Lines Matching +full:hart +full:- +full:compatible

1 ---
10 - changes crypto (OpenSSL or compatible) detection and default build behavior.
11 Previously, crypto was supported if available unless the --without-crypto
13 falling back to a crypto-free build if usable libcrypto was not found has
15 The --without-crypto option must be explicitly provided if you want a build
17 - Fixes 40 bugs
18 - Includes 40 other improvements
24 stepped. <hart@ntp.org>
25 * [Bug 3913] Avoid duplicate IPv6 link-local manycast associations.
26 <hart@ntp.org>
28 * [Bug 3910] Memory leak using openssl-3 <hart@ntp.org>
30 <hart@ntp.org>
31 * [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
32 <hart@ntp.org>
33 * [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
35 Windows. <hart@ntp.org>
36 * [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates
37 duplicate associations. <hart@ntp.org>
38 * [Bug 3872] Ignore restrict mask for hostname. <hart@ntp.org>
41 declaration from ntp_types.h to config.h. <hart@ntp.org>
43 * [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs.
44 Reported by PoolMUC@web.de. <hart@ntp.org>
45 * [Bug 3868] Cannot restrict a pool peer. <hart@ntp.org> Thanks to
47 * [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian.
48 <hart@ntp.org>
49 * [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. <hart@ntp.org>
51 <hart@ntp.org>
52 * [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. <hart@ntp.org>
54 <hart@ntp.org>
55 * [Bug 3853] Clean up warnings with modern compilers. <hart@ntp.org>
56 * [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as
57 intended. <hart@ntp.org>
59 <hart@ntp.org>
60 * [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid.
61 <hart@ntp.org>
62 * [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org>
63 * [Bug 3847] SSL detection in configure should run-test if runpath is needed.
64 <hart@ntp.org>
65 * [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
66 * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
67 <hart@ntp.org>
68 * [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org>
69 * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
70 Need to remove --Wformat-security when removing -Wformat to
71 silence numerous libopts warnings. <hart@ntp.org>
74 list is empty. <hart@ntp.org>
75 * [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. <hart@ntp.org>
76 * [Bug 3831] pollskewlist zeroed on runtime configuration. <hart@ntp.org>
85 * [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
87 * Log failures to allocate receive buffers. <hart@ntp.org>
92 about KoD rate limiting. <hart@ntp.org>
94 * util/lsf-times - added. <stenn@ntp.org>
95 * Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org>
96 * Provide ntpd thread names to debugger on Windows. <hart@ntp.org>
97 * Remove dead code libntp/numtohost.c and its unit tests. <hart@ntp.org>
98 * Remove class A, B, C IPv4 distinctions in netof(). <hart@ntp.org>
100 the file is generated from another pointing to the *.in. <hart@ntp.org>
101 * Correct underquoting, indents in ntp_facilitynames.m4. <hart@ntp.org>
102 * Clean up a few warnings seen building with older gcc. <hart@ntp.org>
103 * Fix build on older FreeBSD lacking sys/procctl.h. <hart@ntp.org>
105 that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org>
106 * Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files.
108 * Avoid newlines within Windows error messages. <hart@ntp.org>
109 * Ensure unique association IDs if wrapped. <hart@ntp.org>
110 * Simplify calc_addr_distance(). <hart@ntp.org>
111 * Clamp min/maxpoll in edge cases in newpeer(). <hart@ntp.org>
112 * Quiet local addr change logging when unpeering. <hart@ntp.org>
114 send_blocking_resp_internal(). <hart@ntp.org>
115 * Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org>
117 discarding const qualifiers with OpenSSL 3. <hart@ntp.org>
118 * Display KoD refid as text in recently added message. <hart@ntp.org>
120 files have changed. <hart@ntp.org>
121 * Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
122 * Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
123 * Add build test coverage for --disable-saveconfig to flock-build script.
124 <hart@ntp.org>
125 * Remove deprecated configure --with-arlib option. <hart@ntp.org>
126 * Remove configure support for ISC UNIX ca. 1998. <hart@ntp.org>
128 to NTP_LIBNTP. <hart@ntp.org>
129 * Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. <hart@ntp.org>
130 * Eliminate [v]snprintf redefinition warnings on macOS. <hart@ntp.org>
131 * Fix clang 14 cast increases alignment warning on Linux. <hart@ntp.org>
133 <hart@ntp.org>
134 * Use NTP_HARD_CPPFLAGS in libopts tearoff. <hart@ntp.org>
135 * wire in --enable-build-framework-help
137 ---
146 - fixes 3 bugs, including a regression
147 - adds new unit tests
152 event_sync. Reported by Edward McGuire. <hart@ntp.org>
154 <hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16.
158 problem. <hart@ntp.org>
162 ---
171 - fixes 4 vulnerabilities (3 LOW and 1 None severity),
172 - fixes 46 bugs
173 - includes 15 general improvements
174 - adds support for OpenSSL-3.0
178 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
182 - solved numerically instead of using string manipulation
186 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
188 <hart@ntp.org>
189 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
190 OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org>
191 * [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
192 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
193 * [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
195 disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
197 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
198 * [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
199 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
200 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
201 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
202 <hart@ntp.org>
203 * [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
204 * [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
205 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
207 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
209 * [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
211 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
212 - openssl applink needed again for openSSL-1.1.1
214 Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
216 - command line options override config statements where applicable
217 - make initial frequency settings idempotent and reversible
218 - make sure kernel PLL gets a recovered drift componsation
221 - misleading title; essentially a request to ignore the receiver status.
224 - original patch by Richard Schmidt, with mods & unit test fixes
226 - implement/wrap 'realpath()' to resolve symlinks in device names
228 - original patch by matt<ntpbr@mattcorallo.com>
229 - increased max PDU size to 4k to avoid truncation
231 - patch by Frank Kardel
232 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
233 - ntp{q,dc} now use the same password processing as ntpd does in the key
238 - patch by Gerry Garvey
240 - original patch by Gerry Garvey
242 - original patch by Gerry Garvey
244 - applied patches by Gerry Garvey
245 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
247 - idea+patch by Gerry Garvey
250 - follow-up: fix inverted sense in check, reset shortfall counter
251 * [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
252 * [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
253 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
255 - applied patch by Gerry Garvey
257 - backport from -dev, plus some more work on warnings for unchecked results
259 Reported by Israel G. Lugo. <hart@ntp.org>
262 Integrated patch from Brian Utterback. <hart@ntp.org>
263 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
265 * Use correct rounding in mstolfp(). perlinger/hart
266 * M_ADDF should use u_int32. <hart@ntp.org>
268 * Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
273 * Rename a poorly-named variable. <stenn@ntp.org>
278 * upgrade to: autogen-5.18.16
279 * upgrade to: libopts-42.1.17
280 * upgrade to: autoconf-2.71
281 * upgrade to: automake-1.16.15
282 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
283 * Support OpenSSL-3.0
285 ---
301 - Thanks to Sylar Tao
303 - rewrite 'decodenetnum()' in terms of inet_pton
305 - limit number of receive buffers, with an iron reserve for refclocks
309 - integrated patch from Charles Claggett
314 - fix by Gerry garvey
316 - thanks to Gerry Garvey
318 - patch by Gerry Garvey
320 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
321 - applied patch by Takao Abe
323 ---
340 - Reported by Philippe Antoine
342 - Reported by Miroslav Lichvar
344 - Reported by Miroslav Lichvar
349 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
350 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
351 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
352 - integrated patch by Cy Schubert
354 - applied patch by Gerry Garvey
356 - applied patch by Gerry Garvey
358 - integrated patch by Richard Steedman
361 - Reported by Martin Burnicki
362 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
363 - Reported by Philippe Antoine
365 - officially document new "trust date" mode bit for NMEA driver
366 - restore the (previously undocumented) "trust date" feature lost with [bug 3577]
367 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
368 - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
370 - removed ffs() and fls() prototypes as per Brian Utterback
373 - fixed byte and paramter order as suggested by wei6410@sina.com
375 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
376 - added padding as suggested by John Paul Adrian Glaubitz
381 - stdout+stderr are set to line buffered during test setup now
383 - set clock to base date if system time is before that limit
385 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
386 - Reported by Paulo Neves
388 - also updates for refclock_nmea.c and refclock_jupiter.c
393 - sidekick: service port resolution in 'ntpdate'
395 - applied patch by Douglas Royds
398 - applied patch by Gerry Garvey
399 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
400 - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
401 - fix wrong cond-compile tests in unit tests
404 - patch by Philipp Prindeville
406 - patch by Philipp Prindeville
408 - patch by Philipp Prindeville
410 - partial application of patch by Philipp Prindeville
412 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
414 - applied (modified) patch by Richard Steedman
416 - applied patch by Gerry Garvey (with minor formatting changes)
418 - applied patch by Miroslav Lichvar
422 is specified with -u <perlinger@ntp.org>
423 - monitor daemon child startup & propagate exit codes
425 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
431 ---
445 - reported by Magnus Stubman
447 - applied patch by Ian Lepore
449 - isolate and fix linux/windows specific code issue
451 - provide better function for incremental string formatting
453 - applied patch by Gerry Garvey
455 - original finding by Gerry Garvey, additional cleanup needed
457 - patch by Christous Zoulas
459 - finding by Chen Jiabin, plus another one by me
461 - applied patch by Maciej Szmigiero
463 - applied patch by Andre Charbonneau
465 - applied patch by Baruch Siach
466 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
467 - applied patch by Baruch Siach
469 - refactored handling of GPS era based on 'tos basedate' for
472 - patch by Daniel J. Luke; this does not fix a potential linker
474 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
476 - --enable-bug3527-fix support by HStenn
478 - applied patch by Gerry Garvey
480 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
482 - this is a variant of [bug 3558] and should be fixed with it
483 * Implement 'configure --disable-signalled-io'
485 --
493 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
502 [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
504 - applied patch by Ian Lepore <perlinger@ntp.org>
506 - changed interaction with SCM to signal pending startup
508 - applied patch by Gerry Garvey
510 - applied patch by Gerry Garvey
512 - rework of ntpq 'nextvar()' key/value parsing
513 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
514 - applied patch by Gerry Garvey (with mods)
516 - applied patch by Gerry Garvey
518 - applied patch by Gerry Garvey (with mods)
520 - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
522 - applied patch by Gerry Garvey
524 - applied patch by Gerry Garvey
526 - add #define ENABLE_CMAC support in configure. HStenn.
