Lines Matching +full:test2 +full:. +full:good
2 NTP 4.2.8p18 (Harlan Stenn <stenn@ntp.org>, 2024 May 24)
10 - changes crypto (OpenSSL or compatible) detection and default build behavior.
12 option was given to configure. With this release, the prior behavior of
14 changed to instead cause configure to fail with an error.
16 that does not use libcrypto functionality.
22 * [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org>
24 stepped. <hart@ntp.org>
25 * [Bug 3913] Avoid duplicate IPv6 link-local manycast associations.
26 <hart@ntp.org>
27 * [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com>
28 * [Bug 3910] Memory leak using openssl-3 <hart@ntp.org>
29 * [Bug 3909] Do not select multicast local address for unicast peer.
30 <hart@ntp.org>
31 * [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
32 <hart@ntp.org>
33 * [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
35 Windows. <hart@ntp.org>
37 duplicate associations. <hart@ntp.org>
38 * [Bug 3872] Ignore restrict mask for hostname. <hart@ntp.org>
39 * [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails.
40 Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT
41 declaration from ntp_types.h to config.h. <hart@ntp.org>
42 * [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org>
43 * [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs.
44 Reported by PoolMUC@web.de. <hart@ntp.org>
45 * [Bug 3868] Cannot restrict a pool peer. <hart@ntp.org> Thanks to
46 Edward McGuire for tracking down the deficiency.
47 * [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian.
48 <hart@ntp.org>
49 * [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. <hart@ntp.org>
50 * [Bug 3856] Enable Edit & Continue debugging with Visual Studio.
51 <hart@ntp.org>
52 * [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. <hart@ntp.org>
53 * [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid.
54 <hart@ntp.org>
55 * [Bug 3853] Clean up warnings with modern compilers. <hart@ntp.org>
56 * [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as
57 intended. <hart@ntp.org>
58 * [Bug 3851] Drop pool server when no local address can reach it.
59 <hart@ntp.org>
60 * [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid.
61 <hart@ntp.org>
62 * [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org>
63 * [Bug 3847] SSL detection in configure should run-test if runpath is needed.
64 <hart@ntp.org>
65 * [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
66 * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
67 <hart@ntp.org>
68 * [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org>
69 * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
71 silence numerous libopts warnings. <hart@ntp.org>
72 * [Bug 3837] NULL pointer deref crash when ntpd deletes last interface.
73 Reported by renmingshuai. Correct UNLINK_EXPR_SLIST() when the
74 list is empty. <hart@ntp.org>
75 * [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. <hart@ntp.org>
76 * [Bug 3831] pollskewlist zeroed on runtime configuration. <hart@ntp.org>
77 * [Bug 3830] configure libevent check intersperses output with answer. <stenn@>
78 * [Bug 3828] BK should ignore a git repo in the same directory.
79 <burnicki@ntp.org>
81 is disabled. <burnicki@ntp.org>
82 * [Bug 3825] Don't touch HTML files unless building inside a BK repo.
83 Fix the script checkHtmlFileDates. <burnicki@ntp.org>
84 * [Bug 3756] Improve OpenSSL library/header detection.
85 * [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
86 * [Bug 2734] TEST3 prevents initial interleave sync. Fix from <PoolMUC@web.de>
87 * Log failures to allocate receive buffers. <hart@ntp.org>
88 * Remove extraneous */ from libparse/ieee754io.c
89 * Fix .datecheck target line in Makefile.am. <stenn@ntp.org>
90 * Update the copyright year. <stenn@ntp.org>
91 * Update ntp.conf documentation to add "delrestrict" and correct information
92 about KoD rate limiting. <hart@ntp.org>
93 * html/clockopt.html cleanup. <stenn@ntp.org>
94 * util/lsf-times - added. <stenn@ntp.org>
95 * Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org>
96 * Provide ntpd thread names to debugger on Windows. <hart@ntp.org>
97 * Remove dead code libntp/numtohost.c and its unit tests. <hart@ntp.org>
98 * Remove class A, B, C IPv4 distinctions in netof(). <hart@ntp.org>
99 * Use @configure_input@ in various *.in files to include a comment that
100 the file is generated from another pointing to the *.in. <hart@ntp.org>
101 * Correct underquoting, indents in ntp_facilitynames.m4. <hart@ntp.org>
102 * Clean up a few warnings seen building with older gcc. <hart@ntp.org>
103 * Fix build on older FreeBSD lacking sys/procctl.h. <hart@ntp.org>
105 that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org>
106 * Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files.
107 * Remove useless pointer to Windows Help from system error messages.
108 * Avoid newlines within Windows error messages. <hart@ntp.org>
109 * Ensure unique association IDs if wrapped. <hart@ntp.org>
110 * Simplify calc_addr_distance(). <hart@ntp.org>
111 * Clamp min/maxpoll in edge cases in newpeer(). <hart@ntp.org>
112 * Quiet local addr change logging when unpeering. <hart@ntp.org>
114 send_blocking_resp_internal(). <hart@ntp.org>
115 * Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org>
117 discarding const qualifiers with OpenSSL 3. <hart@ntp.org>
118 * Display KoD refid as text in recently added message. <hart@ntp.org>
119 * Avoid running checkHtmlFileDates script repeatedly when no html/*.html
120 files have changed. <hart@ntp.org>
121 * Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
122 * Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
123 * Add build test coverage for --disable-saveconfig to flock-build script.
124 <hart@ntp.org>
125 * Remove deprecated configure --with-arlib option. <hart@ntp.org>
126 * Remove configure support for ISC UNIX ca. 1998. <hart@ntp.org>
127 * Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files
128 to NTP_LIBNTP. <hart@ntp.org>
129 * Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. <hart@ntp.org>
130 * Eliminate [v]snprintf redefinition warnings on macOS. <hart@ntp.org>
131 * Fix clang 14 cast increases alignment warning on Linux. <hart@ntp.org>
132 * Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests.
133 <hart@ntp.org>
134 * Use NTP_HARD_CPPFLAGS in libopts tearoff. <hart@ntp.org>
138 NTP 4.2.8p17 (Harlan Stenn <stenn@ntp.org>, 2023 Jun 06)
142 Severity: HIGH (for people running 4.2.8p16)
152 event_sync. Reported by Edward McGuire. <hart@ntp.org>
153 * [Bug 3822] ntpd significantly delays first poll of servers specified by name.
154 <hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16.
155 * [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
156 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to
158 problem. <hart@ntp.org>
159 * Add tests/libntp/digests.c to catch regressions reading keys file or with
160 symmetric authentication digest output.
163 NTP 4.2.8p16 (Harlan Stenn <stenn@ntp.org>, 2023 May 30)
178 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
180 hypothetical input buffer overflow. Reported by ... stenn@
181 * [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
183 * [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
184 <stenn@ntp.org>
185 * [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@>
186 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
187 * [Bug 3814] First poll delay of new or cleared associations miscalculated.
188 <hart@ntp.org>
190 OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org>
191 * [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
192 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
193 * [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
195 disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
196 * [Bug 3795] pollskewlist documentation uses | when it shouldn't.
