg); } @@ -1462,6 +1586,7 @@ receive( * clean. Get on with real work. */ peer->timereceived = current_time; + peer->timelastrec = current_time; if (is_authentic == AUTH_OK) peer->flags |= FLAG_AUTHENTIC; else @@ -1694,11 +1819,8 @@ process_packet( */ if (peer->flash & PKT_TEST_MASK) { peer->seldisptoolarge++; -#ifdef DEBUG - if (debug) - printf("packet: flash header %04x\n", - peer->flash); -#endif + DPRINTF(1, ("packet: flash header %04x\n", + peer->flash)); return; } @@ -1871,15 +1993,12 @@ process_packet( * the roundtrip delay. Then it calculates the correction as a * fraction of d. */ - peer->t21 = t21; + peer->t21 = t21; peer->t21_last = peer->t21_bytes; peer->t34 = -t34; peer->t34_bytes = len; -#ifdef DEBUG - if (debug > 1) - printf("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21, - peer->t21_bytes, peer->t34, peer->t34_bytes); -#endif + DPRINTF(2, ("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21, + peer->t21_bytes, peer->t34, peer->t34_bytes)); if (peer->r21 > 0 && peer->r34 > 0 && p_del > 0) { if (peer->pmode != MODE_BROADCAST) td = (peer->r34 / (peer->r21 + peer->r34) - @@ -1888,7 +2007,7 @@ process_packet( td = 0; /* - * Unfortunately, in many cases the errors are + * Unfortunately, in many cases the errors are * unacceptable, so for the present the rates are not * used. In future, we might find conditions where the * calculations are useful, so this should be considered @@ -1896,12 +2015,9 @@ process_packet( */ t21 -= td; t34 -= td; -#ifdef DEBUG - if (debug > 1) - printf("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n", + DPRINTF(2, ("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n", p_del, peer->r21 / 1e3, peer->r34 / 1e3, - td); -#endif + td)); } #endif /* ASSYM */ @@ -1994,12 +2110,8 @@ clock_update( sys_rootdelay = peer->delay + peer->rootdelay; sys_reftime = peer->dst; -#ifdef DEBUG - if (debug) - printf( - "clock_update: at %lu sample %lu associd %d\n", - current_time, peer->epoch, peer->associd); -#endif + DPRINTF(1, ("clock_update: at %lu sample %lu associd %d\n", + current_time, peer->epoch, peer->associd)); /* * Comes now the moment of truth. Crank the clock discipline and @@ -2308,13 +2420,9 @@ peer_clear( #ifdef AUTOKEY peer->refresh = current_time + (1 << NTP_REFRESH); #endif /* AUTOKEY */ -#ifdef DEBUG - if (debug) - printf( - "peer_clear: at %ld next %ld associd %d refid %s\n", + DPRINTF(1, ("peer_clear: at %ld next %ld associd %d refid %s\n", current_time, peer->nextdate, peer->associd, - ident); -#endif + ident)); } @@ -2478,11 +2586,8 @@ clock_filter( * packets. */ if (peer->filter_epoch[k] <= peer->epoch) { -#if DEBUG - if (debug > 1) - printf("clock_filter: old sample %lu\n", current_time - - peer->filter_epoch[k]); -#endif + DPRINTF(2, ("clock_filter: old sample %lu\n", current_time - + peer->filter_epoch[k])); return; } peer->epoch = peer->filter_epoch[k]; @@ -2494,13 +2599,9 @@ clock_filter( */ record_peer_stats(&peer->srcadr, ctlpeerstatus(peer), peer->offset, peer->delay, peer->disp, peer->jitter); -#ifdef DEBUG - if (debug) - printf( - "clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n", + DPRINTF(1, ("clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n", m, peer->offset, peer->delay, peer->disp, - peer->jitter); -#endif + peer->jitter)); if (peer->burst == 0 || sys_leap == LEAP_NOTINSYNC) clock_select(); } @@ -3004,7 +3105,7 @@ clock_select(void) typesystem = typepps; sys_clockhop = 0; typesystem->new_status = CTL_PST_SEL_PPS; - sys_offset = typesystem->offset; + sys_offset = typesystem->offset; sys_jitter = typesystem->jitter; DPRINTF(1, ("select: pps offset %.9f jitter %.9f\n", sys_offset, sys_jitter)); @@ -3157,11 +3258,11 @@ peer_xmit( * might not be usable. */ sendlen = LEN_PKT_NOMAC; + if ( #ifdef AUTOKEY - if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) { -#else /* !AUTOKEY follows */ - if (peer->keyid == 0) { + !(peer->flags & FLAG_SKEY) && #endif /* !AUTOKEY */ + peer->keyid == 0) { /* * Transmit a-priori timestamps @@ -3207,13 +3308,11 @@ peer_xmit( } L_SUB(&xmt_ty, &xmt_tx); LFPTOD(&xmt_ty, peer->xleave); -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s mode %d len %zu\n", - current_time, peer->dstadr ? - stoa(&peer->dstadr->sin) : "-", - stoa(&peer->srcadr), peer->hmode, sendlen); -#endif + DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n", + current_time, + peer->dstadr ? stoa(&peer->dstadr->sin) : "-", + stoa(&peer->srcadr), peer->hmode, sendlen, + xmt_tx.l_ui, xmt_tx.l_uf)); return; } @@ -3498,7 +3597,7 @@ peer_xmit( authtrust(xkeyid, 0); #endif /* AUTOKEY */ if (sendlen > sizeof(xpkt)) { - msyslog(LOG_ERR, "proto: buffer overflow %zu", sendlen); + msyslog(LOG_ERR, "peer_xmit: buffer overflow %zu", sendlen); exit (-1); } peer->t21_bytes = sendlen; @@ -3521,30 +3620,33 @@ peer_xmit( L_SUB(&xmt_ty, &xmt_tx); LFPTOD(&xmt_ty, peer->xleave); #ifdef AUTOKEY -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n", + DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n", current_time, latoa(peer->dstadr), ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen, - peer->keynumber); -#endif + peer->keynumber)); #else /* !AUTOKEY follows */ -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n", + DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n", current_time, peer->dstadr ? ntoa(&peer->dstadr->sin) : "-", - ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen); -#endif + ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen)); #endif /* !AUTOKEY */ + + return; } #ifdef LEAP_SMEAR static void -leap_smear_add_offs(l_fp *t, l_fp *t_recv) { +leap_smear_add_offs( + l_fp *t, + l_fp *t_recv + ) +{ + L_ADD(t, &leap_smear.offset); + + return; } #endif /* LEAP_SMEAR */ @@ -3684,14 +3786,10 @@ fast_xmit( if (rbufp->recv_length == sendlen) { sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, sendlen); -#ifdef DEBUG - if (debug) - printf( - "transmit: at %ld %s->%s mode %d len %lu\n", + DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d len %lu\n", current_time, stoa(&rbufp->dstadr->sin), stoa(&rbufp->recv_srcadr), xmode, - (u_long)sendlen); -#endif + (u_long)sendlen)); return; } @@ -3742,14 +3840,10 @@ fast_xmit( get_systime(&xmt_ty); L_SUB(&xmt_ty, &xmt_tx); sys_authdelay = xmt_ty; -#ifdef DEBUG - if (debug) - printf( - "transmit: at %ld %s->%s mode %d keyid %08x len %lu\n", + DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d keyid %08x len %lu\n", current_time, ntoa(&rbufp->dstadr->sin), ntoa(&rbufp->recv_srcadr), xmode, xkeyid, - (u_long)sendlen); -#endif + (u_long)sendlen)); } @@ -3829,11 +3923,8 @@ pool_xmit( LEN_PKT_NOMAC); pool->sent++; pool->throttle += (1 << pool->minpoll) - 2; -#ifdef DEBUG - if (debug) - printf("transmit: at %ld %s->%s pool\n", - current_time, latoa(lcladr), stoa(rmtadr)); -#endif + DPRINTF(1, ("pool_xmit: at %ld %s->%s pool\n", + current_time, latoa(lcladr), stoa(rmtadr))); msyslog(LOG_INFO, "Soliciting pool server %s", stoa(rmtadr)); #endif /* WORKER */ } @@ -3851,7 +3942,8 @@ pool_xmit( * group different 1 ignore * * ignore if notrust */ -int group_test( +int +group_test( char *grp, char *ident ) @@ -3931,11 +4023,8 @@ key_expire( value_free(&peer->sndval); peer->keynumber = 0; peer->flags &= ~FLAG_ASSOC; -#ifdef DEBUG - if (debug) - printf("key_expire: at %lu associd %d\n", current_time, - peer->associd); -#endif + DPRINTF(1, ("key_expire: at %lu associd %d\n", current_time, + peer->associd)); } #endif /* AUTOKEY */ diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index fa78ce1e4..ba968e2c8 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -81,8 +81,8 @@ static void do_unconf (sockaddr_u *, endpt *, struct req_pkt *); static void set_sys_flag (sockaddr_u *, endpt *, struct req_pkt *); static void clr_sys_flag (sockaddr_u *, endpt *, struct req_pkt *); static void setclr_flags (sockaddr_u *, endpt *, struct req_pkt *, u_long); -static void list_restrict4 (restrict_u *, struct info_restrict **); -static void list_restrict6 (restrict_u *, struct info_restrict **); +static void list_restrict4 (const restrict_u *, struct info_restrict **); +static void list_restrict6 (const restrict_u *, struct info_restrict **); static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *); static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *); static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *); @@ -667,43 +667,35 @@ list_peers( struct req_pkt *inpkt ) { - struct info_peer_list *ip; - struct peer *pp; - int skip = 0; + struct info_peer_list * ip; + const struct peer * pp; ip = (struct info_peer_list *)prepare_pkt(srcadr, inter, inpkt, v6sizeof(struct info_peer_list)); for (pp = peer_list; pp != NULL && ip != NULL; pp = pp->p_link) { if (IS_IPV6(&pp->srcadr)) { - if (client_v6_capable) { - ip->addr6 = SOCK_ADDR6(&pp->srcadr); - ip->v6_flag = 1; - skip = 0; - } else { - skip = 1; - break; - } + if (!client_v6_capable) + continue; + ip->addr6 = SOCK_ADDR6(&pp->srcadr); + ip->v6_flag = 1; } else { ip->addr = NSRCADR(&pp->srcadr); if (client_v6_capable) ip->v6_flag = 0; - skip = 0; } - if (!skip) { - ip->port = NSRCPORT(&pp->srcadr); - ip->hmode = pp->hmode; - ip->flags = 0; - if (pp->flags & FLAG_CONFIG) - ip->flags |= INFO_FLAG_CONFIG; - if (pp == sys_peer) - ip->flags |= INFO_FLAG_SYSPEER; - if (pp->status == CTL_PST_SEL_SYNCCAND) - ip->flags |= INFO_FLAG_SEL_CANDIDATE; - if (pp->status >= CTL_PST_SEL_SYSPEER) - ip->flags |= INFO_FLAG_SHORTLIST; - ip = (struct info_peer_list *)more_pkt(); - } + ip->port = NSRCPORT(&pp->srcadr); + ip->hmode = pp->hmode; + ip->flags = 0; + if (pp->flags & FLAG_CONFIG) + ip->flags |= INFO_FLAG_CONFIG; + if (pp == sys_peer) + ip->flags |= INFO_FLAG_SYSPEER; + if (pp->status == CTL_PST_SEL_SYNCCAND) + ip->flags |= INFO_FLAG_SEL_CANDIDATE; + if (pp->status >= CTL_PST_SEL_SYSPEER) + ip->flags |= INFO_FLAG_SHORTLIST; + ip = (struct info_peer_list *)more_pkt(); } /* for pp */ flush_pkt(); @@ -720,10 +712,9 @@ list_peers_sum( struct req_pkt *inpkt ) { - register struct info_peer_summary *ips; - register struct peer *pp; - l_fp ltmp; - register int skip; + struct info_peer_summary * ips; + const struct peer * pp; + l_fp ltmp; DPRINTF(3, ("wants peer list summary\n")); @@ -736,18 +727,14 @@ list_peers_sum( * want only v4. */ if (IS_IPV6(&pp->srcadr)) { - if (client_v6_capable) { - ips->srcadr6 = SOCK_ADDR6(&pp->srcadr); - ips->v6_flag = 1; - if (pp->dstadr) - ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin); - else - ZERO(ips->dstadr6); - skip = 0; - } else { - skip = 1; - break; - } + if (!client_v6_capable) + continue; + ips->srcadr6 = SOCK_ADDR6(&pp->srcadr); + ips->v6_flag = 1; + if (pp->dstadr) + ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin); + else + ZERO(ips->dstadr6); } else { ips->srcadr = NSRCADR(&pp->srcadr); if (client_v6_capable) @@ -765,39 +752,37 @@ list_peers_sum( ips->dstadr = NSRCADR(&pp->dstadr->bcast); } } - } else + } else { ips->dstadr = 0; - - skip = 0; + } } - if (!skip) { - ips->srcport = NSRCPORT(&pp->srcadr); - ips->stratum = pp->stratum; - ips->hpoll = pp->hpoll; - ips->ppoll = pp->ppoll; - ips->reach = pp->reach; - ips->flags = 0; - if (pp == sys_peer) - ips->flags |= INFO_FLAG_SYSPEER; - if (pp->flags & FLAG_CONFIG) - ips->flags |= INFO_FLAG_CONFIG; - if (pp->flags & FLAG_REFCLOCK) - ips->flags |= INFO_FLAG_REFCLOCK; - if (pp->flags & FLAG_PREFER) - ips->flags |= INFO_FLAG_PREFER; - if (pp->flags & FLAG_BURST) - ips->flags |= INFO_FLAG_BURST; - if (pp->status == CTL_PST_SEL_SYNCCAND) - ips->flags |= INFO_FLAG_SEL_CANDIDATE; - if (pp->status >= CTL_PST_SEL_SYSPEER) - ips->flags |= INFO_FLAG_SHORTLIST; - ips->hmode = pp->hmode; - ips->delay = HTONS_FP(DTOFP(pp->delay)); - DTOLFP(pp->offset, <mp); - HTONL_FP(<mp, &ips->offset); - ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp))); - } + ips->srcport = NSRCPORT(&pp->srcadr); + ips->stratum = pp->stratum; + ips->hpoll = pp->hpoll; + ips->ppoll = pp->ppoll; + ips->reach = pp->reach; + ips->flags = 0; + if (pp == sys_peer) + ips->flags |= INFO_FLAG_SYSPEER; + if (pp->flags & FLAG_CONFIG) + ips->flags |= INFO_FLAG_CONFIG; + if (pp->flags & FLAG_REFCLOCK) + ips->flags |= INFO_FLAG_REFCLOCK; + if (pp->flags & FLAG_PREFER) + ips->flags |= INFO_FLAG_PREFER; + if (pp->flags & FLAG_BURST) + ips->flags |= INFO_FLAG_BURST; + if (pp->status == CTL_PST_SEL_SYNCCAND) + ips->flags |= INFO_FLAG_SEL_CANDIDATE; + if (pp->status >= CTL_PST_SEL_SYSPEER) + ips->flags |= INFO_FLAG_SHORTLIST; + ips->hmode = pp->hmode; + ips->delay = HTONS_FP(DTOFP(pp->delay)); + DTOLFP(pp->offset, <mp); + HTONL_FP(<mp, &ips->offset); + ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp))); + ips = (struct info_peer_summary *)more_pkt(); } /* for pp */ @@ -1197,7 +1182,7 @@ mem_stats( ms->hashcount[i] = (u_char) max((u_int)peer_hash_count[i], UCHAR_MAX); - more_pkt(); + (void) more_pkt(); flush_pkt(); } @@ -1285,7 +1270,7 @@ loop_info( li->compliance = htonl((u_int32)(tc_counter)); li->watchdog_timer = htonl((u_int32)(current_time - sys_epoch)); - more_pkt(); + (void) more_pkt(); flush_pkt(); } @@ -1571,56 +1556,143 @@ setclr_flags( req_ack(srcadr, inter, inpkt, INFO_OKAY); } +/* There have been some issues with the restrict list processing, + * ranging from problems with deep recursion (resulting in stack + * overflows) and overfull reply buffers. + * + * To avoid this trouble the list reversal is done iteratively using a + * scratch pad. + */ +typedef struct RestrictStack RestrictStackT; +struct RestrictStack { + RestrictStackT *link; + size_t fcnt; + const restrict_u *pres[63]; +}; + +static size_t +getStackSheetSize( + RestrictStackT *sp + ) +{ + if (sp) + return sizeof(sp->pres)/sizeof(sp->pres[0]); + return 0u; +} + +static int/*BOOL*/ +pushRestriction( + RestrictStackT **spp, + const restrict_u *ptr + ) +{ + RestrictStackT *sp; + + if (NULL == (sp = *spp) || 0 == sp->fcnt) { + /* need another sheet in the scratch pad */ + sp = emalloc(sizeof(*sp)); + sp->link = *spp; + sp->fcnt = getStackSheetSize(sp); + *spp = sp; + } + sp->pres[--sp->fcnt] = ptr; + return TRUE; +} + +static int/*BOOL*/ +popRestriction( + RestrictStackT **spp, + const restrict_u **opp + ) +{ + RestrictStackT *sp; + + if (NULL == (sp = *spp) || sp->fcnt >= getStackSheetSize(sp)) + return FALSE; + + *opp = sp->pres[sp->fcnt++]; + if (sp->fcnt >= getStackSheetSize(sp)) { + /* discard sheet from scratch pad */ + *spp = sp->link; + free(sp); + } + return TRUE; +} + +static void +flushRestrictionStack( + RestrictStackT **spp + ) +{ + RestrictStackT *sp; + + while (NULL != (sp = *spp)) { + *spp = sp->link; + free(sp); + } +} + /* - * list_restrict4 - recursive helper for list_restrict dumps IPv4 + * list_restrict4 - iterative helper for list_restrict dumps IPv4 * restriction list in reverse order. */ static void list_restrict4( - restrict_u * res, + const restrict_u * res, struct info_restrict ** ppir ) { + RestrictStackT * rpad; struct info_restrict * pir; - if (res->link != NULL) - list_restrict4(res->link, ppir); - pir = *ppir; - pir->addr = htonl(res->u.v4.addr); - if (client_v6_capable) - pir->v6_flag = 0; - pir->mask = htonl(res->u.v4.mask); - pir->count = htonl(res->count); - pir->flags = htons(res->flags); - pir->mflags = htons(res->mflags); - *ppir = (struct info_restrict *)more_pkt(); + for (rpad = NULL; res; res = res->link) + if (!pushRestriction(&rpad, res)) + break; + + while (pir && popRestriction(&rpad, &res)) { + pir->addr = htonl(res->u.v4.addr); + if (client_v6_capable) + pir->v6_flag = 0; + pir->mask = htonl(res->u.v4.mask); + pir->count = htonl(res->count); + pir->flags = htons(res->flags); + pir->mflags = htons(res->mflags); + pir = (struct info_restrict *)more_pkt(); + } + flushRestrictionStack(&rpad); + *ppir = pir; } - /* - * list_restrict6 - recursive helper for list_restrict dumps IPv6 + * list_restrict6 - iterative helper for list_restrict dumps IPv6 * restriction list in reverse order. */ static void list_restrict6( - restrict_u * res, + const restrict_u * res, struct info_restrict ** ppir ) { + RestrictStackT * rpad; struct info_restrict * pir; - if (res->link != NULL) - list_restrict6(res->link, ppir); - pir = *ppir; - pir->addr6 = res->u.v6.addr; - pir->mask6 = res->u.v6.mask; - pir->v6_flag = 1; - pir->count = htonl(res->count); - pir->flags = htons(res->flags); - pir->mflags = htons(res->mflags); - *ppir = (struct info_restrict *)more_pkt(); + for (rpad = NULL; res; res = res->link) + if (!pushRestriction(&rpad, res)) + break; + + while (pir && popRestriction(&rpad, &res)) { + pir->addr6 = res->u.v6.addr; + pir->mask6 = res->u.v6.mask; + pir->v6_flag = 1; + pir->count = htonl(res->count); + pir->flags = htons(res->flags); + pir->mflags = htons(res->mflags); + pir = (struct info_restrict *)more_pkt(); + } + flushRestrictionStack(&rpad); + *ppir = pir; } @@ -1644,8 +1716,7 @@ list_restrict( /* * The restriction lists are kept sorted in the reverse order * than they were originally. To preserve the output semantics, - * dump each list in reverse order. A recursive helper function - * achieves that. + * dump each list in reverse order. The workers take care of that. */ list_restrict4(restrictlist4, &ir); if (client_v6_capable) @@ -2010,7 +2081,7 @@ do_trustkey( register int items; items = INFO_NITEMS(inpkt->err_nitems); - kp = (uint32_t*)&inpkt->u; + kp = (uint32_t *)&inpkt->u; while (items-- > 0) { authtrust(*kp, trust); kp++; @@ -2089,7 +2160,7 @@ req_get_traps( it = (struct info_trap *)prepare_pkt(srcadr, inter, inpkt, v6sizeof(struct info_trap)); - for (i = 0, tr = ctl_traps; i < COUNTOF(ctl_traps); i++, tr++) { + for (i = 0, tr = ctl_traps; it && i < COUNTOF(ctl_traps); i++, tr++) { if (tr->tr_flags & TRAP_INUSE) { if (IS_IPV4(&tr->tr_addr)) { if (tr->tr_localaddr == any_interface) @@ -2405,7 +2476,7 @@ get_clock_info( ic = (struct info_clock *)prepare_pkt(srcadr, inter, inpkt, sizeof(struct info_clock)); - while (items-- > 0) { + while (items-- > 0 && ic) { NSRCADR(&addr) = *clkaddr++; if (!ISREFCLOCKADR(&addr) || NULL == findexistingpeer(&addr, NULL, NULL, -1, 0)) { @@ -2544,7 +2615,7 @@ get_clkbug_info( ic = (struct info_clkbug *)prepare_pkt(srcadr, inter, inpkt, sizeof(struct info_clkbug)); - while (items-- > 0) { + while (items-- > 0 && ic) { NSRCADR(&addr) = *clkaddr++; if (!ISREFCLOCKADR(&addr) || NULL == findexistingpeer(&addr, NULL, NULL, -1, 0)) { @@ -2592,13 +2663,15 @@ fill_info_if_stats(void *data, interface_info_t *interface_info) struct info_if_stats **ifsp = (struct info_if_stats **)data; struct info_if_stats *ifs = *ifsp; endpt *ep = interface_info->ep; + + if (NULL == ifs) + return; ZERO(*ifs); if (IS_IPV6(&ep->sin)) { - if (!client_v6_capable) { + if (!client_v6_capable) return; - } ifs->v6_flag = 1; ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin); ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast); diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c index 03084a353..a0f9f2b36 100644 --- a/ntpd/ntp_timer.c +++ b/ntpd/ntp_timer.c @@ -549,14 +549,16 @@ check_leapsec( #ifdef LEAP_SMEAR leap_smear.enabled = leap_smear_intv != 0; #endif - if (reset) { + if (reset) { lsprox = LSPROX_NOWARN; leapsec_reset_frame(); memset(&lsdata, 0, sizeof(lsdata)); } else { - int fired = leapsec_query(&lsdata, now, tpiv); + int fired; - DPRINTF(1, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n", + fired = leapsec_query(&lsdata, now, tpiv); + + DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n", fired, now, now, lsdata.tai_diff, lsdata.ddist)); #ifdef LEAP_SMEAR diff --git a/ntpd/ntpd-opts.c b/ntpd/ntpd-opts.c index 1bbecfa04..660884b94 100644 --- a/ntpd/ntpd-opts.c +++ b/ntpd/ntpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.c) * - * It has been AutoGen-ed October 21, 2015 at 12:36:00 PM by AutoGen 5.18.5 + * It has been AutoGen-ed January 7, 2016 at 11:28:29 PM by AutoGen 5.18.5 * From the definitions ntpd-opts.def * and the template file options * @@ -75,7 +75,7 @@ extern FILE * option_usage_fp; * static const strings for ntpd options */ static char const ntpd_opt_strs[3129] = -/* 0 */ "ntpd 4.2.8p4\n" +/* 0 */ "ntpd 4.2.8p5\n" "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] = /* 2900 */ "output version information and exit\0" /* 2936 */ "version\0" /* 2944 */ "NTPD\0" -/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p4\n" +/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n" "Usage: %s [ - [] | --[{=| }] ]... \\\n" "\t\t[ ... ]\n\0" /* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 3114 */ "\n\0" -/* 3116 */ "ntpd 4.2.8p4"; +/* 3116 */ "ntpd 4.2.8p5"; /** * ipv4 option description with @@ -1529,7 +1529,7 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpdOptions.pzCopyright */ - puts(_("ntpd 4.2.8p4\n\ + puts(_("ntpd 4.2.8p5\n\ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ @@ -1670,7 +1670,7 @@ implied warranty.\n")); puts(_("output version information and exit")); /* referenced via ntpdOptions.pzUsageTitle */ - puts(_("ntpd - NTP daemon program - Ver. 4.2.8p4\n\ + puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\ Usage: %s [ - [] | --[{=| }] ]... \\\n\ \t\t[ ... ]\n")); @@ -1678,7 +1678,7 @@ Usage: %s [ - [] | --[{=| }] ]... \\\n\ puts(_("\n")); /* referenced via ntpdOptions.pzFullVersion */ - puts(_("ntpd 4.2.8p4")); + puts(_("ntpd 4.2.8p5")); /* referenced via ntpdOptions.pzFullUsage */ puts(_("<<>>")); diff --git a/ntpd/ntpd-opts.h b/ntpd/ntpd-opts.h index d87c2216d..571fd3425 100644 --- a/ntpd/ntpd-opts.h +++ b/ntpd/ntpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.h) * - * It has been AutoGen-ed October 21, 2015 at 12:35:59 PM by AutoGen 5.18.5 + * It has been AutoGen-ed January 7, 2016 at 11:28:28 PM by AutoGen 5.18.5 * From the definitions ntpd-opts.def * and the template file options * @@ -106,9 +106,9 @@ typedef enum { /** count of all options for ntpd */ #define OPTION_CT 38 /** ntpd version */ -#define NTPD_VERSION "4.2.8p4" +#define NTPD_VERSION "4.2.8p5" /** Full ntpd version text */ -#define NTPD_FULL_VERSION "ntpd 4.2.8p4" +#define NTPD_FULL_VERSION "ntpd 4.2.8p5" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpd/ntpd.1ntpdman b/ntpd/ntpd.1ntpdman index 187a79a79..42d0caf54 100644 --- a/ntpd/ntpd.1ntpdman +++ b/ntpd/ntpd.1ntpdman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpd 1ntpdman "21 Oct 2015" "4.2.8p4" "User Commands" +.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/ntpd/ntpd.1ntpdmdoc b/ntpd/ntpd.1ntpdmdoc index 139de5277..dc06f58a9 100644 --- a/ntpd/ntpd.1ntpdmdoc +++ b/ntpd/ntpd.1ntpdmdoc @@ -1,9 +1,9 @@ -.Dd October 21 2015 +.Dd January 7 2016 .Dt NTPD 1ntpdmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntpd.html b/ntpd/ntpd.html index 8d6f9d6ad..ae3e17ce7 100644 --- a/ntpd/ntpd.html +++ b/ntpd/ntpd.html @@ -39,7 +39,7 @@

