Lines Matching +full:bottom +full:- +full:beta

1 ---
10 - changes crypto (OpenSSL or compatible) detection and default build behavior.
11   Previously, crypto was supported if available unless the --without-crypto
13   falling back to a crypto-free build if usable libcrypto was not found has
15   The --without-crypto option must be explicitly provided if you want a build
17 - Fixes 40 bugs
18 - Includes 40 other improvements
25 * [Bug 3913] Avoid duplicate IPv6 link-local manycast associations.
28 * [Bug 3910] Memory leak using openssl-3 <hart@ntp.org>
31 * [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
33 * [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
36 * [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates
43 * [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs.
47 * [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian.
56 * [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as
60 * [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid.
62 * [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org>
63 * [Bug 3847] SSL detection in configure should run-test if runpath is needed.
65 * [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
66 * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
69 * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
70              Need to remove --Wformat-security when removing -Wformat to
85 * [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
94 * util/lsf-times - added.  <stenn@ntp.org>
95 * Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org>
105   that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org>
106 * Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files.
121 * Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
122 * Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
123 * Add build test coverage for --disable-saveconfig to flock-build script.
125 * Remove deprecated configure --with-arlib option. <hart@ntp.org>
135 * wire in --enable-build-framework-help
137 ---
146 - fixes 3 bugs, including a regression
147 - adds new unit tests
162 ---
171 - fixes 4 vulnerabilities (3 LOW and 1 None severity), 
172 - fixes 46 bugs
173 - includes 15 general improvements
174 - adds support for OpenSSL-3.0
178 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
182   - solved numerically instead of using string manipulation
186 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
189 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
192 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
197   - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
199   - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
200 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
201 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
205   - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
207 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
211 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
212   - openssl applink needed again for openSSL-1.1.1
216   - command line options override config statements where applicable
217   - make initial frequency settings idempotent and reversible
218   - make sure kernel PLL gets a recovered drift componsation
221   - misleading title; essentially a request to ignore the receiver status.
224   - original patch by Richard Schmidt, with mods & unit test fixes
226   - implement/wrap 'realpath()' to resolve symlinks in device names
228   - original patch by matt<ntpbr@mattcorallo.com>
229   - increased max PDU size to 4k to avoid truncation
231   - patch by Frank Kardel
232 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
233   - ntp{q,dc} now use the same password processing as ntpd does in the key
238   - patch by Gerry Garvey
240   - original patch by Gerry Garvey
242   - original patch by Gerry Garvey
244   - applied patches by Gerry Garvey
245 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
247   - idea+patch by Gerry Garvey
250   - follow-up: fix inverted sense in check, reset shortfall counter
253   - fixed bug identified by Edward McGuire <perlinger@ntp.org>
255   - applied patch by Gerry Garvey
257   - backport from -dev, plus some more work on warnings for unchecked results
263 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
273 * Rename a poorly-named variable.  <stenn@ntp.org>
278 * upgrade to: autogen-5.18.16
279 * upgrade to: libopts-42.1.17
280 * upgrade to: autoconf-2.71
281 * upgrade to: automake-1.16.15
282 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
283 * Support OpenSSL-3.0
285 ---
301   - Thanks to Sylar Tao
303   - rewrite 'decodenetnum()' in terms of inet_pton
305   - limit number of receive buffers, with an iron reserve for refclocks
309   - integrated patch from Charles Claggett
314   - fix by Gerry garvey
316   - thanks to Gerry Garvey
318   - patch by Gerry Garvey
320 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
321   - applied patch by Takao Abe
323 ---
340   - Reported by Philippe Antoine
342   - Reported by Miroslav Lichvar
344   - Reported by Miroslav Lichvar
349 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
350   - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
351 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
352   - integrated patch by Cy Schubert
354   - applied patch by Gerry Garvey
356   - applied patch by Gerry Garvey
358   - integrated patch by Richard Steedman
361   - Reported by Martin Burnicki
362 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
363   - Reported by Philippe Antoine
365   - officially document new "trust date" mode bit for NMEA driver
366   - restore the (previously undocumented) "trust date" feature lost with [bug 3577] 
367 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
368   - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
370   - removed ffs() and fls() prototypes as per Brian Utterback
373   - fixed byte and paramter order as suggested by wei6410@sina.com 
375 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
376   - added padding as suggested by John Paul Adrian Glaubitz 
381   - stdout+stderr are set to line buffered during test setup now
383   - set clock to base date if system time is before that limit
385 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
386   - Reported by Paulo Neves
388   - also updates for refclock_nmea.c and refclock_jupiter.c
393   - sidekick: service port resolution in 'ntpdate'
395   - applied patch by Douglas Royds
398   - applied patch by Gerry Garvey
399 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
400   - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
401   - fix wrong cond-compile tests in unit tests
404   - patch by Philipp Prindeville
406   - patch by Philipp Prindeville
408   - patch by Philipp Prindeville
410   - partial application of patch by Philipp Prindeville
412   - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
414   - applied (modified) patch by Richard Steedman
416   - applied patch by Gerry Garvey (with minor formatting changes)
418   - applied patch by Miroslav Lichvar
422              is specified with -u <perlinger@ntp.org>
423   - monitor daemon child startup & propagate exit codes
425   - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
431 ---
445   - reported by Magnus Stubman
447   - applied patch by Ian Lepore
449   - isolate and fix linux/windows specific code issue
451   - provide better function for incremental string formatting
453   - applied patch by Gerry Garvey
455   - original finding by Gerry Garvey, additional cleanup needed
457   - patch by Christous Zoulas
459   - finding by Chen Jiabin, plus another one by me
461   - applied patch by Maciej Szmigiero
463   - applied patch by Andre Charbonneau
465   - applied patch by Baruch Siach
466 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
467   - applied patch by Baruch Siach
469   - refactored handling of GPS era based on 'tos basedate' for
472   - patch by Daniel J. Luke; this does not fix a potential linker
474 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
476   - --enable-bug3527-fix support by HStenn
478   - applied patch by Gerry Garvey
480   - added missing check, reported by Reinhard Max <perlinger@ntp.org>
482   - this is a variant of [bug 3558] and should be fixed with it
483 * Implement 'configure --disable-signalled-io'
485 --
493 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
502  [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
504  - applied patch by Ian Lepore <perlinger@ntp.org>
506  - changed interaction with SCM to signal pending startup
508  - applied patch by Gerry Garvey
510  - applied patch by Gerry Garvey
512  - rework of ntpq 'nextvar()' key/value parsing
513  [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
514  - applied patch by Gerry Garvey (with mods)
516  - applied patch by Gerry Garvey
518  - applied patch by Gerry Garvey (with mods)
520  - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
522  - applied patch by Gerry Garvey
524  - applied patch by Gerry Garvey
526  - add #define ENABLE_CMAC support in configure.  HStenn.
529  - patch by Stephen Friedl
531  - fixed IO redirection and CTRL-C handling in ntq and ntpdc
534  - initial patch by Hal Murray; also fixed refclock_report() trouble
537  - According to Brooks Davis, there was only one location <perlinger@ntp.org>
538  [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
539  - applied patch by Gerry Garvey
541  - applied patch by Gerry Garvey
546  - applied patch by Miroslav Lichvar
547  [Bug 3426] ntpdate.html -t default is 2 seconds.  Leonid Evdokimov.
549  - integrated patch by  Reinhard Max
551  - applied patches by Christos Zoulas, including real bug fixes
554  Symmetric key range is 1-65535.  Update docs.   <stenn@ntp.org>
556 --
563 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
564 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
565 provides 65 other non-security fixes and improvements:
570    References: Sec 3454 / CVE-2018-7185 / VU#961909
571    Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
577 	The NTP Protocol allows for both non-authenticated and
581 	support an interleaved mode of operation. In ntp-4.2.8p4 a bug
583 	allows a non-authenticated zero-origin (reset) packet to reset
585 	can send a packet with a zero-origin timestamp and the source
589 	disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
590 	interleave mode could be entered dynamically. As of ntp-4.2.8p7,
593 	Implement BCP-38.
601 	If ntpd stops running, auto-restart it without -g .
608    References: Sec 3453 / CVE-2018-7184 / VU#961909
609    Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
612    CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
618 	third-party can inject a packet with a zero-origin timestamp,
625 	Implement BCP-38.
626 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
631 	If ntpd stops running, auto-restart it without -g .
638    References: Sec 3415 / CVE-2018-7170 / VU#961909
639    	       Sec 3012 / CVE-2016-1549 / VU#718152
640    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
642    CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
643    CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
647 	ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
649 	-- i.e. one where the attacker knows the private symmetric key --
650 	can create arbitrarily-many ephemeral associations in order to win
652 	additional protections are offered in ntp-4.2.8p11.  One is the
659 	Implement BCP-38.
660 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
670 	If ntpd stops running, auto-restart it without -g .
677    References: Sec 3414 / CVE-2018-7183 / VU#961909
678    Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
683 	is an internal function of ntpq that is used to -- wait for it --
686 	maliciously-altered ntpd returns an array result that will trip this
692 	Implement BCP-38.
693 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
696 	This weakness was discovered by Michael Macnair of Thales e-Security.
701    References: Sec 3412 / CVE-2018-7182 / VU#961909
702    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
703    CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
704    CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
712 	Implement BCP-38.
713 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
717 	If ntpd stops running, auto-restart it without -g .
725    References: Sec 3012 / CVE-2016-1549 / VU#718152
726    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
728    CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
729    CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
733 	introduced in ntp-4.2.8p6 allowing an optional 4th field in the
735 	authenticated peer -- i.e. one where the attacker knows the
736 	private symmetric key -- can create arbitrarily-many ephemeral
739 	offered in ntp-4.2.8p11.  One is the 'noepeer' directive, which
744 	Implement BCP-38.
760  - applied patch by Sean Haugh 
763  - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
764  [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
765  - refactoring the MAC code, too
768  - applied patch by ggarvey
770  - applied patch by ggarvey (with minor mods)
772  - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
774  [Bug 3433] sntp crashes when run with -a.  <stenn@ntp.org>
776  - fixed several issues with hash algos in ntpd, sntp, ntpq,
779  - initial patch by Daniel Pouzzner
784  [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
785  - raised receive buffer size to 1200 <perlinger@ntp.org>
788  [Bug 3405] update-leap.in: general cleanup, HTTPS support.  Paul McMath.
