Lines Matching +full:custom +full:- +full:output +full:- +full:range +full:- +full:config
1 ---
10 - changes crypto (OpenSSL or compatible) detection and default build behavior.
11 Previously, crypto was supported if available unless the --without-crypto
13 falling back to a crypto-free build if usable libcrypto was not found has
15 The --without-crypto option must be explicitly provided if you want a build
17 - Fixes 40 bugs
18 - Includes 40 other improvements
25 * [Bug 3913] Avoid duplicate IPv6 link-local manycast associations.
28 * [Bug 3910] Memory leak using openssl-3 <hart@ntp.org>
31 * [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
33 * [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
36 * [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates
41 declaration from ntp_types.h to config.h. <hart@ntp.org>
43 * [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs.
47 * [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian.
56 * [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as
60 * [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid.
62 * [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org>
63 * [Bug 3847] SSL detection in configure should run-test if runpath is needed.
65 * [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
66 * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
69 * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
70 Need to remove --Wformat-security when removing -Wformat to
77 * [Bug 3830] configure libevent check intersperses output with answer. <stenn@>
85 * [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
94 * util/lsf-times - added. <stenn@ntp.org>
95 * Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org>
105 that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org>
106 * Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files.
121 * Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
122 * Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
123 * Add build test coverage for --disable-saveconfig to flock-build script.
125 * Remove deprecated configure --with-arlib option. <hart@ntp.org>
135 * wire in --enable-build-framework-help
137 ---
146 - fixes 3 bugs, including a regression
147 - adds new unit tests
160 symmetric authentication digest output.
162 ---
171 - fixes 4 vulnerabilities (3 LOW and 1 None severity),
172 - fixes 46 bugs
173 - includes 15 general improvements
174 - adds support for OpenSSL-3.0
178 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
182 - solved numerically instead of using string manipulation
186 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
189 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
192 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
197 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
199 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
200 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
201 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
205 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
206 * [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
207 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
211 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
212 - openssl applink needed again for openSSL-1.1.1
216 - command line options override config statements where applicable
217 - make initial frequency settings idempotent and reversible
218 - make sure kernel PLL gets a recovered drift componsation
221 - misleading title; essentially a request to ignore the receiver status.
224 - original patch by Richard Schmidt, with mods & unit test fixes
226 - implement/wrap 'realpath()' to resolve symlinks in device names
227 * [Bug 3691] Buffer Overflow reading GPSD output
228 - original patch by matt<ntpbr@mattcorallo.com>
229 - increased max PDU size to 4k to avoid truncation
231 - patch by Frank Kardel
232 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
233 - ntp{q,dc} now use the same password processing as ntpd does in the key
238 - patch by Gerry Garvey
240 - original patch by Gerry Garvey
242 - original patch by Gerry Garvey
244 - applied patches by Gerry Garvey
245 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
247 - idea+patch by Gerry Garvey
250 - follow-up: fix inverted sense in check, reset shortfall counter
253 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
255 - applied patch by Gerry Garvey
257 - backport from -dev, plus some more work on warnings for unchecked results
263 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
273 * Rename a poorly-named variable. <stenn@ntp.org>
278 * upgrade to: autogen-5.18.16
279 * upgrade to: libopts-42.1.17
280 * upgrade to: autoconf-2.71
281 * upgrade to: automake-1.16.15
282 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
283 * Support OpenSSL-3.0
285 ---
301 - Thanks to Sylar Tao
303 - rewrite 'decodenetnum()' in terms of inet_pton
305 - limit number of receive buffers, with an iron reserve for refclocks
309 - integrated patch from Charles Claggett
314 - fix by Gerry garvey
316 - thanks to Gerry Garvey
318 - patch by Gerry Garvey
320 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
321 - applied patch by Takao Abe
323 ---
340 - Reported by Philippe Antoine
342 - Reported by Miroslav Lichvar
344 - Reported by Miroslav Lichvar
349 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
350 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
351 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
352 - integrated patch by Cy Schubert
354 - applied patch by Gerry Garvey
356 - applied patch by Gerry Garvey
358 - integrated patch by Richard Steedman
361 - Reported by Martin Burnicki
362 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
363 - Reported by Philippe Antoine
365 - officially document new "trust date" mode bit for NMEA driver
366 - restore the (previously undocumented) "trust date" feature lost with [bug 3577]
367 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
368 - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
370 - removed ffs() and fls() prototypes as per Brian Utterback
373 - fixed byte and paramter order as suggested by wei6410@sina.com
375 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
376 - added padding as suggested by John Paul Adrian Glaubitz
380 * [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
381 - stdout+stderr are set to line buffered during test setup now
383 - set clock to base date if system time is before that limit
385 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
386 - Reported by Paulo Neves
388 - also updates for refclock_nmea.c and refclock_jupiter.c
393 - sidekick: service port resolution in 'ntpdate'
395 - applied patch by Douglas Royds
398 - applied patch by Gerry Garvey
399 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
400 - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
401 - fix wrong cond-compile tests in unit tests
404 - patch by Philipp Prindeville
406 - patch by Philipp Prindeville
408 - patch by Philipp Prindeville
410 - partial application of patch by Philipp Prindeville
412 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
414 - applied (modified) patch by Richard Steedman
416 - applied patch by Gerry Garvey (with minor formatting changes)
418 - applied patch by Miroslav Lichvar
422 is specified with -u <perlinger@ntp.org>
423 - monitor daemon child startup & propagate exit codes
425 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
427 * Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
431 ---
445 - reported by Magnus Stubman
447 - applied patch by Ian Lepore
449 - isolate and fix linux/windows specific code issue
451 - provide better function for incremental string formatting
452 * [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
453 - applied patch by Gerry Garvey
454 * [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
455 - original finding by Gerry Garvey, additional cleanup needed
457 - patch by Christous Zoulas
459 - finding by Chen Jiabin, plus another one by me
461 - applied patch by Maciej Szmigiero
463 - applied patch by Andre Charbonneau
465 - applied patch by Baruch Siach
466 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
467 - applied patch by Baruch Siach
469 - refactored handling of GPS era based on 'tos basedate' for
472 - patch by Daniel J. Luke; this does not fix a potential linker
474 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
476 - --enable-bug3527-fix support by HStenn
478 - applied patch by Gerry Garvey
480 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
482 - this is a variant of [bug 3558] and should be fixed with it
483 * Implement 'configure --disable-signalled-io'
485 --
493 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
502 [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
504 - applied patch by Ian Lepore <perlinger@ntp.org>
506 - changed interaction with SCM to signal pending startup
508 - applied patch by Gerry Garvey
510 - applied patch by Gerry Garvey
512 - rework of ntpq 'nextvar()' key/value parsing
513 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
514 - applied patch by Gerry Garvey (with mods)
516 - applied patch by Gerry Garvey
518 - applied patch by Gerry Garvey (with mods)
520 - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
521 [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
522 - applied patch by Gerry Garvey
524 - applied patch by Gerry Garvey
526 - add #define ENABLE_CMAC support in configure. HStenn.
529 - patch by Stephen Friedl
531 - fixed IO redirection and CTRL-C handling in ntq and ntpdc
534 - initial patch by Hal Murray; also fixed refclock_report() trouble
537 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
538 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
539 - applied patch by Gerry Garvey
541 - applied patch by Gerry Garvey
546 - applied patch by Miroslav Lichvar
547 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
549 - integrated patch by Reinhard Max
551 - applied patches by Christos Zoulas, including real bug fixes
554 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
556 --
563 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
564 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
565 provides 65 other non-security fixes and improvements:
570 References: Sec 3454 / CVE-2018-7185 / VU#961909
571 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
577 The NTP Protocol allows for both non-authenticated and
581 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
583 allows a non-authenticated zero-origin (reset) packet to reset
585 can send a packet with a zero-origin timestamp and the source
589 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
590 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
593 Implement BCP-38.
601 If ntpd stops running, auto-restart it without -g .
608 References: Sec 3453 / CVE-2018-7184 / VU#961909
609 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
612 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
618 third-party can inject a packet with a zero-origin timestamp,
625 Implement BCP-38.
626 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
631 If ntpd stops running, auto-restart it without -g .
638 References: Sec 3415 / CVE-2018-7170 / VU#961909
639 Sec 3012 / CVE-2016-1549 / VU#718152
640 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
642 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
643 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
647 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
649 -- i.e. one where the attacker knows the private symmetric key --
650 can create arbitrarily-many ephemeral associations in order to win
652 additional protections are offered in ntp-4.2.8p11. One is the
657 ntp.keys file to include specifying a subnet range.
659 Implement BCP-38.
660 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
670 If ntpd stops running, auto-restart it without -g .
677 References: Sec 3414 / CVE-2018-7183 / VU#961909
678 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
683 is an internal function of ntpq that is used to -- wait for it --
686 maliciously-altered ntpd returns an array result that will trip this
692 Implement BCP-38.
693 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
696 This weakness was discovered by Michael Macnair of Thales e-Security.
701 References: Sec 3412 / CVE-2018-7182 / VU#961909
702 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
703 CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
704 CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
712 Implement BCP-38.
713 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
717 If ntpd stops running, auto-restart it without -g .
725 References: Sec 3012 / CVE-2016-1549 / VU#718152
726 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
728 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
729 CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
733 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
735 authenticated peer -- i.e. one where the attacker knows the
736 private symmetric key -- can create arbitrarily-many ephemeral
739 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
742 include specifying a subnet range.