ntpd: Network Time Protocol (NTP) Daemon User Manual

symmetric and broadcast modes, and with both symmetric-key and public-key cryptography. -

This document applies to version 4.2.8p4 of ntpd. +

This document applies to version 4.2.8p5 of ntpd.

  • ntpd Description: Description @@ -220,7 +220,7 @@

    ntpd help/usage (--help)

    used to select the program, defaulting to more. Both will exit with a status code of 0. -
    ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
+
    ntpd - NTP daemon program - Ver. 4.2.8p4
 Usage:  ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
                 [ <server1> ... <serverN> ]
   Flg Arg Option-Name    Description
diff --git a/ntpd/ntpd.man.in b/ntpd/ntpd.man.in
index 21bd88473..222f0b331 100644
--- a/ntpd/ntpd.man.in
+++ b/ntpd/ntpd.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpd @NTPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpd @NTPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
 .\" From the definitions ntpd-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpd/ntpd.mdoc.in b/ntpd/ntpd.mdoc.in
index ad71af9ad..e5be1ee03 100644
--- a/ntpd/ntpd.mdoc.in
+++ b/ntpd/ntpd.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPD @NTPD_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpdc/invoke-ntpdc.texi b/ntpdc/invoke-ntpdc.texi
index 014606903..f8283de0a 100644
--- a/ntpdc/invoke-ntpdc.texi
+++ b/ntpdc/invoke-ntpdc.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpdc.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:38:54 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:31:26 PM by AutoGen 5.18.5
 # From the definitions    ntpdc-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -76,7 +76,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
+ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
 Usage:  ntpdc [ - [] | --[@{=| @}] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
diff --git a/ntpdc/ntpdc-opts.c b/ntpdc/ntpdc-opts.c
index 6b4617aa9..da89ee2fb 100644
--- a/ntpdc/ntpdc-opts.c
+++ b/ntpdc/ntpdc-opts.c
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.c)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:38:40 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:31:12 PM by AutoGen 5.18.5
  *  From the definitions    ntpdc-opts.def
  *  and the template file   options
  *
@@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
  *  static const strings for ntpdc options
  */
 static char const ntpdc_opt_strs[1911] =
-/*     0 */ "ntpdc 4.2.8p4\n"
+/*     0 */ "ntpdc 4.2.8p5\n"
             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1911] =
 /*  1694 */ "no-load-opts\0"
 /*  1707 */ "no\0"
 /*  1710 */ "NTPDC\0"
-/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n"
+/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n"
             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
 /*  1846 */ "$HOME\0"
 /*  1852 */ ".\0"
 /*  1854 */ ".ntprc\0"
 /*  1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  1895 */ "\n\0"
-/*  1897 */ "ntpdc 4.2.8p4";
+/*  1897 */ "ntpdc 4.2.8p5";
 
 /**
  *  ipv4 option description with
@@ -796,7 +796,7 @@ static void bogus_function(void) {
      translate option names.
    */
   /* referenced via ntpdcOptions.pzCopyright */
-  puts(_("ntpdc 4.2.8p4\n\
+  puts(_("ntpdc 4.2.8p5\n\
 Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
 This is free software. It is licensed for use, modification and\n\
 redistribution under the terms of the NTP License, copies of which\n\
@@ -862,14 +862,14 @@ implied warranty.\n"));
   puts(_("load options from a config file"));
 
   /* referenced via ntpdcOptions.pzUsageTitle */
-  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n\
+  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n\
 Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
 
   /* referenced via ntpdcOptions.pzExplain */
   puts(_("\n"));
 
   /* referenced via ntpdcOptions.pzFullVersion */
-  puts(_("ntpdc 4.2.8p4"));
+  puts(_("ntpdc 4.2.8p5"));
 