790  - fix/drop assumptions on OpenSSL libs directory layout
791  [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
792  - initial patch by timeflies@mail2tor.com  <perlinger@ntp.org>
794  - patch contributed by Alexander Bluhm
799  - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
801  - increased mimimum stack size to 32kB <perlinger@ntp.org>
803  - reverted handling of PPS kernel consumer to 4.2.6 behavior
804  [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
807  - fixed location counter & ntpq output <perlinger@ntp.org>
810  [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
812  [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
822  AES-128-CMAC support.  BInglis, HStenn, JPerlinger.
825  update-leap: updates from Paul McMath.
826  When using pkg-config, report --modversion.  HStenn.
828  sntp: show the IP of who sent us a crypto-NAK.  HStenn.
830  authistrustedip() - use it in more places.  HStenn, JPerlinger.
849 * update-leap needs the following perl modules:
854 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
860 - restrict ... noepeer
861 - restrict ... ippeerlimit N
868 apply to explicitly-configured associations.  A value of -1, the current
881 --
888 This release fixes 5 medium-, 6 low-, and 4 informational-severity
889 vulnerabilities, and provides 15 other non-security fixes and improvements:
891 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
893    References: Sec 3389 / CVE-2017-6464 / VU#325339
894    Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
895 	ntp-4.3.0 up to, but not including ntp-4.3.94.
903 	Implement BCP-38.
906 	Properly monitor your ntpd instances, and auto-restart
907 	    ntpd (without -g) if it stops running. 
911 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
913     References: Sec 3388 / CVE-2017-6462 / VU#325339
914     Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
930 	Properly monitor your ntpd instances, and auto-restart
931 	    ntpd (without -g) if it stops running. 
935 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
937    References: Sec 3387 / CVE-2017-6463 / VU#325339
938    Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
939 	ntp-4.3.0 up to, but not including ntp-4.3.94.
949 	Implement BCP-38.
952 	Properly monitor your ntpd instances, and auto-restart
953 	    ntpd (without -g) if it stops running. 
957 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
960    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
961 	ntp-4.3.0 up to, but not including ntp-4.3.94.
976 	Implement BCP-38.
979 	Properly monitor your ntpd instances, and auto-restart
980 	    ntpd (without -g) if it stops running. 
984 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
987    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
988 	ntp-4.3.0 up to, but not including ntp-4.3.94.
999 	the oreallocarray() function for which a further number-of-elements
1010 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
1013    References: Sec 3384 / CVE-2017-6455 / VU#325339
1014    Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
1015 	not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
1016 	including ntp-4.3.94.
1028 	Implement BCP-38.
1034 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
1037    References: Sec 3383 / CVE-2017-6452 / VU#325339
1038    Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
1039 	installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
1040 	to, but not including ntp-4.3.94.
1060 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
1063    References: Sec 3382 / CVE-2017-6459 / VU#325339
1064    Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
1065 	installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
1066 	up to, but not including ntp-4.3.94.
1077 	call to RegSetValueEx() claims to be passing in a multi-string
1085 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
1093 	code-gadget-based branch-flow redirection exploits.  Analogically,
1133 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
1136    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1137    	ntp-4.3.0 up to, but not including ntp-4.3.94.
1147         Properly monitor your ntpd instances, and auto-restart
1148 	    ntpd (without -g) if it stops running. 
1152 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
1154    References: Sec 3379 / CVE-2017-6458 / VU#325339
1155    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1156 	ntp-4.3.0 up to, but not including ntp-4.3.94.
1165 	long variable names in ntpd (longer than 200-512 bytes, depending
1169 	Implement BCP-38.
1173 	    longer than 200-512 bytes in your ntp.conf file.
1174 	Properly monitor your ntpd instances, and auto-restart
1175 	    ntpd (without -g) if it stops running. 
1179 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
1181    References: Sec 3378 / CVE-2017-6451 / VU#325339
1182    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1183 	ntp-4.3.0 up to, but not including ntp-4.3.94.
1190 	and vsnprintf() incorrectly, which can lead to an out-of-bounds
1195 	allocated buffer space.  This results in an out-of-bound memory
1206 	Properly monitor your ntpd instances, and auto-restart
1207 	    ntpd (without -g) if it stops running. 
1211 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
1214    References: Sec 3377 / CVE-2017-6460 / VU#325339
1215    Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
1216 	ntp-4.3.0 up to, but not including ntp-4.3.94.
1225 	will be copied into a fixed-size buffer, leading to an overflow on
1226 	the function's stack-frame.  Note well that this problem requires
1238 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
1241    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1242 	ntp-4.3.0 up to, but not including ntp-4.3.94.
1249 	flags for their builds.  As of ntp-4.2.8p10, the NTP build
1250 	system has a way to provide OS-specific hardening flags.  Please
1258 	Implement BCP-38.
1261 	Properly monitor your ntpd instances, and auto-restart
1262 	    ntpd (without -g) if it stops running. 
1268    References: Sec 3361 / CVE-2016-9042 / VU#325339
1269    Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
1282 	Implement BCP-38.
1287 	Properly monitor your ntpd instances, and auto-restart
1288 	    ntpd (without -g) if it stops running. 
1294 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
1295 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
1296   - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
1299   on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
1300   - original patch by Majdi S. Abbas
1303   - initial patch by Christos Zoulas
1305   - move loader API from 'inline' to proper source
1306   - augment pathless dlls with absolute path to NTPD
1307   - use 'msyslog()' instead of 'printf() 'for reporting trouble
1309   - applied patch by Matthew Van Gundy
1311   - applied some of the patches provided by Havard. Not all of them
1314   - applied patch by Reinhard Max. See bugzilla for limitations.
1316   - fixed dependency inversion from [Bug 2837]
1318   - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
1319 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
1320   - applied patch by Miroslav Lichvar for ntp4.2.6 compat
1321 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
1322   - Fixed these and some more locations of this pattern.
1326 --
1327 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
1330   - added missed changeset for automatic openssl lib detection
1331   - fixed some minor warning issues
1336 --
1344 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
1345 5 low-severity vulnerabilities, and provides 28 other non-security
1350    References: Sec 3119 / CVE-2016-9311 / VU#633847
1351    Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1352    	including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1361         Implement BCP-38.
1366         Properly monitor your ntpd instances, and auto-restart ntpd
1367 	    (without -g) if it stops running. 
1372    References: Sec 3118 / CVE-2016-9310 / VU#633847
1373    Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1374 	including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1380 	long-standing BCP recommendations, "restrict default noquery ..."
1387         Implement BCP-38.
1391         Properly monitor your ntpd instances, and auto-restart ntpd
1392 	    (without -g) if it stops running. 
1397    References: Sec 3114 / CVE-2016-7427 / VU#633847
1398    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and 
1399 	ntp-4.3.90 up to, but not including ntp-4.3.94.
1413         Implement BCP-38.
1416         Properly monitor your ntpd instances, and auto-restart ntpd
1417 	    (without -g) if it stops running. 
1422    References: Sec 3113 / CVE-2016-7428 / VU#633847
1423    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1424 	ntp-4.3.90 up to, but not including ntp-4.3.94
1442         Implement BCP-38.
1445         Properly monitor your ntpd instances, and auto-restart ntpd
1446 	    (without -g) if it stops running. 
1451    References: Sec 3110 / CVE-2016-9312 / VU#633847
1452    Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
1453 	and ntp-4.3.0 up to, but not including ntp-4.3.94. 
1460         Implement BCP-38.
1463         Properly monitor your ntpd instances, and auto-restart ntpd
1464 	    (without -g) if it stops running. 
1469    References: Sec 3102 / CVE-2016-7431 / VU#633847
1470    Affects: ntp-4.2.8p8, and ntp-4.3.93.
1475 	ntp-4.2.8p6. However, subsequent timestamp validation checks
1479         Implement BCP-38.
1482         Properly monitor your ntpd instances, and auto-restart ntpd
1483 	    (without -g) if it stops running. 
1489    References: Sec 3082 / CVE-2016-7434 / VU#633847
1490    Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
1491 	ntp-4.3.0 up to, but not including ntp-4.3.94.
1500         Implement BCP-38.
1503         Properly monitor your ntpd instances, and auto-restart ntpd
1504 	    (without -g) if it stops running. 