744 Implement BCP-38.
760 - applied patch by Sean Haugh
763 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
764 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
765 - refactoring the MAC code, too
768 - applied patch by ggarvey
770 - applied patch by ggarvey (with minor mods)
772 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
774 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
776 - fixed several issues with hash algos in ntpd, sntp, ntpq,
779 - initial patch by Daniel Pouzzner
784 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
785 - raised receive buffer size to 1200 <perlinger@ntp.org>
788 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
790 - fix/drop assumptions on OpenSSL libs directory layout
791 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
792 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
794 - patch contributed by Alexander Bluhm
799 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
801 - increased mimimum stack size to 32kB <perlinger@ntp.org>
803 - reverted handling of PPS kernel consumer to 4.2.6 behavior
804 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
806 [Bug 3016] wrong error position reported for bad ":config pool"
807 - fixed location counter & ntpq output <perlinger@ntp.org>
810 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
812 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
813 [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
822 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
824 sntp: pkt_output(): Improve debug output. HStenn.
825 update-leap: updates from Paul McMath.
826 When using pkg-config, report --modversion. HStenn.
828 sntp: show the IP of who sent us a crypto-NAK. HStenn.
830 authistrustedip() - use it in more places. HStenn, JPerlinger.
836 Improve saveconfig output. HStenn.
837 Decode restrict flags on receive() debug output. HStenn.
838 Decode interface flags on receive() debug output. HStenn.
849 * update-leap needs the following perl modules:
854 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
860 - restrict ... noepeer
861 - restrict ... ippeerlimit N
868 apply to explicitly-configured associations. A value of -1, the current
881 --
888 This release fixes 5 medium-, 6 low-, and 4 informational-severity
889 vulnerabilities, and provides 15 other non-security fixes and improvements:
891 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
893 References: Sec 3389 / CVE-2017-6464 / VU#325339
894 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
895 ntp-4.3.0 up to, but not including ntp-4.3.94.
903 Implement BCP-38.
906 Properly monitor your ntpd instances, and auto-restart
907 ntpd (without -g) if it stops running.
911 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
913 References: Sec 3388 / CVE-2017-6462 / VU#325339
914 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
930 Properly monitor your ntpd instances, and auto-restart
931 ntpd (without -g) if it stops running.
935 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
937 References: Sec 3387 / CVE-2017-6463 / VU#325339
938 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
939 ntp-4.3.0 up to, but not including ntp-4.3.94.
945 via the :config directive. The unpeer option expects a number or
949 Implement BCP-38.
952 Properly monitor your ntpd instances, and auto-restart
953 ntpd (without -g) if it stops running.
957 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
960 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
961 ntp-4.3.0 up to, but not including ntp-4.3.94.
976 Implement BCP-38.
979 Properly monitor your ntpd instances, and auto-restart
980 ntpd (without -g) if it stops running.
984 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
987 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
988 ntp-4.3.0 up to, but not including ntp-4.3.94.
999 the oreallocarray() function for which a further number-of-elements
1010 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
1013 References: Sec 3384 / CVE-2017-6455 / VU#325339
1014 Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
1015 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
1016 including ntp-4.3.94.
1028 Implement BCP-38.
1034 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
1037 References: Sec 3383 / CVE-2017-6452 / VU#325339
1038 Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
1039 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
1040 to, but not including ntp-4.3.94.
1060 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
1063 References: Sec 3382 / CVE-2017-6459 / VU#325339
1064 Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
1065 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
1066 up to, but not including ntp-4.3.94.
1077 call to RegSetValueEx() claims to be passing in a multi-string
1085 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
1093 code-gadget-based branch-flow redirection exploits. Analogically,
1133 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
1136 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1137 ntp-4.3.0 up to, but not including ntp-4.3.94.
1147 Properly monitor your ntpd instances, and auto-restart
1148 ntpd (without -g) if it stops running.
1152 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
1154 References: Sec 3379 / CVE-2017-6458 / VU#325339
1155 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1156 ntp-4.3.0 up to, but not including ntp-4.3.94.
1165 long variable names in ntpd (longer than 200-512 bytes, depending
1169 Implement BCP-38.
1173 longer than 200-512 bytes in your ntp.conf file.
1174 Properly monitor your ntpd instances, and auto-restart
1175 ntpd (without -g) if it stops running.
1179 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
1181 References: Sec 3378 / CVE-2017-6451 / VU#325339
1182 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1183 ntp-4.3.0 up to, but not including ntp-4.3.94.
1190 and vsnprintf() incorrectly, which can lead to an out-of-bounds
1195 allocated buffer space. This results in an out-of-bound memory
1206 Properly monitor your ntpd instances, and auto-restart
1207 ntpd (without -g) if it stops running.
1211 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
1214 References: Sec 3377 / CVE-2017-6460 / VU#325339
1215 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
1216 ntp-4.3.0 up to, but not including ntp-4.3.94.
1225 will be copied into a fixed-size buffer, leading to an overflow on
1226 the function's stack-frame. Note well that this problem requires
1238 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
1241 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1242 ntp-4.3.0 up to, but not including ntp-4.3.94.
1249 flags for their builds. As of ntp-4.2.8p10, the NTP build
1250 system has a way to provide OS-specific hardening flags. Please
1258 Implement BCP-38.
1261 Properly monitor your ntpd instances, and auto-restart
1262 ntpd (without -g) if it stops running.
1268 References: Sec 3361 / CVE-2016-9042 / VU#325339
1269 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
1282 Implement BCP-38.
1287 Properly monitor your ntpd instances, and auto-restart
1288 ntpd (without -g) if it stops running.
1294 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
1295 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
1296 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
1299 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
1300 - original patch by Majdi S. Abbas
1303 - initial patch by Christos Zoulas
1305 - move loader API from 'inline' to proper source
1306 - augment pathless dlls with absolute path to NTPD
1307 - use 'msyslog()' instead of 'printf() 'for reporting trouble
1309 - applied patch by Matthew Van Gundy
1311 - applied some of the patches provided by Havard. Not all of them
1314 - applied patch by Reinhard Max. See bugzilla for limitations.
1316 - fixed dependency inversion from [Bug 2837]
1318 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
1319 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
1320 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
1321 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
1322 - Fixed these and some more locations of this pattern.
1326 --
1327 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
1330 - added missed changeset for automatic openssl lib detection
1331 - fixed some minor warning issues
1336 --
1344 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
1345 5 low-severity vulnerabilities, and provides 28 other non-security
1350 References: Sec 3119 / CVE-2016-9311 / VU#633847
1351 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1352 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1361 Implement BCP-38.
1366 Properly monitor your ntpd instances, and auto-restart ntpd
1367 (without -g) if it stops running.
1372 References: Sec 3118 / CVE-2016-9310 / VU#633847
1373 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1374 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1380 long-standing BCP recommendations, "restrict default noquery ..."
1387 Implement BCP-38.
1391 Properly monitor your ntpd instances, and auto-restart ntpd
1392 (without -g) if it stops running.
1397 References: Sec 3114 / CVE-2016-7427 / VU#633847
1398 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1399 ntp-4.3.90 up to, but not including ntp-4.3.94.
1413 Implement BCP-38.
1416 Properly monitor your ntpd instances, and auto-restart ntpd
1417 (without -g) if it stops running.
1422 References: Sec 3113 / CVE-2016-7428 / VU#633847
1423 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1424 ntp-4.3.90 up to, but not including ntp-4.3.94
1442 Implement BCP-38.
1445 Properly monitor your ntpd instances, and auto-restart ntpd
1446 (without -g) if it stops running.
1451 References: Sec 3110 / CVE-2016-9312 / VU#633847
1452 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
1453 and ntp-4.3.0 up to, but not including ntp-4.3.94.
1460 Implement BCP-38.
1463 Properly monitor your ntpd instances, and auto-restart ntpd
1464 (without -g) if it stops running.
1469 References: Sec 3102 / CVE-2016-7431 / VU#633847
1470 Affects: ntp-4.2.8p8, and ntp-4.3.93.
1475 ntp-4.2.8p6. However, subsequent timestamp validation checks
1479 Implement BCP-38.
1482 Properly monitor your ntpd instances, and auto-restart ntpd
1483 (without -g) if it stops running.
1489 References: Sec 3082 / CVE-2016-7434 / VU#633847
1490 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
1491 ntp-4.3.0 up to, but not including ntp-4.3.94.
1500 Implement BCP-38.
1503 Properly monitor your ntpd instances, and auto-restart ntpd
1504 (without -g) if it stops running.
1509 References: Sec 3072 / CVE-2016-7429 / VU#633847
1510 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1511 ntp-4.3.0 up to, but not including ntp-4.3.94
1529 Implement BCP-38.
1535 Properly monitor your ntpd instances, and auto-restart ntpd
1536 (without -g) if it stops running.