   /* referenced via ntpdcOptions.pzFullUsage */
   puts(_("<<>>"));
diff --git a/ntpdc/ntpdc-opts.h b/ntpdc/ntpdc-opts.h
index d2494fef0..d3326a759 100644
--- a/ntpdc/ntpdc-opts.h
+++ b/ntpdc/ntpdc-opts.h
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.h)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:38:39 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:31:11 PM by AutoGen 5.18.5
  *  From the definitions    ntpdc-opts.def
  *  and the template file   options
  *
@@ -83,9 +83,9 @@ typedef enum {
 /** count of all options for ntpdc */
 #define OPTION_CT    15
 /** ntpdc version */
-#define NTPDC_VERSION       "4.2.8p4"
+#define NTPDC_VERSION       "4.2.8p5"
 /** Full ntpdc version text */
-#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p4"
+#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p5"
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/ntpdc/ntpdc.1ntpdcman b/ntpdc/ntpdc.1ntpdcman
index 71fd5452d..3e788969b 100644
--- a/ntpdc/ntpdc.1ntpdcman
+++ b/ntpdc/ntpdc.1ntpdcman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpdc 1ntpdcman "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpdc 1ntpdcman "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
 .\" From the definitions ntpdc-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpdc/ntpdc.1ntpdcmdoc b/ntpdc/ntpdc.1ntpdcmdoc
index ff7656c9f..df53d8929 100644
--- a/ntpdc/ntpdc.1ntpdcmdoc
+++ b/ntpdc/ntpdc.1ntpdcmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPDC 1ntpdcmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c
index bef9ca365..8a79d0b50 100644
--- a/ntpdc/ntpdc.c
+++ b/ntpdc/ntpdc.c
@@ -605,7 +605,11 @@ getresponse(
 	int seq;
 	fd_set fds;
 	ssize_t n;
-	size_t pad;
+	int pad;
+	/* absolute timeout checks. Not 'time_t' by intention! */
+	uint32_t tobase;	/* base value for timeout */
+	uint32_t tospan;	/* timeout span (max delay) */
+	uint32_t todiff;	/* current delay */
 
 	/*
 	 * This is pretty tricky.  We may get between 1 and many packets
@@ -622,12 +626,14 @@ getresponse(
 	lastseq = 999;	/* too big to be a sequence number */
 	ZERO(haveseq);
 	FD_ZERO(&fds);
+	tobase = (uint32_t)time(NULL);
 
     again:
 	if (firstpkt)
 		tvo = tvout;
 	else
 		tvo = tvsout;
+	tospan = (uint32_t)tvo.tv_sec + (tvo.tv_usec != 0);
 	
 	FD_SET(sockfd, &fds);
 	n = select(sockfd+1, &fds, NULL, NULL, &tvo);
@@ -635,6 +641,17 @@ getresponse(
 		warning("select fails");
 		return -1;
 	}
+	
+	/*
+	 * Check if this is already too late. Trash the data and fake a
+	 * timeout if this is so.
+	 */
+	todiff = (((uint32_t)time(NULL)) - tobase) & 0x7FFFFFFFu;
+	if ((n > 0) && (todiff > tospan)) {
+		n = recv(sockfd, (char *)&rpkt, sizeof(rpkt), 0);
+		n = 0; /* faked timeout return from 'select()'*/
+	}
+	
 	if (n == 0) {
 		/*
 		 * Timed out.  Return what we have
@@ -780,8 +797,10 @@ getresponse(
 	}
 
 	/*
-	 * So far, so good.  Copy this data into the output array.
+	 * So far, so good.  Copy this data into the output array. Bump
+	 * the timeout base, in case we expect more data.
 	 */
+	tobase = (uint32_t)time(NULL);
 	if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) {
 		size_t offset = datap - pktdata;
 		growpktdata();
diff --git a/ntpdc/ntpdc.html b/ntpdc/ntpdc.html
index cc552cae3..107af9b22 100644
--- a/ntpdc/ntpdc.html
+++ b/ntpdc/ntpdc.html
@@ -36,7 +36,7 @@ 
    ntpdc: NTPD Control User Manual
    
 clock.  Run as root, it can correct the system clock to this offset as
 well.  It can be run as an interactive command or from a cron job.
 
-  
    This document applies to version 4.2.8p4 of ntpdc.
+  
    This document applies to version 4.2.8p5 of ntpdc.
 
   
    The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
 IETF specification.
@@ -152,7 +152,7 @@ 
    ntpdc help/usage (--help)
    more.  Both will exit
 with a status code of 0.
 
-
    ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
+
    ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
 Usage:  ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
diff --git a/ntpdc/ntpdc.man.in b/ntpdc/ntpdc.man.in
index f5df74457..666243822 100644
--- a/ntpdc/ntpdc.man.in
+++ b/ntpdc/ntpdc.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpdc @NTPDC_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpdc @NTPDC_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
 .\" From the definitions ntpdc-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpdc/ntpdc.mdoc.in b/ntpdc/ntpdc.mdoc.in
index 5a6e29244..2e2fd3124 100644
--- a/ntpdc/ntpdc.mdoc.in
+++ b/ntpdc/ntpdc.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPDC @NTPDC_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpq/invoke-ntpq.texi b/ntpq/invoke-ntpq.texi
index fa0f5d7db..b01127c01 100644
--- a/ntpq/invoke-ntpq.texi
+++ b/ntpq/invoke-ntpq.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpq.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:39:27 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:32:00 PM by AutoGen 5.18.5
 # From the definitions    ntpq-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -847,7 +847,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpq - standard NTP query program - Ver. 4.2.8p4
+ntpq - standard NTP query program - Ver. 4.2.8p5
 Usage:  ntpq [ - [] | --[@{=| @}] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
diff --git a/ntpq/ntpq-opts.c b/ntpq/ntpq-opts.c
index 223292878..69f488152 100644
--- a/ntpq/ntpq-opts.c
+++ b/ntpq/ntpq-opts.c
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.c)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
@@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
  *  static const strings for ntpq options
  */
 static char const ntpq_opt_strs[1925] =
-/*     0 */ "ntpq 4.2.8p4\n"
+/*     0 */ "ntpq 4.2.8p5\n"
             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -129,13 +129,13 @@ static char const ntpq_opt_strs[1925] =
 /*  1723 */ "no-load-opts\0"
 /*  1736 */ "no\0"
 /*  1739 */ "NTPQ\0"
-/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p4\n"
+/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p5\n"
             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
 /*  1863 */ "$HOME\0"
 /*  1869 */ ".\0"
 /*  1871 */ ".ntprc\0"
 /*  1878 */ "http://bugs.ntp.org, bugs@ntp.org\0"
-/*  1912 */ "ntpq 4.2.8p4";
+/*  1912 */ "ntpq 4.2.8p5";
 
 /**
  *  ipv4 option description with
@@ -786,7 +786,7 @@ static void bogus_function(void) {
      translate option names.
    */
   /* referenced via ntpqOptions.pzCopyright */
-  puts(_("ntpq 4.2.8p4\n\
+  puts(_("ntpq 4.2.8p5\n\
 Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
 This is free software. It is licensed for use, modification and\n\
 redistribution under the terms of the NTP License, copies of which\n\
@@ -852,11 +852,11 @@ implied warranty.\n"));
   puts(_("load options from a config file"));
 
   /* referenced via ntpqOptions.pzUsageTitle */
-  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p4\n\
+  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p5\n\
 Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
 
   /* referenced via ntpqOptions.pzFullVersion */
-  puts(_("ntpq 4.2.8p4"));
+  puts(_("ntpq 4.2.8p5"));
 
   /* referenced via ntpqOptions.pzFullUsage */
   puts(_("<<>>"));
diff --git a/ntpq/ntpq-opts.h b/ntpq/ntpq-opts.h
index f82ccae8a..758817fb7 100644
--- a/ntpq/ntpq-opts.h
+++ b/ntpq/ntpq-opts.h
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.h)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
@@ -83,9 +83,9 @@ typedef enum {
 /** count of all options for ntpq */
 #define OPTION_CT    15
 /** ntpq version */
-#define NTPQ_VERSION       "4.2.8p4"
+#define NTPQ_VERSION       "4.2.8p5"
 /** Full ntpq version text */
-#define NTPQ_FULL_VERSION  "ntpq 4.2.8p4"
+#define NTPQ_FULL_VERSION  "ntpq 4.2.8p5"
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/ntpq/ntpq.1ntpqman b/ntpq/ntpq.1ntpqman
index b4e45b2d9..1c2607636 100644
--- a/ntpq/ntpq.1ntpqman
+++ b/ntpq/ntpq.1ntpqman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpq 1ntpqman "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpq 1ntpqman "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
 .\" From the definitions ntpq-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpq/ntpq.1ntpqmdoc b/ntpq/ntpq.1ntpqmdoc
index 823943457..bf8d10116 100644
--- a/ntpq/ntpq.1ntpqmdoc
+++ b/ntpq/ntpq.1ntpqmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPQ 1ntpqmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c
index 5b3c9cb80..e51a9daf6 100644
--- a/ntpq/ntpq.c
+++ b/ntpq/ntpq.c
@@ -844,6 +844,10 @@ getresponse(
 	fd_set fds;
 	int n;
 	int errcode;
+	/* absolute timeout checks. Not 'time_t' by intention! */
+	uint32_t tobase;	/* base value for timeout */
+	uint32_t tospan;	/* timeout span (max delay) */
+	uint32_t todiff;	/* current delay */
 
 	/*
 	 * This is pretty tricky.  We may get between 1 and MAXFRAG packets
@@ -860,6 +864,8 @@ getresponse(
 	numfrags = 0;
 	seenlastfrag = 0;
 
+	tobase = (uint32_t)time(NULL);
+	
 	FD_ZERO(&fds);
 
 	/*
@@ -872,6 +878,7 @@ getresponse(
 			tvo = tvout;
 		else
 			tvo = tvsout;
+		tospan = (uint32_t)tvo.tv_sec + (tvo.tv_usec != 0);
 
 		FD_SET(sockfd, &fds);
 		n = select(sockfd+1, &fds, NULL, NULL, &tvo);
@@ -879,6 +886,17 @@ getresponse(
 			warning("select fails");
 			return -1;
 		}
+
+		/*
+		 * Check if this is already too late. Trash the data and
+		 * fake a timeout if this is so.
+		 */
+		todiff = (((uint32_t)time(NULL)) - tobase) & 0x7FFFFFFFu;
+		if ((n > 0) && (todiff > tospan)) {
+			n = recv(sockfd, (char *)&rpkt, sizeof(rpkt), 0);
+			n = 0; /* faked timeout return from 'select()'*/
+		}
+		
 		if (n == 0) {
 			/*
 			 * Timed out.  Return what we have
@@ -1141,10 +1159,12 @@ getresponse(
 		}
 
 		/*
-		 * Copy the data into the data buffer.
+		 * Copy the data into the data buffer, and bump the
+		 * timout base in case we need more.
 		 */
 		memcpy((char *)pktdata + offset, &rpkt.u, count);
-
+		tobase = (uint32_t)time(NULL);
+		
 		/*
 		 * If we've seen the last fragment, look for holes in the sequence.
 		 * If there aren't any, we're done.
@@ -2954,6 +2974,8 @@ nextvar(
 	len = srclen;
 	while (len > 0 && isspace((unsigned char)cp[len - 1]))
 		len--;
+	if (len >= sizeof(name))
+	    return 0;
 	if (len > 0)
 		memcpy(name, cp, len);
 	name[len] = '\0';
diff --git a/ntpq/ntpq.html b/ntpq/ntpq.html
index e2c374049..16f259705 100644
--- a/ntpq/ntpq.html
+++ b/ntpq/ntpq.html
@@ -44,7 +44,7 @@ 
    ntpq: Network Time Protocol Query User Manual
    
 and determine the performance of
 ntpd, the NTP daemon.
 