529 - patch by Stephen Friedl
531 - fixed IO redirection and CTRL-C handling in ntq and ntpdc
534 - initial patch by Hal Murray; also fixed refclock_report() trouble
537 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
538 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
539 - applied patch by Gerry Garvey
541 - applied patch by Gerry Garvey
546 - applied patch by Miroslav Lichvar
547 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
549 - integrated patch by Reinhard Max
551 - applied patches by Christos Zoulas, including real bug fixes
554 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
556 --
563 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
564 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
565 provides 65 other non-security fixes and improvements:
570 References: Sec 3454 / CVE-2018-7185 / VU#961909
571 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
577 The NTP Protocol allows for both non-authenticated and
581 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
583 allows a non-authenticated zero-origin (reset) packet to reset
585 can send a packet with a zero-origin timestamp and the source
589 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
590 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
593 Implement BCP-38.
601 If ntpd stops running, auto-restart it without -g .
608 References: Sec 3453 / CVE-2018-7184 / VU#961909
609 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
612 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
618 third-party can inject a packet with a zero-origin timestamp,
625 Implement BCP-38.
626 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
631 If ntpd stops running, auto-restart it without -g .
638 References: Sec 3415 / CVE-2018-7170 / VU#961909
639 Sec 3012 / CVE-2016-1549 / VU#718152
640 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
642 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
643 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
647 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
649 -- i.e. one where the attacker knows the private symmetric key --
650 can create arbitrarily-many ephemeral associations in order to win
652 additional protections are offered in ntp-4.2.8p11. One is the
659 Implement BCP-38.
660 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
670 If ntpd stops running, auto-restart it without -g .
677 References: Sec 3414 / CVE-2018-7183 / VU#961909
678 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
683 is an internal function of ntpq that is used to -- wait for it --
686 maliciously-altered ntpd returns an array result that will trip this
692 Implement BCP-38.
693 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
696 This weakness was discovered by Michael Macnair of Thales e-Security.
701 References: Sec 3412 / CVE-2018-7182 / VU#961909
702 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
703 CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
704 CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
712 Implement BCP-38.
713 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
717 If ntpd stops running, auto-restart it without -g .
725 References: Sec 3012 / CVE-2016-1549 / VU#718152
726 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
728 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
729 CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
733 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
735 authenticated peer -- i.e. one where the attacker knows the
736 private symmetric key -- can create arbitrarily-many ephemeral
739 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
744 Implement BCP-38.
760 - applied patch by Sean Haugh
763 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
764 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
765 - refactoring the MAC code, too
768 - applied patch by ggarvey
770 - applied patch by ggarvey (with minor mods)
772 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
774 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
776 - fixed several issues with hash algos in ntpd, sntp, ntpq,
779 - initial patch by Daniel Pouzzner
784 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
785 - raised receive buffer size to 1200 <perlinger@ntp.org>
788 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
790 - fix/drop assumptions on OpenSSL libs directory layout
791 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
792 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
794 - patch contributed by Alexander Bluhm
799 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
801 - increased mimimum stack size to 32kB <perlinger@ntp.org>
803 - reverted handling of PPS kernel consumer to 4.2.6 behavior
804 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
807 - fixed location counter & ntpq output <perlinger@ntp.org>
810 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
812 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
822 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
825 update-leap: updates from Paul McMath.
826 When using pkg-config, report --modversion. HStenn.
828 sntp: show the IP of who sent us a crypto-NAK. HStenn.
830 authistrustedip() - use it in more places. HStenn, JPerlinger.
849 * update-leap needs the following perl modules:
854 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
860 - restrict ... noepeer
861 - restrict ... ippeerlimit N
868 apply to explicitly-configured associations. A value of -1, the current
881 --
888 This release fixes 5 medium-, 6 low-, and 4 informational-severity
889 vulnerabilities, and provides 15 other non-security fixes and improvements:
891 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
893 References: Sec 3389 / CVE-2017-6464 / VU#325339
894 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
895 ntp-4.3.0 up to, but not including ntp-4.3.94.
903 Implement BCP-38.
906 Properly monitor your ntpd instances, and auto-restart
907 ntpd (without -g) if it stops running.
911 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
913 References: Sec 3388 / CVE-2017-6462 / VU#325339
914 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
930 Properly monitor your ntpd instances, and auto-restart
931 ntpd (without -g) if it stops running.
935 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
937 References: Sec 3387 / CVE-2017-6463 / VU#325339
938 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
939 ntp-4.3.0 up to, but not including ntp-4.3.94.
949 Implement BCP-38.
952 Properly monitor your ntpd instances, and auto-restart
953 ntpd (without -g) if it stops running.
957 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
960 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
961 ntp-4.3.0 up to, but not including ntp-4.3.94.
976 Implement BCP-38.
979 Properly monitor your ntpd instances, and auto-restart
980 ntpd (without -g) if it stops running.
984 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
987 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
988 ntp-4.3.0 up to, but not including ntp-4.3.94.
999 the oreallocarray() function for which a further number-of-elements
1010 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
1013 References: Sec 3384 / CVE-2017-6455 / VU#325339
1014 Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
1015 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
1016 including ntp-4.3.94.
1028 Implement BCP-38.
1034 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
1037 References: Sec 3383 / CVE-2017-6452 / VU#325339
1038 Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
1039 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
1040 to, but not including ntp-4.3.94.
1060 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
1063 References: Sec 3382 / CVE-2017-6459 / VU#325339
1064 Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
1065 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
1066 up to, but not including ntp-4.3.94.
1077 call to RegSetValueEx() claims to be passing in a multi-string
1085 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
1093 code-gadget-based branch-flow redirection exploits. Analogically,
1133 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
1136 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1137 ntp-4.3.0 up to, but not including ntp-4.3.94.
1147 Properly monitor your ntpd instances, and auto-restart
1148 ntpd (without -g) if it stops running.
1152 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
1154 References: Sec 3379 / CVE-2017-6458 / VU#325339
1155 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1156 ntp-4.3.0 up to, but not including ntp-4.3.94.
1165 long variable names in ntpd (longer than 200-512 bytes, depending
1169 Implement BCP-38.
1173 longer than 200-512 bytes in your ntp.conf file.
1174 Properly monitor your ntpd instances, and auto-restart
1175 ntpd (without -g) if it stops running.
1179 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
1181 References: Sec 3378 / CVE-2017-6451 / VU#325339
1182 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1183 ntp-4.3.0 up to, but not including ntp-4.3.94.
1190 and vsnprintf() incorrectly, which can lead to an out-of-bounds
1195 allocated buffer space. This results in an out-of-bound memory
1206 Properly monitor your ntpd instances, and auto-restart
1207 ntpd (without -g) if it stops running.
1211 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
1214 References: Sec 3377 / CVE-2017-6460 / VU#325339
1215 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
1216 ntp-4.3.0 up to, but not including ntp-4.3.94.
1225 will be copied into a fixed-size buffer, leading to an overflow on
1226 the function's stack-frame. Note well that this problem requires
1238 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
1241 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1242 ntp-4.3.0 up to, but not including ntp-4.3.94.
1249 flags for their builds. As of ntp-4.2.8p10, the NTP build
1250 system has a way to provide OS-specific hardening flags. Please
1258 Implement BCP-38.
1261 Properly monitor your ntpd instances, and auto-restart
1262 ntpd (without -g) if it stops running.
1268 References: Sec 3361 / CVE-2016-9042 / VU#325339
1269 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
1282 Implement BCP-38.
1287 Properly monitor your ntpd instances, and auto-restart
1288 ntpd (without -g) if it stops running.
1294 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
1295 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
1296 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
1299 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
1300 - original patch by Majdi S. Abbas
1303 - initial patch by Christos Zoulas
1305 - move loader API from 'inline' to proper source
1306 - augment pathless dlls with absolute path to NTPD
1307 - use 'msyslog()' instead of 'printf() 'for reporting trouble
1309 - applied patch by Matthew Van Gundy
1311 - applied some of the patches provided by Havard. Not all of them
1314 - applied patch by Reinhard Max. See bugzilla for limitations.