197 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
198 * [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
199 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
200 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
201 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
202 <hart@ntp.org>
203 * [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
204 * [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
205 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
206 * [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
207 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
208 * [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org>
209 * [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
210 Philippe De Muyter <phdm@macqel.be>
211 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
212 - openssl applink needed again for openSSL-1.1.1
213 * [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing.
214 Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
215 * [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org>
219 * [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org>
221 - misleading title; essentially a request to ignore the receiver status.
222 Added a mode bit for this. <perlinger@ntp.org>
223 * [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
225 * [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org>
228 - original patch by matt<ntpbr@mattcorallo.com>
230 * [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org>
232 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
234 file, so having a binary secret >= 11 bytes is possible for all keys.
236 * [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org>
237 * [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org>
239 * [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
241 * [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org>
246 * [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org>
248 * [Bug 3672] fix biased selection in median cut <perlinger@ntp.org>
249 * [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
251 * [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
252 * [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
253 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
254 * [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org>
256 * [Bug 3432] refclocks that 'write()' should check the result <perlinger@ntp.org>
258 * [Bug 3428] ntpd spinning consuming CPU on Linux router with full table.
259 Reported by Israel G. Lugo. <hart@ntp.org>
260 * [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org>
261 * [Bug 2990] multicastclient incorrectly causes bind to broadcast address.
262 Integrated patch from Brian Utterback. <hart@ntp.org>
263 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
264 * [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com>
265 * Use correct rounding in mstolfp(). perlinger/hart
266 * M_ADDF should use u_int32. <hart@ntp.org>
267 * Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org>
268 * Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
269 * Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org>
271 are in force and that ntpd will abort if any are violated. <stenn@ntp.org>
272 * syslog valid incoming KoDs. <stenn@ntp.org>
273 * Rename a poorly-named variable. <stenn@ntp.org>
274 * Disable "embedded NUL in string" messages in libopts, when we can. <stenn@>
275 * Use https in the AC_INIT URLs in configure.ac. <stenn@ntp.org>
276 * Implement NTP_FUNC_REALPATH. <stenn@ntp.org>
277 * Lose a gmake construct in ntpd/Makefile.am. <stenn@ntp.org>
278 * upgrade to: autogen-5.18.16
279 * upgrade to: libopts-42.1.17
281 * upgrade to: automake-1.16.15
282 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
286 NTP 4.2.8p15 (Harlan Stenn <stenn@ntp.org>, 2020 Jun 23)
293 authentication between ntpd from versions 4.2.8p11/4.3.97 and
294 4.2.8p14/4.3.100 will leak a small amount of memory for each packet.
295 Eventually, ntpd will run out of memory and abort.
297 It also fixes 13 other bugs.
299 * [Sec 3661] memory leak with AES128CMAC keys <perlinger@ntp.org>
302 * [Bug 3667] decodenetnum fails with numeric port <perlinger@ntp.org>
304 * [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
306 * [Bug 3664] Enable openSSL CMAC support on Windows <burnicki@ntp.org>
307 * [Bug 3662] Fix build errors on Windows with VS2008 <burnicki@ntp.org>
308 * [Bug 3660] Manycast orphan mode startup discovery problem. <stenn@ntp.org>
310 * [Bug 3659] Move definition of psl[] from ntp_config.h to
311 ntp_config.h <perlinger@ntp.org>
312 * [Bug 3657] Wrong "Autokey group mismatch" debug message <perlinger@ntp.org>
313 * [Bug 3655] ntpdc memstats hash counts <perlinger@ntp.org>
315 * [Bug 3653] Refclock jitter RMS calculation <perlinger@ntp.org>
317 * [Bug 3646] Avoid sync with unsync orphan <perlinger@ntp.org>
319 * [Bug 3644] Unsynchronized server [...] selected as candidate <perlinger@ntp.org>
320 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
324 NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03)
326 Focus: Security, Bug fixes, enhancements.
336 unauthenticated time source. It also fixes 46 other bugs and addresses
337 4 other issues.
339 * [Sec 3610] process_control() should bail earlier on short packets. stenn@
341 * [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
343 * [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
345 * [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
346 * [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
347 * [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
348 * [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
350 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
351 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
353 * [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
355 * [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
357 * [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
359 * [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
360 * [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
362 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
364 * [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
367 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
369 * [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
372 ntp_io.c <perlinger@ntp.org>
373 - fixed byte and paramter order as suggested by wei6410@sina.com
374 * [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
375 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
377 * [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
378 * [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
379 * [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
380 * [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
382 * [Bug 3583] synchronization error <perlinger@ntp.org>
384 * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
385 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
387 * [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
388 - also updates for refclock_nmea.c and refclock_jupiter.c
389 * [Bug 3576] New GPS date function API <perlinger@ntp.org>
390 * [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
391 * [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
392 * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
394 * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
396 * [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
397 * [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
399 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
402 * [Bug 3517] Reducing build noise <perlinger@ntp.org>
403 * [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
405 * [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
407 * [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
409 * [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
412 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
413 * [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
415 * [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
417 * [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
420 <perlinger@ntp.org>
422 is specified with -u <perlinger@ntp.org>
425 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
426 * Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
427 * Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
428 * Startup log improvements. <stenn@ntp.org>
429 * Update the copyright year.
432 NTP 4.2.8p13 (Harlan Stenn <stenn@ntp.org>, 2019 Mar 07)
434 Focus: Security, Bug fixes, enhancements.
440 packet that can trigger a NULL pointer dereference, crashing ntpd.
444 mode 6 packet <perlinger@ntp.org>
446 * [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
448 * [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
450 * [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
452 * [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
454 * [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
456 * [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
458 * [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
460 * [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
462 * [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
464 * [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
466 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
468 * [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
471 * [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
472 - patch by Daniel J. Luke; this does not fix a potential linker
473 regression issue on MacOS.
475 anomaly <perlinger@ntp.org>, reported by GGarvey.
477 * [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
479 * [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
480 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
486 NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
488 Focus: Security, Bug fixes, enhancements.
493 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
494 ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
496 * [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
498 * [Sec 3012] Fix a hole in the new "noepeer" processing.
501 [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
504 - applied patch by Ian Lepore <perlinger@ntp.org>
505 [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
507 [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
509 [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
511 [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
513 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
515 [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
517 [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
519 [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
521 [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
523 [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
525 [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
526 - add #define ENABLE_CMAC support in configure. HStenn.
527 [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
528 [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
530 [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
532 [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
533 [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
535 [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
537 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
538 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
540 [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
544 New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
545 [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
547 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
548 [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
550 [Bug 2821] minor build issues <perlinger@ntp.org>
552 html/authopt.html: cleanup, from <stenn@ntp.org>
553 ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
554 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
557 NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
559 Focus: Security, Bug fixes, enhancements.
569 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
571 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
573 2.9 and 6.8.