-  
    This document applies to version 4.2.8p4 of ntpq.
+  
    This document applies to version 4.2.8p5 of ntpq.
 
 
      
 
    • ntpq Description
@@ -769,7 +769,7 @@ 
      ntpq help/usage (--help)
      
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-
      ntpq - standard NTP query program - Ver. 4.2.8p4-sec-RC2
+
      ntpq - standard NTP query program - Ver. 4.2.8p4
 Usage:  ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
diff --git a/ntpq/ntpq.man.in b/ntpq/ntpq.man.in
index 0c0af5b90..17ccb1c7a 100644
--- a/ntpq/ntpq.man.in
+++ b/ntpq/ntpq.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpq @NTPQ_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpq @NTPQ_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
 .\" From the definitions ntpq-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpq/ntpq.mdoc.in b/ntpq/ntpq.mdoc.in
index 2b20ddc5b..9214a6669 100644
--- a/ntpq/ntpq.mdoc.in
+++ b/ntpq/ntpq.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPQ @NTPQ_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpsnmpd/invoke-ntpsnmpd.texi b/ntpsnmpd/invoke-ntpsnmpd.texi
index ac8e69c19..1185316e2 100644
--- a/ntpsnmpd/invoke-ntpsnmpd.texi
+++ b/ntpsnmpd/invoke-ntpsnmpd.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpsnmpd.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:39:43 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:32:15 PM by AutoGen 5.18.5
 # From the definitions    ntpsnmpd-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -47,7 +47,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4
+ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5
 Usage:  ntpsnmpd [ - [] | --[@{=| @}] ]...
   Flg Arg Option-Name    Description
    -n no  nofork         Do not fork
diff --git a/ntpsnmpd/ntpsnmpd-opts.c b/ntpsnmpd/ntpsnmpd-opts.c
index 01013fb8f..cb48b16e5 100644
--- a/ntpsnmpd/ntpsnmpd-opts.c
+++ b/ntpsnmpd/ntpsnmpd-opts.c
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.c)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:32:05 PM by AutoGen 5.18.5
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
@@ -61,7 +61,7 @@ extern FILE * option_usage_fp;
  *  static const strings for ntpsnmpd options
  */
 static char const ntpsnmpd_opt_strs[1610] =
-/*     0 */ "ntpsnmpd 4.2.8p4\n"
+/*     0 */ "ntpsnmpd 4.2.8p5\n"
             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -101,14 +101,14 @@ static char const ntpsnmpd_opt_strs[1610] =
 /*  1414 */ "no-load-opts\0"
 /*  1427 */ "no\0"
 /*  1430 */ "NTPSNMPD\0"
-/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n"
+/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n"
             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
 /*  1542 */ "$HOME\0"
 /*  1548 */ ".\0"
 /*  1550 */ ".ntprc\0"
 /*  1557 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  1591 */ "\n\0"
-/*  1593 */ "ntpsnmpd 4.2.8p4";
+/*  1593 */ "ntpsnmpd 4.2.8p5";
 
 /**
  *  nofork option description:
@@ -554,7 +554,7 @@ static void bogus_function(void) {
      translate option names.
    */
   /* referenced via ntpsnmpdOptions.pzCopyright */
-  puts(_("ntpsnmpd 4.2.8p4\n\
+  puts(_("ntpsnmpd 4.2.8p5\n\
 Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
 This is free software. It is licensed for use, modification and\n\
 redistribution under the terms of the NTP License, copies of which\n\
@@ -599,14 +599,14 @@ implied warranty.\n"));
   puts(_("load options from a config file"));
 
   /* referenced via ntpsnmpdOptions.pzUsageTitle */
-  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n\
+  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n\
 Usage:  %s [ - [] | --[{=| }] ]...\n"));
 
   /* referenced via ntpsnmpdOptions.pzExplain */
   puts(_("\n"));
 
   /* referenced via ntpsnmpdOptions.pzFullVersion */
-  puts(_("ntpsnmpd 4.2.8p4"));
+  puts(_("ntpsnmpd 4.2.8p5"));
 
   /* referenced via ntpsnmpdOptions.pzFullUsage */
   puts(_("<<>>"));
diff --git a/ntpsnmpd/ntpsnmpd-opts.h b/ntpsnmpd/ntpsnmpd-opts.h
index 07756dd59..8146eb9f8 100644
--- a/ntpsnmpd/ntpsnmpd-opts.h
+++ b/ntpsnmpd/ntpsnmpd-opts.h
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.h)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:32:04 PM by AutoGen 5.18.5
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
@@ -76,9 +76,9 @@ typedef enum {
 /** count of all options for ntpsnmpd */
 #define OPTION_CT    8
 /** ntpsnmpd version */
-#define NTPSNMPD_VERSION       "4.2.8p4"
+#define NTPSNMPD_VERSION       "4.2.8p5"
 /** Full ntpsnmpd version text */
-#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p4"
+#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p5"
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
index 1a5dff3d6..e7fc2ebfc 100644
--- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
+++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpsnmpd 1ntpsnmpdman "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpsnmpd 1ntpsnmpdman "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
 .\" From the definitions ntpsnmpd-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
index e13b8165d..ba8d82aa1 100644
--- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
+++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpsnmpd/ntpsnmpd.html b/ntpsnmpd/ntpsnmpd.html
index 1ad4ffcd9..94df0561c 100644
--- a/ntpsnmpd/ntpsnmpd.html
+++ b/ntpsnmpd/ntpsnmpd.html
@@ -42,7 +42,7 @@ 
      ntpsnmpd: Network Time Protocol Query User Manual
      
 
      The ntpsnmpd utility program is used to monitor NTP daemon ntpd
 operations and determine performance.  It uses the standard NTP mode 6 control
 
-  
      This document applies to version 4.2.8p4 of ntpsnmpd.
+  
      This document applies to version 4.2.8p5 of ntpsnmpd.
 
 
        
 
      • ntpsnmpd Description:             Description
diff --git a/ntpsnmpd/ntpsnmpd.man.in b/ntpsnmpd/ntpsnmpd.man.in
index 0da76ff3f..b5fe93d21 100644
--- a/ntpsnmpd/ntpsnmpd.man.in
+++ b/ntpsnmpd/ntpsnmpd.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpsnmpd @NTPSNMPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH ntpsnmpd @NTPSNMPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
 .\" From the definitions ntpsnmpd-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/ntpsnmpd/ntpsnmpd.mdoc.in b/ntpsnmpd/ntpsnmpd.mdoc.in
index d2cebc452..9349c2fba 100644
--- a/ntpsnmpd/ntpsnmpd.mdoc.in
+++ b/ntpsnmpd/ntpsnmpd.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/packageinfo.sh b/packageinfo.sh
index 1e0a2289d..9b941982f 100644
--- a/packageinfo.sh
+++ b/packageinfo.sh
@@ -83,7 +83,7 @@ CLTAG=NTP_4_2_0
 # - Numeric values increment
 # - empty 'increments' to 1
 # - NEW 'increments' to empty
-point=4
+point=5
 
 ### betapoint is normally modified by script.
 # ntp-stable Beta number (betapoint)
diff --git a/scripts/calc_tickadj/Makefile.am b/scripts/calc_tickadj/Makefile.am
index b98bc8771..473b6e343 100644
--- a/scripts/calc_tickadj/Makefile.am
+++ b/scripts/calc_tickadj/Makefile.am
@@ -60,6 +60,8 @@ noinst_DATA = 				\
 	$(manpage_HACK)			\
 	$(NULL)
 
+BUILT_SOURCES = $(noinst_DATA)
+
 calc_tickadj: $(srcdir)/calc_tickadj-opts
 
 $(srcdir)/calc_tickadj-opts: $(srcdir)/calc_tickadj-opts.def
diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
index 9057b89bb..cfeca4d08 100644
--- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
+++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
 .\" From the definitions calc_tickadj-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
index 9c1245b9c..8aed38f14 100644
--- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
+++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
 .\"  From the definitions    calc_tickadj-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/calc_tickadj/calc_tickadj.html b/scripts/calc_tickadj/calc_tickadj.html
index a88e28fc2..484e11202 100644
--- a/scripts/calc_tickadj/calc_tickadj.html
+++ b/scripts/calc_tickadj/calc_tickadj.html
@@ -31,7 +31,7 @@ 
        calc_tickadj User's Manual
        
 
        calc_tickadj User's Manual
        
 
 
        This document describes the use of the NTP Project's calc_tickadj program. 
-This document applies to version 4.2.8p4 of calc_tickadj.
+This document applies to version 4.2.8p5 of calc_tickadj.
 
   
        
 
        Short Contents
        
diff --git a/scripts/calc_tickadj/calc_tickadj.man.in b/scripts/calc_tickadj/calc_tickadj.man.in
index 9057b89bb..cfeca4d08 100644
--- a/scripts/calc_tickadj/calc_tickadj.man.in
+++ b/scripts/calc_tickadj/calc_tickadj.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
 .\" From the definitions calc_tickadj-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/calc_tickadj/calc_tickadj.mdoc.in b/scripts/calc_tickadj/calc_tickadj.mdoc.in
index 9c1245b9c..8aed38f14 100644
--- a/scripts/calc_tickadj/calc_tickadj.mdoc.in
+++ b/scripts/calc_tickadj/calc_tickadj.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
 .\"  From the definitions    calc_tickadj-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/calc_tickadj/invoke-calc_tickadj.texi b/scripts/calc_tickadj/invoke-calc_tickadj.texi
index 2c666341d..c78d53d18 100644
--- a/scripts/calc_tickadj/invoke-calc_tickadj.texi
+++ b/scripts/calc_tickadj/invoke-calc_tickadj.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-calc_tickadj.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:04 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:30 PM by AutoGen 5.18.5
 # From the definitions    calc_tickadj-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
diff --git a/scripts/invoke-plot_summary.texi b/scripts/invoke-plot_summary.texi
index 914c37b92..93cc07ade 100644
--- a/scripts/invoke-plot_summary.texi
+++ b/scripts/invoke-plot_summary.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-plot_summary.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:48 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:16 PM by AutoGen 5.18.5
 # From the definitions    plot_summary-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -41,7 +41,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
+plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
 USAGE: plot_summary [ - [] | --[@{=| @}] ]... 
 
