File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / NEWS
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue May 29 12:08:37 2012 UTC (12 years, 6 months ago) by misho
Branches: ntp, MAIN
CVS tags: v4_2_6p5p0, v4_2_6p5, HEAD
ntp 4.2.6p5

    1: --- 
    2: NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24) 
    3:  
    4: Focus: Bug fixes
    5:  
    6: Severity: Medium 
    7:  
    8: This is a recommended upgrade. 
    9: 
   10: This release updates sys_rootdisp and sys_jitter calculations to match the
   11: RFC specification, fixes a potential IPv6 address matching error for the
   12: "nic" and "interface" configuration directives, suppresses the creation of
   13: extraneous ephemeral associations for certain broadcastclient and
   14: multicastclient configurations, cleans up some ntpq display issues, and
   15: includes improvements to orphan mode, minor bugs fixes and code clean-ups.
   16: 
   17: New features / changes in this release:
   18: 
   19: ntpd
   20: 
   21:  * Updated "nic" and "interface" IPv6 address handling to prevent 
   22:    mismatches with localhost [::1] and wildcard [::] which resulted from
   23:    using the address/prefix format (e.g. fe80::/64)
   24:  * Fix orphan mode stratum incorrectly counting to infinity
   25:  * Orphan parent selection metric updated to includes missing ntohl()
   26:  * Non-printable stratum 16 refid no longer sent to ntp
   27:  * Duplicate ephemeral associations suppressed for broadcastclient and
   28:    multicastclient without broadcastdelay
   29:  * Exclude undetermined sys_refid from use in loopback TEST12
   30:  * Exclude MODE_SERVER responses from KoD rate limiting
   31:  * Include root delay in clock_update() sys_rootdisp calculations
   32:  * get_systime() updated to exclude sys_residual offset (which only
   33:    affected bits "below" sys_tick, the precision threshold)
   34:  * sys.peer jitter weighting corrected in sys_jitter calculation
   35: 
   36: ntpq
   37: 
   38:  * -n option extended to include the billboard "server" column
   39:  * IPv6 addresses in the local column truncated to prevent overruns
   40: 
   41: --- 
   42: NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22) 
   43:  
   44: Focus: Bug fixes and portability improvements 
   45:  
   46: Severity: Medium 
   47:  
   48: This is a recommended upgrade. 
   49:  
   50: This release includes build infrastructure updates, code 
   51: clean-ups, minor bug fixes, fixes for a number of minor 
   52: ref-clock issues, and documentation revisions. 
   53:  
   54: Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 
   55:  
   56: New features / changes in this release: 
   57:  
   58: Build system 
   59:  
   60: * Fix checking for struct rtattr 
   61: * Update config.guess and config.sub for AIX 
   62: * Upgrade required version of autogen and libopts for building 
   63:   from our source code repository 
   64:  
   65: ntpd 
   66:  
   67: * Back-ported several fixes for Coverity warnings from ntp-dev 
   68: * Fix a rare boundary condition in UNLINK_EXPR_SLIST() 
   69: * Allow "logconfig =allall" configuration directive 
   70: * Bind tentative IPv6 addresses on Linux 
   71: * Correct WWVB/Spectracom driver to timestamp CR instead of LF 
   72: * Improved tally bit handling to prevent incorrect ntpq peer status reports 
   73: * Exclude the Undisciplined Local Clock and ACTS drivers from the initial 
   74:   candidate list unless they are designated a "prefer peer" 
   75: * Prevent the consideration of Undisciplined Local Clock or ACTS drivers for 
   76:   selection during the 'tos orphanwait' period 
   77: * Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS 
   78:   drivers 
   79: * Improved support of the Parse Refclock trusttime flag in Meinberg mode 
   80: * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 
   81: * Added the NTPD_TICKADJ_PPM environment variable for specifying baseline 
   82:   clock slew on Microsoft Windows 
   83: * Code cleanup in libntpq 
   84:  
   85: ntpdc 
   86:  
   87: * Fix timerstats reporting 
   88:  
   89: ntpdate 
   90:  
   91: * Reduce time required to set clock 
   92: * Allow a timeout greater than 2 seconds 
   93:  
   94: sntp 
   95:  
   96: * Backward incompatible command-line option change: 
   97:   -l/--filelog changed -l/--logfile (to be consistent with ntpd) 
   98:  
   99: Documentation 
  100:  
  101: * Update html2man. Fix some tags in the .html files 
  102: * Distribute ntp-wait.html 
  103: 
  104: ---
  105: NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
  106: 
  107: Focus: Bug fixes and portability improvements
  108: 
  109: Severity: Medium
  110: 
  111: This is a recommended upgrade.
  112: 
  113: This release includes build infrastructure updates, code
  114: clean-ups, minor bug fixes, fixes for a number of minor
  115: ref-clock issues, and documentation revisions.
  116: 
  117: Portability improvements in this release affect AIX, Atari FreeMiNT,
  118: FreeBSD4, Linux and Microsoft Windows.