579 and several broadcast modes. In addition to the basic NTP
581 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
584 an authenticated interleaved peer association. If an attacker
587 the 'victim' ntpd will reset its association. The attacker must
589 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
590 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
591 interleaved mode must be explicitly configured/enabled.
593 Implement BCP-38.
594 Upgrade to 4.2.8p11, or later, from the NTP Project Download Page
595 or the NTP Public Services Project Download Page.
596 If you are unable to upgrade to 4.2.8p11 or later and have
597 'peer HOST xleave' lines in your ntp.conf file, remove the
598 'xleave' option.
599 Have enough sources of time.
600 Properly monitor your ntpd instances.
601 If ntpd stops running, auto-restart it without -g .
603 This weakness was discovered by Miroslav Lichvar of Red Hat.
607 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
609 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
611 Could score between 2.9 and 6.8.
613 Could score between 2.6 and 6.0.
616 problem it created another. Specifically, it drops bad packets
617 before updating the "received" timestamp. This means a
621 most recent "received" timestamp. The real remote peer does
623 the association resets.
625 Implement BCP-38.
626 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
627 or the NTP Public Services Project Download Page.
628 Use authentication with 'peer' mode.
629 Have enough sources of time.
630 Properly monitor your ntpd instances.
631 If ntpd stops running, auto-restart it without -g .
633 This weakness was discovered by Miroslav Lichvar of Red Hat.
637 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
640 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
641 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
645 ntpd can be vulnerable to Sybil attacks. If a system is set up to
647 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
649 -- i.e. one where the attacker knows the private symmetric key --
651 the clock selection of ntpd and modify a victim's clock. Three
652 additional protections are offered in ntp-4.2.8p11. One is the
654 ephemeral peering. Another is the new 'ippeerlimit' directive,
655 which limits the number of peers that can be created from an IP.
657 ntp.keys file to include specifying a subnet range.
659 Implement BCP-38.
660 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
661 or the NTP Public Services Project Download Page.
663 ephemeral associations.
665 that can be created from an IP.
666 Use the 4th argument in the ntp.keys file to limit the IPs and
667 subnets that can be time servers.
668 Have enough sources of time.
669 Properly monitor your ntpd instances.
670 If ntpd stops running, auto-restart it without -g .
673 Cisco ASIG, and separately by Stefan Moser as Bug 3415.
678 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
682 ntpq is a monitoring and control program for ntpd. decodearr()
685 displayed. This is a problem in affected versions of ntpq if a
689 ntpd sends its response. It's potentially possible that the
690 malicious data could become injectable/executable code.
692 Implement BCP-38.
693 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
694 or the NTP Public Services Project Download Page.
696 This weakness was discovered by Michael Macnair of Thales e-Security.
702 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
707 ctl_getitem() is used by ntpd to process incoming mode 6 packets.
709 if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will
710 cause ctl_getitem() to read past the end of its buffer.
712 Implement BCP-38.
713 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
714 or the NTP Public Services Project Download Page.
715 Have enough sources of time.
716 Properly monitor your ntpd instances.
717 If ntpd stops running, auto-restart it without -g .
719 This weakness was discovered by Yihan Lian of Qihoo 360.
722 Also see Bug 3415, above.
723 Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
724 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
726 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
727 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
731 ntpd can be vulnerable to Sybil attacks. If a system is set up
733 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
734 ntp.keys file to specify which IPs can serve time, a malicious
735 authenticated peer -- i.e. one where the attacker knows the
738 modify a victim's clock. Two additional protections are
739 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
740 disables symmetric passive ephemeral peering. The other extends
741 the functionality of the 4th field in the ntp.keys file to
742 include specifying a subnet range.
744 Implement BCP-38.
745 Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or
746 the NTP Public Services Project Download Page.
748 ephemeral associations.
750 associations from an IP.
751 Use the 4th argument in the ntp.keys file to limit the IPs
752 and subnets that can be time servers.
753 Properly monitor your ntpd instances.
755 This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
758 [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
759 [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
761 [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
763 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
764 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
766 [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
767 [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
769 [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
772 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
773 [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
774 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
777 ntpdc and the test suites <perlinger@ntp.org>
778 [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
781 wrong <perlinger@ntp.org>
783 made IFSTATS counter quantities unsigned <perlinger@ntp.org>
784 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
785 - raised receive buffer size to 1200 <perlinger@ntp.org>
786 [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
787 analysis tool. <abe@ntp.org>
788 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
789 [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
791 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
792 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
793 [Bug 3398] tests fail with core dump <perlinger@ntp.org>
796 rework of formatting & data transfer stuff in 'ntp_control.c'
797 avoids unecessary buffers and size limitations. <perlinger@ntp.org>
799 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
801 - increased mimimum stack size to 32kB <perlinger@ntp.org>
802 [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
803 - reverted handling of PPS kernel consumer to 4.2.6 behavior
804 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
805 [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
807 - fixed location counter & ntpq output <perlinger@ntp.org>
808 [Bug 2900] libntp build order problem. HStenn.
809 [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
810 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
811 perlinger@ntp.org
812 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
813 [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
814 Use strlcpy() to copy strings, not memcpy(). HStenn.
815 Typos. HStenn.
816 test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
817 refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
818 Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
819 Fix trivial warnings from 'make check'. perlinger@ntp.org
820 Fix bug in the override portion of the compiler hardening macro. HStenn.
821 record_raw_stats(): Log entire packet. Log writes. HStenn.
822 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
823 sntp: tweak key file logging. HStenn.
824 sntp: pkt_output(): Improve debug output. HStenn.
825 update-leap: updates from Paul McMath.
826 When using pkg-config, report --modversion. HStenn.
827 Clean up libevent configure checks. HStenn.
828 sntp: show the IP of who sent us a crypto-NAK. HStenn.
829 Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
830 authistrustedip() - use it in more places. HStenn, JPerlinger.
831 New sysstats: sys_lamport, sys_tsrounding. HStenn.
832 Update ntp.keys .../N documentation. HStenn.
833 Distribute testconf.yml. HStenn.
834 Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
835 Rename the configuration flag fifo variables. HStenn.
836 Improve saveconfig output. HStenn.
837 Decode restrict flags on receive() debug output. HStenn.
838 Decode interface flags on receive() debug output. HStenn.
839 Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
840 Update the documentation in ntp.conf.def . HStenn.
841 restrictions() must return restrict flags and ippeerlimit. HStenn.
842 Update ntpq peer documentation to describe the 'p' type. HStenn.
843 Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
844 Provide dump_restricts() for debugging. HStenn.
845 Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
856 sys_tsrounding counts observed timestamp rounding events.
858 * New ntp.conf items:
860 - restrict ... noepeer
861 - restrict ... ippeerlimit N
864 requests.
867 for each IP in the designated set of addresses. This limit does not
868 apply to explicitly-configured associations. A value of -1, the current
870 single IP. 0 means "none", etc. Ordinarily the only way multiple
872 was using a proxy. But a trusted machine might become compromised,
874 from different ports. This directive should be helpful in this case.
876 * New ntp.keys feature: Each IP in the optional list of IPs in the 4th
878 scope of IPs that may use this key. This IP/subnet restriction can be
880 a key is used.