1541 References: Sec 3071 / CVE-2016-7426 / VU#633847
1542 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
1543 ntp-4.3.0 up to, but not including ntp-4.3.94
1557 brute-force attacks on the origin timestamp, it allows this DoS
1561 Implement BCP-38.
1564 Properly monitor your ntpd instances, and auto-restart ntpd
1565 (without -g) if it stops running.
1570 References: Sec 3067 / CVE-2016-7433 / VU#633847
1571 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1572 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
1573 root-distance calculation in general is incorrect in all versions
1574 of ntp-4 until this release.
1580 to a misinterpretation of a small-print variable in The Book, the
1588 Properly monitor your ntpd instances, and auto-restart ntpd
1589 (without -g) if it stops running.
1598 - moved retry decision where it belongs. <perlinger@ntp.org>
1600 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
1603 - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
1605 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
1606 - added shim layer for SSL API calls with issues (both directions)
1608 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
1609 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
1611 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
1614 - PPS-HACK works again.
1616 - applied patch by Brian Utterback <brian.utterback@oracle.com>
1620 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
1621 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
1622 - Patch provided by Kuramatsu.
1624 - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
1629 - fixed GPS week expansion to work based on build date. Special thanks
1632 - fixed Makefile.am <perlinger@ntp.org>
1635 - make sure PPS source is alive before processing samples
1636 - improve stability close to the 500ms phase jump (phase gate)
1641 * remove locks in Windows IO, use rpc-like thread synchronisation instead
1643 ---
1651 following 1 high- and 4 low-severity vulnerabilities:
1655 References: Sec 3046 / CVE-2016-4957 / VU#321640
1656 Affects: ntp-4.2.8p7, and ntp-4.3.92.
1659 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
1662 Implement BCP-38.
1667 Properly monitor your ntpd instances, and auto-restart ntpd
1668 (without -g) if it stops running.
1673 References: Sec 3045 / CVE-2016-4953 / VU#321640
1674 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1675 ntp-4.3.0 up to, but not including ntp-4.3.93.
1679 spoofed packet containing a CRYPTO-NAK to an ephemeral peer
1683 Implement BCP-38.
1691 References: Sec 3044 / CVE-2016-4954 / VU#321640
1692 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1693 ntp-4.3.0 up to, but not including ntp-4.3.93.
1701 Implement BCP-38.
1709 References: Sec 3043 / CVE-2016-4955 / VU#321640
1710 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1711 ntp-4.3.0 up to, but not including ntp-4.3.93.
1720 Implement BCP-38.
1728 References: Sec 3042 / CVE-2016-4956 / VU#321640
1729 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1730 ntp-4.3.0 up to, but not including ntp-4.3.93.
1736 Implement BCP-38.
1744 - provide build environment
1745 - 'wint_t' and 'struct timespec' defined by VS2015
1746 - fixed print()/scanf() format issues
1749 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
1751 * Fix typo in ntp-wait and plot_summary. HStenn.
1755 ---
1763 available, --enable-dynamic-interleave. More information on this below.
1765 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
1773 following 9 low- and medium-severity vulnerabilities:
1776 AKA: authdecrypt-timing
1778 References: Sec 2879 / CVE-2016-1550
1779 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1781 CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
1782 CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1785 for a local or perhaps LAN-based attacker to send a packet with
1796 References: Sec 2945 / Sec 2901 / CVE-2015-8138
1797 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1802 References: Sec 2952 / CVE-2015-7704
1803 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1805 CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1806 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
1809 Implement BCP-38.
1817 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
1819 References: Sec 3007 / CVE-2016-1547 / VU#718152
1820 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1822 CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
1823 CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1824 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
1825 off-path attacker can cause a preemptable client association to
1835 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
1838 ntp-4.2.8p7.
1840 Implement BCP-38.
1849 References: Sec 3008 / CVE-2016-2519
1850 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1852 CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1853 CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1868 Implement BCP-38.
1877 References: Sec 3009 / CVE-2016-2518 / VU#718152
1878 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1880 CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
1881 CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
1884 out-of-bounds reference.
1886 Implement BCP-38.
1896 References: Sec 3010 / CVE-2016-2517 / VU#718152
1897 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1899 CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
1900 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1909 Implement BCP-38.
1918 References: Sec 3011 / CVE-2016-2516 / VU#718152
1919 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1921 CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
1922 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1930 Implement BCP-38.
1939 References: Sec 3020 / CVE-2016-1551
1942 By "very limited number of OSes" we mean no general-purpose OSes
1944 CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
1945 CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1953 Implement martian packet filtering and BCP-38.
1971 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
1972 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1976 References: Sec 2936 / CVE-2015-7974
1977 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1983 * Interleave-pivot
1985 References: Sec 2978 / CVE-2016-1548
1986 Affects: All ntp-4 releases.
1987 CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
1988 CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1993 timestamp that matches the peer->dst timestamp recorded for that
1999 Implement BCP-38.
2010 References: Sec 3012 / CVE-2016-1549
2011 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
2013 CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
2014 CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
2016 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
2018 a malicious authenticated peer can create arbitrarily-many
2022 Implement BCP-38.
2031 - fixed yet another race condition in the threaded resolver code.
2034 - integrated patches by Loganaden Velvidron <logan@ntp.org>
2040 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
2042 - Patch provided by Ch. Weisgerber
2043 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
2044 - A change related to [Bug 2853] forbids trailing white space in
2045 remote config commands. perlinger@ntp.org
2047 - report and patch from Aleksandr Kostikov.
2048 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
2050 - fixed memory leak in access list (auth[read]keys.c)
2051 - refactored handling of key access lists (auth[read]keys.c)
2052 - reduced number of error branches (authreadkeys.c)
2054 * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
2057 - Check the initial delay calculation and reject/unpeer the broadcast
2090 --enable-dynamic-interleave
2094 default in ntp-4.2.8p7.
2096 ---
2104 following 1 low- and 8 medium-severity vulnerabilities:
2108 References: Sec 2548 / CVE-2015-8158
2109 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2111 CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2112 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2133 References: Sec 2945 / CVE-2015-8138
2134 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2136 CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
2137 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
2138 (3.7 - LOW if you score AC:L)
2155 References: Sec 2940 / CVE-2015-7978
2156 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2158 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2162 Implement BCP-38.
2166 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2175 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
2177 References: Sec 2942 / CVE-2015-7979
2178 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2181 Summary: An off-path attacker can send broadcast packets with bad
2187 Implement BCP-38.
2199 References: Sec 2939 / CVE-2015-7977
2200 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2202 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
2206 Implement BCP-38.
2221 References: Sec 2938 / CVE-2015-7976
2222 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2224 CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
2233 Implement BCP-38.
2237 build NTP with 'configure --disable-saveconfig' if you will
2243 'saveconfig' requests are logged to syslog - monitor your syslog files.
2248 References: Sec 2937 / CVE-2015-7975
2249 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2251 CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
2257 The usual worst-case effect of this vulnerability is that the
2271 References: Sec 2936 / CVE-2015-7974
2272 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2283 an enhancement request, and ntp-4.2.8p6 includes other checks and
2287 Implement BCP-38.
2294 addresses, however other changes in ntp-4.2.8p6 provide
2305 in the shared-key group.
2311 References: Sec 2935 / CVE-2015-7973
2312 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2314 CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
2316 either a man-in-the-middle attacker or a malicious participant
2319 Implement BCP-38.
2332 - applied patch by shenpeng11@huawei.com with minor adjustments
2337 - Found this already fixed, but validation led to cleanup actions.
2339 - added limits to stack consumption, fixed some return code handling
2341 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2342 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
2344 - integrated several patches from Havard Eidnes (he@uninett.no)
2346 - implement 'auth_log2()' using integer bithack instead of float calculation
2349 ---
2357 following medium-severity vulnerability:
2359 * Small-step/big-step. Close the panic gate earlier.
2360 References: Sec 2956, CVE-2015-5300
2361 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
2364 Summary: If ntpd is always started with the -g option, which is
2365 common and against long-standing recommendation, and if at the
2374 value if and only if ntpd was re-started against long-standing
2375 recommendation with the -g flag, or if ntpd was not given the
2376 -g flag, the attacker can move the target system's time by at
2382 As we've long documented, only use the -g option to ntpd in
2383 cold-start situations.
2388 NOTE WELL: The -g flag disables the limit check on the panic_gate
2391 check was only re-enabled after the first change to the system
2394 re-enabled after any initial time correction.
2412 the newly-written Unity test programs. These were fixed.
2414 * [Bug 2887] stratum -1 config results as showing value 99
2415 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
2417 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
2419 - applied patch by Christos Zoulas. perlinger@ntp.org
2420 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
2422 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
2423 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
2425 - accept key file only if there are no parsing errors
2426 - fixed size_t/u_int format clash
2427 - fixed wrong use of 'strlcpy'
2430 - fixed several other warnings (cast-alignment, missing const, missing prototypes)
2431 - promote use of 'size_t' for values that express a size
2432 - use ptr-to-const for read-only arguments
2433 - make sure SOCKET values are not truncated (win32-specific)
2434 - format string fixes
2437 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
2441 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2442 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
2444 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
2449 ---
2457 following 13 low- and medium-severity vulnerabilities:
2462 References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
2463 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2466 Summary: The fix for CVE-2014-9750 was incomplete in that there were
2479 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
2480 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2482 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
2483 Summary: An ntpd client that honors Kiss-of-Death responses will honor
2497 Implement BCP-38.
2502 for the time. This mitigation is heavy-handed.