1316 - fixed dependency inversion from [Bug 2837]
1318 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
1319 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
1320 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
1321 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
1322 - Fixed these and some more locations of this pattern.
1326 --
1327 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
1330 - added missed changeset for automatic openssl lib detection
1331 - fixed some minor warning issues
1336 --
1344 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
1345 5 low-severity vulnerabilities, and provides 28 other non-security
1350 References: Sec 3119 / CVE-2016-9311 / VU#633847
1351 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1352 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1361 Implement BCP-38.
1366 Properly monitor your ntpd instances, and auto-restart ntpd
1367 (without -g) if it stops running.
1372 References: Sec 3118 / CVE-2016-9310 / VU#633847
1373 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1374 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1380 long-standing BCP recommendations, "restrict default noquery ..."
1387 Implement BCP-38.
1391 Properly monitor your ntpd instances, and auto-restart ntpd
1392 (without -g) if it stops running.
1397 References: Sec 3114 / CVE-2016-7427 / VU#633847
1398 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1399 ntp-4.3.90 up to, but not including ntp-4.3.94.
1413 Implement BCP-38.
1416 Properly monitor your ntpd instances, and auto-restart ntpd
1417 (without -g) if it stops running.
1422 References: Sec 3113 / CVE-2016-7428 / VU#633847
1423 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1424 ntp-4.3.90 up to, but not including ntp-4.3.94
1442 Implement BCP-38.
1445 Properly monitor your ntpd instances, and auto-restart ntpd
1446 (without -g) if it stops running.
1451 References: Sec 3110 / CVE-2016-9312 / VU#633847
1452 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
1453 and ntp-4.3.0 up to, but not including ntp-4.3.94.
1460 Implement BCP-38.
1463 Properly monitor your ntpd instances, and auto-restart ntpd
1464 (without -g) if it stops running.
1469 References: Sec 3102 / CVE-2016-7431 / VU#633847
1470 Affects: ntp-4.2.8p8, and ntp-4.3.93.
1475 ntp-4.2.8p6. However, subsequent timestamp validation checks
1479 Implement BCP-38.
1482 Properly monitor your ntpd instances, and auto-restart ntpd
1483 (without -g) if it stops running.
1489 References: Sec 3082 / CVE-2016-7434 / VU#633847
1490 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
1491 ntp-4.3.0 up to, but not including ntp-4.3.94.
1500 Implement BCP-38.
1503 Properly monitor your ntpd instances, and auto-restart ntpd
1504 (without -g) if it stops running.
1509 References: Sec 3072 / CVE-2016-7429 / VU#633847
1510 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1511 ntp-4.3.0 up to, but not including ntp-4.3.94
1529 Implement BCP-38.
1535 Properly monitor your ntpd instances, and auto-restart ntpd
1536 (without -g) if it stops running.
1541 References: Sec 3071 / CVE-2016-7426 / VU#633847
1542 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
1543 ntp-4.3.0 up to, but not including ntp-4.3.94
1557 brute-force attacks on the origin timestamp, it allows this DoS
1561 Implement BCP-38.
1564 Properly monitor your ntpd instances, and auto-restart ntpd
1565 (without -g) if it stops running.
1570 References: Sec 3067 / CVE-2016-7433 / VU#633847
1571 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1572 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
1573 root-distance calculation in general is incorrect in all versions
1574 of ntp-4 until this release.
1580 to a misinterpretation of a small-print variable in The Book, the
1588 Properly monitor your ntpd instances, and auto-restart ntpd
1589 (without -g) if it stops running.
1598 - moved retry decision where it belongs. <perlinger@ntp.org>
1600 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
1603 - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
1605 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
1606 - added shim layer for SSL API calls with issues (both directions)
1608 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
1609 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
1611 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
1614 - PPS-HACK works again.
1616 - applied patch by Brian Utterback <brian.utterback@oracle.com>
1620 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
1621 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
1622 - Patch provided by Kuramatsu.
1624 - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
1629 - fixed GPS week expansion to work based on build date. Special thanks
1632 - fixed Makefile.am <perlinger@ntp.org>
1635 - make sure PPS source is alive before processing samples
1636 - improve stability close to the 500ms phase jump (phase gate)
1641 * remove locks in Windows IO, use rpc-like thread synchronisation instead
1643 ---
1651 following 1 high- and 4 low-severity vulnerabilities:
1655 References: Sec 3046 / CVE-2016-4957 / VU#321640
1656 Affects: ntp-4.2.8p7, and ntp-4.3.92.
1659 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
1662 Implement BCP-38.
1667 Properly monitor your ntpd instances, and auto-restart ntpd
1668 (without -g) if it stops running.
1673 References: Sec 3045 / CVE-2016-4953 / VU#321640
1674 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1675 ntp-4.3.0 up to, but not including ntp-4.3.93.
1679 spoofed packet containing a CRYPTO-NAK to an ephemeral peer
1683 Implement BCP-38.
1691 References: Sec 3044 / CVE-2016-4954 / VU#321640
1692 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1693 ntp-4.3.0 up to, but not including ntp-4.3.93.
1701 Implement BCP-38.
1709 References: Sec 3043 / CVE-2016-4955 / VU#321640
1710 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1711 ntp-4.3.0 up to, but not including ntp-4.3.93.
1720 Implement BCP-38.
1728 References: Sec 3042 / CVE-2016-4956 / VU#321640
1729 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1730 ntp-4.3.0 up to, but not including ntp-4.3.93.
1736 Implement BCP-38.
1744 - provide build environment
1745 - 'wint_t' and 'struct timespec' defined by VS2015
1746 - fixed print()/scanf() format issues
1749 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
1751 * Fix typo in ntp-wait and plot_summary. HStenn.
1755 ---
1763 available, --enable-dynamic-interleave. More information on this below.
1765 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
1773 following 9 low- and medium-severity vulnerabilities:
1776 AKA: authdecrypt-timing
1778 References: Sec 2879 / CVE-2016-1550
1779 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1781 CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
1782 CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1785 for a local or perhaps LAN-based attacker to send a packet with
1796 References: Sec 2945 / Sec 2901 / CVE-2015-8138
1797 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1802 References: Sec 2952 / CVE-2015-7704
1803 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1805 CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1806 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
1809 Implement BCP-38.
1817 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
1819 References: Sec 3007 / CVE-2016-1547 / VU#718152
1820 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1822 CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1823 CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1824 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
1825 off-path attacker can cause a preemptable client association to
1835 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
1838 ntp-4.2.8p7.
1840 Implement BCP-38.
1849 References: Sec 3008 / CVE-2016-2519
1850 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1852 CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1853 CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1868 Implement BCP-38.
1877 References: Sec 3009 / CVE-2016-2518 / VU#718152
1878 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1880 CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
1881 CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
1884 out-of-bounds reference.
1886 Implement BCP-38.
1896 References: Sec 3010 / CVE-2016-2517 / VU#718152
1897 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1899 CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1900 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1909 Implement BCP-38.
1918 References: Sec 3011 / CVE-2016-2516 / VU#718152
1919 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1921 CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
1922 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1930 Implement BCP-38.
1939 References: Sec 3020 / CVE-2016-1551
1942 By "very limited number of OSes" we mean no general-purpose OSes
1944 CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
1945 CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1953 Implement martian packet filtering and BCP-38.
1971 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
1972 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1976 References: Sec 2936 / CVE-2015-7974
1977 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1983 * Interleave-pivot
1985 References: Sec 2978 / CVE-2016-1548
1986 Affects: All ntp-4 releases.
1987 CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
1988 CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1993 timestamp that matches the peer->dst timestamp recorded for that
1999 Implement BCP-38.
2010 References: Sec 3012 / CVE-2016-1549
2011 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
2013 CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
2014 CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
2016 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
2018 a malicious authenticated peer can create arbitrarily-many
2022 Implement BCP-38.
2031 - fixed yet another race condition in the threaded resolver code.
2034 - integrated patches by Loganaden Velvidron <logan@ntp.org>
2040 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
2042 - Patch provided by Ch. Weisgerber
2043 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
2044 - A change related to [Bug 2853] forbids trailing white space in
2047 - report and patch from Aleksandr Kostikov.
2048 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
2050 - fixed memory leak in access list (auth[read]keys.c)
2051 - refactored handling of key access lists (auth[read]keys.c)
2052 - reduced number of error branches (authreadkeys.c)
2057 - Check the initial delay calculation and reject/unpeer the broadcast
2081 characteristics that are compatible with interleave mode, NTP will
2090 --enable-dynamic-interleave
2094 default in ntp-4.2.8p7.
2096 ---
2104 following 1 low- and 8 medium-severity vulnerabilities:
2108 References: Sec 2548 / CVE-2015-8158
2109 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2111 CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2112 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2133 References: Sec 2945 / CVE-2015-8138
2134 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2136 CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
2137 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2138 (3.7 - LOW if you score AC:L)
2155 References: Sec 2940 / CVE-2015-7978
2156 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2158 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2162 Implement BCP-38.
2166 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2175 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
2177 References: Sec 2942 / CVE-2015-7979
2178 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2181 Summary: An off-path attacker can send broadcast packets with bad
2187 Implement BCP-38.
2199 References: Sec 2939 / CVE-2015-7977
2200 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2202 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2206 Implement BCP-38.
2221 References: Sec 2938 / CVE-2015-7976
2222 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2224 CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
2233 Implement BCP-38.
2237 build NTP with 'configure --disable-saveconfig' if you will
2243 'saveconfig' requests are logged to syslog - monitor your syslog files.
2248 References: Sec 2937 / CVE-2015-7975
2249 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2251 CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
2257 The usual worst-case effect of this vulnerability is that the
2271 References: Sec 2936 / CVE-2015-7974
2272 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2283 an enhancement request, and ntp-4.2.8p6 includes other checks and
2287 Implement BCP-38.
2294 addresses, however other changes in ntp-4.2.8p6 provide
2305 in the shared-key group.
2311 References: Sec 2935 / CVE-2015-7973
2312 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2314 CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
2316 either a man-in-the-middle attacker or a malicious participant
2319 Implement BCP-38.
2332 - applied patch by shenpeng11@huawei.com with minor adjustments
2337 - Found this already fixed, but validation led to cleanup actions.
2339 - added limits to stack consumption, fixed some return code handling
2341 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2342 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
2344 - integrated several patches from Havard Eidnes (he@uninett.no)
2346 - implement 'auth_log2()' using integer bithack instead of float calculation
2349 ---
2357 following medium-severity vulnerability:
2359 * Small-step/big-step. Close the panic gate earlier.
2360 References: Sec 2956, CVE-2015-5300
2361 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
2364 Summary: If ntpd is always started with the -g option, which is
2365 common and against long-standing recommendation, and if at the
2374 value if and only if ntpd was re-started against long-standing
2375 recommendation with the -g flag, or if ntpd was not given the
2376 -g flag, the attacker can move the target system's time by at
2382 As we've long documented, only use the -g option to ntpd in
2383 cold-start situations.
2388 NOTE WELL: The -g flag disables the limit check on the panic_gate
2391 check was only re-enabled after the first change to the system
2394 re-enabled after any initial time correction.
2412 the newly-written Unity test programs. These were fixed.
2414 * [Bug 2887] stratum -1 config results as showing value 99
2415 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
2417 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
2419 - applied patch by Christos Zoulas. perlinger@ntp.org
2420 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
2422 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
2423 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
2425 - accept key file only if there are no parsing errors
2426 - fixed size_t/u_int format clash
2427 - fixed wrong use of 'strlcpy'
2430 - fixed several other warnings (cast-alignment, missing const, missing prototypes)
2431 - promote use of 'size_t' for values that express a size
2432 - use ptr-to-const for read-only arguments
2433 - make sure SOCKET values are not truncated (win32-specific)
2434 - format string fixes
2437 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
2441 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2442 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
2444 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
2449 ---
2457 following 13 low- and medium-severity vulnerabilities:
2462 References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
2463 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2466 Summary: The fix for CVE-2014-9750 was incomplete in that there were
2479 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
2480 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2482 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
2483 Summary: An ntpd client that honors Kiss-of-Death responses will honor
2497 Implement BCP-38.
2502 for the time. This mitigation is heavy-handed.
2513 References: Sec 2902 / CVE-2015-5196
2514 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2524 Implement BCP-38.
2530 - an explicitly configured trustedkey, and you should also
2532 - access from a permitted IP. You choose the IPs.
2533 - authentication. Don't disable it. Practice secure key safety.
2539 References: Sec 2909 / CVE-2015-7701
2540 Affects: All ntp-4 releases that use autokey up to, but not
2556 References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
2557 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2567 Implement BCP-38.
2571 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2582 References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
2583 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2593 Implement BCP-38.
2608 References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
2609 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2622 Implement BCP-38.
2637 References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
2638 Affects: All ntp-4 releases running under VMS up to, but not
2648 Implement BCP-38.
2662 References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
2663 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
2673 Implement BCP-38.
2688 References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
2689 Affects: Potentially all ntp-4 releases running up to, but not
2714 References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
2715 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2727 Implement BCP-38.
2743 References: Sec 2922 / CVE-2015-7855
2744 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2752 Implement BCP-38.
2766 crypto-NAK.
2768 References: Sec 2941 / CVE-2015-7871
2769 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
2772 Summary: Crypto-NAK packets can be used to cause ntpd to accept time
2775 vulnerability appears to have been introduced in ntp-4.2.5p186
2777 associations (lines 1103-1165) was refactored.
2779 Implement BCP-38.
2788 Backward-Incompatible changes:
2789 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
2791 the default value has been changed to -1 (do not lock ntpd into
2802 * 'rlimit memlock' now has finer-grained control. A value of -1 means
2825 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
2831 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
2833 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
2842 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
2852 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
2880 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
2901 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
2906 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
2907 * br-flock: --enable-local-libevent. Harlan Stenn.
2909 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
2918 * Changed progname to be const in many files - now it's consistent. Tomasz
2926 * Retire google test - phase I. Harlan Stenn.
2941 * Implement --enable-problem-tests (on by default). Harlan Stenn.
2944 ---
2947 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
2964 This vulnerability is considered low-risk.
2980 the existing google-test items to this new framework. If you want
2988 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
2991 * [Bug 2590] autogen-5.18.5.
2995 * [Bug 2745] ntpd -x steps clock on leap second
2996 Fixed an initial-value problem that caused misbehaviour in absence of
3011 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
3022 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
3023 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
3026 * [Bug 2824] Convert update-leap to perl. (also see 2769)
3035 * [Bug 2832] refclock_jjy.c supports the TDC-300.
3061 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
3068 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
3086 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
3093 ---
3101 following medium-severity vulnerabilities involving private key
3106 References: Sec 2779 / CVE-2015-1798 / VU#374268
3107 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
3108 including ntp-4.2.8p2 where the installation uses symmetric keys
3136 References: Sec 2781 / CVE-2015-1799 / VU#374268
3138 not including ntp-4.2.8p2 where the installation uses symmetric
3152 a known denial-of-service attack, described at
3166 An update to the NTP RFC to correct this error is in-process.
3171 is simply a long-known potential problem.
3176 * New script: update-leap
3177 The update-leap script will verify and if necessary, update the
3178 leap-second definition file.
3190 * [Bug 2728] See if C99-style structure initialization works.
3191 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
3192 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
3198 * [Bug 2766] ntp-keygen output files should not be world-readable.
3199 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
3202 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
3203 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
3205 Removed non-ASCII characters from some copyright comments.
3208 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
3212 Modified creation of parse-specific variables for Meinberg devices
3234 ---
3242 following high-severity vulnerabilities:
3247 References: Sec 2671 / CVE-2014-9297 / VU#852879
3254 Mitigation - any of:
3268 References: Sec 2672 / CVE-2014-9298 / VU#852879
3274 from "appearing" on non-localhost IPv4 interfaces, some kernels
3281 have one of these OSes where ::1 can be spoofed, ALL ::1 -based
3294 ---
3302 following high-severity vulnerabilities:
3314 References: Sec 2670 / CVE-2014-9296 / VU#852879
3316 below (which is a limited-risk vulnerability), none of the recent
3318 restricted from sending a 'query'-class packet by your ntp.conf file.
3324 References: [Sec 2665] / CVE-2014-9293 / VU#852879
3333 seeded with a 32-bit value and could only provide 32 bits of
3337 Mitigation - any of:
3338 - Upgrade to 4.2.7p11 or later.
3339 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3341 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
3344 * Non-cryptographic random number generator with weak seed used by
3345 ntp-keygen to generate symmetric keys.
3347 References: [Sec 2666] / CVE-2014-9294 / VU#852879
3352 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
3355 generate symmetric keys. In ntp-4.2.8 we use a current-technology
3359 Mitigation - any of:
3360 - Upgrade to 4.2.7p230 or later.
3361 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3363 Credit: This vulnerability was discovered in ntp-4.2.6 by
3368 References: Sec 2667 / CVE-2014-9295 / VU#852879
3379 Mitigation - any of:
3380 - Upgrade to 4.2.8, or later, or
3381 - Disable Autokey Authentication by removing, or commenting out,
3390 References: Sec 2668 / CVE-2014-9295 / VU#852879
3399 Mitigation - any of:
3400 - Upgrade to 4.2.8, or later.
3401 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3408 References: Sec 2669 / CVE-2014-9295 / VU#852879
3417 Mitigation - any of:
3418 - Upgrade to 4.2.8, or later.
3419 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3426 References: Sec 2670 / CVE-2014-9296 / VU#852879
3441 Mitigation - any of:
3442 - Upgrade to 4.2.8, or later,
3443 - Remove or comment out all configuration directives
3465 get a timestamp we us the "built-on" to tell us what era we are in.
3470 Dave Hart writes:
3472 For a long time, ntpq and its mostly text-based mode 6 (control)
3478 covered them all, though I've not compared command-by-command
3482 hand-rolled structure layout and byte-swapping code in both ntpd and
3486 ntpq's text-based, label=value approach involves more code reuse and
3487 allows compatible changes without extra work in most cases.
3489 Mode 7 has always been defined as vendor/implementation-specific while
3493 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
3505 ---
3519 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
3530 * Non-printable stratum 16 refid no longer sent to ntp
3542 * -n option extended to include the billboard "server" column
3545 ---
3555 clean-ups, minor bug fixes, fixes for a number of minor
3556 ref-clock issues, and documentation revisions.