882 NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21)
884 Focus: Security, Bug fixes, enhancements.
894 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
895 ntp-4.3.0 up to, but not including ntp-4.3.94.
901 configuration directive.
903 Implement BCP-38.
904 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or
907 ntpd (without -g) if it stops running.
909 This weakness was discovered by Cure53.
914 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
919 Programmable Time Server refclock driver. Here the packets are
921 datum_pts_receive(). Since an attacker would be required to
924 terms of severity.
927 may maliciously change the device, upgrade to 4.2.8p10, or
931 ntpd (without -g) if it stops running.
933 This weakness was discovered by Cure53.
938 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
939 ntp-4.3.0 up to, but not including ntp-4.3.94.
945 via the :config directive. The unpeer option expects a number or
946 an address as an argument. In case the value is "0", a
947 segmentation fault occurs.
949 Implement BCP-38.
950 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
953 ntpd (without -g) if it stops running.
955 This weakness was discovered by Cure53.
960 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
961 ntp-4.3.0 up to, but not including ntp-4.3.94.
967 from a given string. According to the documentation, the function
969 incorrect pointer usage this value is always zero. Although the
971 flaw could lead to a vulnerability in the future. Since relying
974 in accordance with the documentation pertinent to the code.
976 Implement BCP-38.
977 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
980 ntpd (without -g) if it stops running.
982 This weakness was discovered by Cure53.
987 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
988 ntp-4.3.0 up to, but not including ntp-4.3.94.
991 allocation functions that are provided by libc. This is mainly
993 several goals. First, they seek to ensure that memory is not
996 correctly handled. There is an additional implementation for
998 same size needs to be allocated. The handling can be found in
1000 parameter needs to be provided. Although no considerable threat
1003 option across all of the locations where it is possible.
1005 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1008 This weakness was discovered by Cure53.
1015 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
1016 including ntp-4.3.94.
1022 PPSAPI_DLLS. The code contained within those libraries is then
1024 privileges. Depending on how securely the machine is setup and
1026 this can easily lead to a code injection.
1028 Implement BCP-38.
1029 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1032 This weakness was discovered by Cure53.
1039 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
1040 to, but not including ntp-4.3.94.
1046 function. The stack buffer is 70 bytes smaller than the buffer
1047 in the calling main() function. Together with the initially
1049 overflow and effectively overwrites the stack frame. The
1053 overflowing at all times.
1055 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1058 This weakness was discovered by Cure53.
1065 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
1066 up to, but not including ntp-4.3.94.
1071 that specifically contains multiple null bytes. strcpy() only
1074 addKeysToRegistry() function. As a consequence, a garbage
1075 registry entry can be created. The additional arsize parameter
1078 value, though this may not be true.
1080 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1083 This weakness was discovered by Cure53.
1091 must clearly be pointed out. The unnecessary unused code may or
1093 code-gadget-based branch-flow redirection exploits. Analogically,
1095 in taking advantage of the free feature for periodical updates.
1096 This solution is offered by the system's Package Manager. The
1097 three libraries identified are libisc, libevent, and libopts.
1099 For libisc, we already only use a portion of the original library.
1102 since we last upgraded the code. libisc is generally not
1103 installed, and when it it we usually only see the static libisc.a
1104 file installed. Until we know for sure that the bugs we've found
1106 are using.
1109 until recently, and we've been requiring version 2 for a long time.
1111 installed, we'll use the version that is installed on the system.
1112 Otherwise, we provide a copy of libevent that we know works.
1115 undergoes frequent API version updates. The version of autogen
1117 version in libopts. AutoGen can be ... difficult to build and
1118 install, and very few developers really need it. So we have it
1121 sure that the proper API version of libopts is available.
1124 NTP doesn't use, OK. But other packages used these libraries as
1127 libraries. It takes significant resources to analyze and
1129 date we believe the cost of this effort does not justify the benefit.
1131 This issue was discovered by Cure53.
1136 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1137 ntp-4.3.0 up to, but not including ntp-4.3.94.
1143 is weak / distorted and the decoding doesn't work.
1145 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or
1148 ntpd (without -g) if it stops running.
1150 This weakness was discovered by Cure53.
1155 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1156 ntp-4.3.0 up to, but not including ntp-4.3.94.
1161 create name/value ntpq (mode 6) response strings. For example,
1163 or string data). The formatting code was missing a length check
1164 for variable names. If somebody explicitly created any unusually
1167 added to the response list it would overflow a buffer.
1169 Implement BCP-38.
1170 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1173 longer than 200-512 bytes in your ntp.conf file.
1175 ntpd (without -g) if it stops running.
1177 This weakness was discovered by Cure53.
1182 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1183 ntp-4.3.0 up to, but not including ntp-4.3.94.
1189 compile and use it. But it uses the libc functions snprintf()
1192 snprintf()/vsnprintf(). Since the return value is used as an
1195 allocated buffer space. This results in an out-of-bound memory
1196 write. This behavior can be leveraged to overwrite a saved
1198 execution flow. During testing it was not possible to identify
1199 any malicious usage for this vulnerability. Specifically, no
1201 unveiled. However, it has the potential to be exploited, so the
1202 code should be fixed.
1204 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1205 or the NTP Public Services Project Download Page.
1207 ntpd (without -g) if it stops running.
1209 This weakness was discovered by Cure53.
1215 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
1216 ntp-4.3.0 up to, but not including ntp-4.3.94.
1221 ntpd server when ntpq requests the restriction list from the server.
1222 This is due to a missing length check in the reslist() function.
1224 encounters a flagstr variable of an excessive length. The string
1226 the function's stack-frame. Note well that this problem requires
1227 a malicious server, and affects ntpq, not ntpd.
1229 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1234 a response that intends to crash your ntpq process.
1236 This weakness was discovered by Cure53.
1241 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
1242 ntp-4.3.0 up to, but not including ntp-4.3.94.
1247 or link flags to offer "hardened" security options. Package
1249 flags for their builds. As of ntp-4.2.8p10, the NTP build
1250 system has a way to provide OS-specific hardening flags. Please
1252 is specific to NTP builds. It's inefficient to have every
1254 target build. It would be much better if there was a common way
1256 packages could benefit from it.
1258 Implement BCP-38.
1259 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1262 ntpd (without -g) if it stops running.
1264 This weakness was reported by Cure53.
1269 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
1274 origin timestamp check functionality of ntpd 4.2.8p9. A specially
1276 expected origin timestamp for target peers. Legitimate replies
1277 from targeted peers will fail the origin timestamp check (TEST2)
1279 condition. This vulnerability can only be exploited if the
1280 attacker can spoof all of the servers.
1282 Implement BCP-38.
1284 all of your time sources.
1285 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
1288 ntpd (without -g) if it stops running.