1509    References: Sec 3072 / CVE-2016-7429 / VU#633847
1510    Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1511 	ntp-4.3.0 up to, but not including ntp-4.3.94
1529         Implement BCP-38.
1535         Properly monitor your ntpd instances, and auto-restart ntpd
1536 	    (without -g) if it stops running. 
1541    References: Sec 3071 / CVE-2016-7426 / VU#633847
1542    Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
1543 	ntp-4.3.0 up to, but not including ntp-4.3.94
1557 	brute-force attacks on the origin timestamp, it allows this DoS
1561         Implement BCP-38.
1564         Properly monitor your ntpd instances, and auto-restart ntpd
1565 	    (without -g) if it stops running. 
1570    References: Sec 3067 / CVE-2016-7433 / VU#633847
1571    Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1572 	ntp-4.3.0 up to, but not including ntp-4.3.94. But the
1573 	root-distance calculation in general is incorrect in all versions
1574 	of ntp-4 until this release. 
1580 	to a misinterpretation of a small-print variable in The Book, the
1588         Properly monitor your ntpd instances, and auto-restart ntpd
1589 	    (without -g) if it stops running. 
1598   - moved retry decision where it belongs. <perlinger@ntp.org>
1600   using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
1603   - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
1605   - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
1606   - added shim layer for SSL API calls with issues (both directions)
1608   - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
1609 * [Bug 3084] update-leap mis-parses the leapfile name.  HStenn.
1611   - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
1614   - PPS-HACK works again.
1616   - applied patch by Brian Utterback <brian.utterback@oracle.com>
1620   - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
1621 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
1622   - Patch provided by Kuramatsu.
1624   - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
1629   - fixed GPS week expansion to work based on build date. Special thanks
1632   - fixed Makefile.am <perlinger@ntp.org>
1635   - make sure PPS source is alive before processing samples
1636   - improve stability close to the 500ms phase jump (phase gate)
1641 * remove locks in Windows IO, use rpc-like thread synchronisation instead
1643 ---
1651 following 1 high- and 4 low-severity vulnerabilities:
1655    References: Sec 3046 / CVE-2016-4957 / VU#321640
1656    Affects: ntp-4.2.8p7, and ntp-4.3.92.
1659    Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
1662         Implement BCP-38.
1667         Properly monitor your ntpd instances, and auto-restart ntpd
1668 	    (without -g) if it stops running. 
1673    References: Sec 3045 / CVE-2016-4953 / VU#321640
1674    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1675 	ntp-4.3.0 up to, but not including ntp-4.3.93.
1679 	spoofed packet containing a CRYPTO-NAK to an ephemeral peer
1683 	Implement BCP-38.
1691    References: Sec 3044 / CVE-2016-4954 / VU#321640
1692    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1693 	ntp-4.3.0 up to, but not including ntp-4.3.93.
1701 	Implement BCP-38.
1709    References: Sec 3043 / CVE-2016-4955 / VU#321640
1710    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1711 	ntp-4.3.0 up to, but not including ntp-4.3.93.
1720 	Implement BCP-38.
1728    References: Sec 3042 / CVE-2016-4956 / VU#321640
1729    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1730    	ntp-4.3.0 up to, but not including ntp-4.3.93.
1736 	Implement BCP-38.
1744   - provide build environment
1745   - 'wint_t' and 'struct timespec' defined by VS2015
1746   - fixed print()/scanf() format issues
1749 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
1751 * Fix typo in ntp-wait and plot_summary.  HStenn.
1755 ---
1763 available, --enable-dynamic-interleave.  More information on this below.
1765 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
1773 following 9 low- and medium-severity vulnerabilities:
1776   AKA: authdecrypt-timing
1778    References: Sec 2879 / CVE-2016-1550
1779    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1781    CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
1782    CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1785 	for a local or perhaps LAN-based attacker to send a packet with
1796    References: Sec 2945 / Sec 2901 / CVE-2015-8138
1797    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1802    References: Sec 2952 / CVE-2015-7704
1803    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1805    CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1806    Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
1809         Implement BCP-38.
1817 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
1819    References: Sec 3007 / CVE-2016-1547 / VU#718152
1820    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1822    CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1823    CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1824    Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
1825 	off-path attacker can cause a preemptable client association to
1835 	For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
1838 	ntp-4.2.8p7.
1840 	Implement BCP-38.
1849    References: Sec 3008 / CVE-2016-2519
1850    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1852    CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1853    CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1868         Implement BCP-38.
1877    References: Sec 3009 / CVE-2016-2518 / VU#718152
1878    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1880    CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
1881    CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
1884 	out-of-bounds reference.
1886 	Implement BCP-38.
1896    References: Sec 3010 / CVE-2016-2517 / VU#718152
1897    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1899    CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1900    CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1909 	Implement BCP-38.
1918    References: Sec 3011 / CVE-2016-2516 / VU#718152
1919    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1921    CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
1922    CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1930 	Implement BCP-38.
1939    References: Sec 3020 / CVE-2016-1551
1942 	By "very limited number of OSes" we mean no general-purpose OSes
1944    CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
1945    CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1953         Implement martian packet filtering and BCP-38.
1971    References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
1972    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1976    References: Sec 2936 / CVE-2015-7974
1977    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1983 * Interleave-pivot
1985    References: Sec 2978 / CVE-2016-1548
1986    Affects: All ntp-4 releases.
1987    CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
1988    CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1993 	timestamp that matches the peer->dst timestamp recorded for that
1999         Implement BCP-38.
2010    References: Sec 3012 / CVE-2016-1549
2011    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
2013    CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
2014    CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
2016    	the feature introduced in ntp-4.2.8p6 allowing an optional 4th
2018 	a malicious authenticated peer can create arbitrarily-many
2022         Implement BCP-38.
2031   - fixed yet another race condition in the threaded resolver code.
2034   - integrated patches by Loganaden Velvidron <logan@ntp.org>
2040 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
2042   - Patch provided by Ch. Weisgerber
2043 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
2044   - A change related to [Bug 2853] forbids trailing white space in
2047   - report and patch from Aleksandr Kostikov.
2048   - Overhaul of Windows IO completion port handling. perlinger@ntp.org
2050   - fixed memory leak in access list (auth[read]keys.c)
2051   - refactored handling of key access lists (auth[read]keys.c)
2052   - reduced number of error branches (authreadkeys.c)
2057   - Check the initial delay calculation and reject/unpeer the broadcast
2090  --enable-dynamic-interleave
2094 default in ntp-4.2.8p7.
2096 ---
2104 following 1 low- and 8 medium-severity vulnerabilities:
2108    References: Sec 2548 / CVE-2015-8158
2109    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2111    CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2112    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2133    References: Sec 2945 / CVE-2015-8138
2134    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2136    CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
2137    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2138 	(3.7 - LOW if you score AC:L)
2155    References: Sec 2940 / CVE-2015-7978
2156    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2158    CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2162 	Implement BCP-38.
2166             In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2175 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
2177    References: Sec 2942 / CVE-2015-7979
2178    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2181    Summary: An off-path attacker can send broadcast packets with bad
2187 	Implement BCP-38.
2199    References: Sec 2939 / CVE-2015-7977
2200    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2202    CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2206 	Implement BCP-38.
2221    References: Sec 2938 / CVE-2015-7976
2222    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2224    CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
2233 	Implement BCP-38.
2237 	    build NTP with 'configure --disable-saveconfig' if you will
2243 	'saveconfig' requests are logged to syslog - monitor your syslog files.
2248    References: Sec 2937 / CVE-2015-7975
2249    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2251    CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
2257 	The usual worst-case effect of this vulnerability is that the
2271    References: Sec 2936 / CVE-2015-7974
2272    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2283 	an enhancement request, and ntp-4.2.8p6 includes other checks and
2287 	Implement BCP-38.
2294 	    addresses, however other changes in ntp-4.2.8p6 provide
2305 		in the shared-key group. 
2311    References: Sec 2935 / CVE-2015-7973
2312    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2314    CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
2316    	either a man-in-the-middle attacker or a malicious participant
2319 	Implement BCP-38.
2332   - applied patch by shenpeng11@huawei.com with minor adjustments
2337   - Found this already fixed, but validation led to cleanup actions.
2339   - added limits to stack consumption, fixed some return code handling
2341   - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2342   - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
2344   - integrated several patches from Havard Eidnes (he@uninett.no)
2346   - implement 'auth_log2()' using integer bithack instead of float calculation
2349 ---
2357 following medium-severity vulnerability:
2359 * Small-step/big-step.  Close the panic gate earlier.
2360     References: Sec 2956, CVE-2015-5300
2361     Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
2364     Summary: If ntpd is always started with the -g option, which is
2365 	common and against long-standing recommendation, and if at the
2374 	value if and only if ntpd was re-started against long-standing
2375 	recommendation with the -g flag, or if ntpd was not given the
2376 	-g flag, the attacker can move the target system's time by at
2382 	As we've long documented, only use the -g option to ntpd in
2383 	    cold-start situations.
2388     NOTE WELL: The -g flag disables the limit check on the panic_gate
2391 	check was only re-enabled after the first change to the system
2394 	re-enabled after any initial time correction.
2412   the newly-written Unity test programs.  These were fixed.