3558 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
3571 * Back-ported several fixes for Coverity warnings from ntp-dev
3584 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
3600 * Backward incompatible command-line option change:
3601 -l/--filelog changed -l/--logfile (to be consistent with ntpd)
3606 * Distribute ntp-wait.html
3608 ---
3618 clean-ups, minor bug fixes, fixes for a number of minor
3619 ref-clock issues, and documentation revisions.
3651 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
3657 ntp-keygen
3658 * Fix -V coredump.
3672 * Update the MIB from the draft version to RFC-5907.
3684 ---
3694 clean-ups, minor bug fixes, fixes for a number of minor
3695 ref-clock issues, improved KOD handling, OpenSSL related
3711 * default connection to net-snmpd via a unix-domain socket
3712 * command-line 'socket name' option
3716 * key-type specific password prompts
3723 ---
3732 ---
3737 ---
3744 This release fixes the following high-severity vulnerability:
3746 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
3767 Vinokurov of Alcatel-Lucent.
3771 ---
3774 Backward-Incompatible changes:
3776 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
3777 Use '--var name' or '--dvar name' instead. (Bug 817)
3779 ---
3786 This release fixes the following high-severity vulnerability:
3788 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
3799 This release fixes the following low-severity vulnerabilities:
3801 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
3805 Credit for finding this issue goes to Dave Hart.
3817 ---
3824 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
3833 ---
3838 This release fixes a number of Windows-specific ntpd bugs and
3839 platform-independent ntpdate bugs. A logging bugfix has been applied
3850 ---
3859 a problem with non-command-line specification of -6, and allows the loopback
3862 ---
3871 ---
3883 ---
3889 conjunction with DHCP. GNU AutoGen is used for its command-line options
3892 added for some new ref-clocks and have been removed for some older
3893 ref-clocks. This release also includes other improvements, documentation
3896 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
3899 ---
3903 ---
3912 - fixes 3 bugs, including a regression
3913 - adds new unit tests
3918 event_sync. Reported by Edward McGuire. <hart@ntp.org>
3920 <hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16.
3924 problem. <hart@ntp.org>
3928 ---
3937 - fixes 4 vulnerabilities (3 LOW and 1 None severity),
3938 - fixes 46 bugs
3939 - includes 15 general improvements
3940 - adds support for OpenSSL-3.0
3944 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
3948 - solved numerically instead of using string manipulation
3952 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
3954 <hart@ntp.org>
3955 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
3956 OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org>
3957 * [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
3958 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
3959 * [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
3961 disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
3963 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
3964 * [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
3965 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
3966 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
3967 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
3968 <hart@ntp.org>
3969 * [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
3970 * [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
3971 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
3973 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
3975 * [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
3977 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
3978 - openssl applink needed again for openSSL-1.1.1
3980 Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
3982 - command line options override config statements where applicable
3983 - make initial frequency settings idempotent and reversible
3984 - make sure kernel PLL gets a recovered drift componsation
3987 - misleading title; essentially a request to ignore the receiver status.
3990 - original patch by Richard Schmidt, with mods & unit test fixes
3992 - implement/wrap 'realpath()' to resolve symlinks in device names
3994 - original patch by matt<ntpbr@mattcorallo.com>
3995 - increased max PDU size to 4k to avoid truncation
3997 - patch by Frank Kardel
3998 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
3999 - ntp{q,dc} now use the same password processing as ntpd does in the key
4004 - patch by Gerry Garvey
4006 - original patch by Gerry Garvey
4008 - original patch by Gerry Garvey
4010 - applied patches by Gerry Garvey
4011 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
4013 - idea+patch by Gerry Garvey
4016 - follow-up: fix inverted sense in check, reset shortfall counter
4017 * [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
4018 * [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
4019 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
4021 - applied patch by Gerry Garvey
4023 - backport from -dev, plus some more work on warnings for unchecked results
4025 Reported by Israel G. Lugo. <hart@ntp.org>
4028 Integrated patch from Brian Utterback. <hart@ntp.org>
4029 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
4031 * Use correct rounding in mstolfp(). perlinger/hart
4032 * M_ADDF should use u_int32. <hart@ntp.org>
4034 * Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
4039 * Rename a poorly-named variable. <stenn@ntp.org>
4044 * upgrade to: autogen-5.18.16
4045 * upgrade to: libopts-42.1.17
4046 * upgrade to: autoconf-2.71
4047 * upgrade to: automake-1.16.15
4048 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
4049 * Support OpenSSL-3.0
4051 ---
4067 - Thanks to Sylar Tao
4069 - rewrite 'decodenetnum()' in terms of inet_pton
4071 - limit number of receive buffers, with an iron reserve for refclocks
4075 - integrated patch from Charles Claggett
4080 - fix by Gerry garvey
4082 - thanks to Gerry Garvey
4084 - patch by Gerry Garvey
4086 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
4087 - applied patch by Takao Abe
4089 ---
4106 - Reported by Philippe Antoine
4108 - Reported by Miroslav Lichvar
4110 - Reported by Miroslav Lichvar
4115 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
4116 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
4117 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
4118 - integrated patch by Cy Schubert
4120 - applied patch by Gerry Garvey
4122 - applied patch by Gerry Garvey
4124 - integrated patch by Richard Steedman
4127 - Reported by Martin Burnicki
4128 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
4129 - Reported by Philippe Antoine
4131 - officially document new "trust date" mode bit for NMEA driver
4132 - restore the (previously undocumented) "trust date" feature lost with [bug 3577]
4133 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
4134 - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
4136 - removed ffs() and fls() prototypes as per Brian Utterback
4139 - fixed byte and paramter order as suggested by wei6410@sina.com
4141 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
4142 - added padding as suggested by John Paul Adrian Glaubitz
4147 - stdout+stderr are set to line buffered during test setup now
4149 - set clock to base date if system time is before that limit
4151 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
4152 - Reported by Paulo Neves
4154 - also updates for refclock_nmea.c and refclock_jupiter.c
4159 - sidekick: service port resolution in 'ntpdate'
4161 - applied patch by Douglas Royds
4164 - applied patch by Gerry Garvey
4165 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
4166 - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
4167 - fix wrong cond-compile tests in unit tests
4170 - patch by Philipp Prindeville
4172 - patch by Philipp Prindeville
4174 - patch by Philipp Prindeville
4176 - partial application of patch by Philipp Prindeville
4178 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
4180 - applied (modified) patch by Richard Steedman
4182 - applied patch by Gerry Garvey (with minor formatting changes)
4184 - applied patch by Miroslav Lichvar
4188 is specified with -u <perlinger@ntp.org>
4189 - monitor daemon child startup & propagate exit codes
4191 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
4197 ---
4211 - reported by Magnus Stubman
4213 - applied patch by Ian Lepore
4215 - isolate and fix linux/windows specific code issue
4217 - provide better function for incremental string formatting
4219 - applied patch by Gerry Garvey
4221 - original finding by Gerry Garvey, additional cleanup needed
4223 - patch by Christous Zoulas
4225 - finding by Chen Jiabin, plus another one by me
4227 - applied patch by Maciej Szmigiero
4229 - applied patch by Andre Charbonneau
4231 - applied patch by Baruch Siach
4232 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
4233 - applied patch by Baruch Siach
4235 - refactored handling of GPS era based on 'tos basedate' for
4238 - patch by Daniel J. Luke; this does not fix a potential linker
4240 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
4242 - --enable-bug3527-fix support by HStenn
4244 - applied patch by Gerry Garvey
4246 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
4248 - this is a variant of [bug 3558] and should be fixed with it
4249 * Implement 'configure --disable-signalled-io'
4251 --
4259 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
4268 [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
4270 - applied patch by Ian Lepore <perlinger@ntp.org>
4272 - changed interaction with SCM to signal pending startup
4274 - applied patch by Gerry Garvey
4276 - applied patch by Gerry Garvey
4278 - rework of ntpq 'nextvar()' key/value parsing
4279 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
4280 - applied patch by Gerry Garvey (with mods)
4282 - applied patch by Gerry Garvey
4284 - applied patch by Gerry Garvey (with mods)
4286 - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
4288 - applied patch by Gerry Garvey
4290 - applied patch by Gerry Garvey
4292 - add #define ENABLE_CMAC support in configure. HStenn.
4295 - patch by Stephen Friedl
4297 - fixed IO redirection and CTRL-C handling in ntq and ntpdc
4300 - initial patch by Hal Murray; also fixed refclock_report() trouble
4303 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
4304 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
4305 - applied patch by Gerry Garvey
4307 - applied patch by Gerry Garvey
4312 - applied patch by Miroslav Lichvar
4313 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
4315 - integrated patch by Reinhard Max
4317 - applied patches by Christos Zoulas, including real bug fixes
4320 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
4322 --
4329 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
4330 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
4331 provides 65 other non-security fixes and improvements:
4336 References: Sec 3454 / CVE-2018-7185 / VU#961909
4337 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
4343 The NTP Protocol allows for both non-authenticated and
4347 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
4349 allows a non-authenticated zero-origin (reset) packet to reset
4351 can send a packet with a zero-origin timestamp and the source
4355 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
4356 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
4359 Implement BCP-38.
4367 If ntpd stops running, auto-restart it without -g .
4374 References: Sec 3453 / CVE-2018-7184 / VU#961909
4375 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
4378 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4384 third-party can inject a packet with a zero-origin timestamp,
4391 Implement BCP-38.
4392 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4397 If ntpd stops running, auto-restart it without -g .
4404 References: Sec 3415 / CVE-2018-7170 / VU#961909
4405 Sec 3012 / CVE-2016-1549 / VU#718152
4406 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4408 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4409 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
4413 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
4415 -- i.e. one where the attacker knows the private symmetric key --
4416 can create arbitrarily-many ephemeral associations in order to win
4418 additional protections are offered in ntp-4.2.8p11. One is the
4425 Implement BCP-38.
4426 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4436 If ntpd stops running, auto-restart it without -g .
4443 References: Sec 3414 / CVE-2018-7183 / VU#961909
4444 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4449 is an internal function of ntpq that is used to -- wait for it --
4452 maliciously-altered ntpd returns an array result that will trip this
4458 Implement BCP-38.
4459 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4462 This weakness was discovered by Michael Macnair of Thales e-Security.
4467 References: Sec 3412 / CVE-2018-7182 / VU#961909
4468 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4469 CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
4470 CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4478 Implement BCP-38.
4479 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4483 If ntpd stops running, auto-restart it without -g .
4491 References: Sec 3012 / CVE-2016-1549 / VU#718152
4492 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4494 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4495 CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4499 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
4501 authenticated peer -- i.e. one where the attacker knows the
4502 private symmetric key -- can create arbitrarily-many ephemeral
4505 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
4510 Implement BCP-38.
4526 - applied patch by Sean Haugh
4529 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
4530 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
4531 - refactoring the MAC code, too
4534 - applied patch by ggarvey
4536 - applied patch by ggarvey (with minor mods)
4538 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
4540 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
4542 - fixed several issues with hash algos in ntpd, sntp, ntpq,
4545 - initial patch by Daniel Pouzzner
4550 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
4551 - raised receive buffer size to 1200 <perlinger@ntp.org>
4554 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
4556 - fix/drop assumptions on OpenSSL libs directory layout
4557 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
4558 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
4560 - patch contributed by Alexander Bluhm
4565 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
4567 - increased mimimum stack size to 32kB <perlinger@ntp.org>
4569 - reverted handling of PPS kernel consumer to 4.2.6 behavior
4570 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
4573 - fixed location counter & ntpq output <perlinger@ntp.org>
4576 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
4578 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
4588 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
4591 update-leap: updates from Paul McMath.
4592 When using pkg-config, report --modversion. HStenn.
4594 sntp: show the IP of who sent us a crypto-NAK. HStenn.
4596 authistrustedip() - use it in more places. HStenn, JPerlinger.
4615 * update-leap needs the following perl modules:
4620 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
4626 - restrict ... noepeer
4627 - restrict ... ippeerlimit N
4634 apply to explicitly-configured associations. A value of -1, the current
4647 --
4654 This release fixes 5 medium-, 6 low-, and 4 informational-severity
4655 vulnerabilities, and provides 15 other non-security fixes and improvements:
4657 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
4659 References: Sec 3389 / CVE-2017-6464 / VU#325339
4660 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
4661 ntp-4.3.0 up to, but not including ntp-4.3.94.
4669 Implement BCP-38.
4672 Properly monitor your ntpd instances, and auto-restart
4673 ntpd (without -g) if it stops running.
4677 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
4679 References: Sec 3388 / CVE-2017-6462 / VU#325339
4680 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
4696 Properly monitor your ntpd instances, and auto-restart
4697 ntpd (without -g) if it stops running.
4701 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
4703 References: Sec 3387 / CVE-2017-6463 / VU#325339
4704 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
4705 ntp-4.3.0 up to, but not including ntp-4.3.94.
4715 Implement BCP-38.
4718 Properly monitor your ntpd instances, and auto-restart
4719 ntpd (without -g) if it stops running.
4723 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
4726 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4727 ntp-4.3.0 up to, but not including ntp-4.3.94.
4742 Implement BCP-38.
4745 Properly monitor your ntpd instances, and auto-restart
4746 ntpd (without -g) if it stops running.
4750 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
4753 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4754 ntp-4.3.0 up to, but not including ntp-4.3.94.
4765 the oreallocarray() function for which a further number-of-elements
4776 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
4779 References: Sec 3384 / CVE-2017-6455 / VU#325339
4780 Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
4781 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
4782 including ntp-4.3.94.
4794 Implement BCP-38.
4800 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
4803 References: Sec 3383 / CVE-2017-6452 / VU#325339
4804 Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
4805 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
4806 to, but not including ntp-4.3.94.
4826 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
4829 References: Sec 3382 / CVE-2017-6459 / VU#325339
4830 Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
4831 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
4832 up to, but not including ntp-4.3.94.
4843 call to RegSetValueEx() claims to be passing in a multi-string
4851 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
4859 code-gadget-based branch-flow redirection exploits. Analogically,
4899 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
4902 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4903 ntp-4.3.0 up to, but not including ntp-4.3.94.
4913 Properly monitor your ntpd instances, and auto-restart
4914 ntpd (without -g) if it stops running.
4918 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
4920 References: Sec 3379 / CVE-2017-6458 / VU#325339
4921 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4922 ntp-4.3.0 up to, but not including ntp-4.3.94.
4931 long variable names in ntpd (longer than 200-512 bytes, depending
4935 Implement BCP-38.
4939 longer than 200-512 bytes in your ntp.conf file.
4940 Properly monitor your ntpd instances, and auto-restart
4941 ntpd (without -g) if it stops running.
4945 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
4947 References: Sec 3378 / CVE-2017-6451 / VU#325339
4948 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4949 ntp-4.3.0 up to, but not including ntp-4.3.94.
4956 and vsnprintf() incorrectly, which can lead to an out-of-bounds
4961 allocated buffer space. This results in an out-of-bound memory
4972 Properly monitor your ntpd instances, and auto-restart
4973 ntpd (without -g) if it stops running.
4977 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
4980 References: Sec 3377 / CVE-2017-6460 / VU#325339
4981 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
4982 ntp-4.3.0 up to, but not including ntp-4.3.94.
4991 will be copied into a fixed-size buffer, leading to an overflow on
4992 the function's stack-frame. Note well that this problem requires
5004 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
5007 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
5008 ntp-4.3.0 up to, but not including ntp-4.3.94.
5015 flags for their builds. As of ntp-4.2.8p10, the NTP build
5016 system has a way to provide OS-specific hardening flags. Please
5024 Implement BCP-38.
5027 Properly monitor your ntpd instances, and auto-restart
5028 ntpd (without -g) if it stops running.
5034 References: Sec 3361 / CVE-2016-9042 / VU#325339
5035 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
5048 Implement BCP-38.
5053 Properly monitor your ntpd instances, and auto-restart
5054 ntpd (without -g) if it stops running.
5060 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
5061 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
5062 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
5065 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
5066 - original patch by Majdi S. Abbas
5069 - initial patch by Christos Zoulas
5071 - move loader API from 'inline' to proper source
5072 - augment pathless dlls with absolute path to NTPD
5073 - use 'msyslog()' instead of 'printf() 'for reporting trouble
5075 - applied patch by Matthew Van Gundy
5077 - applied some of the patches provided by Havard. Not all of them
5080 - applied patch by Reinhard Max. See bugzilla for limitations.
5082 - fixed dependency inversion from [Bug 2837]
5084 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
5085 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
5086 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
5087 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
5088 - Fixed these and some more locations of this pattern.
5092 --
5093 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
5096 - added missed changeset for automatic openssl lib detection
5097 - fixed some minor warning issues
5102 --
5110 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5111 5 low-severity vulnerabilities, and provides 28 other non-security
5116 References: Sec 3119 / CVE-2016-9311 / VU#633847
5117 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5118 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5127 Implement BCP-38.
5132 Properly monitor your ntpd instances, and auto-restart ntpd
5133 (without -g) if it stops running.
5138 References: Sec 3118 / CVE-2016-9310 / VU#633847
5139 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5140 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5146 long-standing BCP recommendations, "restrict default noquery ..."
5153 Implement BCP-38.
5157 Properly monitor your ntpd instances, and auto-restart ntpd
5158 (without -g) if it stops running.
5163 References: Sec 3114 / CVE-2016-7427 / VU#633847
5164 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5165 ntp-4.3.90 up to, but not including ntp-4.3.94.
5179 Implement BCP-38.
5182 Properly monitor your ntpd instances, and auto-restart ntpd
5183 (without -g) if it stops running.
5188 References: Sec 3113 / CVE-2016-7428 / VU#633847
5189 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5190 ntp-4.3.90 up to, but not including ntp-4.3.94
5208 Implement BCP-38.
5211 Properly monitor your ntpd instances, and auto-restart ntpd
5212 (without -g) if it stops running.
5217 References: Sec 3110 / CVE-2016-9312 / VU#633847
5218 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
5219 and ntp-4.3.0 up to, but not including ntp-4.3.94.
5226 Implement BCP-38.
5229 Properly monitor your ntpd instances, and auto-restart ntpd
5230 (without -g) if it stops running.