  119: 
  120: New features / changes in this release:
  121: 
  122: Build system
  123: * Use lsb_release to get information about Linux distributions.
  124: * 'test' is in /usr/bin (instead of /bin) on some systems.
  125: * Basic sanity checks for the ChangeLog file.
  126: * Source certain build files with ./filename for systems without . in PATH.
  127: * IRIX portability fix.
  128: * Use a single copy of the "libopts" code.
  129: * autogen/libopts upgrade.
  130: * configure.ac m4 quoting cleanup.
  131: 
  132: ntpd
  133: * Do not bind to IN6_IFF_ANYCAST addresses.
  134: * Log the reason for exiting under Windows.
  135: * Multicast fixes for Windows.
  136: * Interpolation fixes for Windows.
  137: * IPv4 and IPv6 Multicast fixes.
  138: * Manycast solicitation fixes and general repairs.
  139: * JJY refclock cleanup.
  140: * NMEA refclock improvements.
  141: * Oncore debug message cleanup.
  142: * Palisade refclock now builds under Linux.
  143: * Give RAWDCF more baud rates.
  144: * Support Truetime Satellite clocks under Windows.
  145: * Support Arbiter 1093C Satellite clocks under Windows.
  146: * Make sure that the "filegen" configuration command defaults to "enable".
  147: * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
  148: * Prohibit 'includefile' directive in remote configuration command.
  149: * Fix 'nic' interface bindings.
  150: * Fix the way we link with openssl if openssl is installed in the base
  151:   system.
  152: 
  153: ntp-keygen
  154: * Fix -V coredump.
  155: * OpenSSL version display cleanup.
  156: 
  157: ntpdc
  158: * Many counters should be treated as unsigned.
  159: 
  160: ntpdate
  161: * Do not ignore replies with equal receive and transmit timestamps.
  162: 
  163: ntpq
  164: * libntpq warning cleanup.
  165: 
  166: ntpsnmpd
  167: * Correct SNMP type for "precision" and "resolution".
  168: * Update the MIB from the draft version to RFC-5907.
  169: 
  170: sntp
  171: * Display timezone offset when showing time for sntp in the local
  172:   timezone.
  173: * Pay proper attention to RATE KoD packets.
  174: * Fix a miscalculation of the offset.
  175: * Properly parse empty lines in the key file.
  176: * Logging cleanup.
  177: * Use tv_usec correctly in set_time().
  178: * Documentation cleanup.
  179: 
  180: ---
  181: NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
  182: 
  183: Focus: Bug fixes and portability improvements
  184: 
  185: Severity: Medium
  186: 
  187: This is a recommended upgrade.
  188: 
  189: This release includes build infrastructure updates, code
  190: clean-ups, minor bug fixes, fixes for a number of minor
  191: ref-clock issues, improved KOD handling, OpenSSL related
  192: updates and documentation revisions.
  193: 
  194: Portability improvements in this release affect Irix, Linux,
  195: Mac OS, Microsoft Windows, OpenBSD and QNX6
  196: 
  197: New features / changes in this release:
  198: 
  199: ntpd
  200: * Range syntax for the trustedkey configuration directive
  201: * Unified IPv4 and IPv6 restrict lists
  202: 
  203: ntpdate
  204: * Rate limiting and KOD handling
  205: 
  206: ntpsnmpd
  207: * default connection to net-snmpd via a unix-domain socket
  208: * command-line 'socket name' option
  209: 
  210: ntpq / ntpdc
  211: * support for the "passwd ..." syntax
  212: * key-type specific password prompts
  213: 
  214: sntp
  215: * MD5 authentication of an ntpd
  216: * Broadcast and crypto
  217: * OpenSSL support
  218: 
  219: ---
  220: NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
  221: 
  222: Focus: Bug fixes, portability fixes, and documentation improvements
  223: 
  224: Severity: Medium
  225: 
  226: This is a recommended upgrade.
  227: 
  228: ---
  229: NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
  230: 
  231: Focus: enhancements and bug fixes.
  232: 
  233: ---
  234: NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
  235: 
  236: Focus: Security Fixes
  237: 
  238: Severity: HIGH
  239: 
  240: This release fixes the following high-severity vulnerability:
  241: 
  242: * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
  243: 
  244:   See http://support.ntp.org/security for more information.
  245: 
  246:   NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
  247:   In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
  248:   transfers use modes 1 through 5.  Upon receipt of an incorrect mode 7
  249:   request or a mode 7 error response from an address which is not listed
  250:   in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
  251:   reply with a mode 7 error response (and log a message).  In this case:
  252: 
  253: 	* If an attacker spoofs the source address of ntpd host A in a
  254: 	  mode 7 response packet sent to ntpd host B, both A and B will
  255: 	  continuously send each other error responses, for as long as
  256: 	  those packets get through.