         --directory=str          Where the summary files are
diff --git a/scripts/invoke-summary.texi b/scripts/invoke-summary.texi
index dc0dca731..521a7ff48 100644
--- a/scripts/invoke-summary.texi
+++ b/scripts/invoke-summary.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-summary.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:54 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:22 PM by AutoGen 5.18.5
 # From the definitions    summary-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -42,7 +42,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
+summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
 USAGE: summary [ - [] | --[@{=| @}] ]... 
 
         --directory=str          Directory containing stat files
diff --git a/scripts/ntp-wait/invoke-ntp-wait.texi b/scripts/ntp-wait/invoke-ntp-wait.texi
index f626f3380..f2de3603c 100644
--- a/scripts/ntp-wait/invoke-ntp-wait.texi
+++ b/scripts/ntp-wait/invoke-ntp-wait.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntp-wait.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:12 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:39 PM by AutoGen 5.18.5
 # From the definitions    ntp-wait-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -61,7 +61,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
+ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
 USAGE: ntp-wait [ - [] | --[@{=| @}] ]... 
 
     -n, --tries=num              Number of times to check ntpd
diff --git a/scripts/ntp-wait/ntp-wait-opts b/scripts/ntp-wait/ntp-wait-opts
index e2e2897bd..24db0a308 100644
--- a/scripts/ntp-wait/ntp-wait-opts
+++ b/scripts/ntp-wait/ntp-wait-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (ntp-wait-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:06 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:33 PM by AutoGen 5.18.5
 # From the definitions    ntp-wait-opts.def
 # and the template file   perlopt
 
@@ -40,7 +40,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
+ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
 USAGE: ntp-wait [ - [] | --[{=| }] ]... 
 
     -n, --tries=num              Number of times to check ntpd
diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitman b/scripts/ntp-wait/ntp-wait.1ntp-waitman
index 5a0d3cc05..b49cd9486 100644
--- a/scripts/ntp-wait/ntp-wait.1ntp-waitman
+++ b/scripts/ntp-wait/ntp-wait.1ntp-waitman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntp-wait 1ntp-waitman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntp-wait 1ntp-waitman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
 .\" From the definitions ntp-wait-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
index aedeec866..293bb0e19 100644
--- a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
+++ b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTP_WAIT 1ntp-waitmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntp-wait/ntp-wait.html b/scripts/ntp-wait/ntp-wait.html
index 1a9ca501e..e8f08d4ea 100644
--- a/scripts/ntp-wait/ntp-wait.html
+++ b/scripts/ntp-wait/ntp-wait.html
@@ -39,7 +39,7 @@ 
        Ntp-wait User's Manual
        
 and only then start any applicaitons (like database servers) that require
 accurate and stable time.
 
-  
        This document applies to version 4.2.8p4 of ntp-wait.
+  
        This document applies to version 4.2.8p5 of ntp-wait.
 
 
        
 
        Short Contents
        
@@ -114,7 +114,7 @@ 
        0.1.1 ntp-wait help/usage (--helpmore.  Both will exit
 with a status code of 0.
 
-
        ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
+
        ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
 
     -n, --tries=num              Number of times to check ntpd
diff --git a/scripts/ntp-wait/ntp-wait.man.in b/scripts/ntp-wait/ntp-wait.man.in
index 12395fce2..f7326deb3 100644
--- a/scripts/ntp-wait/ntp-wait.man.in
+++ b/scripts/ntp-wait/ntp-wait.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntp-wait @NTP_WAIT_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntp-wait @NTP_WAIT_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
 .\" From the definitions ntp-wait-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntp-wait/ntp-wait.mdoc.in b/scripts/ntp-wait/ntp-wait.mdoc.in
index 079828224..d3562ba63 100644
--- a/scripts/ntp-wait/ntp-wait.mdoc.in
+++ b/scripts/ntp-wait/ntp-wait.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntpsweep/invoke-ntpsweep.texi b/scripts/ntpsweep/invoke-ntpsweep.texi
index 5a2112da9..0556da8f8 100644
--- a/scripts/ntpsweep/invoke-ntpsweep.texi
+++ b/scripts/ntpsweep/invoke-ntpsweep.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpsweep.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:18 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:45 PM by AutoGen 5.18.5
 # From the definitions    ntpsweep-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -45,7 +45,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
+ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
 USAGE: ntpsweep [ - [] | --[@{=| @}] ]... [hostfile]
 
     -l, --host-list=str          Host to execute actions on
diff --git a/scripts/ntpsweep/ntpsweep-opts b/scripts/ntpsweep/ntpsweep-opts
index 54d7f0d38..2629d291c 100644
--- a/scripts/ntpsweep/ntpsweep-opts
+++ b/scripts/ntpsweep/ntpsweep-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (ntpsweep-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:16 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:43 PM by AutoGen 5.18.5
 # From the definitions    ntpsweep-opts.def
 # and the template file   perlopt
 
@@ -43,7 +43,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
+ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
 USAGE: ntpsweep [ - [] | --[{=| }] ]... [hostfile]
 
     -l, --host-list=str          Host to execute actions on
diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepman b/scripts/ntpsweep/ntpsweep.1ntpsweepman
index 66deebaac..0f61f6439 100644
--- a/scripts/ntpsweep/ntpsweep.1ntpsweepman
+++ b/scripts/ntpsweep/ntpsweep.1ntpsweepman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
 .\" From the definitions ntpsweep-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
index a0f7e8738..6d0c357d1 100644
--- a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
+++ b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPSWEEP 1ntpsweepmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpsweep-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntpsweep/ntpsweep.html b/scripts/ntpsweep/ntpsweep.html
index fed2e2a23..aba6b5f97 100644
--- a/scripts/ntpsweep/ntpsweep.html
+++ b/scripts/ntpsweep/ntpsweep.html
@@ -30,7 +30,7 @@ 
        ntpsweep User's Manual
        
 
   
        This document describes the use of the NTP Project's ntpsweep program.
 
-  
        This document applies to version 4.2.8p4 of ntpsweep.
+  
        This document applies to version 4.2.8p5 of ntpsweep.
 
   
        
 
        Short Contents
        
@@ -90,7 +90,7 @@ 
        0.1.1 ntpsweep help/usage (--helpmore.  Both will exit
 with a status code of 0.
 
-
        ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
+
        ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile]
 
     -l, --host-list=str          Host to execute actions on
diff --git a/scripts/ntpsweep/ntpsweep.man.in b/scripts/ntpsweep/ntpsweep.man.in
index 66deebaac..0f61f6439 100644
--- a/scripts/ntpsweep/ntpsweep.man.in
+++ b/scripts/ntpsweep/ntpsweep.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
 .\" From the definitions ntpsweep-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntpsweep/ntpsweep.mdoc.in b/scripts/ntpsweep/ntpsweep.mdoc.in
index a0f7e8738..6d0c357d1 100644
--- a/scripts/ntpsweep/ntpsweep.mdoc.in
+++ b/scripts/ntpsweep/ntpsweep.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPSWEEP 1ntpsweepmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
 .\"  From the definitions    ntpsweep-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntptrace/invoke-ntptrace.texi b/scripts/ntptrace/invoke-ntptrace.texi
index 4360728a6..29f48f47f 100644
--- a/scripts/ntptrace/invoke-ntptrace.texi
+++ b/scripts/ntptrace/invoke-ntptrace.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntptrace.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:30 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:58 PM by AutoGen 5.18.5
 # From the definitions    ntptrace-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -62,7 +62,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
+ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
 USAGE: ntptrace [ - [] | --[@{=| @}] ]... [host]
 
     -n, --numeric                Print IP addresses instead of hostnames
diff --git a/scripts/ntptrace/ntptrace-opts b/scripts/ntptrace/ntptrace-opts
index d6dbc5333..d1cecf80e 100644
--- a/scripts/ntptrace/ntptrace-opts
+++ b/scripts/ntptrace/ntptrace-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (ntptrace-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:25 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:26:52 PM by AutoGen 5.18.5
 # From the definitions    ntptrace-opts.def
 # and the template file   perlopt
 
@@ -40,7 +40,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
+ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
 USAGE: ntptrace [ - [] | --[{=| }] ]... [host]
 
     -n, --numeric                Print IP addresses instead of hostnames
diff --git a/scripts/ntptrace/ntptrace.1ntptraceman b/scripts/ntptrace/ntptrace.1ntptraceman
index c2362b7a0..33854e686 100644
--- a/scripts/ntptrace/ntptrace.1ntptraceman
+++ b/scripts/ntptrace/ntptrace.1ntptraceman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntptrace 1ntptraceman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntptrace 1ntptraceman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
 .\" From the definitions ntptrace-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntptrace/ntptrace.1ntptracemdoc b/scripts/ntptrace/ntptrace.1ntptracemdoc
index 1734bcc7e..eea1d6209 100644
--- a/scripts/ntptrace/ntptrace.1ntptracemdoc
+++ b/scripts/ntptrace/ntptrace.1ntptracemdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPTRACE 1ntptracemdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
 .\"  From the definitions    ntptrace-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntptrace/ntptrace.html b/scripts/ntptrace/ntptrace.html
index 4a4b7464d..fb96e7136 100644
--- a/scripts/ntptrace/ntptrace.html
+++ b/scripts/ntptrace/ntptrace.html
@@ -31,7 +31,7 @@ 
        Ntptrace User's Manual
        
 
        Simple Network Time Protocol User Manual
        
 
 
        This document describes the use of the NTP Project's ntptrace program. 
-This document applies to version 4.2.8p4 of ntptrace.
+This document applies to version 4.2.8p5 of ntptrace.
 