2414 * [Bug 2887] stratum -1 config results as showing value 99
2415   - fudge stratum should only accept values [0..16]. perlinger@ntp.org
2417 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
2419   - applied patch by Christos Zoulas.  perlinger@ntp.org
2420 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
2422   - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
2423   - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
2425   - accept key file only if there are no parsing errors
2426   - fixed size_t/u_int format clash
2427   - fixed wrong use of 'strlcpy'
2430   - fixed several other warnings (cast-alignment, missing const, missing prototypes)
2431   - promote use of 'size_t' for values that express a size
2432   - use ptr-to-const for read-only arguments
2433   - make sure SOCKET values are not truncated (win32-specific)
2434   - format string fixes
2437   - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
2441   - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2442 * Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
2444 * Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
2449 ---
2457 following 13 low- and medium-severity vulnerabilities:
2462     References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
2463     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2466     Summary: The fix for CVE-2014-9750 was incomplete in that there were
2479     References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
2480     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2482     CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
2483     Summary: An ntpd client that honors Kiss-of-Death responses will honor
2497         Implement BCP-38.
2502 	    for the time. This mitigation is heavy-handed.
2513   References: Sec 2902 / CVE-2015-5196
2514   Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2524 	Implement BCP-38.
2530 	    - an explicitly configured trustedkey, and you should also
2532 	    - access from a permitted IP. You choose the IPs.
2533 	    - authentication. Don't disable it. Practice secure key safety. 
2539   References: Sec 2909 / CVE-2015-7701
2540   Affects: All ntp-4 releases that use autokey up to, but not
2556   References:  Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
2557   Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2567 	Implement BCP-38.
2571 	In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2582   References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
2583   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2593 	Implement BCP-38.
2608     References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
2609     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2622 	Implement BCP-38.
2637   References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
2638   Affects: All ntp-4 releases running under VMS up to, but not
2648 	Implement BCP-38.
2662   References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
2663   Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
2673 	Implement BCP-38.
2688   References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
2689   Affects: Potentially all ntp-4 releases running up to, but not
2714   References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
2715   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2727 	Implement BCP-38.
2743   References: Sec 2922 / CVE-2015-7855
2744   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2752 	Implement BCP-38.
2766   crypto-NAK.
2768   References: Sec 2941 / CVE-2015-7871
2769   Affects: All ntp-4 releases between 4.2.5p186 up to but not including
2772   Summary: Crypto-NAK packets can be used to cause ntpd to accept time
2775 	vulnerability appears to have been introduced in ntp-4.2.5p186
2777 	associations (lines 1103-1165) was refactored.
2779 	Implement BCP-38.
2783 		Apply the patch to the bottom of the "authentic" check
2788 Backward-Incompatible changes:
2789 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
2791   the default value has been changed to -1 (do not lock ntpd into
2802 * 'rlimit memlock' now has finer-grained control.  A value of -1 means
2825 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
2831 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier".  dave@horsfall.org
2833 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows.  perlinger@ntp.org
2842 * On some versions of HP-UX, inttypes.h does not include stdint.h.  H.Stenn.
2852   caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
2880 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
2901 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM.  H.Stenn.
2906 * tests/libntp/test_caltontp needs -lpthread.  Harlan Stenn.
2907 * br-flock: --enable-local-libevent.  Harlan Stenn.
2909 * scripts/lib/NTP/Util.pm: stratum output is version-dependent.  Harlan Stenn.
2918 * Changed progname to be const in many files - now it's consistent. Tomasz
2926 * Retire google test - phase I.  Harlan Stenn.
2941 * Implement --enable-problem-tests (on by default).  Harlan Stenn.
2944 ---
2947 Focus: 1 Security fix.  Bug fixes and enhancements.  Leap-second improvements.
2964 This vulnerability is considered low-risk.
2980 the existing google-test items to this new framework.  If you want
2988 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
2991 * [Bug 2590] autogen-5.18.5.
2995 * [Bug 2745] ntpd -x steps clock on leap second
2996    Fixed an initial-value problem that caused misbehaviour in absence of
3011 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
3022 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
3023 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
3026 * [Bug 2824] Convert update-leap to perl. (also see 2769)
3035 * [Bug 2832] refclock_jjy.c supports the TDC-300.
3061 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
3068 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
3086 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
3093 ---
3101 following medium-severity vulnerabilities involving private key
3106     References: Sec 2779 / CVE-2015-1798 / VU#374268
3107     Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
3108 	including ntp-4.2.8p2 where the installation uses symmetric keys
3136     References: Sec 2781 / CVE-2015-1799 / VU#374268
3138 	not including ntp-4.2.8p2 where the installation uses symmetric
3152 	a known denial-of-service attack, described at
3166 	An update to the NTP RFC to correct this error is in-process.
3171 	is simply a long-known potential problem.
3176 * New script: update-leap
3177 The update-leap script will verify and if necessary, update the
3178 leap-second definition file.
3190 * [Bug 2728] See if C99-style structure initialization works.
3191 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
3192 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
3198 * [Bug 2766] ntp-keygen output files should not be world-readable.
3199 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
3202 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
3203 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
3205   Removed non-ASCII characters from some copyright comments.
3208   Now use C99 fixed-width types and avoid non-ASCII characters in comments.
3212   Modified creation of parse-specific variables for Meinberg devices
3234 ---
3242 following high-severity vulnerabilities:
3247     References: Sec 2671 / CVE-2014-9297 / VU#852879
3254     Mitigation - any of:
3268     References: Sec 2672 / CVE-2014-9298 / VU#852879
3274 	from "appearing" on non-localhost IPv4 interfaces, some kernels
3281 	have one of these OSes where ::1 can be spoofed, ALL ::1 -based
3294 ---
3302 following high-severity vulnerabilities:
3314    References: Sec 2670 / CVE-2014-9296 / VU#852879
3316 below (which is a limited-risk vulnerability), none of the recent
3318 restricted from sending a 'query'-class packet by your ntp.conf file.
3324   References: [Sec 2665] / CVE-2014-9293 / VU#852879
3333 	seeded with a 32-bit value and could only provide 32 bits of
3337   Mitigation - any of:
3338 	- Upgrade to 4.2.7p11 or later.
3339 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3341   Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
3344 * Non-cryptographic random number generator with weak seed used by
3345   ntp-keygen to generate symmetric keys.
3347   References: [Sec 2666] / CVE-2014-9294 / VU#852879
3352   Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
3355 	generate symmetric keys. In ntp-4.2.8 we use a current-technology
3359   Mitigation - any of:
3360   	- Upgrade to 4.2.7p230 or later.
3361 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3363   Credit:  This vulnerability was discovered in ntp-4.2.6 by
3368   References: Sec 2667 / CVE-2014-9295 / VU#852879
3379   Mitigation - any of:
3380   	- Upgrade to 4.2.8, or later, or
3381 	- Disable Autokey Authentication by removing, or commenting out,
3390   References: Sec 2668 / CVE-2014-9295 / VU#852879
3399   Mitigation - any of:
3400   	- Upgrade to 4.2.8, or later.
3401 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3408   References: Sec 2669 / CVE-2014-9295 / VU#852879
3417   Mitigation - any of:
3418   	- Upgrade to 4.2.8, or later.
3419 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3426   References: Sec 2670 / CVE-2014-9296 / VU#852879
3441   Mitigation - any of:
3442         - Upgrade to 4.2.8, or later,
3443         - Remove or comment out all configuration directives
3465 get a timestamp we us the "built-on" to tell us what era we are in.
3472 For a long time, ntpq and its mostly text-based mode 6 (control) 
3478 covered them all, though I've not compared command-by-command 
3482 hand-rolled structure layout and byte-swapping code in both ntpd and 
3486 ntpq's text-based, label=value approach involves more code reuse and 
3489 Mode 7 has always been defined as vendor/implementation-specific while 
3493 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
3505 --- 
3519 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
3530  * Non-printable stratum 16 refid no longer sent to ntp
3542  * -n option extended to include the billboard "server" column
3545 --- 
3555 clean-ups, minor bug fixes, fixes for a number of minor 
3556 ref-clock issues, and documentation revisions. 
3558 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 
3571 * Back-ported several fixes for Coverity warnings from ntp-dev 
3584 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 
3600 * Backward incompatible command-line option change: 
3601   -l/--filelog changed -l/--logfile (to be consistent with ntpd) 
3606 * Distribute ntp-wait.html 
3608 ---
3618 clean-ups, minor bug fixes, fixes for a number of minor
3619 ref-clock issues, and documentation revisions.
3651 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
3657 ntp-keygen
3658 * Fix -V coredump.
3672 * Update the MIB from the draft version to RFC-5907.