5235 References: Sec 3102 / CVE-2016-7431 / VU#633847
5236 Affects: ntp-4.2.8p8, and ntp-4.3.93.
5241 ntp-4.2.8p6. However, subsequent timestamp validation checks
5245 Implement BCP-38.
5248 Properly monitor your ntpd instances, and auto-restart ntpd
5249 (without -g) if it stops running.
5255 References: Sec 3082 / CVE-2016-7434 / VU#633847
5256 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
5257 ntp-4.3.0 up to, but not including ntp-4.3.94.
5266 Implement BCP-38.
5269 Properly monitor your ntpd instances, and auto-restart ntpd
5270 (without -g) if it stops running.
5275 References: Sec 3072 / CVE-2016-7429 / VU#633847
5276 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5277 ntp-4.3.0 up to, but not including ntp-4.3.94
5295 Implement BCP-38.
5301 Properly monitor your ntpd instances, and auto-restart ntpd
5302 (without -g) if it stops running.
5307 References: Sec 3071 / CVE-2016-7426 / VU#633847
5308 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
5309 ntp-4.3.0 up to, but not including ntp-4.3.94
5323 brute-force attacks on the origin timestamp, it allows this DoS
5327 Implement BCP-38.
5330 Properly monitor your ntpd instances, and auto-restart ntpd
5331 (without -g) if it stops running.
5336 References: Sec 3067 / CVE-2016-7433 / VU#633847
5337 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5338 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
5339 root-distance calculation in general is incorrect in all versions
5340 of ntp-4 until this release.
5346 to a misinterpretation of a small-print variable in The Book, the
5354 Properly monitor your ntpd instances, and auto-restart ntpd
5355 (without -g) if it stops running.
5364 - moved retry decision where it belongs. <perlinger@ntp.org>
5366 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
5369 - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
5371 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
5372 - added shim layer for SSL API calls with issues (both directions)
5374 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
5375 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
5377 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
5380 - PPS-HACK works again.
5382 - applied patch by Brian Utterback <brian.utterback@oracle.com>
5386 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
5387 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
5388 - Patch provided by Kuramatsu.
5390 - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
5395 - fixed GPS week expansion to work based on build date. Special thanks
5398 - fixed Makefile.am <perlinger@ntp.org>
5401 - make sure PPS source is alive before processing samples
5402 - improve stability close to the 500ms phase jump (phase gate)
5407 * remove locks in Windows IO, use rpc-like thread synchronisation instead
5409 ---
5417 following 1 high- and 4 low-severity vulnerabilities:
5421 References: Sec 3046 / CVE-2016-4957 / VU#321640
5422 Affects: ntp-4.2.8p7, and ntp-4.3.92.
5425 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
5428 Implement BCP-38.
5433 Properly monitor your ntpd instances, and auto-restart ntpd
5434 (without -g) if it stops running.
5439 References: Sec 3045 / CVE-2016-4953 / VU#321640
5440 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5441 ntp-4.3.0 up to, but not including ntp-4.3.93.
5445 spoofed packet containing a CRYPTO-NAK to an ephemeral peer
5449 Implement BCP-38.
5457 References: Sec 3044 / CVE-2016-4954 / VU#321640
5458 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5459 ntp-4.3.0 up to, but not including ntp-4.3.93.
5467 Implement BCP-38.
5475 References: Sec 3043 / CVE-2016-4955 / VU#321640
5476 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5477 ntp-4.3.0 up to, but not including ntp-4.3.93.
5486 Implement BCP-38.
5494 References: Sec 3042 / CVE-2016-4956 / VU#321640
5495 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5496 ntp-4.3.0 up to, but not including ntp-4.3.93.
5502 Implement BCP-38.
5510 - provide build environment
5511 - 'wint_t' and 'struct timespec' defined by VS2015
5512 - fixed print()/scanf() format issues
5515 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
5517 * Fix typo in ntp-wait and plot_summary. HStenn.
5521 ---
5529 available, --enable-dynamic-interleave. More information on this below.
5531 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
5539 following 9 low- and medium-severity vulnerabilities:
5542 AKA: authdecrypt-timing
5544 References: Sec 2879 / CVE-2016-1550
5545 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5547 CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
5548 CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5551 for a local or perhaps LAN-based attacker to send a packet with
5562 References: Sec 2945 / Sec 2901 / CVE-2015-8138
5563 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5568 References: Sec 2952 / CVE-2015-7704
5569 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5571 CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5572 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
5575 Implement BCP-38.
5583 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
5585 References: Sec 3007 / CVE-2016-1547 / VU#718152
5586 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5588 CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5589 CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5590 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
5591 off-path attacker can cause a preemptable client association to
5601 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
5604 ntp-4.2.8p7.
5606 Implement BCP-38.
5615 References: Sec 3008 / CVE-2016-2519
5616 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5618 CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5619 CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5634 Implement BCP-38.
5643 References: Sec 3009 / CVE-2016-2518 / VU#718152
5644 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5646 CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
5647 CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
5650 out-of-bounds reference.
5652 Implement BCP-38.
5662 References: Sec 3010 / CVE-2016-2517 / VU#718152
5663 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5665 CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5666 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5675 Implement BCP-38.
5684 References: Sec 3011 / CVE-2016-2516 / VU#718152
5685 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5687 CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
5688 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5696 Implement BCP-38.
5705 References: Sec 3020 / CVE-2016-1551
5708 By "very limited number of OSes" we mean no general-purpose OSes
5710 CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
5711 CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5719 Implement martian packet filtering and BCP-38.
5737 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
5738 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5742 References: Sec 2936 / CVE-2015-7974
5743 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5749 * Interleave-pivot
5751 References: Sec 2978 / CVE-2016-1548
5752 Affects: All ntp-4 releases.
5753 CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
5754 CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
5759 timestamp that matches the peer->dst timestamp recorded for that
5765 Implement BCP-38.
5776 References: Sec 3012 / CVE-2016-1549
5777 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5779 CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
5780 CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5782 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
5784 a malicious authenticated peer can create arbitrarily-many
5788 Implement BCP-38.
5797 - fixed yet another race condition in the threaded resolver code.
5800 - integrated patches by Loganaden Velvidron <logan@ntp.org>
5806 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
5808 - Patch provided by Ch. Weisgerber
5809 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
5810 - A change related to [Bug 2853] forbids trailing white space in
5813 - report and patch from Aleksandr Kostikov.
5814 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
5816 - fixed memory leak in access list (auth[read]keys.c)
5817 - refactored handling of key access lists (auth[read]keys.c)
5818 - reduced number of error branches (authreadkeys.c)
5823 - Check the initial delay calculation and reject/unpeer the broadcast
5847 characteristics that are compatible with interleave mode, NTP will
5856 --enable-dynamic-interleave
5860 default in ntp-4.2.8p7.
5862 ---
5870 following 1 low- and 8 medium-severity vulnerabilities:
5874 References: Sec 2548 / CVE-2015-8158
5875 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5877 CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5878 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5899 References: Sec 2945 / CVE-2015-8138
5900 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5902 CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
5903 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5904 (3.7 - LOW if you score AC:L)
5921 References: Sec 2940 / CVE-2015-7978
5922 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5924 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5928 Implement BCP-38.
5932 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
5941 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
5943 References: Sec 2942 / CVE-2015-7979
5944 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5947 Summary: An off-path attacker can send broadcast packets with bad
5953 Implement BCP-38.
5965 References: Sec 2939 / CVE-2015-7977
5966 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5968 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5972 Implement BCP-38.
5987 References: Sec 2938 / CVE-2015-7976
5988 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5990 CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
5999 Implement BCP-38.
6003 build NTP with 'configure --disable-saveconfig' if you will
6009 'saveconfig' requests are logged to syslog - monitor your syslog files.
6014 References: Sec 2937 / CVE-2015-7975
6015 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6017 CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
6023 The usual worst-case effect of this vulnerability is that the
6037 References: Sec 2936 / CVE-2015-7974
6038 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6049 an enhancement request, and ntp-4.2.8p6 includes other checks and
6053 Implement BCP-38.
6060 addresses, however other changes in ntp-4.2.8p6 provide
6071 in the shared-key group.
6077 References: Sec 2935 / CVE-2015-7973
6078 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6080 CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
6082 either a man-in-the-middle attacker or a malicious participant
6085 Implement BCP-38.
6098 - applied patch by shenpeng11@huawei.com with minor adjustments
6103 - Found this already fixed, but validation led to cleanup actions.
6105 - added limits to stack consumption, fixed some return code handling
6107 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6108 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
6110 - integrated several patches from Havard Eidnes (he@uninett.no)
6112 - implement 'auth_log2()' using integer bithack instead of float calculation
6115 ---
6123 following medium-severity vulnerability:
6125 * Small-step/big-step. Close the panic gate earlier.
6126 References: Sec 2956, CVE-2015-5300
6127 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
6130 Summary: If ntpd is always started with the -g option, which is
6131 common and against long-standing recommendation, and if at the
6140 value if and only if ntpd was re-started against long-standing
6141 recommendation with the -g flag, or if ntpd was not given the
6142 -g flag, the attacker can move the target system's time by at
6148 As we've long documented, only use the -g option to ntpd in
6149 cold-start situations.
6154 NOTE WELL: The -g flag disables the limit check on the panic_gate
6157 check was only re-enabled after the first change to the system
6160 re-enabled after any initial time correction.