   
        
 
        Short Contents
        
@@ -107,7 +107,7 @@ 
        ntptrace help/usage (--help)<
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-
        ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
+
        ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
 USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host]
 
     -n, --numeric                Print IP addresses instead of hostnames
diff --git a/scripts/ntptrace/ntptrace.man.in b/scripts/ntptrace/ntptrace.man.in
index 5aca4557c..04c8c9120 100644
--- a/scripts/ntptrace/ntptrace.man.in
+++ b/scripts/ntptrace/ntptrace.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntptrace @NTPTRACE_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntptrace @NTPTRACE_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
 .\" From the definitions ntptrace-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/ntptrace/ntptrace.mdoc.in b/scripts/ntptrace/ntptrace.mdoc.in
index 34be2a550..6e8b389dc 100644
--- a/scripts/ntptrace/ntptrace.mdoc.in
+++ b/scripts/ntptrace/ntptrace.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTPTRACE @NTPTRACE_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
 .\"  From the definitions    ntptrace-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/plot_summary-opts b/scripts/plot_summary-opts
index 2cb86c41d..28ea5837a 100644
--- a/scripts/plot_summary-opts
+++ b/scripts/plot_summary-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (plot_summary-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:45 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:12 PM by AutoGen 5.18.5
 # From the definitions    plot_summary-opts.def
 # and the template file   perlopt
 
@@ -46,7 +46,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
+plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
 USAGE: plot_summary [ - [] | --[{=| }] ]... 
 
         --directory=str          Where the summary files are
diff --git a/scripts/plot_summary.1plot_summaryman b/scripts/plot_summary.1plot_summaryman
index fea03df8f..9094f8e33 100644
--- a/scripts/plot_summary.1plot_summaryman
+++ b/scripts/plot_summary.1plot_summaryman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
 .\" From the definitions plot_summary-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/plot_summary.1plot_summarymdoc b/scripts/plot_summary.1plot_summarymdoc
index 0eff78f7d..99c5d8cbb 100644
--- a/scripts/plot_summary.1plot_summarymdoc
+++ b/scripts/plot_summary.1plot_summarymdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
 .\"  From the definitions    plot_summary-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/plot_summary.html b/scripts/plot_summary.html
index 7f0a594fc..3cb2ed498 100644
--- a/scripts/plot_summary.html
+++ b/scripts/plot_summary.html
@@ -31,7 +31,7 @@ 
        Plot_summary User's Manual
        
 
        Plot_summary User Manual
        
 
 
        This document describes the use of the NTP Project's plot_summary program. 
-This document applies to version 4.2.8p4 of plot_summary.
+This document applies to version 4.2.8p5 of plot_summary.
 
   
        
 
        Short Contents
        
@@ -89,7 +89,7 @@ 
        plot_summary help/usage (--helpmore.  Both will exit
 with a status code of 0.
 
-
        plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
+
        plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
 USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
 
         --directory=str          Where the summary files are
diff --git a/scripts/plot_summary.man.in b/scripts/plot_summary.man.in
index fea03df8f..9094f8e33 100644
--- a/scripts/plot_summary.man.in
+++ b/scripts/plot_summary.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
 .\" From the definitions plot_summary-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/plot_summary.mdoc.in b/scripts/plot_summary.mdoc.in
index 0eff78f7d..99c5d8cbb 100644
--- a/scripts/plot_summary.mdoc.in
+++ b/scripts/plot_summary.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
 .\"  From the definitions    plot_summary-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/summary-opts b/scripts/summary-opts
index 22f2c49ab..47661ee1b 100644
--- a/scripts/summary-opts
+++ b/scripts/summary-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (summary-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:47 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:14 PM by AutoGen 5.18.5
 # From the definitions    summary-opts.def
 # and the template file   perlopt
 
@@ -44,7 +44,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
+summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
 USAGE: summary [ - [] | --[{=| }] ]... 
 
         --directory=str          Directory containing stat files
diff --git a/scripts/summary.1summaryman b/scripts/summary.1summaryman
index 65b0eecdc..0573b1184 100644
--- a/scripts/summary.1summaryman
+++ b/scripts/summary.1summaryman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
 .\" From the definitions summary-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/summary.1summarymdoc b/scripts/summary.1summarymdoc
index 8bb1dfbba..5e28a57d7 100644
--- a/scripts/summary.1summarymdoc
+++ b/scripts/summary.1summarymdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt SUMMARY 1summarymdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
 .\"  From the definitions    summary-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/summary.html b/scripts/summary.html
index 13299056d..566531e7c 100644
--- a/scripts/summary.html
+++ b/scripts/summary.html
@@ -31,7 +31,7 @@ 
        Summary User's Manual
        
 
        Summary User Manual
        
 
 
        This document describes the use of the NTP Project's summary program. 
-This document applies to version 4.2.8p4 of summary.
+This document applies to version 4.2.8p5 of summary.
 
   
        
 
        Short Contents
        
@@ -88,7 +88,7 @@ 
        summary help/usage (--help)more.  Both will exit
 with a status code of 0.
 
-
        summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
+
        summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
 USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
 
         --directory=str          Directory containing stat files
diff --git a/scripts/summary.man.in b/scripts/summary.man.in
index 65b0eecdc..0573b1184 100644
--- a/scripts/summary.man.in
+++ b/scripts/summary.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
 .\" From the definitions summary-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/summary.mdoc.in b/scripts/summary.mdoc.in
index 8bb1dfbba..5e28a57d7 100644
--- a/scripts/summary.mdoc.in
+++ b/scripts/summary.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt SUMMARY 1summarymdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
 .\"  From the definitions    summary-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/update-leap/invoke-update-leap.texi b/scripts/update-leap/invoke-update-leap.texi
index da6df52f0..42319790d 100644
--- a/scripts/update-leap/invoke-update-leap.texi
+++ b/scripts/update-leap/invoke-update-leap.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-update-leap.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:38 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:05 PM by AutoGen 5.18.5
 # From the definitions    update-leap-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
diff --git a/scripts/update-leap/update-leap-opts b/scripts/update-leap/update-leap-opts
index debf33339..506a74614 100644
--- a/scripts/update-leap/update-leap-opts
+++ b/scripts/update-leap/update-leap-opts
@@ -1,6 +1,6 @@
 # EDIT THIS FILE WITH CAUTION  (update-leap-opts)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:34:44 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:27:11 PM by AutoGen 5.18.5
 # From the definitions    update-leap-opts.def
 # and the template file   perlopt
 
@@ -46,7 +46,7 @@ sub processOptions {
         'help|?', 'more-help'));
 
     $usage = <<'USAGE';
-update-leap - leap-seconds file manager/updater - Ver. 4.2.8p4
+update-leap - leap-seconds file manager/updater - Ver. 4.2.8p5
 USAGE: update-leap [ - [] | --[{=| }] ]... 
 
     -s, --source-url=str         The URL of the master copy of the leapseconds file
diff --git a/scripts/update-leap/update-leap.1update-leapman b/scripts/update-leap/update-leap.1update-leapman
index dbe113c78..4fdf46737 100644
--- a/scripts/update-leap/update-leap.1update-leapman
+++ b/scripts/update-leap/update-leap.1update-leapman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
 .\" From the definitions update-leap-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/update-leap/update-leap.1update-leapmdoc b/scripts/update-leap/update-leap.1update-leapmdoc
index cfbe34a74..8827df736 100644
--- a/scripts/update-leap/update-leap.1update-leapmdoc
+++ b/scripts/update-leap/update-leap.1update-leapmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt UPDATE_LEAP 1update-leapmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
 .\"  From the definitions    update-leap-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/update-leap/update-leap.html b/scripts/update-leap/update-leap.html
index bea57b8c7..a7d2a70fe 100644
--- a/scripts/update-leap/update-leap.html
+++ b/scripts/update-leap/update-leap.html
@@ -30,7 +30,7 @@ 
        update-leap User's Manual
        
 
   
        This document describes the use of the NTP Project's update-leap program.
 
-  
        This document applies to version 4.2.8p4 of update-leap.
+  
        This document applies to version 4.2.8p5 of update-leap.
 
 
        
 
        Short Contents
        
diff --git a/scripts/update-leap/update-leap.man.in b/scripts/update-leap/update-leap.man.in
index dbe113c78..4fdf46737 100644
--- a/scripts/update-leap/update-leap.man.in
+++ b/scripts/update-leap/update-leap.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
 .\" From the definitions update-leap-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/scripts/update-leap/update-leap.mdoc.in b/scripts/update-leap/update-leap.mdoc.in
index cfbe34a74..8827df736 100644
--- a/scripts/update-leap/update-leap.mdoc.in
+++ b/scripts/update-leap/update-leap.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt UPDATE_LEAP 1update-leapmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
 .\"  From the definitions    update-leap-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/sntp/include/copyright.def b/sntp/include/copyright.def
index 1cc7ad270..4fb44618c 100644
--- a/sntp/include/copyright.def
+++ b/sntp/include/copyright.def
@@ -1,7 +1,7 @@
 /* -*- Mode: Text -*- */
 
 copyright = {
-    date  = "1992-2015";
+    date  = "1992-2016";
     owner = "The University of Delaware and Network Time Foundation";
     eaddr = "http://bugs.ntp.org, bugs@ntp.org";
     type  = ntp;
diff --git a/sntp/invoke-sntp.texi b/sntp/invoke-sntp.texi
index 9a726faf7..6ca3b06ca 100644
--- a/sntp/invoke-sntp.texi
+++ b/sntp/invoke-sntp.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-sntp.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:30:56 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:23:24 PM by AutoGen 5.18.5
 # From the definitions    sntp-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -101,7 +101,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
+sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
 Usage:  sntp [ - [] | --[@{=| @}] ]... \
                 [ hostname-or-IP ...]
   Flg Arg Option-Name    Description
diff --git a/sntp/sntp-opts.c b/sntp/sntp-opts.c
index e46a80c43..69fb78668 100644
--- a/sntp/sntp-opts.c
+++ b/sntp/sntp-opts.c
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.c)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:30:23 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:22:49 PM by AutoGen 5.18.5
  *  From the definitions    sntp-opts.def
  *  and the template file   options
  *
@@ -70,7 +70,7 @@ extern FILE * option_usage_fp;
  *  static const strings for sntp options
  */
 static char const sntp_opt_strs[2549] =
-/*     0 */ "sntp 4.2.8p4\n"
+/*     0 */ "sntp 4.2.8p5\n"
             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -155,7 +155,7 @@ static char const sntp_opt_strs[2549] =
 /*  2298 */ "LOAD_OPTS\0"
 /*  2308 */ "no-load-opts\0"
 /*  2321 */ "SNTP\0"
-/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n"
+/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n"
             "Usage:  %s [ - [] | --[{=| }] ]... \\\n"
             "\t\t[ hostname-or-IP ...]\n\0"
 /*  2485 */ "$HOME\0"
@@ -163,7 +163,7 @@ static char const sntp_opt_strs[2549] =
 /*  2493 */ ".ntprc\0"
 /*  2500 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  2534 */ "\n\0"
-/*  2536 */ "sntp 4.2.8p4";
+/*  2536 */ "sntp 4.2.8p5";
 