1290 This weakness was discovered by Matthew Van Gundy of Cisco.
1294 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
1295 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
1296 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
1297 * [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>
1299 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
1300 - original patch by Majdi S. Abbas
1301 * [Bug 3215] 'make distcheck' fails with new BK repo format <perlinger@ntp.org>
1302 * [Bug 3173] forking async worker: interrupted pipe I/O <perlinger@ntp.org>
1304 * [Bug 3139] (...) time_pps_create: Exec format error <perlinger@ntp.org>
1308 * [Bug 3107] Incorrect Logic for Peer Event Limiting <perlinger@ntp.org>
1310 * [Bug 3065] Quiet warnings on NetBSD <perlinger@ntp.org>
1311 - applied some of the patches provided by Havard. Not all of them
1312 still match the current code base, and I did not touch libopt.
1313 * [Bug 3062] Change the process name of forked DNS worker <perlinger@ntp.org>
1314 - applied patch by Reinhard Max. See bugzilla for limitations.
1315 * [Bug 2923] Trap Configuration Fail <perlinger@ntp.org>
1318 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
1319 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
1320 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
1322 - Fixed these and some more locations of this pattern.
1323 Probably din't get them all, though. <perlinger@ntp.org>
1324 * Update copyright year.
1327 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
1329 * [Bug 3144] NTP does not build without openSSL. <perlinger@ntp.org>
1332 * [Bug 3095] More compatibility with openssl 1.1. <perlinger@ntp.org>
1333 * configure.ac cleanup. stenn@ntp.org
1334 * openssl configure cleanup. stenn@ntp.org
1337 NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)
1339 Focus: Security, Bug fixes, enhancements.
1349 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1351 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1352 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1356 ntpd does not enable trap service by default. If trap service
1359 crash ntpd, resulting in a denial of service.
1361 Implement BCP-38.
1362 Use "restrict default noquery ..." in your ntp.conf file. Only
1363 allow mode 6 queries from trusted networks and hosts.
1364 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1367 (without -g) if it stops running.
1368 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
1371 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1373 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
1374 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
1379 in the control mode (mode 6) functionality of ntpd. If, against
1380 long-standing BCP recommendations, "restrict default noquery ..."
1384 monitoring. A remote, unauthenticated, network attacker can
1385 trigger this vulnerability.
1387 Implement BCP-38.
1388 Use "restrict default noquery ..." in your ntp.conf file.
1389 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1392 (without -g) if it stops running.
1393 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
1396 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1398 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1399 ntp-4.3.90 up to, but not including ntp-4.3.94.
1404 trusted network. If the broadcast network is accessible to an
1407 functionality can be abused. An attacker with access to the NTP
1411 mode packets from legitimate NTP broadcast servers.
1413 Implement BCP-38.
1414 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1417 (without -g) if it stops running.
1418 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
1421 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1423 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
1424 ntp-4.3.90 up to, but not including ntp-4.3.94
1429 trusted network. If the broadcast network is accessible to an
1432 functionality can be abused. To limit abuse, ntpd restricts the
1434 packets. ntpd will reject broadcast mode packets that arrive
1436 packet expires. An attacker with access to the NTP broadcast
1440 broadcast servers.
1442 Implement BCP-38.
1443 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1446 (without -g) if it stops running.
1447 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
1450 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1452 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
1453 and ntp-4.3.0 up to, but not including ntp-4.3.94.
1458 malicious packet that is "too big", ntpd will stop working.
1460 Implement BCP-38.
1461 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1464 (without -g) if it stops running.
1465 Credit: This weakness was discovered by Robert Pajak of ABB.
1468 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1470 Affects: ntp-4.2.8p8, and ntp-4.3.93.
1475 ntp-4.2.8p6. However, subsequent timestamp validation checks
1477 timestamp checks.
1479 Implement BCP-38.
1480 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1483 (without -g) if it stops running.
1485 Malhotra of Boston University.
1488 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1490 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
1491 ntp-4.3.0 up to, but not including ntp-4.3.94.
1497 on receipt of that crafted malicious mrulist query packet.
1499 Only allow mrulist query packets from trusted hosts.
1500 Implement BCP-38.
1501 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1504 (without -g) if it stops running.
1505 Credit: This weakness was discovered by Magnus Stubman.
1508 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1510 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1511 ntp-4.3.0 up to, but not including ntp-4.3.94
1517 structure is updated to use the interface for new requests. If
1520 received packets (e.g. rp_filter on Linux is set to 0), an
1525 routing changes or every 5 minutes by default. If the attack is
1527 synchronize with the source.
1529 Implement BCP-38.
1530 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1534 what interfaces can receive packets from what networks.
1536 (without -g) if it stops running.
1537 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
1540 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1542 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
1543 ntp-4.3.0 up to, but not including ntp-4.3.94
1548 (restrict default limited in ntp.conf), the limits are applied
1549 also to responses received from its configured sources. An
1550 attacker who knows the sources (e.g., from an IPv4 refid in
1554 valid responses from its sources.
1558 attack. Similarly, it allows the attacker to prevent mobilization
1559 of ephemeral associations.
1561 Implement BCP-38.
1562 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1565 (without -g) if it stops running.
1566 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
1569 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
1571 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
1572 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
1574 of ntp-4 until this release.
1579 twice, causing the jitter value to be higher than expected. Due
1582 that did not include the peer dispersion. The calculations and
1584 updated accordingly.
1586 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
1589 (without -g) if it stops running.
1591 Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University.
1595 * [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
1596 * [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
1598 - moved retry decision where it belongs. <perlinger@ntp.org>
1599 * [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
1600 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
1601 * [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
1602 * [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
1604 * [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
1605 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
1608 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
1609 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
1610 * [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
1611 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
1612 * [Bug 3067] Root distance calculation needs improvement. HStenn
1613 * [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
1614 - PPS-HACK works again.
1615 * [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
1616 - applied patch by Brian Utterback <brian.utterback@oracle.com>
1617 * [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
1618 * [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
1619 <perlinger@ntp.org>
1620 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
1621 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
1622 - Patch provided by Kuramatsu.
1623 * [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
1625 * [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer
1626 * [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
1627 * [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
1628 * [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
1629 - fixed GPS week expansion to work based on build date. Special thanks
1630 to Craig Leres for initial patch and testing.
1632 - fixed Makefile.am <perlinger@ntp.org>
1634 even if it is very old <perlinger@ntp.org>
1637 * Fix typos in include/ntp.h.
1644 NTP 4.2.8p8 (Harlan Stenn <stenn@ntp.org>, 2016/06/02)
1646 Focus: Security, Bug fixes, enhancements.
1654 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
1656 Affects: ntp-4.2.8p7, and ntp-4.3.92.
1659 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
1660 could cause ntpd to crash.
1662 Implement BCP-38.
1663 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
1665 If you cannot upgrade from 4.2.8p7, the only other alternatives
1666 are to patch your code or filter CRYPTO_NAK packets.
1668 (without -g) if it stops running.
1669 Credit: This weakness was discovered by Nicolas Edet of Cisco.
1672 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
1674 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1675 ntp-4.3.0 up to, but not including ntp-4.3.93.
1681 association.
1683 Implement BCP-38.
1684 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
1686 Properly monitor your ntpd instances.
1687 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
1690 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
1692 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1693 ntp-4.3.0 up to, but not including ntp-4.3.93.
1699 variables and, for example, cause a false leap indication to be set.
1701 Implement BCP-38.
1702 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
1704 Properly monitor your ntpd instances.
1705 Credit: This weakness was discovered by Jakub Prokes of Red Hat.
1708 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
1710 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1711 ntp-4.3.0 up to, but not including ntp-4.3.93.
1717 the association's peer variables to be cleared. If this can be
1718 done often enough, it will prevent that association from working.
1720 Implement BCP-38.
1721 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
1723 Properly monitor your ntpd instances.
1724 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
1727 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
1729 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
1730 ntp-4.3.0 up to, but not including ntp-4.3.93.
1734 so broadcast clients can be triggered to flip into interleave mode.
1736 Implement BCP-38.
1737 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
1739 Properly monitor your ntpd instances.
1740 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
1743 * [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
1747 * [Bug 3052] Add a .gitignore file. Edmund Wong.
1748 * [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
1749 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
1750 JPerlinger, HStenn.
1751 * Fix typo in ntp-wait and plot_summary. HStenn.
1752 * Make sure we have an "author" file for git imports. HStenn.
1753 * Update the sntp problem tests for MacOS. HStenn.
1756 NTP 4.2.8p7 (Harlan Stenn <stenn@ntp.org>, 2016/04/26)
1758 Focus: Security, Bug fixes, enhancements.
1763 available, --enable-dynamic-interleave. More information on this below.
1765 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
1766 versions of ntp. These events have almost certainly happened in the
1767 past, it's just that they were silently counted and not logged. With
1769 log these events to help detect abusive behavior. This increased
1770 logging can also help detect other problems, too.
1777 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1779 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1780 4.3.0 up to, but not including 4.3.92
1787 the digest has matched.
1789 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1790 or the NTP Public Services Project Download Page.
1791 Properly monitor your ntpd instances.
1793 Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.
1795 * Zero origin timestamp bypass: Additional KoD checks.
1797 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1798 Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.92.
1801 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1803 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1804 4.3.0 up to, but not including 4.3.92
1806 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
1807 associations did not address all of the issues.
1809 Implement BCP-38.
1810 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1813 "peer" associations.
1814 Monitor your ntpd instances.
1815 Credit: This problem was discovered by Michael Tatarinov.
1818 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1820 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1821 4.3.0 up to, but not including 4.3.92
1824 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
1827 with a spoofed source address of an existing associated peer.
1828 This is true even if authentication is enabled.
1833 legitimate server.
1835 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
1838 ntp-4.2.8p7.
1840 Implement BCP-38.
1841 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1845 Matthew Van Gundy of Cisco ASIG.
1848 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1850 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1851 4.3.0 up to, but not including 4.3.92
1855 in ntpd. It is possible to store a data value that is larger
1857 ntpd uses to report the return value. If the length of the
1859 the value NULL is returned instead. There are 2 cases where the
1862 that make sure the return value is not NULL. There are no data
1864 length. But if one has permission to store values and one stores
1866 is made to read that oversized value.
1868 Implement BCP-38.
1869 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1871 Properly monitor your ntpd instances.
1873 Security Team, Qihoo 360.
1876 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1878 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1879 4.3.0 up to, but not including 4.3.92
1884 out-of-bounds reference.
1886 Implement BCP-38.
1887 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1891 Security Team, Qihoo 360.
1895 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1897 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1898 4.3.0 up to, but not including 4.3.92
1907 authentication with ntpd until ntpd is restarted.
1909 Implement BCP-38.
1910 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1914 Security Team, Qihoo 360.
1917 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1919 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
1920 4.3.0 up to, but not including 4.3.92
1928 line, ntpd will abort.
1930 Implement BCP-38.
1931 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1935 Security Team, Qihoo 360.
1938 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1941 not including 4.2.8p7, and 4.3.0 up to but not including 4.3.92.
1943 have yet been identified that have this vulnerability.
1947 network stack, at least regarding 127.0.0.0/8, some will allow
1948 packets claiming to be from 127.0.0.0/8 that arrive over a
1949 physical network. On these OSes, if ntpd is configured to use a
1951 that look like they are coming from that reference clock.
1953 Implement martian packet filtering and BCP-38.
1954 Configure ntpd to use an adequate number of time sources.
1955 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
1962 time from protected resources.
1963 Properly monitor your ntpd instances.
1965 Cisco ASIG.
1968 improvements in 4.2.8p7:
1970 * Clients that receive a KoD should validate the origin timestamp field.
1972 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1973 Summary: Improvements to the fixes incorporated into 4.2.8p4 and 4.3.77.
1975 * Skeleton key: passive server with trusted key can serve time.
1977 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
1978 Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.90.
1984 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
1986 Affects: All ntp-4 releases.
1991 client/server mode to interleaved symmetric mode. An attacker
1994 server. After making this switch, the client will reject all
1995 future legitimate server responses. It is possible to force the
1996 victim client to move time after the mode has been changed.
1997 ntpq gives no indication that the mode has been switched.
1999 Implement BCP-38.
2000 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
2001 or the NTP Public Services Project Download Page. These
2003 unless configured to do so.
2004 Properly monitor your ntpd instances.
2006 and separately by Jonathan Gardner of Cisco ASIG.
2009 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
2011 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
2012 4.3.0 up to, but not including 4.3.92
2015 Summary: ntpd can be vulnerable to Sybil attacks. If one is not using
2016 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
2017 field in the ntp.keys file to specify which IPs can serve time,
2020 ntpd and modify a victim's clock.
2022 Implement BCP-38.
2023 Use the 4th field in the ntp.keys file to specify which IPs
2024 can be time servers.
2025 Properly monitor your ntpd instances.
2026 Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
2030 * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
2031 - fixed yet another race condition in the threaded resolver code.
2032 * [Bug 2858] bool support. Use stdbool.h when available. HStenn.
2033 * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
2034 - integrated patches by Loganaden Velvidron <logan@ntp.org>
2036 * [Bug 2960] async name resolution fixes for chroot() environments.
2037 Reinhard Max.
2038 * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
2040 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
2041 * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
2042 - Patch provided by Ch. Weisgerber
2045 remote config commands. perlinger@ntp.org
2047 - report and patch from Aleksandr Kostikov.
2048 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
2049 * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
2050 - fixed memory leak in access list (auth[read]keys.c)
2051 - refactored handling of key access lists (auth[read]keys.c)
2052 - reduced number of error branches (authreadkeys.c)
2053 * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
2054 * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
2056 when the time of server changed. perlinger@ntp.org
2058 server if the delay exceeds 50ms. Retry again after the next
2059 broadcast packet.
2060 * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
2061 * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
2062 * Update html/xleave.html documentation. Harlan Stenn.
2063 * Update ntp.conf documentation. Harlan Stenn.
2064 * Fix some Credit: attributions in the NEWS file. Harlan Stenn.
2065 * Fix typo in html/monopt.html. Harlan Stenn.
2066 * Add README.pullrequests. Harlan Stenn.
2067 * Cleanup to include/ntp.h. Harlan Stenn.
2073 issues with interleave operations. We also realized that the interleave
2074 protocol was never added to the NTPv4 Standard, and it should have been.
2077 in two ways. Any 'peer' and 'broadcast' lines in the ntp.conf file may
2079 for that association. Additionally, if a time packet arrives and is
2082 dynamically switch to interleave mode. With sufficient knowledge, an
2084 triggers only one side to enter interleaved mode.
2093 engage dynamic interleave mode. Dynamic interleave mode is disabled by
2094 default in ntp-4.2.8p7.
2097 NTP 4.2.8p6 (Harlan Stenn <stenn@ntp.org>, 2016/01/20)
2099 Focus: Security, Bug fixes, enhancements.
2107 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2109 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2110 4.3.0 up to, but not including 4.3.90
2113 Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'.
2115 correct response or hitting a small number of error conditions.
2117 the error conditions, the loop continues to receive new packets.
2127 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2129 Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
2132 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2134 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2135 4.3.0 up to, but not including 4.3.90
2142 transmitted in its last request. A logic error exists that
2144 check whenever there is not an outstanding request to the server.
2146 Configure 'ntpd' to get time from multiple sources.
2147 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2148 or the NTP Public Services Project Download Page.
2149 Monitor your 'ntpd' instances.
2151 Jonathan Gardner of Cisco ASIG.
2154 Date Resolved: Stable (4.2.8p6) 19 Jan 2016
2156 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2157 4.3.0 up to, but not including 4.3.90
2160 segmentation fault in ntpd by exhausting the call stack.
2162 Implement BCP-38.
2163 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2164 or the NTP Public Services Project Download Page.
2166 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2169 issue mode 7 requests.
2171 requests to trusted sources.
2172 Monitor your ntpd instances.
2173 Credit: This weakness was discovered by Stephen Gray at Cisco ASIG.
2176 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2178 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2179 4.3.0 up to, but not including 4.3.90
2183 to broadcast clients. It is observed that the broadcast client
2185 receiving just one bad packet.
2187 Implement BCP-38.
2188 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2189 or the NTP Public Services Project Download Page.
2190 Monitor your 'ntpd' instances.
2192 deeper problems to investigate. In this case also consider
2193 having smaller NTP broadcast domains.
2195 University.
2198 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2200 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2201 4.3.0 up to, but not including 4.3.90
2204 segmentation fault in ntpd by causing a NULL pointer dereference.
2206 Implement BCP-38.
2207 Upgrade to 4.2.8p6, or later, from NTP Project Download Page or
2208 the NTP Public Services Project Download Page.
2210 mode 7 is disabled by default. Don't enable it.
2213 issue mode 7 requests.
2215 requests to trusted sources.
2216 Monitor your ntpd instances.
2217 Credit: This weakness was discovered by Stephen Gray of Cisco ASIG.
2219 * 'ntpq saveconfig' command allows dangerous characters in filenames.
2220 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2222 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2223 4.3.0 up to, but not including 4.3.90
2226 of special characters from the supplied filename.
2229 configuration is to disable this capability. If the ability to
2231 limited and restricted to a known small number of IP addresses.
2233 Implement BCP-38.
2234 use 'restrict default nomodify' in your 'ntp.conf' file.
2235 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page.
2239 use 'restrict default nomodify' in your 'ntp.conf' file. Be
2241 requests to 'ntpd'.
2242 Monitor your ntpd instances.
2243 'saveconfig' requests are logged to syslog - monitor your syslog files.
2244 Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
2247 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2249 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2250 4.3.0 up to, but not including 4.3.90
2252 If you score A:C, this becomes 4.0.
2256 length of 256 bytes. Note well that we're taking about ntpq here.
2259 that did this will have stopped themselves.
2261 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2262 or the NTP Public Services Project Download Page.
2265 some sanity checks on the input received from the "outside".
2266 This is potentially more dangerous if ntpq is run as root.
2267 Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG.
2270 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2272 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2273 4.3.0 up to, but not including 4.3.90
2275 Summary: Symmetric key encryption uses a shared trusted key. The
2279 authenticate that server, other trusted keys should be refused."
2281 key and server v. clients machines and there has never been any
2282 way to specify a key only for one server. We have treated this as
2283 an enhancement request, and ntp-4.2.8p6 includes other checks and
2285 servers.
2287 Implement BCP-38.
2289 upgrade to 4.2.8p6, or later, from the NTP Project Download
2291 use the new field in the ntp.keys file that specifies the list
2292 of IPs that are allowed to serve time. Note that this alone
2294 addresses, however other changes in ntp-4.2.8p6 provide
2295 significant mitigation against broadcast attacks. MITM attacks
2296 are a different story.
2299 servers.
2305 in the shared-key group.
2306 Monitor your ntpd instances.
2307 Credit: This weakness was discovered by Matt Street of Cisco ASIG.
2310 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
2312 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
2313 4.3.0 up to, but not including 4.3.90
2317 that has the same trusted keys as the victim can replay time packets.
2319 Implement BCP-38.
2320 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
2321 or the NTP Public Services Project Download Page.
2323 Don't use broadcast mode if you cannot monitor your client servers.
2324 Monitor your ntpd instances.
2326 University.
2330 * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
2331 * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
2332 - applied patch by shenpeng11@huawei.com with minor adjustments
2333 * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
2334 * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
2336 IPv6 is disabled in the build. perlinger@ntp.org
2337 - Found this already fixed, but validation led to cleanup actions.
2338 * [Bug 2905] DNS lookups broken. perlinger@ntp.org
2341 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2342 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
2343 * [Bug 2980] reduce number of warnings. perlinger@ntp.org
2344 - integrated several patches from Havard Eidnes (he@uninett.no)
2345 * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
2347 * Make leapsec_query debug messages less verbose. Harlan Stenn.
2350 NTP 4.2.8p5 (Harlan Stenn <stenn@ntp.org>, 2016/01/07)
2352 Focus: Security, Bug fixes, enhancements.
2359 * Small-step/big-step. Close the panic gate earlier.
2361 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
2362 4.3.0 up to, but not including 4.3.78
2370 arbitrary value. Similarly, if an attacker is able to respond
2377 most 900 seconds' time per attack.
2379 Configure ntpd to get time from multiple sources.
2380 Upgrade to 4.2.8p5, or later, from the NTP Project Download
2383 cold-start situations.
2384 Monitor your ntpd instances.
2386 Isaac E. Cohen, and Sharon Goldberg at Boston University.
2389 in ntpd, which is 900 seconds by default. The bug identified by
2392 clock that was greater than 128 milliseconds, by default. The
2394 re-enabled after any initial time correction.
2400 system's clock. There comes a point where your very best
2403 Configure ntpd to get time from multiple sources.
2404 Monitor your ntpd instances.
2408 * Coverity submission process updated from Coverity 5 to Coverity 7.
