1: ---
2: NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24)
3:
4: Focus: Bug fixes
5:
6: Severity: Medium
7:
8: This is a recommended upgrade.
9:
10: This release updates sys_rootdisp and sys_jitter calculations to match the
11: RFC specification, fixes a potential IPv6 address matching error for the
12: "nic" and "interface" configuration directives, suppresses the creation of
13: extraneous ephemeral associations for certain broadcastclient and
14: multicastclient configurations, cleans up some ntpq display issues, and
15: includes improvements to orphan mode, minor bugs fixes and code clean-ups.
16:
17: New features / changes in this release:
18:
19: ntpd
20:
21: * Updated "nic" and "interface" IPv6 address handling to prevent
22: mismatches with localhost [::1] and wildcard [::] which resulted from
23: using the address/prefix format (e.g. fe80::/64)
24: * Fix orphan mode stratum incorrectly counting to infinity
25: * Orphan parent selection metric updated to includes missing ntohl()
26: * Non-printable stratum 16 refid no longer sent to ntp
27: * Duplicate ephemeral associations suppressed for broadcastclient and
28: multicastclient without broadcastdelay
29: * Exclude undetermined sys_refid from use in loopback TEST12
30: * Exclude MODE_SERVER responses from KoD rate limiting
31: * Include root delay in clock_update() sys_rootdisp calculations
32: * get_systime() updated to exclude sys_residual offset (which only
33: affected bits "below" sys_tick, the precision threshold)
34: * sys.peer jitter weighting corrected in sys_jitter calculation
35:
36: ntpq
37:
38: * -n option extended to include the billboard "server" column
39: * IPv6 addresses in the local column truncated to prevent overruns
40:
41: ---
42: NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22)
43:
44: Focus: Bug fixes and portability improvements
45:
46: Severity: Medium
47:
48: This is a recommended upgrade.
49:
50: This release includes build infrastructure updates, code
51: clean-ups, minor bug fixes, fixes for a number of minor
52: ref-clock issues, and documentation revisions.
53:
54: Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
55:
56: New features / changes in this release:
57:
58: Build system
59:
60: * Fix checking for struct rtattr
61: * Update config.guess and config.sub for AIX
62: * Upgrade required version of autogen and libopts for building
63: from our source code repository
64:
65: ntpd
66:
67: * Back-ported several fixes for Coverity warnings from ntp-dev
68: * Fix a rare boundary condition in UNLINK_EXPR_SLIST()
69: * Allow "logconfig =allall" configuration directive
70: * Bind tentative IPv6 addresses on Linux
71: * Correct WWVB/Spectracom driver to timestamp CR instead of LF
72: * Improved tally bit handling to prevent incorrect ntpq peer status reports
73: * Exclude the Undisciplined Local Clock and ACTS drivers from the initial
74: candidate list unless they are designated a "prefer peer"
75: * Prevent the consideration of Undisciplined Local Clock or ACTS drivers for
76: selection during the 'tos orphanwait' period
77: * Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS
78: drivers
79: * Improved support of the Parse Refclock trusttime flag in Meinberg mode
80: * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
81: * Added the NTPD_TICKADJ_PPM environment variable for specifying baseline
82: clock slew on Microsoft Windows
83: * Code cleanup in libntpq
84:
85: ntpdc
86:
87: * Fix timerstats reporting
88:
89: ntpdate
90:
91: * Reduce time required to set clock
92: * Allow a timeout greater than 2 seconds
93:
94: sntp
95:
96: * Backward incompatible command-line option change:
97: -l/--filelog changed -l/--logfile (to be consistent with ntpd)
98:
99: Documentation
100:
101: * Update html2man. Fix some tags in the .html files
102: * Distribute ntp-wait.html
103:
104: ---
105: NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
106:
107: Focus: Bug fixes and portability improvements
108:
109: Severity: Medium
110:
111: This is a recommended upgrade.
112:
113: This release includes build infrastructure updates, code
114: clean-ups, minor bug fixes, fixes for a number of minor
115: ref-clock issues, and documentation revisions.
116:
117: Portability improvements in this release affect AIX, Atari FreeMiNT,
118: FreeBSD4, Linux and Microsoft Windows.
119:
120: New features / changes in this release:
121:
122: Build system
123: * Use lsb_release to get information about Linux distributions.