 /**
  *  ipv4 option description with
@@ -1173,7 +1173,7 @@ static void bogus_function(void) {
      translate option names.
    */
   /* referenced via sntpOptions.pzCopyright */
-  puts(_("sntp 4.2.8p4\n\
+  puts(_("sntp 4.2.8p5\n\
 Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
 This is free software. It is licensed for use, modification and\n\
 redistribution under the terms of the NTP License, copies of which\n\
@@ -1263,7 +1263,7 @@ implied warranty.\n"));
   puts(_("load options from a config file"));
 
   /* referenced via sntpOptions.pzUsageTitle */
-  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n\
+  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n\
 Usage:  %s [ - [] | --[{=| }] ]... \\\n\
 \t\t[ hostname-or-IP ...]\n"));
 
@@ -1271,7 +1271,7 @@ Usage:  %s [ - [] | --[{=| }] ]... \\\n\
   puts(_("\n"));
 
   /* referenced via sntpOptions.pzFullVersion */
-  puts(_("sntp 4.2.8p4"));
+  puts(_("sntp 4.2.8p5"));
 
   /* referenced via sntpOptions.pzFullUsage */
   puts(_("<<>>"));
diff --git a/sntp/sntp-opts.h b/sntp/sntp-opts.h
index 895421edd..78951abd1 100644
--- a/sntp/sntp-opts.h
+++ b/sntp/sntp-opts.h
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.h)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:30:22 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:22:48 PM by AutoGen 5.18.5
  *  From the definitions    sntp-opts.def
  *  and the template file   options
  *
@@ -91,9 +91,9 @@ typedef enum {
 /** count of all options for sntp */
 #define OPTION_CT    23
 /** sntp version */
-#define SNTP_VERSION       "4.2.8p4"
+#define SNTP_VERSION       "4.2.8p5"
 /** Full sntp version text */
-#define SNTP_FULL_VERSION  "sntp 4.2.8p4"
+#define SNTP_FULL_VERSION  "sntp 4.2.8p5"
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/sntp/sntp.1sntpman b/sntp/sntp.1sntpman
index 89facc6de..792fc528a 100644
--- a/sntp/sntp.1sntpman
+++ b/sntp/sntp.1sntpman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH sntp 1sntpman "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH sntp 1sntpman "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
 .\" From the definitions sntp-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/sntp/sntp.1sntpmdoc b/sntp/sntp.1sntpmdoc
index b1b3940db..8005e9a83 100644
--- a/sntp/sntp.1sntpmdoc
+++ b/sntp/sntp.1sntpmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt SNTP 1sntpmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/sntp/sntp.html b/sntp/sntp.html
index 5ea532ef6..6aa66fb52 100644
--- a/sntp/sntp.html
+++ b/sntp/sntp.html
@@ -36,7 +36,7 @@ 
        Simple Network Time Protocol User Manual
        
 clock.  Run as root, it can correct the system clock to this offset as
 well.  It can be run as an interactive command or from a cron job.
 
-  
        This document applies to version 4.2.8p4 of sntp.
+  
        This document applies to version 4.2.8p5 of sntp.
 
   
        The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
 IETF specification.
@@ -176,7 +176,7 @@ 
        sntp help/usage (--help)
        
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
+
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
 Usage:  sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
                 [ hostname-or-IP ...]
   Flg Arg Option-Name    Description
diff --git a/sntp/sntp.man.in b/sntp/sntp.man.in
index 84afa7e90..1d5e571ca 100644
--- a/sntp/sntp.man.in
+++ b/sntp/sntp.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH sntp @SNTP_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
+.TH sntp @SNTP_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
 .\" From the definitions sntp-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/sntp/sntp.mdoc.in b/sntp/sntp.mdoc.in
index 0313e5e0a..5168a9948 100644
--- a/sntp/sntp.mdoc.in
+++ b/sntp/sntp.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt SNTP @SNTP_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/util/invoke-ntp-keygen.texi b/util/invoke-ntp-keygen.texi
index eafcb43d8..36a1a421b 100644
--- a/util/invoke-ntp-keygen.texi
+++ b/util/invoke-ntp-keygen.texi
@@ -6,7 +6,7 @@
 #
 # EDIT THIS FILE WITH CAUTION  (invoke-ntp-keygen.texi)
 #
-# It has been AutoGen-ed  October 21, 2015 at 12:40:07 PM by AutoGen 5.18.5
+# It has been AutoGen-ed  January  7, 2016 at 11:32:40 PM by AutoGen 5.18.5
 # From the definitions    ntp-keygen-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -886,7 +886,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5
 Usage:  ntp-keygen [ - [] | --[@{=| @}] ]...
   Flg Arg Option-Name    Description
    -b Num imbits         identity modulus bits
diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c
index 1f256f9b0..f41bff46b 100644
--- a/util/ntp-keygen-opts.c
+++ b/util/ntp-keygen-opts.c
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.c)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:32:25 PM by AutoGen 5.18.5
  *  From the definitions    ntp-keygen-opts.def
  *  and the template file   options
  *
@@ -72,7 +72,7 @@ extern FILE * option_usage_fp;
  *  static const strings for ntp-keygen options
  */
 static char const ntp_keygen_opt_strs[2419] =
-/*     0 */ "ntp-keygen (ntp) 4.2.8p4\n"
+/*     0 */ "ntp-keygen (ntp) 4.2.8p5\n"
             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -164,14 +164,14 @@ static char const ntp_keygen_opt_strs[2419] =
 /*  2202 */ "no-load-opts\0"
 /*  2215 */ "no\0"
 /*  2218 */ "NTP_KEYGEN\0"
-/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n"
+/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n"
             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
 /*  2343 */ "$HOME\0"
 /*  2349 */ ".\0"
 /*  2351 */ ".ntprc\0"
 /*  2358 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  2392 */ "\n\0"
-/*  2394 */ "ntp-keygen (ntp) 4.2.8p4";
+/*  2394 */ "ntp-keygen (ntp) 4.2.8p5";
 
 /**
  *  imbits option description:
@@ -1309,7 +1309,7 @@ static void bogus_function(void) {
      translate option names.
    */
   /* referenced via ntp_keygenOptions.pzCopyright */
-  puts(_("ntp-keygen (ntp) 4.2.8p4\n\
+  puts(_("ntp-keygen (ntp) 4.2.8p5\n\
 Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
 This is free software. It is licensed for use, modification and\n\
 redistribution under the terms of the NTP License, copies of which\n\
@@ -1408,14 +1408,14 @@ implied warranty.\n"));
   puts(_("load options from a config file"));
 
   /* referenced via ntp_keygenOptions.pzUsageTitle */
-  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n\
+  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n\
 Usage:  %s [ - [] | --[{=| }] ]...\n"));
 
   /* referenced via ntp_keygenOptions.pzExplain */
   puts(_("\n"));
 
   /* referenced via ntp_keygenOptions.pzFullVersion */
-  puts(_("ntp-keygen (ntp) 4.2.8p4"));
+  puts(_("ntp-keygen (ntp) 4.2.8p5"));
 
   /* referenced via ntp_keygenOptions.pzFullUsage */
   puts(_("<<>>"));
diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h
index c88bef869..120549472 100644
--- a/util/ntp-keygen-opts.h
+++ b/util/ntp-keygen-opts.h
@@ -1,7 +1,7 @@
 /*
  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.h)
  *
- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
+ *  It has been AutoGen-ed  January  7, 2016 at 11:32:24 PM by AutoGen 5.18.5
  *  From the definitions    ntp-keygen-opts.def
  *  and the template file   options
  *
@@ -94,9 +94,9 @@ typedef enum {
 /** count of all options for ntp-keygen */
 #define OPTION_CT    26
 /** ntp-keygen version */
-#define NTP_KEYGEN_VERSION       "4.2.8p4"
+#define NTP_KEYGEN_VERSION       "4.2.8p5"
 /** Full ntp-keygen version text */
-#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p4"
+#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p5"
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/util/ntp-keygen.1ntp-keygenman b/util/ntp-keygen.1ntp-keygenman
index 99d992565..195e3d2ba 100644
--- a/util/ntp-keygen.1ntp-keygenman
+++ b/util/ntp-keygen.1ntp-keygenman
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntp-keygen 1ntp-keygenman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntp-keygen 1ntp-keygenman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
 .\" From the definitions ntp-keygen-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/util/ntp-keygen.1ntp-keygenmdoc b/util/ntp-keygen.1ntp-keygenmdoc
index 7b749fd9e..18c38fbb7 100644
--- a/util/ntp-keygen.1ntp-keygenmdoc
+++ b/util/ntp-keygen.1ntp-keygenmdoc
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/util/ntp-keygen.html b/util/ntp-keygen.html
index 39d911e76..f7a607399 100644
--- a/util/ntp-keygen.html
+++ b/util/ntp-keygen.html
@@ -70,7 +70,7 @@ 
        NTP Key Generation Program User Manual
        
 printable ASCII format so they can be embedded as MIME attachments in
 mail to other sites.
 
-  
        This document applies to version 4.2.8p4 of ntp-keygen.
+  
        This document applies to version 4.2.8p5 of ntp-keygen.
 
 
        
 
        
@@ -1085,7 +1085,7 @@ 
        ntp-keygen help/usage (--help
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-
        ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4-sec-RC2
+
        ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
 Usage:  ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
   Flg Arg Option-Name    Description
    -b Num imbits         identity modulus bits
diff --git a/util/ntp-keygen.man.in b/util/ntp-keygen.man.in
index a9287681d..c76c4df23 100644
--- a/util/ntp-keygen.man.in
+++ b/util/ntp-keygen.man.in
@@ -10,11 +10,11 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH ntp-keygen @NTP_KEYGEN_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
+.TH ntp-keygen @NTP_KEYGEN_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
 .\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
 .\"
-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
 .\" From the definitions ntp-keygen-opts.def
 .\" and the template file agman-cmd.tpl
 .SH NAME
diff --git a/util/ntp-keygen.mdoc.in b/util/ntp-keygen.mdoc.in
index 4d035cba4..9e6675b7e 100644
--- a/util/ntp-keygen.mdoc.in
+++ b/util/ntp-keygen.mdoc.in
@@ -1,9 +1,9 @@
-.Dd October 21 2015
+.Dd January 7 2016
 .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
 .Os
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
 .\"
-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
+.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME