NEWS revision 1.1.1.2
1 --- 2 NTP 4.2.6p5 (Harlan Stenn <stenn (a] ntp.org>, 2011/12/24) 3 4 Focus: Bug fixes 5 6 Severity: Medium 7 8 This is a recommended upgrade. 9 10 This release updates sys_rootdisp and sys_jitter calculations to match the 11 RFC specification, fixes a potential IPv6 address matching error for the 12 "nic" and "interface" configuration directives, suppresses the creation of 13 extraneous ephemeral associations for certain broadcastclient and 14 multicastclient configurations, cleans up some ntpq display issues, and 15 includes improvements to orphan mode, minor bugs fixes and code clean-ups. 16 17 New features / changes in this release: 18 19 ntpd 20 21 * Updated "nic" and "interface" IPv6 address handling to prevent 22 mismatches with localhost [::1] and wildcard [::] which resulted from 23 using the address/prefix format (e.g. fe80::/64) 24 * Fix orphan mode stratum incorrectly counting to infinity 25 * Orphan parent selection metric updated to includes missing ntohl() 26 * Non-printable stratum 16 refid no longer sent to ntp 27 * Duplicate ephemeral associations suppressed for broadcastclient and 28 multicastclient without broadcastdelay 29 * Exclude undetermined sys_refid from use in loopback TEST12 30 * Exclude MODE_SERVER responses from KoD rate limiting 31 * Include root delay in clock_update() sys_rootdisp calculations 32 * get_systime() updated to exclude sys_residual offset (which only 33 affected bits "below" sys_tick, the precision threshold) 34 * sys.peer jitter weighting corrected in sys_jitter calculation 35 36 ntpq 37 38 * -n option extended to include the billboard "server" column 39 * IPv6 addresses in the local column truncated to prevent overruns 40 41 --- 42 NTP 4.2.6p4 (Harlan Stenn <stenn (a] ntp.org>, 2011/09/22) 43 44 Focus: Bug fixes and portability improvements 45 46 Severity: Medium 47 48 This is a recommended upgrade. 49 50 This release includes build infrastructure updates, code 51 clean-ups, minor bug fixes, fixes for a number of minor 52 ref-clock issues, and documentation revisions. 53 54 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 55 56 New features / changes in this release: 57 58 Build system 59 60 * Fix checking for struct rtattr 61 * Update config.guess and config.sub for AIX 62 * Upgrade required version of autogen and libopts for building 63 from our source code repository 64 65 ntpd 66 67 * Back-ported several fixes for Coverity warnings from ntp-dev 68 * Fix a rare boundary condition in UNLINK_EXPR_SLIST() 69 * Allow "logconfig =allall" configuration directive 70 * Bind tentative IPv6 addresses on Linux 71 * Correct WWVB/Spectracom driver to timestamp CR instead of LF 72 * Improved tally bit handling to prevent incorrect ntpq peer status reports 73 * Exclude the Undisciplined Local Clock and ACTS drivers from the initial 74 candidate list unless they are designated a "prefer peer" 75 * Prevent the consideration of Undisciplined Local Clock or ACTS drivers for 76 selection during the 'tos orphanwait' period 77 * Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS 78 drivers 79 * Improved support of the Parse Refclock trusttime flag in Meinberg mode 80 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 81 * Added the NTPD_TICKADJ_PPM environment variable for specifying baseline 82 clock slew on Microsoft Windows 83 * Code cleanup in libntpq 84 85 ntpdc 86 87 * Fix timerstats reporting 88 89 ntpdate 90 91 * Reduce time required to set clock 92 * Allow a timeout greater than 2 seconds 93 94 sntp 95 96 * Backward incompatible command-line option change: 97 -l/--filelog changed -l/--logfile (to be consistent with ntpd) 98 99 Documentation 100 101 * Update html2man. Fix some tags in the .html files 102 * Distribute ntp-wait.html 103 104 --- 105 NTP 4.2.6p3 (Harlan Stenn <stenn (a] ntp.org>, 2011/01/03) 106 107 Focus: Bug fixes and portability improvements 108 109 Severity: Medium 110 111 This is a recommended upgrade. 112 113 This release includes build infrastructure updates, code 114 clean-ups, minor bug fixes, fixes for a number of minor 115 ref-clock issues, and documentation revisions. 116 117 Portability improvements in this release affect AIX, Atari FreeMiNT, 118 FreeBSD4, Linux and Microsoft Windows. 119 120 New features / changes in this release: 121 122 Build system 123 * Use lsb_release to get information about Linux distributions. 124 * 'test' is in /usr/bin (instead of /bin) on some systems. 125 * Basic sanity checks for the ChangeLog file. 126 * Source certain build files with ./filename for systems without . in PATH. 127 * IRIX portability fix. 128 * Use a single copy of the "libopts" code. 129 * autogen/libopts upgrade. 130 * configure.ac m4 quoting cleanup. 131 132 ntpd 133 * Do not bind to IN6_IFF_ANYCAST addresses. 134 * Log the reason for exiting under Windows. 135 * Multicast fixes for Windows. 136 * Interpolation fixes for Windows. 137 * IPv4 and IPv6 Multicast fixes. 138 * Manycast solicitation fixes and general repairs. 139 * JJY refclock cleanup. 140 * NMEA refclock improvements. 141 * Oncore debug message cleanup. 142 * Palisade refclock now builds under Linux. 143 * Give RAWDCF more baud rates. 144 * Support Truetime Satellite clocks under Windows. 145 * Support Arbiter 1093C Satellite clocks under Windows. 146 * Make sure that the "filegen" configuration command defaults to "enable". 147 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver. 148 * Prohibit 'includefile' directive in remote configuration command. 149 * Fix 'nic' interface bindings. 150 * Fix the way we link with openssl if openssl is installed in the base 151 system. 152 153 ntp-keygen 154 * Fix -V coredump. 155 * OpenSSL version display cleanup. 156 157 ntpdc 158 * Many counters should be treated as unsigned. 159 160 ntpdate 161 * Do not ignore replies with equal receive and transmit timestamps. 162 163 ntpq 164 * libntpq warning cleanup. 165 166 ntpsnmpd 167 * Correct SNMP type for "precision" and "resolution". 168 * Update the MIB from the draft version to RFC-5907. 169 170 sntp 171 * Display timezone offset when showing time for sntp in the local 172 timezone. 173 * Pay proper attention to RATE KoD packets. 174 * Fix a miscalculation of the offset. 175 * Properly parse empty lines in the key file. 176 * Logging cleanup. 177 * Use tv_usec correctly in set_time(). 178 * Documentation cleanup. 179 180 --- 181 NTP 4.2.6p2 (Harlan Stenn <stenn (a] ntp.org>, 2010/07/08) 182 183 Focus: Bug fixes and portability improvements 184 185 Severity: Medium 186 187 This is a recommended upgrade. 188 189 This release includes build infrastructure updates, code 190 clean-ups, minor bug fixes, fixes for a number of minor 191 ref-clock issues, improved KOD handling, OpenSSL related 192 updates and documentation revisions. 193 194 Portability improvements in this release affect Irix, Linux, 195 Mac OS, Microsoft Windows, OpenBSD and QNX6 196 197 New features / changes in this release: 198 199 ntpd 200 * Range syntax for the trustedkey configuration directive 201 * Unified IPv4 and IPv6 restrict lists 202 203 ntpdate 204 * Rate limiting and KOD handling 205 206 ntpsnmpd 207 * default connection to net-snmpd via a unix-domain socket 208 * command-line 'socket name' option 209 210 ntpq / ntpdc 211 * support for the "passwd ..." syntax 212 * key-type specific password prompts 213 214 sntp 215 * MD5 authentication of an ntpd 216 * Broadcast and crypto 217 * OpenSSL support 218 219 --- 220 NTP 4.2.6p1 (Harlan Stenn <stenn (a] ntp.org>, 2010/04/09) 221 222 Focus: Bug fixes, portability fixes, and documentation improvements 223 224 Severity: Medium 225 226 This is a recommended upgrade. 227 228 --- 229 NTP 4.2.6 (Harlan Stenn <stenn (a] ntp.org>, 2009/12/08) 230 231 Focus: enhancements and bug fixes. 232 233 --- 234 NTP 4.2.4p8 (Harlan Stenn <stenn (a] ntp.org>, 2009/12/08) 235 236 Focus: Security Fixes 237 238 Severity: HIGH 239 240 This release fixes the following high-severity vulnerability: 241 242 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. 243 244 See http://support.ntp.org/security for more information. 245 246 NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. 247 In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time 248 transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 249 request or a mode 7 error response from an address which is not listed 250 in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will 251 reply with a mode 7 error response (and log a message). In this case: 252 253 * If an attacker spoofs the source address of ntpd host A in a 254 mode 7 response packet sent to ntpd host B, both A and B will 255 continuously send each other error responses, for as long as 256 those packets get through. 257 258 * If an attacker spoofs an address of ntpd host A in a mode 7 259 response packet sent to ntpd host A, A will respond to itself 260 endlessly, consuming CPU and logging excessively. 261 262 Credit for finding this vulnerability goes to Robin Park and Dmitri 263 Vinokurov of Alcatel-Lucent. 264 265 THIS IS A STRONGLY RECOMMENDED UPGRADE. 266 267 --- 268 ntpd now syncs to refclocks right away. 269 270 Backward-Incompatible changes: 271 272 ntpd no longer accepts '-v name' or '-V name' to define internal variables. 273 Use '--var name' or '--dvar name' instead. (Bug 817) 274 275 --- 276 NTP 4.2.4p7 (Harlan Stenn <stenn (a] ntp.org>, 2009/05/04) 277 278 Focus: Security and Bug Fixes 279 280 Severity: HIGH 281 282 This release fixes the following high-severity vulnerability: 283 284 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 285 286 See http://support.ntp.org/security for more information. 287 288 If autokey is enabled (if ntp.conf contains a "crypto pw whatever" 289 line) then a carefully crafted packet sent to the machine will cause 290 a buffer overflow and possible execution of injected code, running 291 with the privileges of the ntpd process (often root). 292 293 Credit for finding this vulnerability goes to Chris Ries of CMU. 294 295 This release fixes the following low-severity vulnerabilities: 296 297 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 298 Credit for finding this vulnerability goes to Geoff Keating of Apple. 299 300 * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows 301 Credit for finding this issue goes to Dave Hart. 302 303 This release fixes a number of bugs and adds some improvements: 304 305 * Improved logging 306 * Fix many compiler warnings 307 * Many fixes and improvements for Windows 308 * Adds support for AIX 6.1 309 * Resolves some issues under MacOS X and Solaris 310 311 THIS IS A STRONGLY RECOMMENDED UPGRADE. 312 313 --- 314 NTP 4.2.4p6 (Harlan Stenn <stenn (a] ntp.org>, 2009/01/07) 315 316 Focus: Security Fix 317 318 Severity: Low 319 320 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting 321 the OpenSSL library relating to the incorrect checking of the return 322 value of EVP_VerifyFinal function. 323 324 Credit for finding this issue goes to the Google Security Team for 325 finding the original issue with OpenSSL, and to ocert.org for finding 326 the problem in NTP and telling us about it. 327 328 This is a recommended upgrade. 329 --- 330 NTP 4.2.4p5 (Harlan Stenn <stenn (a] ntp.org>, 2008/08/17) 331 332 Focus: Minor Bugfixes 333 334 This release fixes a number of Windows-specific ntpd bugs and 335 platform-independent ntpdate bugs. A logging bugfix has been applied 336 to the ONCORE driver. 337 338 The "dynamic" keyword and is now obsolete and deferred binding to local 339 interfaces is the new default. The minimum time restriction for the 340 interface update interval has been dropped. 341 342 A number of minor build system and documentation fixes are included. 343 344 This is a recommended upgrade for Windows. 345 346 --- 347 NTP 4.2.4p4 (Harlan Stenn <stenn (a] ntp.org>, 2007/09/10) 348 349 Focus: Minor Bugfixes 350 351 This release updates certain copyright information, fixes several display 352 bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor 353 shutdown in the parse refclock driver, removes some lint from the code, 354 stops accessing certain buffers immediately after they were freed, fixes 355 a problem with non-command-line specification of -6, and allows the loopback 356 interface to share addresses with other interfaces. 357 358 --- 359 NTP 4.2.4p3 (Harlan Stenn <stenn (a] ntp.org>, 2007/06/29) 360 361 Focus: Minor Bugfixes 362 363 This release fixes a bug in Windows that made it difficult to 364 terminate ntpd under windows. 365 This is a recommended upgrade for Windows. 366 367 --- 368 NTP 4.2.4p2 (Harlan Stenn <stenn (a] ntp.org>, 2007/06/19) 369 370 Focus: Minor Bugfixes 371 372 This release fixes a multicast mode authentication problem, 373 an error in NTP packet handling on Windows that could lead to 374 ntpd crashing, and several other minor bugs. Handling of 375 multicast interfaces and logging configuration were improved. 376 The required versions of autogen and libopts were incremented. 377 This is a recommended upgrade for Windows and multicast users. 378 379 --- 380 NTP 4.2.4 (Harlan Stenn <stenn (a] ntp.org>, 2006/12/31) 381 382 Focus: enhancements and bug fixes. 383 384 Dynamic interface rescanning was added to simplify the use of ntpd in 385 conjunction with DHCP. GNU AutoGen is used for its command-line options 386 processing. Separate PPS devices are supported for PARSE refclocks, MD5 387 signatures are now provided for the release files. Drivers have been 388 added for some new ref-clocks and have been removed for some older 389 ref-clocks. This release also includes other improvements, documentation 390 and bug fixes. 391 392 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 393 C support. 394 395 --- 396 NTP 4.2.0 (Harlan Stenn <stenn (a] ntp.org>, 2003/10/15) 397 398 Focus: enhancements and bug fixes. 399
Indexes created Mon Apr 20 00:23:12 UTC 2026