3684 ---
3694 clean-ups, minor bug fixes, fixes for a number of minor
3695 ref-clock issues, improved KOD handling, OpenSSL related
3711 * default connection to net-snmpd via a unix-domain socket
3712 * command-line 'socket name' option
3716 * key-type specific password prompts
3723 ---
3732 ---
3737 ---
3744 This release fixes the following high-severity vulnerability:
3746 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
3767   Vinokurov of Alcatel-Lucent.
3771 ---
3774 Backward-Incompatible changes:
3776 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
3777 Use '--var name' or '--dvar name' instead. (Bug 817)
3779 ---
3786 This release fixes the following high-severity vulnerability:
3788 * [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
3799 This release fixes the following low-severity vulnerabilities:
3801 * [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
3817 ---
3824 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
3833 ---
3838 This release fixes a number of Windows-specific ntpd bugs and 
3839 platform-independent ntpdate bugs. A logging bugfix has been applied
3850 ---
3859 a problem with non-command-line specification of -6, and allows the loopback
3862 ---
3871 ---
3883 ---
3889 conjunction with DHCP. GNU AutoGen is used for its command-line options 
3892 added for some new ref-clocks and have been removed for some older 
3893 ref-clocks. This release also includes other improvements, documentation 
3896 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 
3899 ---
3903 ---
3912 - fixes 3 bugs, including a regression
3913 - adds new unit tests
3928 ---
3937 - fixes 4 vulnerabilities (3 LOW and 1 None severity), 
3938 - fixes 46 bugs
3939 - includes 15 general improvements
3940 - adds support for OpenSSL-3.0
3944 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
3948   - solved numerically instead of using string manipulation
3952 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
3955 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
3958 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
3963   - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
3965   - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
3966 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
3967 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
3971   - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
3973 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
3977 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
3978   - openssl applink needed again for openSSL-1.1.1
3982   - command line options override config statements where applicable
3983   - make initial frequency settings idempotent and reversible
3984   - make sure kernel PLL gets a recovered drift componsation
3987   - misleading title; essentially a request to ignore the receiver status.
3990   - original patch by Richard Schmidt, with mods & unit test fixes
3992   - implement/wrap 'realpath()' to resolve symlinks in device names
3994   - original patch by matt<ntpbr@mattcorallo.com>
3995   - increased max PDU size to 4k to avoid truncation
3997   - patch by Frank Kardel
3998 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
3999   - ntp{q,dc} now use the same password processing as ntpd does in the key
4004   - patch by Gerry Garvey
4006   - original patch by Gerry Garvey
4008   - original patch by Gerry Garvey
4010   - applied patches by Gerry Garvey
4011 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
4013   - idea+patch by Gerry Garvey
4016   - follow-up: fix inverted sense in check, reset shortfall counter
4019   - fixed bug identified by Edward McGuire <perlinger@ntp.org>
4021   - applied patch by Gerry Garvey
4023   - backport from -dev, plus some more work on warnings for unchecked results
4029 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
4039 * Rename a poorly-named variable.  <stenn@ntp.org>
4044 * upgrade to: autogen-5.18.16
4045 * upgrade to: libopts-42.1.17
4046 * upgrade to: autoconf-2.71
4047 * upgrade to: automake-1.16.15
4048 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
4049 * Support OpenSSL-3.0
4051 ---
4067   - Thanks to Sylar Tao
4069   - rewrite 'decodenetnum()' in terms of inet_pton
4071   - limit number of receive buffers, with an iron reserve for refclocks
4075   - integrated patch from Charles Claggett
4080   - fix by Gerry garvey
4082   - thanks to Gerry Garvey
4084   - patch by Gerry Garvey
4086 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
4087   - applied patch by Takao Abe
4089 ---
4106   - Reported by Philippe Antoine
4108   - Reported by Miroslav Lichvar
4110   - Reported by Miroslav Lichvar
4115 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
4116   - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
4117 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
4118   - integrated patch by Cy Schubert
4120   - applied patch by Gerry Garvey
4122   - applied patch by Gerry Garvey
4124   - integrated patch by Richard Steedman
4127   - Reported by Martin Burnicki
4128 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
4129   - Reported by Philippe Antoine
4131   - officially document new "trust date" mode bit for NMEA driver
4132   - restore the (previously undocumented) "trust date" feature lost with [bug 3577] 
4133 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
4134   - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
4136   - removed ffs() and fls() prototypes as per Brian Utterback
4139   - fixed byte and paramter order as suggested by wei6410@sina.com 
4141 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
4142   - added padding as suggested by John Paul Adrian Glaubitz 
4147   - stdout+stderr are set to line buffered during test setup now
4149   - set clock to base date if system time is before that limit
4151 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
4152   - Reported by Paulo Neves
4154   - also updates for refclock_nmea.c and refclock_jupiter.c
4159   - sidekick: service port resolution in 'ntpdate'
4161   - applied patch by Douglas Royds
4164   - applied patch by Gerry Garvey
4165 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
4166   - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
4167   - fix wrong cond-compile tests in unit tests
4170   - patch by Philipp Prindeville
4172   - patch by Philipp Prindeville
4174   - patch by Philipp Prindeville
4176   - partial application of patch by Philipp Prindeville
4178   - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
4180   - applied (modified) patch by Richard Steedman
4182   - applied patch by Gerry Garvey (with minor formatting changes)
4184   - applied patch by Miroslav Lichvar
4188              is specified with -u <perlinger@ntp.org>
4189   - monitor daemon child startup & propagate exit codes
4191   - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
4197 ---
4211   - reported by Magnus Stubman
4213   - applied patch by Ian Lepore
4215   - isolate and fix linux/windows specific code issue
4217   - provide better function for incremental string formatting
4219   - applied patch by Gerry Garvey
4221   - original finding by Gerry Garvey, additional cleanup needed
4223   - patch by Christous Zoulas
4225   - finding by Chen Jiabin, plus another one by me
4227   - applied patch by Maciej Szmigiero
4229   - applied patch by Andre Charbonneau
4231   - applied patch by Baruch Siach
4232 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
4233   - applied patch by Baruch Siach
4235   - refactored handling of GPS era based on 'tos basedate' for
4238   - patch by Daniel J. Luke; this does not fix a potential linker
4240 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
4242   - --enable-bug3527-fix support by HStenn
4244   - applied patch by Gerry Garvey
4246   - added missing check, reported by Reinhard Max <perlinger@ntp.org>
4248   - this is a variant of [bug 3558] and should be fixed with it
4249 * Implement 'configure --disable-signalled-io'
4251 --
4259 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
4268  [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
4270  - applied patch by Ian Lepore <perlinger@ntp.org>
4272  - changed interaction with SCM to signal pending startup
4274  - applied patch by Gerry Garvey
4276  - applied patch by Gerry Garvey
4278  - rework of ntpq 'nextvar()' key/value parsing
4279  [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
4280  - applied patch by Gerry Garvey (with mods)
4282  - applied patch by Gerry Garvey
4284  - applied patch by Gerry Garvey (with mods)
4286  - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
4288  - applied patch by Gerry Garvey
4290  - applied patch by Gerry Garvey
4292  - add #define ENABLE_CMAC support in configure.  HStenn.
4295  - patch by Stephen Friedl
4297  - fixed IO redirection and CTRL-C handling in ntq and ntpdc
4300  - initial patch by Hal Murray; also fixed refclock_report() trouble
4303  - According to Brooks Davis, there was only one location <perlinger@ntp.org>
4304  [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
4305  - applied patch by Gerry Garvey
4307  - applied patch by Gerry Garvey
4312  - applied patch by Miroslav Lichvar
4313  [Bug 3426] ntpdate.html -t default is 2 seconds.  Leonid Evdokimov.
4315  - integrated patch by  Reinhard Max
4317  - applied patches by Christos Zoulas, including real bug fixes
4320  Symmetric key range is 1-65535.  Update docs.   <stenn@ntp.org>
4322 --
4329 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
4330 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
4331 provides 65 other non-security fixes and improvements:
4336    References: Sec 3454 / CVE-2018-7185 / VU#961909
4337    Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
4343 	The NTP Protocol allows for both non-authenticated and
4347 	support an interleaved mode of operation. In ntp-4.2.8p4 a bug
4349 	allows a non-authenticated zero-origin (reset) packet to reset
4351 	can send a packet with a zero-origin timestamp and the source
4355 	disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
4356 	interleave mode could be entered dynamically. As of ntp-4.2.8p7,
4359 	Implement BCP-38.
4367 	If ntpd stops running, auto-restart it without -g .
4374    References: Sec 3453 / CVE-2018-7184 / VU#961909
4375    Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
4378    CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4384 	third-party can inject a packet with a zero-origin timestamp,
4391 	Implement BCP-38.
4392 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4397 	If ntpd stops running, auto-restart it without -g .
4404    References: Sec 3415 / CVE-2018-7170 / VU#961909
4405    	       Sec 3012 / CVE-2016-1549 / VU#718152
4406    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4408    CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4409    CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
4413 	ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
4415 	-- i.e. one where the attacker knows the private symmetric key --
4416 	can create arbitrarily-many ephemeral associations in order to win
4418 	additional protections are offered in ntp-4.2.8p11.  One is the
4425 	Implement BCP-38.
4426 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4436 	If ntpd stops running, auto-restart it without -g .
4443    References: Sec 3414 / CVE-2018-7183 / VU#961909
4444    Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4449 	is an internal function of ntpq that is used to -- wait for it --
4452 	maliciously-altered ntpd returns an array result that will trip this
4458 	Implement BCP-38.
4459 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4462 	This weakness was discovered by Michael Macnair of Thales e-Security.
4467    References: Sec 3412 / CVE-2018-7182 / VU#961909
4468    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4469    CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
4470    CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4478 	Implement BCP-38.
4479 	Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4483 	If ntpd stops running, auto-restart it without -g .
