From 827240201c714b9efeea790e6245141e6b59a1f6 Mon Sep 17 00:00:00 2001
From: cy <cy@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Sat, 27 Aug 2016 02:53:21 +0000
Subject: [PATCH] MFC r304779, r304780, r304781, r304782, r304802

r304779:

  Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
  to leap-seconds invaldidates validation hash at the end of the file.

  Remove svn:keywords and replace with fbsd:nokeywords=yes to
  support this change.

r304780:

  Change the algorithm by which /var/db/leap-seconds is updated.

  1. Use the leap-seconds version number (update time) to determine
     whether to update the file or not.

  2. If the version numbers of the files is the same, use the later
     expiry date to determine which file to use.

  Suggested by:	ian@

r304781:

  Add logic to replace the working ntp leap-seconds file in /var/db
  if it contains a $FreeBSD$ header. The header will cause the file
  to fail checksum of the hash causing ntpd to ignore the file.

r304782:

  Make validation of the leap-seconds file unconditional.

r304802:

  Remove the gratuitous check for $FreeBSD$ and rename the function
  to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
  isn't already there.

  Reported by:	ache@


git-svn-id: svn://svn.freebsd.org/base/stable/10@304879 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 etc/ntp/leap-seconds |  4 +---
 etc/rc.d/ntpd        | 27 ++++++++++++++++++++++++---
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/etc/ntp/leap-seconds b/etc/ntp/leap-seconds
index c31d19a2f..68db85ee7 100644
--- a/etc/ntp/leap-seconds
+++ b/etc/ntp/leap-seconds
@@ -1,6 +1,4 @@
 #
-# $FreeBSD$
-#
 #	In the following text, the symbol '#' introduces
 #	a comment, which continues from that symbol until 
 #	the end of the line. A plain comment line has a
@@ -46,7 +44,7 @@
 #	by the International Bureau of Weights and Measures
 #	(BIPM). See www.bipm.fr for more information.
 #
-#	3. The current definition of the relationship between UTC 
+#	3. The current defintion of the relationship between UTC 
 #	and TAI dates from 1 January 1972. A number of different 
 #	time scales were in use before than epoch, and it can be 
 #	quite difficult to compute precise timestamps and time 
diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd
index 91785b3ce..2ccdef76c 100755
--- a/etc/rc.d/ntpd
+++ b/etc/rc.d/ntpd
@@ -28,6 +28,8 @@ ntpd_precmd()
 		rc_flags="-g $rc_flags"
 	fi
 
+	ntpd_init_leapfile
+
 	if [ ! -f $ntp_db_leapfile ]; then
 		ntpd_fetch_leapfile
 	fi
@@ -66,15 +68,27 @@ current_ntp_ts() {
 }
 	
 get_ntp_leapfile_ver() {
+	# Leapfile update date (version number).
 	expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
 		'^\([1-9][0-9]*\)$' \| 0
 }
 
 get_ntp_leapfile_expiry() {
+	# Leapfile expiry date.
 	expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
 		'^\([1-9][0-9]*\)$' \| 0
 }
 
+ntpd_init_leapfile() {
+	# Refresh working leapfile with an invalid hash due to
+	# FreeBSD id header. Ntpd will ignore leapfiles with a
+	# mismatch hash. The file must be the virgin file from
+	# the source.
+	if [ ! -f $ntp_db_leapfile ]; then
+		cp -p $ntp_src_leapfile $ntp_db_leapfile
+	fi
+}
+
 ntpd_fetch_leapfile() {
 	local ntp_tmp_leapfile rc verbose
 	
@@ -87,19 +101,23 @@ ntpd_fetch_leapfile() {
 	ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
 
 	ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+	ntp_expiry_src=$(get_ntp_leapfile_expiry $ntp_src_leapfile)
 	ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+	ntp_expiry_db=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	$verbose ntp_src_leapfile version is $ntp_ver_no_src
 	$verbose ntp_db_leapfile version is $ntp_ver_no_db
 
-	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" -o \
+	     "$ntp_ver_no_src" -eq "$ntp_ver_no_db" -a \
+	     "$ntp_expiry_src" -gt "$ntp_expiry_db" ]; then
 		$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile 
 		cp -p $ntp_src_leapfile $ntp_db_leapfile
 		ntp_ver_no_db=$ntp_ver_no_src
 	else
 		$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile 
 	fi
-	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
 	if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
 		$verbose Within ntp leapfile expiry limit, initiating fetch
@@ -107,8 +125,11 @@ ntpd_fetch_leapfile() {
 			$verbose fetching $url
 			fetch $ntp_leapfile_fetch_opts -o $ntp_tmp_leapfile $url && break
 		done
+		ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
 		ntp_expiry_tmp=$(get_ntp_leapfile_expiry $ntp_tmp_leapfile)
-		if [ "$ntp_expiry_tmp" -gt "$ntp_leap_expiry" ]; then
+		if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" -o \
+		     "$ntp_ver_no_tmp" -eq "$ntp_ver_no_db" -a \
+		     "$ntp_expiry_tmp" -gt "$ntp_expiry_db" ]; then
 			$verbose using $url as $ntp_db_leapfile
 			mv $ntp_tmp_leapfile $ntp_db_leapfile
 		else
-- 
2.45.0