124: * 'test' is in /usr/bin (instead of /bin) on some systems.
125: * Basic sanity checks for the ChangeLog file.
126: * Source certain build files with ./filename for systems without . in PATH.
127: * IRIX portability fix.
128: * Use a single copy of the "libopts" code.
129: * autogen/libopts upgrade.
130: * configure.ac m4 quoting cleanup.
131:
132: ntpd
133: * Do not bind to IN6_IFF_ANYCAST addresses.
134: * Log the reason for exiting under Windows.
135: * Multicast fixes for Windows.
136: * Interpolation fixes for Windows.
137: * IPv4 and IPv6 Multicast fixes.
138: * Manycast solicitation fixes and general repairs.
139: * JJY refclock cleanup.
140: * NMEA refclock improvements.
141: * Oncore debug message cleanup.
142: * Palisade refclock now builds under Linux.
143: * Give RAWDCF more baud rates.
144: * Support Truetime Satellite clocks under Windows.
145: * Support Arbiter 1093C Satellite clocks under Windows.
146: * Make sure that the "filegen" configuration command defaults to "enable".
147: * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
148: * Prohibit 'includefile' directive in remote configuration command.
149: * Fix 'nic' interface bindings.
150: * Fix the way we link with openssl if openssl is installed in the base
151: system.
152:
153: ntp-keygen
154: * Fix -V coredump.
155: * OpenSSL version display cleanup.
156:
157: ntpdc
158: * Many counters should be treated as unsigned.
159:
160: ntpdate
161: * Do not ignore replies with equal receive and transmit timestamps.
162:
163: ntpq
164: * libntpq warning cleanup.
165:
166: ntpsnmpd
167: * Correct SNMP type for "precision" and "resolution".
168: * Update the MIB from the draft version to RFC-5907.
169:
170: sntp
171: * Display timezone offset when showing time for sntp in the local
172: timezone.
173: * Pay proper attention to RATE KoD packets.
174: * Fix a miscalculation of the offset.
175: * Properly parse empty lines in the key file.
176: * Logging cleanup.
177: * Use tv_usec correctly in set_time().
178: * Documentation cleanup.
179:
180: ---
181: NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
182:
183: Focus: Bug fixes and portability improvements
184:
185: Severity: Medium
186:
187: This is a recommended upgrade.
188:
189: This release includes build infrastructure updates, code
190: clean-ups, minor bug fixes, fixes for a number of minor
191: ref-clock issues, improved KOD handling, OpenSSL related
192: updates and documentation revisions.
193:
194: Portability improvements in this release affect Irix, Linux,
195: Mac OS, Microsoft Windows, OpenBSD and QNX6
196:
197: New features / changes in this release:
198:
199: ntpd
200: * Range syntax for the trustedkey configuration directive
201: * Unified IPv4 and IPv6 restrict lists
202:
203: ntpdate
204: * Rate limiting and KOD handling
205:
206: ntpsnmpd
207: * default connection to net-snmpd via a unix-domain socket
208: * command-line 'socket name' option
209:
210: ntpq / ntpdc
211: * support for the "passwd ..." syntax
212: * key-type specific password prompts
213:
214: sntp
215: * MD5 authentication of an ntpd
216: * Broadcast and crypto
217: * OpenSSL support
218:
219: ---
220: NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
221:
222: Focus: Bug fixes, portability fixes, and documentation improvements
223:
224: Severity: Medium
225:
226: This is a recommended upgrade.
227:
228: ---
229: NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
230:
231: Focus: enhancements and bug fixes.
232:
233: ---
234: NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
235:
236: Focus: Security Fixes
237:
238: Severity: HIGH
239:
240: This release fixes the following high-severity vulnerability:
241:
242: * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
243:
244: See http://support.ntp.org/security for more information.
245:
246: NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
247: In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
248: transfers use modes 1 through 5. Upon receipt of an incorrect mode 7
249: request or a mode 7 error response from an address which is not listed
250: in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
251: reply with a mode 7 error response (and log a message). In this case:
252:
253: * If an attacker spoofs the source address of ntpd host A in a
254: mode 7 response packet sent to ntpd host B, both A and B will
255: continuously send each other error responses, for as long as
256: those packets get through.