4491    References: Sec 3012 / CVE-2016-1549 / VU#718152
4492    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4494    CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4495    CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4499 	introduced in ntp-4.2.8p6 allowing an optional 4th field in the
4501 	authenticated peer -- i.e. one where the attacker knows the
4502 	private symmetric key -- can create arbitrarily-many ephemeral
4505 	offered in ntp-4.2.8p11.  One is the 'noepeer' directive, which
4510 	Implement BCP-38.
4526  - applied patch by Sean Haugh 
4529  - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
4530  [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
4531  - refactoring the MAC code, too
4534  - applied patch by ggarvey
4536  - applied patch by ggarvey (with minor mods)
4538  - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
4540  [Bug 3433] sntp crashes when run with -a.  <stenn@ntp.org>
4542  - fixed several issues with hash algos in ntpd, sntp, ntpq,
4545  - initial patch by Daniel Pouzzner
4550  [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
4551  - raised receive buffer size to 1200 <perlinger@ntp.org>
4554  [Bug 3405] update-leap.in: general cleanup, HTTPS support.  Paul McMath.
4556  - fix/drop assumptions on OpenSSL libs directory layout
4557  [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
4558  - initial patch by timeflies@mail2tor.com  <perlinger@ntp.org>
4560  - patch contributed by Alexander Bluhm
4565  - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
4567  - increased mimimum stack size to 32kB <perlinger@ntp.org>
4569  - reverted handling of PPS kernel consumer to 4.2.6 behavior
4570  [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
4573  - fixed location counter & ntpq output <perlinger@ntp.org>
4576  [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
4578  [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
4588  AES-128-CMAC support.  BInglis, HStenn, JPerlinger.
4591  update-leap: updates from Paul McMath.
4592  When using pkg-config, report --modversion.  HStenn.
4594  sntp: show the IP of who sent us a crypto-NAK.  HStenn.
4596  authistrustedip() - use it in more places.  HStenn, JPerlinger.
4615 * update-leap needs the following perl modules:
4620 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
4626 - restrict ... noepeer
4627 - restrict ... ippeerlimit N
4634 apply to explicitly-configured associations.  A value of -1, the current
4647 --
4654 This release fixes 5 medium-, 6 low-, and 4 informational-severity
4655 vulnerabilities, and provides 15 other non-security fixes and improvements:
4657 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
4659    References: Sec 3389 / CVE-2017-6464 / VU#325339
4660    Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
4661 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4669 	Implement BCP-38.
4672 	Properly monitor your ntpd instances, and auto-restart
4673 	    ntpd (without -g) if it stops running. 
4677 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
4679     References: Sec 3388 / CVE-2017-6462 / VU#325339
4680     Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
4696 	Properly monitor your ntpd instances, and auto-restart
4697 	    ntpd (without -g) if it stops running. 
4701 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
4703    References: Sec 3387 / CVE-2017-6463 / VU#325339
4704    Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
4705 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4715 	Implement BCP-38.
4718 	Properly monitor your ntpd instances, and auto-restart
4719 	    ntpd (without -g) if it stops running. 
4723 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
4726    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4727 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4742 	Implement BCP-38.
4745 	Properly monitor your ntpd instances, and auto-restart
4746 	    ntpd (without -g) if it stops running. 
4750 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
4753    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4754 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4765 	the oreallocarray() function for which a further number-of-elements
4776 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
4779    References: Sec 3384 / CVE-2017-6455 / VU#325339
4780    Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
4781 	not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
4782 	including ntp-4.3.94.
4794 	Implement BCP-38.
4800 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
4803    References: Sec 3383 / CVE-2017-6452 / VU#325339
4804    Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
4805 	installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
4806 	to, but not including ntp-4.3.94.
4826 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
4829    References: Sec 3382 / CVE-2017-6459 / VU#325339
4830    Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
4831 	installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
4832 	up to, but not including ntp-4.3.94.
4843 	call to RegSetValueEx() claims to be passing in a multi-string
4851 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
4859 	code-gadget-based branch-flow redirection exploits.  Analogically,
4899 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
4902    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4903    	ntp-4.3.0 up to, but not including ntp-4.3.94.
4913         Properly monitor your ntpd instances, and auto-restart
4914 	    ntpd (without -g) if it stops running. 
4918 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
4920    References: Sec 3379 / CVE-2017-6458 / VU#325339
4921    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4922 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4931 	long variable names in ntpd (longer than 200-512 bytes, depending
4935 	Implement BCP-38.
4939 	    longer than 200-512 bytes in your ntp.conf file.
4940 	Properly monitor your ntpd instances, and auto-restart
4941 	    ntpd (without -g) if it stops running. 
4945 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
4947    References: Sec 3378 / CVE-2017-6451 / VU#325339
4948    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4949 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4956 	and vsnprintf() incorrectly, which can lead to an out-of-bounds
4961 	allocated buffer space.  This results in an out-of-bound memory
4972 	Properly monitor your ntpd instances, and auto-restart
4973 	    ntpd (without -g) if it stops running. 
4977 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
4980    References: Sec 3377 / CVE-2017-6460 / VU#325339
4981    Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
4982 	ntp-4.3.0 up to, but not including ntp-4.3.94.
4991 	will be copied into a fixed-size buffer, leading to an overflow on
4992 	the function's stack-frame.  Note well that this problem requires
5004 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
5007    Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
5008 	ntp-4.3.0 up to, but not including ntp-4.3.94.
5015 	flags for their builds.  As of ntp-4.2.8p10, the NTP build
5016 	system has a way to provide OS-specific hardening flags.  Please
5024 	Implement BCP-38.
5027 	Properly monitor your ntpd instances, and auto-restart
5028 	    ntpd (without -g) if it stops running. 
5034    References: Sec 3361 / CVE-2016-9042 / VU#325339
5035    Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
5048 	Implement BCP-38.
5053 	Properly monitor your ntpd instances, and auto-restart
5054 	    ntpd (without -g) if it stops running. 
5060 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
5061 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
5062   - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
5065   on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
5066   - original patch by Majdi S. Abbas
5069   - initial patch by Christos Zoulas
5071   - move loader API from 'inline' to proper source
5072   - augment pathless dlls with absolute path to NTPD
5073   - use 'msyslog()' instead of 'printf() 'for reporting trouble
5075   - applied patch by Matthew Van Gundy
5077   - applied some of the patches provided by Havard. Not all of them
5080   - applied patch by Reinhard Max. See bugzilla for limitations.
5082   - fixed dependency inversion from [Bug 2837]
5084   - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
5085 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
5086   - applied patch by Miroslav Lichvar for ntp4.2.6 compat
5087 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
5088   - Fixed these and some more locations of this pattern.
5092 --
5093 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
5096   - added missed changeset for automatic openssl lib detection
5097   - fixed some minor warning issues
5102 --
5110 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5111 5 low-severity vulnerabilities, and provides 28 other non-security
5116    References: Sec 3119 / CVE-2016-9311 / VU#633847
5117    Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5118    	including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5127         Implement BCP-38.
5132         Properly monitor your ntpd instances, and auto-restart ntpd
5133 	    (without -g) if it stops running. 
5138    References: Sec 3118 / CVE-2016-9310 / VU#633847
5139    Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5140 	including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5146 	long-standing BCP recommendations, "restrict default noquery ..."
5153         Implement BCP-38.
5157         Properly monitor your ntpd instances, and auto-restart ntpd
5158 	    (without -g) if it stops running. 
5163    References: Sec 3114 / CVE-2016-7427 / VU#633847
5164    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and 
5165 	ntp-4.3.90 up to, but not including ntp-4.3.94.
5179         Implement BCP-38.
5182         Properly monitor your ntpd instances, and auto-restart ntpd
5183 	    (without -g) if it stops running. 
5188    References: Sec 3113 / CVE-2016-7428 / VU#633847
5189    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5190 	ntp-4.3.90 up to, but not including ntp-4.3.94
5208         Implement BCP-38.
5211         Properly monitor your ntpd instances, and auto-restart ntpd
5212 	    (without -g) if it stops running. 
5217    References: Sec 3110 / CVE-2016-9312 / VU#633847
5218    Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
5219 	and ntp-4.3.0 up to, but not including ntp-4.3.94. 
5226         Implement BCP-38.
5229         Properly monitor your ntpd instances, and auto-restart ntpd
5230 	    (without -g) if it stops running. 
5235    References: Sec 3102 / CVE-2016-7431 / VU#633847
5236    Affects: ntp-4.2.8p8, and ntp-4.3.93.
5241 	ntp-4.2.8p6. However, subsequent timestamp validation checks
5245         Implement BCP-38.
5248         Properly monitor your ntpd instances, and auto-restart ntpd
5249 	    (without -g) if it stops running. 
5255    References: Sec 3082 / CVE-2016-7434 / VU#633847
5256    Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
5257 	ntp-4.3.0 up to, but not including ntp-4.3.94.
5266         Implement BCP-38.
5269         Properly monitor your ntpd instances, and auto-restart ntpd
5270 	    (without -g) if it stops running. 
5275    References: Sec 3072 / CVE-2016-7429 / VU#633847
5276    Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5277 	ntp-4.3.0 up to, but not including ntp-4.3.94
5295         Implement BCP-38.
5301         Properly monitor your ntpd instances, and auto-restart ntpd
5302 	    (without -g) if it stops running. 
5307    References: Sec 3071 / CVE-2016-7426 / VU#633847
5308    Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
5309 	ntp-4.3.0 up to, but not including ntp-4.3.94
5323 	brute-force attacks on the origin timestamp, it allows this DoS
5327         Implement BCP-38.
5330         Properly monitor your ntpd instances, and auto-restart ntpd
5331 	    (without -g) if it stops running. 