  257: 
  258: 	* If an attacker spoofs an address of ntpd host A in a mode 7
  259: 	  response packet sent to ntpd host A, A will respond to itself
  260: 	  endlessly, consuming CPU and logging excessively.
  261: 
  262:   Credit for finding this vulnerability goes to Robin Park and Dmitri
  263:   Vinokurov of Alcatel-Lucent.
  264: 
  265: THIS IS A STRONGLY RECOMMENDED UPGRADE.
  266: 
  267: ---
  268: ntpd now syncs to refclocks right away.
  269: 
  270: Backward-Incompatible changes:
  271: 
  272: ntpd no longer accepts '-v name' or '-V name' to define internal variables.
  273: Use '--var name' or '--dvar name' instead. (Bug 817)
  274: 
  275: ---
  276: NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
  277: 
  278: Focus: Security and Bug Fixes
  279: 
  280: Severity: HIGH
  281: 
  282: This release fixes the following high-severity vulnerability:
  283: 
  284: * [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
  285: 
  286:   See http://support.ntp.org/security for more information.
  287: 
  288:   If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
  289:   line) then a carefully crafted packet sent to the machine will cause
  290:   a buffer overflow and possible execution of injected code, running
  291:   with the privileges of the ntpd process (often root).
  292: 
  293:   Credit for finding this vulnerability goes to Chris Ries of CMU.
  294: 
  295: This release fixes the following low-severity vulnerabilities:
  296: 
  297: * [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
  298:   Credit for finding this vulnerability goes to Geoff Keating of Apple.
  299:   
  300: * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
  301:   Credit for finding this issue goes to Dave Hart.
  302: 
  303: This release fixes a number of bugs and adds some improvements:
  304: 
  305: * Improved logging
  306: * Fix many compiler warnings
  307: * Many fixes and improvements for Windows
  308: * Adds support for AIX 6.1
  309: * Resolves some issues under MacOS X and Solaris
  310: 
  311: THIS IS A STRONGLY RECOMMENDED UPGRADE.
  312: 
  313: ---
  314: NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
  315: 
  316: Focus: Security Fix
  317: 
  318: Severity: Low
  319: 
  320: This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
  321: the OpenSSL library relating to the incorrect checking of the return
  322: value of EVP_VerifyFinal function.
  323: 
  324: Credit for finding this issue goes to the Google Security Team for
  325: finding the original issue with OpenSSL, and to ocert.org for finding
  326: the problem in NTP and telling us about it.
  327: 
  328: This is a recommended upgrade.
  329: ---
  330: NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
  331: 
  332: Focus: Minor Bugfixes 
  333: 
  334: This release fixes a number of Windows-specific ntpd bugs and 
  335: platform-independent ntpdate bugs. A logging bugfix has been applied
  336: to the ONCORE driver.
  337: 
  338: The "dynamic" keyword and is now obsolete and deferred binding to local 
  339: interfaces is the new default. The minimum time restriction for the 
  340: interface update interval has been dropped. 
  341: 
  342: A number of minor build system and documentation fixes are included. 
  343: 
  344: This is a recommended upgrade for Windows. 
  345: 
  346: ---
  347: NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
  348: 
  349: Focus: Minor Bugfixes
  350: 
  351: This release updates certain copyright information, fixes several display
  352: bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor
  353: shutdown in the parse refclock driver, removes some lint from the code,
  354: stops accessing certain buffers immediately after they were freed, fixes
  355: a problem with non-command-line specification of -6, and allows the loopback
  356: interface to share addresses with other interfaces.
  357: 
  358: ---
  359: NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
  360: 
  361: Focus: Minor Bugfixes
  362: 
  363: This release fixes a bug in Windows that made it difficult to
  364: terminate ntpd under windows.
  365: This is a recommended upgrade for Windows.
  366: 
  367: ---
  368: NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
  369: 
  370: Focus: Minor Bugfixes
  371: 
  372: This release fixes a multicast mode authentication problem, 
  373: an error in NTP packet handling on Windows that could lead to 
  374: ntpd crashing, and several other minor bugs. Handling of 
  375: multicast interfaces and logging configuration were improved. 
  376: The required versions of autogen and libopts were incremented.
  377: This is a recommended upgrade for Windows and multicast users.
  378: 
  379: ---
  380: NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
  381: 
  382: Focus: enhancements and bug fixes.
  383: 
  384: Dynamic interface rescanning was added to simplify the use of ntpd in 
  385: conjunction with DHCP. GNU AutoGen is used for its command-line options 
  386: processing. Separate PPS devices are supported for PARSE refclocks, MD5 
  387: signatures are now provided for the release files. Drivers have been 
  388: added for some new ref-clocks and have been removed for some older 
  389: ref-clocks. This release also includes other improvements, documentation 
  390: and bug fixes. 
  391: 
  392: K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 
  393: C support.
  394: 
  395: ---
  396: NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
  397: 
  398: Focus: enhancements and bug fixes.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>