257:
258: * If an attacker spoofs an address of ntpd host A in a mode 7
259: response packet sent to ntpd host A, A will respond to itself
260: endlessly, consuming CPU and logging excessively.
261:
262: Credit for finding this vulnerability goes to Robin Park and Dmitri
263: Vinokurov of Alcatel-Lucent.
264:
265: THIS IS A STRONGLY RECOMMENDED UPGRADE.
266:
267: ---
268: ntpd now syncs to refclocks right away.
269:
270: Backward-Incompatible changes:
271:
272: ntpd no longer accepts '-v name' or '-V name' to define internal variables.
273: Use '--var name' or '--dvar name' instead. (Bug 817)
274:
275: ---
276: NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
277:
278: Focus: Security and Bug Fixes
279:
280: Severity: HIGH
281:
282: This release fixes the following high-severity vulnerability:
283:
284: * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
285:
286: See http://support.ntp.org/security for more information.
287:
288: If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
289: line) then a carefully crafted packet sent to the machine will cause
290: a buffer overflow and possible execution of injected code, running
291: with the privileges of the ntpd process (often root).
292:
293: Credit for finding this vulnerability goes to Chris Ries of CMU.
294:
295: This release fixes the following low-severity vulnerabilities:
296:
297: * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
298: Credit for finding this vulnerability goes to Geoff Keating of Apple.
299:
300: * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
301: Credit for finding this issue goes to Dave Hart.
302:
303: This release fixes a number of bugs and adds some improvements:
304:
305: * Improved logging
306: * Fix many compiler warnings
307: * Many fixes and improvements for Windows
308: * Adds support for AIX 6.1
309: * Resolves some issues under MacOS X and Solaris
310:
311: THIS IS A STRONGLY RECOMMENDED UPGRADE.
312:
313: ---
314: NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
315:
316: Focus: Security Fix
317:
318: Severity: Low
319:
320: This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
321: the OpenSSL library relating to the incorrect checking of the return
322: value of EVP_VerifyFinal function.
323:
324: Credit for finding this issue goes to the Google Security Team for
325: finding the original issue with OpenSSL, and to ocert.org for finding
326: the problem in NTP and telling us about it.
327:
328: This is a recommended upgrade.
329: ---
330: NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
331:
332: Focus: Minor Bugfixes
333:
334: This release fixes a number of Windows-specific ntpd bugs and
335: platform-independent ntpdate bugs. A logging bugfix has been applied
336: to the ONCORE driver.
337:
338: The "dynamic" keyword and is now obsolete and deferred binding to local
339: interfaces is the new default. The minimum time restriction for the
340: interface update interval has been dropped.
341:
342: A number of minor build system and documentation fixes are included.
343:
344: This is a recommended upgrade for Windows.
345:
346: ---
347: NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
348:
349: Focus: Minor Bugfixes
350:
351: This release updates certain copyright information, fixes several display
352: bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor
353: shutdown in the parse refclock driver, removes some lint from the code,
354: stops accessing certain buffers immediately after they were freed, fixes
355: a problem with non-command-line specification of -6, and allows the loopback
356: interface to share addresses with other interfaces.
357:
358: ---
359: NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
360:
361: Focus: Minor Bugfixes
362:
363: This release fixes a bug in Windows that made it difficult to
364: terminate ntpd under windows.
365: This is a recommended upgrade for Windows.
366:
367: ---
368: NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
369:
370: Focus: Minor Bugfixes
371:
372: This release fixes a multicast mode authentication problem,
373: an error in NTP packet handling on Windows that could lead to
374: ntpd crashing, and several other minor bugs. Handling of
375: multicast interfaces and logging configuration were improved.
376: The required versions of autogen and libopts were incremented.
377: This is a recommended upgrade for Windows and multicast users.
378:
379: ---
380: NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
381:
382: Focus: enhancements and bug fixes.
383:
384: Dynamic interface rescanning was added to simplify the use of ntpd in
385: conjunction with DHCP. GNU AutoGen is used for its command-line options
386: processing. Separate PPS devices are supported for PARSE refclocks, MD5
387: signatures are now provided for the release files. Drivers have been
388: added for some new ref-clocks and have been removed for some older
389: ref-clocks. This release also includes other improvements, documentation
390: and bug fixes.
391:
392: K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
393: C support.
394:
395: ---
396: NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
397:
398: Focus: enhancements and bug fixes.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>