5336    References: Sec 3067 / CVE-2016-7433 / VU#633847
5337    Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5338 	ntp-4.3.0 up to, but not including ntp-4.3.94. But the
5339 	root-distance calculation in general is incorrect in all versions
5340 	of ntp-4 until this release. 
5346 	to a misinterpretation of a small-print variable in The Book, the
5354         Properly monitor your ntpd instances, and auto-restart ntpd
5355 	    (without -g) if it stops running. 
5364   - moved retry decision where it belongs. <perlinger@ntp.org>
5366   using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
5369   - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
5371   - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
5372   - added shim layer for SSL API calls with issues (both directions)
5374   - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
5375 * [Bug 3084] update-leap mis-parses the leapfile name.  HStenn.
5377   - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
5380   - PPS-HACK works again.
5382   - applied patch by Brian Utterback <brian.utterback@oracle.com>
5386   - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
5387 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
5388   - Patch provided by Kuramatsu.
5390   - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
5395   - fixed GPS week expansion to work based on build date. Special thanks
5398   - fixed Makefile.am <perlinger@ntp.org>
5401   - make sure PPS source is alive before processing samples
5402   - improve stability close to the 500ms phase jump (phase gate)
5407 * remove locks in Windows IO, use rpc-like thread synchronisation instead
5409 ---
5417 following 1 high- and 4 low-severity vulnerabilities:
5421    References: Sec 3046 / CVE-2016-4957 / VU#321640
5422    Affects: ntp-4.2.8p7, and ntp-4.3.92.
5425    Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
5428         Implement BCP-38.
5433         Properly monitor your ntpd instances, and auto-restart ntpd
5434 	    (without -g) if it stops running. 
5439    References: Sec 3045 / CVE-2016-4953 / VU#321640
5440    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5441 	ntp-4.3.0 up to, but not including ntp-4.3.93.
5445 	spoofed packet containing a CRYPTO-NAK to an ephemeral peer
5449 	Implement BCP-38.
5457    References: Sec 3044 / CVE-2016-4954 / VU#321640
5458    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5459 	ntp-4.3.0 up to, but not including ntp-4.3.93.
5467 	Implement BCP-38.
5475    References: Sec 3043 / CVE-2016-4955 / VU#321640
5476    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5477 	ntp-4.3.0 up to, but not including ntp-4.3.93.
5486 	Implement BCP-38.
5494    References: Sec 3042 / CVE-2016-4956 / VU#321640
5495    Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5496    	ntp-4.3.0 up to, but not including ntp-4.3.93.
5502 	Implement BCP-38.
5510   - provide build environment
5511   - 'wint_t' and 'struct timespec' defined by VS2015
5512   - fixed print()/scanf() format issues
5515 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
5517 * Fix typo in ntp-wait and plot_summary.  HStenn.
5521 ---
5529 available, --enable-dynamic-interleave.  More information on this below.
5531 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
5539 following 9 low- and medium-severity vulnerabilities:
5542   AKA: authdecrypt-timing
5544    References: Sec 2879 / CVE-2016-1550
5545    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5547    CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
5548    CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5551 	for a local or perhaps LAN-based attacker to send a packet with
5562    References: Sec 2945 / Sec 2901 / CVE-2015-8138
5563    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5568    References: Sec 2952 / CVE-2015-7704
5569    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5571    CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5572    Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
5575         Implement BCP-38.
5583 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
5585    References: Sec 3007 / CVE-2016-1547 / VU#718152
5586    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5588    CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5589    CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5590    Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
5591 	off-path attacker can cause a preemptable client association to
5601 	For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
5604 	ntp-4.2.8p7.
5606 	Implement BCP-38.
5615    References: Sec 3008 / CVE-2016-2519
5616    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5618    CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5619    CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5634         Implement BCP-38.
5643    References: Sec 3009 / CVE-2016-2518 / VU#718152
5644    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5646    CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
5647    CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
5650 	out-of-bounds reference.
5652 	Implement BCP-38.
5662    References: Sec 3010 / CVE-2016-2517 / VU#718152
5663    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5665    CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5666    CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5675 	Implement BCP-38.
5684    References: Sec 3011 / CVE-2016-2516 / VU#718152
5685    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5687    CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
5688    CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5696 	Implement BCP-38.
5705    References: Sec 3020 / CVE-2016-1551
5708 	By "very limited number of OSes" we mean no general-purpose OSes
5710    CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
5711    CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5719         Implement martian packet filtering and BCP-38.
5737    References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
5738    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5742    References: Sec 2936 / CVE-2015-7974
5743    Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5749 * Interleave-pivot
5751    References: Sec 2978 / CVE-2016-1548
5752    Affects: All ntp-4 releases.
5753    CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
5754    CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
5759 	timestamp that matches the peer->dst timestamp recorded for that
5765         Implement BCP-38.
5776    References: Sec 3012 / CVE-2016-1549
5777    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5779    CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
5780    CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5782    	the feature introduced in ntp-4.2.8p6 allowing an optional 4th
5784 	a malicious authenticated peer can create arbitrarily-many
5788         Implement BCP-38.
5797   - fixed yet another race condition in the threaded resolver code.
5800   - integrated patches by Loganaden Velvidron <logan@ntp.org>
5806 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
5808   - Patch provided by Ch. Weisgerber
5809 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
5810   - A change related to [Bug 2853] forbids trailing white space in
5813   - report and patch from Aleksandr Kostikov.
5814   - Overhaul of Windows IO completion port handling. perlinger@ntp.org
5816   - fixed memory leak in access list (auth[read]keys.c)
5817   - refactored handling of key access lists (auth[read]keys.c)
5818   - reduced number of error branches (authreadkeys.c)
5823   - Check the initial delay calculation and reject/unpeer the broadcast
5856  --enable-dynamic-interleave
5860 default in ntp-4.2.8p7.
5862 ---
5870 following 1 low- and 8 medium-severity vulnerabilities:
5874    References: Sec 2548 / CVE-2015-8158
5875    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5877    CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5878    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5899    References: Sec 2945 / CVE-2015-8138
5900    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5902    CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
5903    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5904 	(3.7 - LOW if you score AC:L)
5921    References: Sec 2940 / CVE-2015-7978
5922    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5924    CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5928 	Implement BCP-38.
5932             In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
5941 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
5943    References: Sec 2942 / CVE-2015-7979
5944    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5947    Summary: An off-path attacker can send broadcast packets with bad
5953 	Implement BCP-38.
5965    References: Sec 2939 / CVE-2015-7977
5966    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5968    CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5972 	Implement BCP-38.
5987    References: Sec 2938 / CVE-2015-7976
5988    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5990    CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
5999 	Implement BCP-38.
6003 	    build NTP with 'configure --disable-saveconfig' if you will
6009 	'saveconfig' requests are logged to syslog - monitor your syslog files.
6014    References: Sec 2937 / CVE-2015-7975
6015    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6017    CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
6023 	The usual worst-case effect of this vulnerability is that the
6037    References: Sec 2936 / CVE-2015-7974
6038    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6049 	an enhancement request, and ntp-4.2.8p6 includes other checks and
6053 	Implement BCP-38.
6060 	    addresses, however other changes in ntp-4.2.8p6 provide
6071 		in the shared-key group. 
6077    References: Sec 2935 / CVE-2015-7973
6078    Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6080    CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
6082    	either a man-in-the-middle attacker or a malicious participant
6085 	Implement BCP-38.
6098   - applied patch by shenpeng11@huawei.com with minor adjustments
6103   - Found this already fixed, but validation led to cleanup actions.
6105   - added limits to stack consumption, fixed some return code handling
6107   - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6108   - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
6110   - integrated several patches from Havard Eidnes (he@uninett.no)
6112   - implement 'auth_log2()' using integer bithack instead of float calculation
6115 ---
6123 following medium-severity vulnerability:
6125 * Small-step/big-step.  Close the panic gate earlier.
6126     References: Sec 2956, CVE-2015-5300
6127     Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
6130     Summary: If ntpd is always started with the -g option, which is
6131 	common and against long-standing recommendation, and if at the
6140 	value if and only if ntpd was re-started against long-standing
6141 	recommendation with the -g flag, or if ntpd was not given the
6142 	-g flag, the attacker can move the target system's time by at
6148 	As we've long documented, only use the -g option to ntpd in
6149 	    cold-start situations.
6154     NOTE WELL: The -g flag disables the limit check on the panic_gate
6157 	check was only re-enabled after the first change to the system
6160 	re-enabled after any initial time correction.
6178   the newly-written Unity test programs.  These were fixed.
6180 * [Bug 2887] stratum -1 config results as showing value 99
6181   - fudge stratum should only accept values [0..16]. perlinger@ntp.org
6183 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
6185   - applied patch by Christos Zoulas.  perlinger@ntp.org
6186 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
6188   - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
6189   - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
6191   - accept key file only if there are no parsing errors
6192   - fixed size_t/u_int format clash
6193   - fixed wrong use of 'strlcpy'
6196   - fixed several other warnings (cast-alignment, missing const, missing prototypes)
6197   - promote use of 'size_t' for values that express a size
6198   - use ptr-to-const for read-only arguments
6199   - make sure SOCKET values are not truncated (win32-specific)
6200   - format string fixes
6203   - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
6207   - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6208 * Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
6210 * Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
6215 ---
6223 following 13 low- and medium-severity vulnerabilities:
6228     References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
6229     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6232     Summary: The fix for CVE-2014-9750 was incomplete in that there were
6245     References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
6246     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6248     CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
6249     Summary: An ntpd client that honors Kiss-of-Death responses will honor
6263         Implement BCP-38.
6268 	    for the time. This mitigation is heavy-handed.