6178 the newly-written Unity test programs. These were fixed.
6180 * [Bug 2887] stratum -1 config results as showing value 99
6181 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
6183 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
6185 - applied patch by Christos Zoulas. perlinger@ntp.org
6186 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
6188 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
6189 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
6191 - accept key file only if there are no parsing errors
6192 - fixed size_t/u_int format clash
6193 - fixed wrong use of 'strlcpy'
6196 - fixed several other warnings (cast-alignment, missing const, missing prototypes)
6197 - promote use of 'size_t' for values that express a size
6198 - use ptr-to-const for read-only arguments
6199 - make sure SOCKET values are not truncated (win32-specific)
6200 - format string fixes
6203 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
6207 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6208 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
6210 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
6215 ---
6223 following 13 low- and medium-severity vulnerabilities:
6228 References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
6229 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6232 Summary: The fix for CVE-2014-9750 was incomplete in that there were
6245 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
6246 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6248 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
6249 Summary: An ntpd client that honors Kiss-of-Death responses will honor
6263 Implement BCP-38.
6268 for the time. This mitigation is heavy-handed.
6279 References: Sec 2902 / CVE-2015-5196
6280 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6290 Implement BCP-38.
6296 - an explicitly configured trustedkey, and you should also
6298 - access from a permitted IP. You choose the IPs.
6299 - authentication. Don't disable it. Practice secure key safety.
6305 References: Sec 2909 / CVE-2015-7701
6306 Affects: All ntp-4 releases that use autokey up to, but not
6322 References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
6323 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6333 Implement BCP-38.
6337 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
6348 References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
6349 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6359 Implement BCP-38.
6374 References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
6375 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6388 Implement BCP-38.
6403 References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
6404 Affects: All ntp-4 releases running under VMS up to, but not
6414 Implement BCP-38.
6428 References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
6429 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
6439 Implement BCP-38.
6454 References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
6455 Affects: Potentially all ntp-4 releases running up to, but not
6480 References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
6481 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6493 Implement BCP-38.
6509 References: Sec 2922 / CVE-2015-7855
6510 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6518 Implement BCP-38.
6532 crypto-NAK.
6534 References: Sec 2941 / CVE-2015-7871
6535 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
6538 Summary: Crypto-NAK packets can be used to cause ntpd to accept time
6541 vulnerability appears to have been introduced in ntp-4.2.5p186
6543 associations (lines 1103-1165) was refactored.
6545 Implement BCP-38.
6554 Backward-Incompatible changes:
6555 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
6557 the default value has been changed to -1 (do not lock ntpd into
6568 * 'rlimit memlock' now has finer-grained control. A value of -1 means
6591 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
6597 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
6599 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
6608 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
6618 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
6646 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
6667 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
6672 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
6673 * br-flock: --enable-local-libevent. Harlan Stenn.
6675 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
6684 * Changed progname to be const in many files - now it's consistent. Tomasz
6692 * Retire google test - phase I. Harlan Stenn.
6707 * Implement --enable-problem-tests (on by default). Harlan Stenn.
6710 ---
6713 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
6730 This vulnerability is considered low-risk.
6746 the existing google-test items to this new framework. If you want
6754 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
6757 * [Bug 2590] autogen-5.18.5.
6761 * [Bug 2745] ntpd -x steps clock on leap second
6762 Fixed an initial-value problem that caused misbehaviour in absence of
6777 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
6788 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
6789 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
6792 * [Bug 2824] Convert update-leap to perl. (also see 2769)
6801 * [Bug 2832] refclock_jjy.c supports the TDC-300.
6827 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
6834 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
6852 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
6859 ---
6867 following medium-severity vulnerabilities involving private key
6872 References: Sec 2779 / CVE-2015-1798 / VU#374268
6873 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
6874 including ntp-4.2.8p2 where the installation uses symmetric keys
6902 References: Sec 2781 / CVE-2015-1799 / VU#374268
6904 not including ntp-4.2.8p2 where the installation uses symmetric
6918 a known denial-of-service attack, described at
6932 An update to the NTP RFC to correct this error is in-process.
6937 is simply a long-known potential problem.
6942 * New script: update-leap
6943 The update-leap script will verify and if necessary, update the
6944 leap-second definition file.
6956 * [Bug 2728] See if C99-style structure initialization works.
6957 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
6958 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
6964 * [Bug 2766] ntp-keygen output files should not be world-readable.
6965 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
6968 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
6969 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
6971 Removed non-ASCII characters from some copyright comments.
6974 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
6978 Modified creation of parse-specific variables for Meinberg devices
7000 ---
7008 following high-severity vulnerabilities:
7013 References: Sec 2671 / CVE-2014-9297 / VU#852879
7020 Mitigation - any of:
7034 References: Sec 2672 / CVE-2014-9298 / VU#852879
7040 from "appearing" on non-localhost IPv4 interfaces, some kernels
7047 have one of these OSes where ::1 can be spoofed, ALL ::1 -based
7060 ---
7068 following high-severity vulnerabilities:
7080 References: Sec 2670 / CVE-2014-9296 / VU#852879
7082 below (which is a limited-risk vulnerability), none of the recent
7084 restricted from sending a 'query'-class packet by your ntp.conf file.
7090 References: [Sec 2665] / CVE-2014-9293 / VU#852879
7099 seeded with a 32-bit value and could only provide 32 bits of
7103 Mitigation - any of:
7104 - Upgrade to 4.2.7p11 or later.
7105 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7107 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
7110 * Non-cryptographic random number generator with weak seed used by
7111 ntp-keygen to generate symmetric keys.
7113 References: [Sec 2666] / CVE-2014-9294 / VU#852879
7118 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
7121 generate symmetric keys. In ntp-4.2.8 we use a current-technology
7125 Mitigation - any of:
7126 - Upgrade to 4.2.7p230 or later.
7127 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7129 Credit: This vulnerability was discovered in ntp-4.2.6 by
7134 References: Sec 2667 / CVE-2014-9295 / VU#852879
7145 Mitigation - any of:
7146 - Upgrade to 4.2.8, or later, or
7147 - Disable Autokey Authentication by removing, or commenting out,
7156 References: Sec 2668 / CVE-2014-9295 / VU#852879
7165 Mitigation - any of:
7166 - Upgrade to 4.2.8, or later.
7167 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7174 References: Sec 2669 / CVE-2014-9295 / VU#852879
7183 Mitigation - any of:
7184 - Upgrade to 4.2.8, or later.
7185 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7192 References: Sec 2670 / CVE-2014-9296 / VU#852879
7207 Mitigation - any of:
7208 - Upgrade to 4.2.8, or later,
7209 - Remove or comment out all configuration directives
7231 get a timestamp we us the "built-on" to tell us what era we are in.
7236 Dave Hart writes:
7238 For a long time, ntpq and its mostly text-based mode 6 (control)
7244 covered them all, though I've not compared command-by-command
7248 hand-rolled structure layout and byte-swapping code in both ntpd and
7252 ntpq's text-based, label=value approach involves more code reuse and
7253 allows compatible changes without extra work in most cases.
7255 Mode 7 has always been defined as vendor/implementation-specific while
7259 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
7271 ---
7285 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
7296 * Non-printable stratum 16 refid no longer sent to ntp
7308 * -n option extended to include the billboard "server" column
7311 ---
7321 clean-ups, minor bug fixes, fixes for a number of minor
7322 ref-clock issues, and documentation revisions.
7324 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
7337 * Back-ported several fixes for Coverity warnings from ntp-dev
7350 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
7366 * Backward incompatible command-line option change:
7367 -l/--filelog changed -l/--logfile (to be consistent with ntpd)
7372 * Distribute ntp-wait.html
7374 ---
7384 clean-ups, minor bug fixes, fixes for a number of minor
7385 ref-clock issues, and documentation revisions.
7417 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
7423 ntp-keygen
7424 * Fix -V coredump.
7438 * Update the MIB from the draft version to RFC-5907.
7450 ---
7460 clean-ups, minor bug fixes, fixes for a number of minor
7461 ref-clock issues, improved KOD handling, OpenSSL related
7477 * default connection to net-snmpd via a unix-domain socket
7478 * command-line 'socket name' option
7482 * key-type specific password prompts
7489 ---
7498 ---
7503 ---
7510 This release fixes the following high-severity vulnerability:
7512 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
7533 Vinokurov of Alcatel-Lucent.
7537 ---
7540 Backward-Incompatible changes:
7542 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
7543 Use '--var name' or '--dvar name' instead. (Bug 817)
7545 ---
7552 This release fixes the following high-severity vulnerability:
7554 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
7565 This release fixes the following low-severity vulnerabilities:
7567 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
7571 Credit for finding this issue goes to Dave Hart.
7583 ---
7590 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
7599 ---
7604 This release fixes a number of Windows-specific ntpd bugs and
7605 platform-independent ntpdate bugs. A logging bugfix has been applied
7616 ---
7625 a problem with non-command-line specification of -6, and allows the loopback
7628 ---
7637 ---
7649 ---
7655 conjunction with DHCP. GNU AutoGen is used for its command-line options
7658 added for some new ref-clocks and have been removed for some older
7659 ref-clocks. This release also includes other improvements, documentation
7662 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
7665 ---