2513 References: Sec 2902 / CVE-2015-5196
2514 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2524 Implement BCP-38.
2530 - an explicitly configured trustedkey, and you should also
2532 - access from a permitted IP. You choose the IPs.
2533 - authentication. Don't disable it. Practice secure key safety.
2539 References: Sec 2909 / CVE-2015-7701
2540 Affects: All ntp-4 releases that use autokey up to, but not
2556 References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
2557 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2567 Implement BCP-38.
2571 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2582 References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
2583 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2593 Implement BCP-38.
2608 References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
2609 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2622 Implement BCP-38.
2634 * Potential path traversal vulnerability in the config file saving of
2637 References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
2638 Affects: All ntp-4 releases running under VMS up to, but not
2648 Implement BCP-38.
2662 References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
2663 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
2673 Implement BCP-38.
2685 * Invalid length data provided by a custom refclock driver could cause
2688 References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
2689 Affects: Potentially all ntp-4 releases running up to, but not
2691 that have custom refclocks
2697 If you are running a custom refclock driver in ntpd and that
2698 driver supplies a negative value for datalen (no custom driver
2707 If you are running custom refclock drivers, make sure
2714 References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
2715 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2727 Implement BCP-38.
2743 References: Sec 2922 / CVE-2015-7855
2744 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2752 Implement BCP-38.
2766 crypto-NAK.
2768 References: Sec 2941 / CVE-2015-7871
2769 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
2772 Summary: Crypto-NAK packets can be used to cause ntpd to accept time
2775 vulnerability appears to have been introduced in ntp-4.2.5p186
2777 associations (lines 1103-1165) was refactored.
2779 Implement BCP-38.
2788 Backward-Incompatible changes:
2789 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
2791 the default value has been changed to -1 (do not lock ntpd into
2798 output of ntpq, you probably want to change your regex matches
2802 * 'rlimit memlock' now has finer-grained control. A value of -1 means
2825 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
2831 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
2833 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
2842 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
2852 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
2880 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
2901 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
2906 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
2907 * br-flock: --enable-local-libevent. Harlan Stenn.
2909 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
2918 * Changed progname to be const in many files - now it's consistent. Tomasz
2926 * Retire google test - phase I. Harlan Stenn.
2941 * Implement --enable-problem-tests (on by default). Harlan Stenn.
2944 ---
2947 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
2953 * [Sec 2853] Crafted remote config packet can crash some versions of
2964 This vulnerability is considered low-risk.
2980 the existing google-test items to this new framework. If you want
2988 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
2991 * [Bug 2590] autogen-5.18.5.
2995 * [Bug 2745] ntpd -x steps clock on leap second
2996 Fixed an initial-value problem that caused misbehaviour in absence of
3011 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
3022 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
3023 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
3026 * [Bug 2824] Convert update-leap to perl. (also see 2769)
3035 * [Bug 2832] refclock_jjy.c supports the TDC-300.
3044 Fixed compiler warnings about numeric range overflow
3061 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
3068 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
3086 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
3093 ---
3101 following medium-severity vulnerabilities involving private key
3106 References: Sec 2779 / CVE-2015-1798 / VU#374268
3107 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
3108 including ntp-4.2.8p2 where the installation uses symmetric keys
3136 References: Sec 2781 / CVE-2015-1799 / VU#374268
3138 not including ntp-4.2.8p2 where the installation uses symmetric
3152 a known denial-of-service attack, described at
3166 An update to the NTP RFC to correct this error is in-process.
3171 is simply a long-known potential problem.
3176 * New script: update-leap
3177 The update-leap script will verify and if necessary, update the
3178 leap-second definition file.
3190 * [Bug 2728] See if C99-style structure initialization works.
3191 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
3192 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
3198 * [Bug 2766] ntp-keygen output files should not be world-readable.
3199 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
3202 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
3203 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
3205 Removed non-ASCII characters from some copyright comments.
3208 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
3212 Modified creation of parse-specific variables for Meinberg devices
3234 ---
3242 following high-severity vulnerabilities:
3247 References: Sec 2671 / CVE-2014-9297 / VU#852879
3254 Mitigation - any of:
3268 References: Sec 2672 / CVE-2014-9298 / VU#852879
3274 from "appearing" on non-localhost IPv4 interfaces, some kernels
3281 have one of these OSes where ::1 can be spoofed, ALL ::1 -based
3294 ---
3302 following high-severity vulnerabilities:
3314 References: Sec 2670 / CVE-2014-9296 / VU#852879
3316 below (which is a limited-risk vulnerability), none of the recent
3318 restricted from sending a 'query'-class packet by your ntp.conf file.
3324 References: [Sec 2665] / CVE-2014-9293 / VU#852879
3333 seeded with a 32-bit value and could only provide 32 bits of
3337 Mitigation - any of:
3338 - Upgrade to 4.2.7p11 or later.
3339 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3341 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
3344 * Non-cryptographic random number generator with weak seed used by
3345 ntp-keygen to generate symmetric keys.
3347 References: [Sec 2666] / CVE-2014-9294 / VU#852879
3352 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
3355 generate symmetric keys. In ntp-4.2.8 we use a current-technology
3359 Mitigation - any of:
3360 - Upgrade to 4.2.7p230 or later.
3361 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3363 Credit: This vulnerability was discovered in ntp-4.2.6 by
3368 References: Sec 2667 / CVE-2014-9295 / VU#852879
3379 Mitigation - any of:
3380 - Upgrade to 4.2.8, or later, or
3381 - Disable Autokey Authentication by removing, or commenting out,
3390 References: Sec 2668 / CVE-2014-9295 / VU#852879
3399 Mitigation - any of:
3400 - Upgrade to 4.2.8, or later.
3401 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3408 References: Sec 2669 / CVE-2014-9295 / VU#852879
3417 Mitigation - any of:
3418 - Upgrade to 4.2.8, or later.
3419 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3426 References: Sec 2670 / CVE-2014-9296 / VU#852879
3441 Mitigation - any of:
3442 - Upgrade to 4.2.8, or later,
3443 - Remove or comment out all configuration directives
3457 The internal counters that track the "era" (range of years) we are in
3461 In the past, we have used the "midpoint" of the range to decide which
3465 get a timestamp we us the "built-on" to tell us what era we are in.
3472 For a long time, ntpq and its mostly text-based mode 6 (control)
3478 covered them all, though I've not compared command-by-command
3482 hand-rolled structure layout and byte-swapping code in both ntpd and
3486 ntpq's text-based, label=value approach involves more code reuse and
3489 Mode 7 has always been defined as vendor/implementation-specific while
3493 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
3505 ---
3519 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
3530 * Non-printable stratum 16 refid no longer sent to ntp
3542 * -n option extended to include the billboard "server" column
3545 ---
3555 clean-ups, minor bug fixes, fixes for a number of minor
3556 ref-clock issues, and documentation revisions.
3558 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
3565 * Update config.guess and config.sub for AIX
3571 * Back-ported several fixes for Coverity warnings from ntp-dev
3584 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
3600 * Backward incompatible command-line option change:
3601 -l/--filelog changed -l/--logfile (to be consistent with ntpd)
3606 * Distribute ntp-wait.html
3608 ---
3618 clean-ups, minor bug fixes, fixes for a number of minor
3619 ref-clock issues, and documentation revisions.
3651 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
3657 ntp-keygen
3658 * Fix -V coredump.
3672 * Update the MIB from the draft version to RFC-5907.
3684 ---
3694 clean-ups, minor bug fixes, fixes for a number of minor
3695 ref-clock issues, improved KOD handling, OpenSSL related
3704 * Range syntax for the trustedkey configuration directive
3711 * default connection to net-snmpd via a unix-domain socket
3712 * command-line 'socket name' option
3716 * key-type specific password prompts
3723 ---
3732 ---
3737 ---
3744 This release fixes the following high-severity vulnerability:
3746 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
3767 Vinokurov of Alcatel-Lucent.
3771 ---
3774 Backward-Incompatible changes:
3776 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
3777 Use '--var name' or '--dvar name' instead. (Bug 817)
3779 ---
3786 This release fixes the following high-severity vulnerability:
3788 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
3799 This release fixes the following low-severity vulnerabilities:
3801 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
3817 ---
3824 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
3833 ---
3838 This release fixes a number of Windows-specific ntpd bugs and
3839 platform-independent ntpdate bugs. A logging bugfix has been applied
3850 ---
3859 a problem with non-command-line specification of -6, and allows the loopback
3862 ---
3871 ---
3883 ---
3889 conjunction with DHCP. GNU AutoGen is used for its command-line options
3892 added for some new ref-clocks and have been removed for some older
3893 ref-clocks. This release also includes other improvements, documentation
3896 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
3899 ---
3903 ---
3912 - fixes 3 bugs, including a regression
3913 - adds new unit tests
3926 symmetric authentication digest output.
3928 ---
3937 - fixes 4 vulnerabilities (3 LOW and 1 None severity),
3938 - fixes 46 bugs
3939 - includes 15 general improvements
3940 - adds support for OpenSSL-3.0
3944 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
3948 - solved numerically instead of using string manipulation
3952 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
3955 * [Bug 3802] ntp-keygen -I default identity modulus bits too small for
3958 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
3963 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
3965 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
3966 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
3967 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
3971 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
3972 * [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
3973 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
3977 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
3978 - openssl applink needed again for openSSL-1.1.1
3982 - command line options override config statements where applicable
3983 - make initial frequency settings idempotent and reversible
3984 - make sure kernel PLL gets a recovered drift componsation
3987 - misleading title; essentially a request to ignore the receiver status.
3990 - original patch by Richard Schmidt, with mods & unit test fixes
3992 - implement/wrap 'realpath()' to resolve symlinks in device names
3993 * [Bug 3691] Buffer Overflow reading GPSD output
3994 - original patch by matt<ntpbr@mattcorallo.com>
3995 - increased max PDU size to 4k to avoid truncation
3997 - patch by Frank Kardel
3998 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
3999 - ntp{q,dc} now use the same password processing as ntpd does in the key
4004 - patch by Gerry Garvey
4006 - original patch by Gerry Garvey
4008 - original patch by Gerry Garvey
4010 - applied patches by Gerry Garvey
4011 * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
4013 - idea+patch by Gerry Garvey
4016 - follow-up: fix inverted sense in check, reset shortfall counter
4019 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
4021 - applied patch by Gerry Garvey
4023 - backport from -dev, plus some more work on warnings for unchecked results
4029 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
4039 * Rename a poorly-named variable. <stenn@ntp.org>
4044 * upgrade to: autogen-5.18.16
4045 * upgrade to: libopts-42.1.17
4046 * upgrade to: autoconf-2.71
4047 * upgrade to: automake-1.16.15
4048 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
4049 * Support OpenSSL-3.0
4051 ---
4067 - Thanks to Sylar Tao
4069 - rewrite 'decodenetnum()' in terms of inet_pton
4071 - limit number of receive buffers, with an iron reserve for refclocks
4075 - integrated patch from Charles Claggett
4080 - fix by Gerry garvey
4082 - thanks to Gerry Garvey
4084 - patch by Gerry Garvey
4086 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
4087 - applied patch by Takao Abe
4089 ---
4106 - Reported by Philippe Antoine
4108 - Reported by Miroslav Lichvar
4110 - Reported by Miroslav Lichvar
4115 * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
4116 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
4117 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
4118 - integrated patch by Cy Schubert
4120 - applied patch by Gerry Garvey
4122 - applied patch by Gerry Garvey
4124 - integrated patch by Richard Steedman
4127 - Reported by Martin Burnicki
4128 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
4129 - Reported by Philippe Antoine
4131 - officially document new "trust date" mode bit for NMEA driver
4132 - restore the (previously undocumented) "trust date" feature lost with [bug 3577]
4133 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
4134 - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
4136 - removed ffs() and fls() prototypes as per Brian Utterback
4139 - fixed byte and paramter order as suggested by wei6410@sina.com
4141 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
4142 - added padding as suggested by John Paul Adrian Glaubitz
4146 * [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
4147 - stdout+stderr are set to line buffered during test setup now
4149 - set clock to base date if system time is before that limit
4151 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
4152 - Reported by Paulo Neves
4154 - also updates for refclock_nmea.c and refclock_jupiter.c
4159 - sidekick: service port resolution in 'ntpdate'
4161 - applied patch by Douglas Royds
4164 - applied patch by Gerry Garvey
4165 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
4166 - try to harden 'decodenetnum()' against 'getaddrinfo()' errors
4167 - fix wrong cond-compile tests in unit tests
4170 - patch by Philipp Prindeville
4172 - patch by Philipp Prindeville
4174 - patch by Philipp Prindeville
4176 - partial application of patch by Philipp Prindeville
4178 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
4180 - applied (modified) patch by Richard Steedman
4182 - applied patch by Gerry Garvey (with minor formatting changes)
4184 - applied patch by Miroslav Lichvar
4188 is specified with -u <perlinger@ntp.org>
4189 - monitor daemon child startup & propagate exit codes
4191 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
4193 * Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
4197 ---
4211 - reported by Magnus Stubman
4213 - applied patch by Ian Lepore
4215 - isolate and fix linux/windows specific code issue
4217 - provide better function for incremental string formatting
4218 * [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
4219 - applied patch by Gerry Garvey
4220 * [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
4221 - original finding by Gerry Garvey, additional cleanup needed
4223 - patch by Christous Zoulas
4225 - finding by Chen Jiabin, plus another one by me
4227 - applied patch by Maciej Szmigiero
4229 - applied patch by Andre Charbonneau
4231 - applied patch by Baruch Siach
4232 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
4233 - applied patch by Baruch Siach
4235 - refactored handling of GPS era based on 'tos basedate' for
4238 - patch by Daniel J. Luke; this does not fix a potential linker
4240 * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
4242 - --enable-bug3527-fix support by HStenn
4244 - applied patch by Gerry Garvey
4246 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
4248 - this is a variant of [bug 3558] and should be fixed with it
4249 * Implement 'configure --disable-signalled-io'
4251 --
4259 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
4268 [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
4270 - applied patch by Ian Lepore <perlinger@ntp.org>
4272 - changed interaction with SCM to signal pending startup
4274 - applied patch by Gerry Garvey
4276 - applied patch by Gerry Garvey
4278 - rework of ntpq 'nextvar()' key/value parsing
4279 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
4280 - applied patch by Gerry Garvey (with mods)
4282 - applied patch by Gerry Garvey
4284 - applied patch by Gerry Garvey (with mods)
4286 - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
4287 [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
4288 - applied patch by Gerry Garvey
4290 - applied patch by Gerry Garvey
4292 - add #define ENABLE_CMAC support in configure. HStenn.
4295 - patch by Stephen Friedl
4297 - fixed IO redirection and CTRL-C handling in ntq and ntpdc
4300 - initial patch by Hal Murray; also fixed refclock_report() trouble
4303 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
4304 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
4305 - applied patch by Gerry Garvey
4307 - applied patch by Gerry Garvey
4312 - applied patch by Miroslav Lichvar
4313 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
4315 - integrated patch by Reinhard Max
4317 - applied patches by Christos Zoulas, including real bug fixes
4320 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
4322 --
4329 This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
4330 vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
4331 provides 65 other non-security fixes and improvements:
4336 References: Sec 3454 / CVE-2018-7185 / VU#961909
4337 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
4343 The NTP Protocol allows for both non-authenticated and
4347 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
4349 allows a non-authenticated zero-origin (reset) packet to reset
4351 can send a packet with a zero-origin timestamp and the source
4355 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
4356 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
4359 Implement BCP-38.
4367 If ntpd stops running, auto-restart it without -g .
4374 References: Sec 3453 / CVE-2018-7184 / VU#961909
4375 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
4378 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4384 third-party can inject a packet with a zero-origin timestamp,
4391 Implement BCP-38.
4392 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4397 If ntpd stops running, auto-restart it without -g .
4404 References: Sec 3415 / CVE-2018-7170 / VU#961909
4405 Sec 3012 / CVE-2016-1549 / VU#718152
4406 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4408 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4409 CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
4413 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
4415 -- i.e. one where the attacker knows the private symmetric key --
4416 can create arbitrarily-many ephemeral associations in order to win
4418 additional protections are offered in ntp-4.2.8p11. One is the
4423 ntp.keys file to include specifying a subnet range.
4425 Implement BCP-38.
4426 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4436 If ntpd stops running, auto-restart it without -g .
4443 References: Sec 3414 / CVE-2018-7183 / VU#961909
4444 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4449 is an internal function of ntpq that is used to -- wait for it --
4452 maliciously-altered ntpd returns an array result that will trip this
4458 Implement BCP-38.
4459 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4462 This weakness was discovered by Michael Macnair of Thales e-Security.
4467 References: Sec 3412 / CVE-2018-7182 / VU#961909
4468 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4469 CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
4470 CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4478 Implement BCP-38.
4479 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4483 If ntpd stops running, auto-restart it without -g .
4491 References: Sec 3012 / CVE-2016-1549 / VU#718152
4492 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4494 CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
4495 CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4499 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
4501 authenticated peer -- i.e. one where the attacker knows the
4502 private symmetric key -- can create arbitrarily-many ephemeral
4505 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
4508 include specifying a subnet range.
4510 Implement BCP-38.
4526 - applied patch by Sean Haugh
4529 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
4530 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
4531 - refactoring the MAC code, too
4534 - applied patch by ggarvey
4536 - applied patch by ggarvey (with minor mods)
4538 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
4540 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
4542 - fixed several issues with hash algos in ntpd, sntp, ntpq,
4545 - initial patch by Daniel Pouzzner
4550 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
4551 - raised receive buffer size to 1200 <perlinger@ntp.org>
4554 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
4556 - fix/drop assumptions on OpenSSL libs directory layout
4557 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
4558 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
4560 - patch contributed by Alexander Bluhm
4565 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
4567 - increased mimimum stack size to 32kB <perlinger@ntp.org>
4569 - reverted handling of PPS kernel consumer to 4.2.6 behavior
4570 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
4572 [Bug 3016] wrong error position reported for bad ":config pool"
4573 - fixed location counter & ntpq output <perlinger@ntp.org>
4576 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
4578 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
4579 [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
4588 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
4590 sntp: pkt_output(): Improve debug output. HStenn.
4591 update-leap: updates from Paul McMath.
4592 When using pkg-config, report --modversion. HStenn.
4594 sntp: show the IP of who sent us a crypto-NAK. HStenn.
4596 authistrustedip() - use it in more places. HStenn, JPerlinger.
4602 Improve saveconfig output. HStenn.
4603 Decode restrict flags on receive() debug output. HStenn.
4604 Decode interface flags on receive() debug output. HStenn.
4615 * update-leap needs the following perl modules:
4620 See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
4626 - restrict ... noepeer
4627 - restrict ... ippeerlimit N
4634 apply to explicitly-configured associations. A value of -1, the current
4647 --
4654 This release fixes 5 medium-, 6 low-, and 4 informational-severity
4655 vulnerabilities, and provides 15 other non-security fixes and improvements:
4657 * NTP-01-016 NTP: Denial of Service via Malformed Config (Medium)
4659 References: Sec 3389 / CVE-2017-6464 / VU#325339
4660 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
4661 ntp-4.3.0 up to, but not including ntp-4.3.94.
4669 Implement BCP-38.
4672 Properly monitor your ntpd instances, and auto-restart
4673 ntpd (without -g) if it stops running.
4677 * NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)
4679 References: Sec 3388 / CVE-2017-6462 / VU#325339
4680 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
4696 Properly monitor your ntpd instances, and auto-restart
4697 ntpd (without -g) if it stops running.
4701 * NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium)
4703 References: Sec 3387 / CVE-2017-6463 / VU#325339
4704 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
4705 ntp-4.3.0 up to, but not including ntp-4.3.94.
4711 via the :config directive. The unpeer option expects a number or
4715 Implement BCP-38.
4718 Properly monitor your ntpd instances, and auto-restart
4719 ntpd (without -g) if it stops running.
4723 * NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational)
4726 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4727 ntp-4.3.0 up to, but not including ntp-4.3.94.
4742 Implement BCP-38.
4745 Properly monitor your ntpd instances, and auto-restart
4746 ntpd (without -g) if it stops running.
4750 * NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info)
4753 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4754 ntp-4.3.0 up to, but not including ntp-4.3.94.
4765 the oreallocarray() function for which a further number-of-elements
4776 * NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS
4779 References: Sec 3384 / CVE-2017-6455 / VU#325339
4780 Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but
4781 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
4782 including ntp-4.3.94.
4794 Implement BCP-38.
4800 * NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS
4803 References: Sec 3383 / CVE-2017-6452 / VU#325339
4804 Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows
4805 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
4806 to, but not including ntp-4.3.94.
4826 * NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS
4829 References: Sec 3382 / CVE-2017-6459 / VU#325339
4830 Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows
4831 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
4832 up to, but not including ntp-4.3.94.
4843 call to RegSetValueEx() claims to be passing in a multi-string
4851 * NTP-01-006 NTP: Copious amounts of Unused Code (Informational)
4859 code-gadget-based branch-flow redirection exploits. Analogically,
4899 * NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low)
4902 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4903 ntp-4.3.0 up to, but not including ntp-4.3.94.
4913 Properly monitor your ntpd instances, and auto-restart
4914 ntpd (without -g) if it stops running.
4918 * NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium)
4920 References: Sec 3379 / CVE-2017-6458 / VU#325339
4921 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4922 ntp-4.3.0 up to, but not including ntp-4.3.94.
4931 long variable names in ntpd (longer than 200-512 bytes, depending
4935 Implement BCP-38.
4939 longer than 200-512 bytes in your ntp.conf file.
4940 Properly monitor your ntpd instances, and auto-restart
4941 ntpd (without -g) if it stops running.
4945 * NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low)
4947 References: Sec 3378 / CVE-2017-6451 / VU#325339
4948 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4949 ntp-4.3.0 up to, but not including ntp-4.3.94.
4956 and vsnprintf() incorrectly, which can lead to an out-of-bounds
4961 allocated buffer space. This results in an out-of-bound memory
4972 Properly monitor your ntpd instances, and auto-restart
4973 ntpd (without -g) if it stops running.
4977 * NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a
4980 References: Sec 3377 / CVE-2017-6460 / VU#325339
4981 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
4982 ntp-4.3.0 up to, but not including ntp-4.3.94.
4991 will be copied into a fixed-size buffer, leading to an overflow on
4992 the function's stack-frame. Note well that this problem requires
5004 * NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational)
5007 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
5008 ntp-4.3.0 up to, but not including ntp-4.3.94.
5015 flags for their builds. As of ntp-4.2.8p10, the NTP build
5016 system has a way to provide OS-specific hardening flags. Please
5024 Implement BCP-38.
5027 Properly monitor your ntpd instances, and auto-restart
5028 ntpd (without -g) if it stops running.
5034 References: Sec 3361 / CVE-2016-9042 / VU#325339
5035 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
5048 Implement BCP-38.
5053 Properly monitor your ntpd instances, and auto-restart
5054 ntpd (without -g) if it stops running.
5060 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
5061 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
5062 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
5065 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
5066 - original patch by Majdi S. Abbas
5069 - initial patch by Christos Zoulas
5071 - move loader API from 'inline' to proper source
5072 - augment pathless dlls with absolute path to NTPD
5073 - use 'msyslog()' instead of 'printf() 'for reporting trouble
5075 - applied patch by Matthew Van Gundy
5077 - applied some of the patches provided by Havard. Not all of them
5080 - applied patch by Reinhard Max. See bugzilla for limitations.
5082 - fixed dependency inversion from [Bug 2837]
5084 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
5085 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
5086 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
5087 * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
5088 - Fixed these and some more locations of this pattern.
5092 --
5093 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
5096 - added missed changeset for automatic openssl lib detection
5097 - fixed some minor warning issues
5102 --
5110 following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5111 5 low-severity vulnerabilities, and provides 28 other non-security
5116 References: Sec 3119 / CVE-2016-9311 / VU#633847
5117 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5118 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5127 Implement BCP-38.
5132 Properly monitor your ntpd instances, and auto-restart ntpd
5133 (without -g) if it stops running.
5138 References: Sec 3118 / CVE-2016-9310 / VU#633847
5139 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5140 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5146 long-standing BCP recommendations, "restrict default noquery ..."
5153 Implement BCP-38.
5157 Properly monitor your ntpd instances, and auto-restart ntpd
5158 (without -g) if it stops running.
5163 References: Sec 3114 / CVE-2016-7427 / VU#633847
5164 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5165 ntp-4.3.90 up to, but not including ntp-4.3.94.
5179 Implement BCP-38.
5182 Properly monitor your ntpd instances, and auto-restart ntpd
5183 (without -g) if it stops running.
5188 References: Sec 3113 / CVE-2016-7428 / VU#633847
5189 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5190 ntp-4.3.90 up to, but not including ntp-4.3.94
5208 Implement BCP-38.
5211 Properly monitor your ntpd instances, and auto-restart ntpd
5212 (without -g) if it stops running.
5217 References: Sec 3110 / CVE-2016-9312 / VU#633847
5218 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
5219 and ntp-4.3.0 up to, but not including ntp-4.3.94.
5226 Implement BCP-38.
5229 Properly monitor your ntpd instances, and auto-restart ntpd
5230 (without -g) if it stops running.
5235 References: Sec 3102 / CVE-2016-7431 / VU#633847
5236 Affects: ntp-4.2.8p8, and ntp-4.3.93.
5241 ntp-4.2.8p6. However, subsequent timestamp validation checks
5245 Implement BCP-38.
5248 Properly monitor your ntpd instances, and auto-restart ntpd
5249 (without -g) if it stops running.
5255 References: Sec 3082 / CVE-2016-7434 / VU#633847
5256 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
5257 ntp-4.3.0 up to, but not including ntp-4.3.94.
5266 Implement BCP-38.
5269 Properly monitor your ntpd instances, and auto-restart ntpd
5270 (without -g) if it stops running.
5275 References: Sec 3072 / CVE-2016-7429 / VU#633847
5276 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5277 ntp-4.3.0 up to, but not including ntp-4.3.94
5295 Implement BCP-38.
5301 Properly monitor your ntpd instances, and auto-restart ntpd
5302 (without -g) if it stops running.
5307 References: Sec 3071 / CVE-2016-7426 / VU#633847
5308 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
5309 ntp-4.3.0 up to, but not including ntp-4.3.94
5323 brute-force attacks on the origin timestamp, it allows this DoS
5327 Implement BCP-38.
5330 Properly monitor your ntpd instances, and auto-restart ntpd
5331 (without -g) if it stops running.
5336 References: Sec 3067 / CVE-2016-7433 / VU#633847
5337 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5338 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
5339 root-distance calculation in general is incorrect in all versions
5340 of ntp-4 until this release.
5346 to a misinterpretation of a small-print variable in The Book, the
5354 Properly monitor your ntpd instances, and auto-restart ntpd
5355 (without -g) if it stops running.
5364 - moved retry decision where it belongs. <perlinger@ntp.org>
5366 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
5369 - fixed extended sysvar lookup (bug introduced with bug 3008 fix)
5371 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
5372 - added shim layer for SSL API calls with issues (both directions)
5374 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
5375 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
5377 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
5380 - PPS-HACK works again.
5382 - applied patch by Brian Utterback <brian.utterback@oracle.com>
5386 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
5387 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
5388 - Patch provided by Kuramatsu.
5390 - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
5395 - fixed GPS week expansion to work based on build date. Special thanks
5398 - fixed Makefile.am <perlinger@ntp.org>
5401 - make sure PPS source is alive before processing samples
5402 - improve stability close to the 500ms phase jump (phase gate)
5407 * remove locks in Windows IO, use rpc-like thread synchronisation instead
5409 ---
5417 following 1 high- and 4 low-severity vulnerabilities:
5421 References: Sec 3046 / CVE-2016-4957 / VU#321640
5422 Affects: ntp-4.2.8p7, and ntp-4.3.92.
5425 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
5428 Implement BCP-38.
5433 Properly monitor your ntpd instances, and auto-restart ntpd
5434 (without -g) if it stops running.
5439 References: Sec 3045 / CVE-2016-4953 / VU#321640
5440 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5441 ntp-4.3.0 up to, but not including ntp-4.3.93.
5445 spoofed packet containing a CRYPTO-NAK to an ephemeral peer
5449 Implement BCP-38.
5457 References: Sec 3044 / CVE-2016-4954 / VU#321640
5458 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5459 ntp-4.3.0 up to, but not including ntp-4.3.93.
5467 Implement BCP-38.
5475 References: Sec 3043 / CVE-2016-4955 / VU#321640
5476 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5477 ntp-4.3.0 up to, but not including ntp-4.3.93.
5486 Implement BCP-38.
5494 References: Sec 3042 / CVE-2016-4956 / VU#321640
5495 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5496 ntp-4.3.0 up to, but not including ntp-4.3.93.
5502 Implement BCP-38.
5510 - provide build environment
5511 - 'wint_t' and 'struct timespec' defined by VS2015
5512 - fixed print()/scanf() format issues
5515 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
5517 * Fix typo in ntp-wait and plot_summary. HStenn.
5521 ---
5529 available, --enable-dynamic-interleave. More information on this below.
5531 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
5539 following 9 low- and medium-severity vulnerabilities:
5542 AKA: authdecrypt-timing
5544 References: Sec 2879 / CVE-2016-1550
5545 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5547 CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N)
5548 CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5551 for a local or perhaps LAN-based attacker to send a packet with
5562 References: Sec 2945 / Sec 2901 / CVE-2015-8138
5563 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5568 References: Sec 2952 / CVE-2015-7704
5569 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5571 CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5572 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
5575 Implement BCP-38.
5583 * Validate crypto-NAKs, AKA: CRYPTO-NAK DoS
5585 References: Sec 3007 / CVE-2016-1547 / VU#718152
5586 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5588 CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P)
5589 CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5590 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
5591 off-path attacker can cause a preemptable client association to
5601 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
5604 ntp-4.2.8p7.
5606 Implement BCP-38.
5615 References: Sec 3008 / CVE-2016-2519
5616 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5618 CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5619 CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5634 Implement BCP-38.
5643 References: Sec 3009 / CVE-2016-2518 / VU#718152
5644 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5646 CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P)
5647 CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
5650 out-of-bounds reference.
5652 Implement BCP-38.
5662 References: Sec 3010 / CVE-2016-2517 / VU#718152
5663 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5665 CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C)
5666 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5675 Implement BCP-38.
5684 References: Sec 3011 / CVE-2016-2516 / VU#718152
5685 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5687 CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C)
5688 CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
5696 Implement BCP-38.
5705 References: Sec 3020 / CVE-2016-1551
5708 By "very limited number of OSes" we mean no general-purpose OSes
5710 CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N)
5711 CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5719 Implement martian packet filtering and BCP-38.
5737 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
5738 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5742 References: Sec 2936 / CVE-2015-7974
5743 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5749 * Interleave-pivot
5751 References: Sec 2978 / CVE-2016-1548
5752 Affects: All ntp-4 releases.
5753 CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P)
5754 CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
5759 timestamp that matches the peer->dst timestamp recorded for that
5765 Implement BCP-38.
5776 References: Sec 3012 / CVE-2016-1549
5777 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5779 CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
5780 CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5782 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
5784 a malicious authenticated peer can create arbitrarily-many
5788 Implement BCP-38.
5797 - fixed yet another race condition in the threaded resolver code.
5800 - integrated patches by Loganaden Velvidron <logan@ntp.org>
5806 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
5808 - Patch provided by Ch. Weisgerber
5809 * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
5810 - A change related to [Bug 2853] forbids trailing white space in
5811 remote config commands. perlinger@ntp.org
5813 - report and patch from Aleksandr Kostikov.
5814 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
5816 - fixed memory leak in access list (auth[read]keys.c)
5817 - refactored handling of key access lists (auth[read]keys.c)
5818 - reduced number of error branches (authreadkeys.c)
5820 * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
5823 - Check the initial delay calculation and reject/unpeer the broadcast
5856 --enable-dynamic-interleave
5860 default in ntp-4.2.8p7.
5862 ---
5870 following 1 low- and 8 medium-severity vulnerabilities:
5874 References: Sec 2548 / CVE-2015-8158
5875 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5877 CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5878 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5899 References: Sec 2945 / CVE-2015-8138
5900 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5902 CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
5903 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
5904 (3.7 - LOW if you score AC:L)
5921 References: Sec 2940 / CVE-2015-7978
5922 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5924 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5928 Implement BCP-38.
5932 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
5941 * Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
5943 References: Sec 2942 / CVE-2015-7979
5944 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5947 Summary: An off-path attacker can send broadcast packets with bad
5953 Implement BCP-38.
5965 References: Sec 2939 / CVE-2015-7977
5966 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5968 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
5972 Implement BCP-38.
5987 References: Sec 2938 / CVE-2015-7976
5988 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5990 CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
5999 Implement BCP-38.
6003 build NTP with 'configure --disable-saveconfig' if you will
6009 'saveconfig' requests are logged to syslog - monitor your syslog files.
6014 References: Sec 2937 / CVE-2015-7975
6015 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6017 CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
6023 The usual worst-case effect of this vulnerability is that the
6037 References: Sec 2936 / CVE-2015-7974
6038 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6049 an enhancement request, and ntp-4.2.8p6 includes other checks and
6053 Implement BCP-38.
6060 addresses, however other changes in ntp-4.2.8p6 provide
6071 in the shared-key group.
6077 References: Sec 2935 / CVE-2015-7973
6078 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6080 CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
6082 either a man-in-the-middle attacker or a malicious participant
6085 Implement BCP-38.
6098 - applied patch by shenpeng11@huawei.com with minor adjustments
6103 - Found this already fixed, but validation led to cleanup actions.
6105 - added limits to stack consumption, fixed some return code handling
6107 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6108 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
6110 - integrated several patches from Havard Eidnes (he@uninett.no)
6112 - implement 'auth_log2()' using integer bithack instead of float calculation
6115 ---
6123 following medium-severity vulnerability:
6125 * Small-step/big-step. Close the panic gate earlier.
6126 References: Sec 2956, CVE-2015-5300
6127 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
6130 Summary: If ntpd is always started with the -g option, which is
6131 common and against long-standing recommendation, and if at the
6140 value if and only if ntpd was re-started against long-standing
6141 recommendation with the -g flag, or if ntpd was not given the
6142 -g flag, the attacker can move the target system's time by at
6148 As we've long documented, only use the -g option to ntpd in
6149 cold-start situations.
6154 NOTE WELL: The -g flag disables the limit check on the panic_gate
6157 check was only re-enabled after the first change to the system
6160 re-enabled after any initial time correction.
6178 the newly-written Unity test programs. These were fixed.
6180 * [Bug 2887] stratum -1 config results as showing value 99
6181 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
6183 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
6185 - applied patch by Christos Zoulas. perlinger@ntp.org
6186 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
6188 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
6189 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
6191 - accept key file only if there are no parsing errors
6192 - fixed size_t/u_int format clash
6193 - fixed wrong use of 'strlcpy'
6196 - fixed several other warnings (cast-alignment, missing const, missing prototypes)
6197 - promote use of 'size_t' for values that express a size
6198 - use ptr-to-const for read-only arguments
6199 - make sure SOCKET values are not truncated (win32-specific)
6200 - format string fixes
6203 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
6207 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6208 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
6210 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
6215 ---
6223 following 13 low- and medium-severity vulnerabilities:
6228 References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
6229 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6232 Summary: The fix for CVE-2014-9750 was incomplete in that there were
6245 References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
6246 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6248 CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
6249 Summary: An ntpd client that honors Kiss-of-Death responses will honor
6263 Implement BCP-38.
6268 for the time. This mitigation is heavy-handed.