6279   References: Sec 2902 / CVE-2015-5196
6280   Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6290 	Implement BCP-38.
6296 	    - an explicitly configured trustedkey, and you should also
6298 	    - access from a permitted IP. You choose the IPs.
6299 	    - authentication. Don't disable it. Practice secure key safety. 
6305   References: Sec 2909 / CVE-2015-7701
6306   Affects: All ntp-4 releases that use autokey up to, but not
6322   References:  Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
6323   Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6333 	Implement BCP-38.
6337 	In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
6348   References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
6349   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6359 	Implement BCP-38.
6374     References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
6375     Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6388 	Implement BCP-38.
6403   References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
6404   Affects: All ntp-4 releases running under VMS up to, but not
6414 	Implement BCP-38.
6428   References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
6429   Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
6439 	Implement BCP-38.
6454   References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
6455   Affects: Potentially all ntp-4 releases running up to, but not
6480   References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
6481   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6493 	Implement BCP-38.
6509   References: Sec 2922 / CVE-2015-7855
6510   Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6518 	Implement BCP-38.
6532   crypto-NAK.
6534   References: Sec 2941 / CVE-2015-7871
6535   Affects: All ntp-4 releases between 4.2.5p186 up to but not including
6538   Summary: Crypto-NAK packets can be used to cause ntpd to accept time
6541 	vulnerability appears to have been introduced in ntp-4.2.5p186
6543 	associations (lines 1103-1165) was refactored.
6545 	Implement BCP-38.
6549 		Apply the patch to the bottom of the "authentic" check
6554 Backward-Incompatible changes:
6555 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
6557   the default value has been changed to -1 (do not lock ntpd into
6568 * 'rlimit memlock' now has finer-grained control.  A value of -1 means
6591 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
6597 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier".  dave@horsfall.org
6599 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows.  perlinger@ntp.org
6608 * On some versions of HP-UX, inttypes.h does not include stdint.h.  H.Stenn.
6618   caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
6646 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
6667 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM.  H.Stenn.
6672 * tests/libntp/test_caltontp needs -lpthread.  Harlan Stenn.
6673 * br-flock: --enable-local-libevent.  Harlan Stenn.
6675 * scripts/lib/NTP/Util.pm: stratum output is version-dependent.  Harlan Stenn.
6684 * Changed progname to be const in many files - now it's consistent. Tomasz
6692 * Retire google test - phase I.  Harlan Stenn.
6707 * Implement --enable-problem-tests (on by default).  Harlan Stenn.
6710 ---
6713 Focus: 1 Security fix.  Bug fixes and enhancements.  Leap-second improvements.
6730 This vulnerability is considered low-risk.
6746 the existing google-test items to this new framework.  If you want
6754 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
6757 * [Bug 2590] autogen-5.18.5.
6761 * [Bug 2745] ntpd -x steps clock on leap second
6762    Fixed an initial-value problem that caused misbehaviour in absence of
6777 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
6788 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
6789 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
6792 * [Bug 2824] Convert update-leap to perl. (also see 2769)
6801 * [Bug 2832] refclock_jjy.c supports the TDC-300.
6827 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
6834 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
6852 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
6859 ---
6867 following medium-severity vulnerabilities involving private key
6872     References: Sec 2779 / CVE-2015-1798 / VU#374268
6873     Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
6874 	including ntp-4.2.8p2 where the installation uses symmetric keys
6902     References: Sec 2781 / CVE-2015-1799 / VU#374268
6904 	not including ntp-4.2.8p2 where the installation uses symmetric
6918 	a known denial-of-service attack, described at
6932 	An update to the NTP RFC to correct this error is in-process.
6937 	is simply a long-known potential problem.
6942 * New script: update-leap
6943 The update-leap script will verify and if necessary, update the
6944 leap-second definition file.
6956 * [Bug 2728] See if C99-style structure initialization works.
6957 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
6958 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
6964 * [Bug 2766] ntp-keygen output files should not be world-readable.
6965 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
6968 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
6969 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
6971   Removed non-ASCII characters from some copyright comments.
6974   Now use C99 fixed-width types and avoid non-ASCII characters in comments.
6978   Modified creation of parse-specific variables for Meinberg devices
7000 ---
7008 following high-severity vulnerabilities:
7013     References: Sec 2671 / CVE-2014-9297 / VU#852879
7020     Mitigation - any of:
7034     References: Sec 2672 / CVE-2014-9298 / VU#852879
7040 	from "appearing" on non-localhost IPv4 interfaces, some kernels
7047 	have one of these OSes where ::1 can be spoofed, ALL ::1 -based
7060 ---
7068 following high-severity vulnerabilities:
7080    References: Sec 2670 / CVE-2014-9296 / VU#852879
7082 below (which is a limited-risk vulnerability), none of the recent
7084 restricted from sending a 'query'-class packet by your ntp.conf file.
7090   References: [Sec 2665] / CVE-2014-9293 / VU#852879
7099 	seeded with a 32-bit value and could only provide 32 bits of
7103   Mitigation - any of:
7104 	- Upgrade to 4.2.7p11 or later.
7105 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7107   Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
7110 * Non-cryptographic random number generator with weak seed used by
7111   ntp-keygen to generate symmetric keys.
7113   References: [Sec 2666] / CVE-2014-9294 / VU#852879
7118   Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
7121 	generate symmetric keys. In ntp-4.2.8 we use a current-technology
7125   Mitigation - any of:
7126   	- Upgrade to 4.2.7p230 or later.
7127 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7129   Credit:  This vulnerability was discovered in ntp-4.2.6 by
7134   References: Sec 2667 / CVE-2014-9295 / VU#852879
7145   Mitigation - any of:
7146   	- Upgrade to 4.2.8, or later, or
7147 	- Disable Autokey Authentication by removing, or commenting out,
7156   References: Sec 2668 / CVE-2014-9295 / VU#852879
7165   Mitigation - any of:
7166   	- Upgrade to 4.2.8, or later.
7167 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7174   References: Sec 2669 / CVE-2014-9295 / VU#852879
7183   Mitigation - any of:
7184   	- Upgrade to 4.2.8, or later.
7185 	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7192   References: Sec 2670 / CVE-2014-9296 / VU#852879
7207   Mitigation - any of:
7208         - Upgrade to 4.2.8, or later,
7209         - Remove or comment out all configuration directives
7231 get a timestamp we us the "built-on" to tell us what era we are in.
7238 For a long time, ntpq and its mostly text-based mode 6 (control) 
7244 covered them all, though I've not compared command-by-command 
7248 hand-rolled structure layout and byte-swapping code in both ntpd and 
7252 ntpq's text-based, label=value approach involves more code reuse and 
7255 Mode 7 has always been defined as vendor/implementation-specific while 
7259 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
7271 --- 
7285 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
7296  * Non-printable stratum 16 refid no longer sent to ntp
7308  * -n option extended to include the billboard "server" column
7311 --- 
7321 clean-ups, minor bug fixes, fixes for a number of minor 
7322 ref-clock issues, and documentation revisions. 
7324 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 
7337 * Back-ported several fixes for Coverity warnings from ntp-dev 
7350 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 
7366 * Backward incompatible command-line option change: 
7367   -l/--filelog changed -l/--logfile (to be consistent with ntpd) 
7372 * Distribute ntp-wait.html 
7374 ---
7384 clean-ups, minor bug fixes, fixes for a number of minor
7385 ref-clock issues, and documentation revisions.
7417 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
7423 ntp-keygen
7424 * Fix -V coredump.
7438 * Update the MIB from the draft version to RFC-5907.
7450 ---
7460 clean-ups, minor bug fixes, fixes for a number of minor
7461 ref-clock issues, improved KOD handling, OpenSSL related
7477 * default connection to net-snmpd via a unix-domain socket
7478 * command-line 'socket name' option
7482 * key-type specific password prompts
7489 ---
7498 ---
7503 ---
7510 This release fixes the following high-severity vulnerability:
7512 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
7533   Vinokurov of Alcatel-Lucent.
7537 ---
7540 Backward-Incompatible changes:
7542 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
7543 Use '--var name' or '--dvar name' instead. (Bug 817)
7545 ---
7552 This release fixes the following high-severity vulnerability:
7554 * [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
7565 This release fixes the following low-severity vulnerabilities:
7567 * [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
7583 ---
7590 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
7599 ---
7604 This release fixes a number of Windows-specific ntpd bugs and 
7605 platform-independent ntpdate bugs. A logging bugfix has been applied
7616 ---
7625 a problem with non-command-line specification of -6, and allows the loopback
7628 ---
7637 ---
7649 ---
7655 conjunction with DHCP. GNU AutoGen is used for its command-line options 
7658 added for some new ref-clocks and have been removed for some older 
7659 ref-clocks. This release also includes other improvements, documentation 
7662 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 
7665 ---