6279 References: Sec 2902 / CVE-2015-5196
6280 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6290 Implement BCP-38.
6296 - an explicitly configured trustedkey, and you should also
6298 - access from a permitted IP. You choose the IPs.
6299 - authentication. Don't disable it. Practice secure key safety.
6305 References: Sec 2909 / CVE-2015-7701
6306 Affects: All ntp-4 releases that use autokey up to, but not
6322 References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
6323 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6333 Implement BCP-38.
6337 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
6348 References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
6349 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6359 Implement BCP-38.
6374 References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
6375 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6388 Implement BCP-38.
6400 * Potential path traversal vulnerability in the config file saving of
6403 References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
6404 Affects: All ntp-4 releases running under VMS up to, but not
6414 Implement BCP-38.
6428 References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
6429 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
6439 Implement BCP-38.
6451 * Invalid length data provided by a custom refclock driver could cause
6454 References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
6455 Affects: Potentially all ntp-4 releases running up to, but not
6457 that have custom refclocks
6463 If you are running a custom refclock driver in ntpd and that
6464 driver supplies a negative value for datalen (no custom driver
6473 If you are running custom refclock drivers, make sure
6480 References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
6481 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6493 Implement BCP-38.
6509 References: Sec 2922 / CVE-2015-7855
6510 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6518 Implement BCP-38.
6532 crypto-NAK.
6534 References: Sec 2941 / CVE-2015-7871
6535 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
6538 Summary: Crypto-NAK packets can be used to cause ntpd to accept time
6541 vulnerability appears to have been introduced in ntp-4.2.5p186
6543 associations (lines 1103-1165) was refactored.
6545 Implement BCP-38.
6554 Backward-Incompatible changes:
6555 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
6557 the default value has been changed to -1 (do not lock ntpd into
6564 output of ntpq, you probably want to change your regex matches
6568 * 'rlimit memlock' now has finer-grained control. A value of -1 means
6591 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
6597 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
6599 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
6608 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
6618 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
6646 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
6667 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
6672 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
6673 * br-flock: --enable-local-libevent. Harlan Stenn.
6675 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
6684 * Changed progname to be const in many files - now it's consistent. Tomasz
6692 * Retire google test - phase I. Harlan Stenn.
6707 * Implement --enable-problem-tests (on by default). Harlan Stenn.
6710 ---
6713 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
6719 * [Sec 2853] Crafted remote config packet can crash some versions of
6730 This vulnerability is considered low-risk.
6746 the existing google-test items to this new framework. If you want
6754 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
6757 * [Bug 2590] autogen-5.18.5.
6761 * [Bug 2745] ntpd -x steps clock on leap second
6762 Fixed an initial-value problem that caused misbehaviour in absence of
6777 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
6788 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
6789 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
6792 * [Bug 2824] Convert update-leap to perl. (also see 2769)
6801 * [Bug 2832] refclock_jjy.c supports the TDC-300.
6810 Fixed compiler warnings about numeric range overflow
6827 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
6834 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
6852 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
6859 ---
6867 following medium-severity vulnerabilities involving private key
6872 References: Sec 2779 / CVE-2015-1798 / VU#374268
6873 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
6874 including ntp-4.2.8p2 where the installation uses symmetric keys
6902 References: Sec 2781 / CVE-2015-1799 / VU#374268
6904 not including ntp-4.2.8p2 where the installation uses symmetric
6918 a known denial-of-service attack, described at
6932 An update to the NTP RFC to correct this error is in-process.
6937 is simply a long-known potential problem.
6942 * New script: update-leap
6943 The update-leap script will verify and if necessary, update the
6944 leap-second definition file.
6956 * [Bug 2728] See if C99-style structure initialization works.
6957 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
6958 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
6964 * [Bug 2766] ntp-keygen output files should not be world-readable.
6965 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
6968 * [Bug 2774] Unreasonably verbose printout - leap pending/warning
6969 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
6971 Removed non-ASCII characters from some copyright comments.
6974 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
6978 Modified creation of parse-specific variables for Meinberg devices
7000 ---
7008 following high-severity vulnerabilities:
7013 References: Sec 2671 / CVE-2014-9297 / VU#852879
7020 Mitigation - any of:
7034 References: Sec 2672 / CVE-2014-9298 / VU#852879
7040 from "appearing" on non-localhost IPv4 interfaces, some kernels
7047 have one of these OSes where ::1 can be spoofed, ALL ::1 -based
7060 ---
7068 following high-severity vulnerabilities:
7080 References: Sec 2670 / CVE-2014-9296 / VU#852879
7082 below (which is a limited-risk vulnerability), none of the recent
7084 restricted from sending a 'query'-class packet by your ntp.conf file.
7090 References: [Sec 2665] / CVE-2014-9293 / VU#852879
7099 seeded with a 32-bit value and could only provide 32 bits of
7103 Mitigation - any of:
7104 - Upgrade to 4.2.7p11 or later.
7105 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7107 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
7110 * Non-cryptographic random number generator with weak seed used by
7111 ntp-keygen to generate symmetric keys.
7113 References: [Sec 2666] / CVE-2014-9294 / VU#852879
7118 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
7121 generate symmetric keys. In ntp-4.2.8 we use a current-technology
7125 Mitigation - any of:
7126 - Upgrade to 4.2.7p230 or later.
7127 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7129 Credit: This vulnerability was discovered in ntp-4.2.6 by
7134 References: Sec 2667 / CVE-2014-9295 / VU#852879
7145 Mitigation - any of:
7146 - Upgrade to 4.2.8, or later, or
7147 - Disable Autokey Authentication by removing, or commenting out,
7156 References: Sec 2668 / CVE-2014-9295 / VU#852879
7165 Mitigation - any of:
7166 - Upgrade to 4.2.8, or later.
7167 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7174 References: Sec 2669 / CVE-2014-9295 / VU#852879
7183 Mitigation - any of:
7184 - Upgrade to 4.2.8, or later.
7185 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7192 References: Sec 2670 / CVE-2014-9296 / VU#852879
7207 Mitigation - any of:
7208 - Upgrade to 4.2.8, or later,
7209 - Remove or comment out all configuration directives
7223 The internal counters that track the "era" (range of years) we are in
7227 In the past, we have used the "midpoint" of the range to decide which
7231 get a timestamp we us the "built-on" to tell us what era we are in.
7238 For a long time, ntpq and its mostly text-based mode 6 (control)
7244 covered them all, though I've not compared command-by-command
7248 hand-rolled structure layout and byte-swapping code in both ntpd and
7252 ntpq's text-based, label=value approach involves more code reuse and
7255 Mode 7 has always been defined as vendor/implementation-specific while
7259 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
7271 ---
7285 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
7296 * Non-printable stratum 16 refid no longer sent to ntp
7308 * -n option extended to include the billboard "server" column
7311 ---
7321 clean-ups, minor bug fixes, fixes for a number of minor
7322 ref-clock issues, and documentation revisions.
7324 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
7331 * Update config.guess and config.sub for AIX
7337 * Back-ported several fixes for Coverity warnings from ntp-dev
7350 * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
7366 * Backward incompatible command-line option change:
7367 -l/--filelog changed -l/--logfile (to be consistent with ntpd)
7372 * Distribute ntp-wait.html
7374 ---
7384 clean-ups, minor bug fixes, fixes for a number of minor
7385 ref-clock issues, and documentation revisions.
7417 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
7423 ntp-keygen
7424 * Fix -V coredump.
7438 * Update the MIB from the draft version to RFC-5907.
7450 ---
7460 clean-ups, minor bug fixes, fixes for a number of minor
7461 ref-clock issues, improved KOD handling, OpenSSL related
7470 * Range syntax for the trustedkey configuration directive
7477 * default connection to net-snmpd via a unix-domain socket
7478 * command-line 'socket name' option
7482 * key-type specific password prompts
7489 ---
7498 ---
7503 ---
7510 This release fixes the following high-severity vulnerability:
7512 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
7533 Vinokurov of Alcatel-Lucent.
7537 ---
7540 Backward-Incompatible changes:
7542 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
7543 Use '--var name' or '--dvar name' instead. (Bug 817)
7545 ---
7552 This release fixes the following high-severity vulnerability:
7554 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
7565 This release fixes the following low-severity vulnerabilities:
7567 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
7583 ---
7590 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
7599 ---
7604 This release fixes a number of Windows-specific ntpd bugs and
7605 platform-independent ntpdate bugs. A logging bugfix has been applied
7616 ---
7625 a problem with non-command-line specification of -6, and allows the loopback
7628 ---
7637 ---
7649 ---
7655 conjunction with DHCP. GNU AutoGen is used for its command-line options
7658 added for some new ref-clocks and have been removed for some older
7659 ref-clocks. This release also includes other improvements, documentation
7662 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
7665 ---