2410 ongoing basis since 2006. As part of our recent upgrade from
2412 the newly-written Unity test programs. These were fixed.
2413 * [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org
2415 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
2416 * [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn.
2417 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
2418 * [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
2419 - applied patch by Christos Zoulas. perlinger@ntp.org
2420 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
2421 * [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
2422 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
2423 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
2424 * [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
2428 * [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
2429 * [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
2435 * [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki.
2437 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
2439 lots of clients. perlinger@ntp.org
2441 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
2442 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
2443 * Unity test cleanup. Harlan Stenn.
2444 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
2445 * Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn.
2446 * Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn.
2447 * Quiet a warning from clang. Harlan Stenn.
2450 NTP 4.2.8p4 (Harlan Stenn <stenn@ntp.org>, 2015/10/21)
2452 Focus: Security, Bug fixes, enhancements.
2459 * Incomplete vallen (value length) checks in ntp_crypto.c, leading
2460 to potential crashes or potential code injection/information leakage.
2463 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2464 and 4.3.0 up to, but not including 4.3.77
2469 validated. Receipt of these packets can cause ntpd to crash.
2471 Don't use autokey.
2472 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2474 Monitor your ntpd instances.
2475 Credit: This weakness was discovered by Tenable Network Security.
2477 * Clients that receive a KoD should validate the origin timestamp field.
2480 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2481 and 4.3.0 up to, but not including 4.3.77
2485 delay or stop querying its servers for time updates. Also, an
2491 machine. For either of these attacks to succeed, the attacker must
2492 know what servers the target is communicating with. An attacker
2495 time query.
2497 Implement BCP-38.
2498 Upgrade to 4.2.8p4, or later, from the NTP Project Download Page
2502 for the time. This mitigation is heavy-handed.
2503 Monitor your ntpd instances.
2505 4.2.8p4 protects against the first attack. For the second attack,
2506 all we can do is warn when it is happening, which we do in 4.2.8p4.
2508 Issac E. Cohen, and Sharon Goldberg of Boston University.
2511 only be allowed locally.
2514 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2515 and 4.3.0 up to, but not including 4.3.77
2522 overwrite other files.
2524 Implement BCP-38.
2525 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2527 If you cannot upgrade, don't enable remote configuration.
2531 configure a controlkey.
2532 - access from a permitted IP. You choose the IPs.
2533 - authentication. Don't disable it. Practice secure key safety.
2534 Monitor your ntpd instances.
2535 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
2541 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2546 attack, cause it to run out of memory.
2548 Don't use autokey.
2549 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2551 Monitor your ntpd instances.
2552 Credit: This weakness was discovered by Tenable Network Security.
2557 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2558 and 4.3.0 up to, but not including 4.3.77
2565 to ntpd that will cause it to crash.
2567 Implement BCP-38.
2568 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2569 Page or the NTP Public Services Project Download Page.
2571 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
2574 mode 7 requests.
2576 to trusted sources.
2577 Monitor your ntpd instances.
2578 Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos.
2583 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2591 perform a code injection attack.
2593 Implement BCP-38.
2594 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2595 Page or the NTP Public Services Project Download Page.
2598 an explicitly configured "trusted" key. Only configure
2599 this if you need it.
2600 access from a permitted IP address. You choose the IPs.
2601 authentication. Don't disable it. Practice secure key safety.
2602 Monitor your ntpd instances.
2603 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
2606 keyfile are the same.
2609 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
2610 and 4.3.0 up to, but not including 4.3.77
2618 potentially huge log file. Specifically, the attacker could
2620 and cause what amounts to an infinite loop.
2622 Implement BCP-38.
2623 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2624 Page or the NTP Public Services Project Download Page.
2627 an explicitly configured "trusted" key. Only configure this
2628 if you need it.
2629 access from a permitted IP address. You choose the IPs.
2630 authentication. Don't disable it. Practice secure key safety.
2631 Monitor your ntpd instances.
2632 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
2635 ntpd on VMS.
2639 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2646 ntpd that may cause ntpd to overwrite files.
2648 Implement BCP-38.
2649 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2650 Page or the NTP Public Services Project Download Page.
2653 an explicitly configured "trusted" key. Only configure
2654 this if you need it.
2655 access from permitted IP addresses. You choose the IPs.
2656 authentication. Don't disable it. Practice key security safety.
2657 Monitor your ntpd instances.
2658 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
2663 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
2664 and 4.3.0 up to, but not including 4.3.77
2671 can cause ntpq to crash.
2673 Implement BCP-38.
2674 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2675 Page or the NTP Public Services Project Download Page.
2677 and ntpq crashes, try again using raw mode. Build or get a
2678 patched ntpq and see if that fixes the problem. Report new
2679 bugs in ntpq or abusive servers appropriately.
2681 in your scripts.
2683 Aleksander Nikolich of Cisco Talos.
2686 a buffer overflow.
2690 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
2695 data buffer. NTF's ntpd driver implementations always set this
2696 value to 0 and are therefore not vulnerable to this weakness.
2700 overflow a data buffer. It is even hypothetically possible
2702 could effect a code injection attack.
2704 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2705 Page or the NTP Public Services Project Download Page.
2708 the signed datalen value is either zero or positive.
2709 Monitor your ntpd instances.
2710 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
2715 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2716 4.3.0 up to, but not including 4.3.77
2725 with the hypothetical possibility of a small code injection.
2727 Implement BCP-38.
2728 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2729 Page or the NTP Public Services Project Download Page.
2732 an explicitly configured "trusted" key. Only configure
2733 this if you need it.
2734 access from a permitted IP address. You choose the IPs.
2735 authentication. Don't disable it. Practice secure key safety.
2736 Monitor your ntpd instances.
2738 Aleksander Nikolich of Cisco Talos.
2741 bogus values.
2744 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
2745 4.3.0 up to, but not including 4.3.77
2750 instead of simply returning a failure condition.
2752 Implement BCP-38.
2753 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2754 Page or the NTP Public Services Project Download Page.
2756 mode 7 is disabled by default. Don't enable it.
2758 and mode 7 requests.
2761 send mode 6 and mode 7 requests.
2762 Monitor your ntpd instances.
2763 Credit: This weakness was discovered by John D "Doug" Birdwell of IDA.org.
2766 crypto-NAK.
2769 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
2770 4.2.8p4, and 4.3.0 up to but not including 4.3.77
2774 authentication required to mobilize peer associations. This
2775 vulnerability appears to have been introduced in ntp-4.2.5p186
2777 associations (lines 1103-1165) was refactored.
2779 Implement BCP-38.
2780 Upgrade to 4.2.8p4, or later, from the NTP Project Download
2781 Page or the NTP Public Services Project Download Page.
2784 block around line 1136 of ntp_proto.c.
2785 Monitor your ntpd instances.
2786 Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
2789 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
2792 memory). A value of 0 means "lock ntpd into memory with whatever
2793 memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
2794 value in it, that value will continue to be used.
2796 * [Bug 2886] Misspelling: "outlyer" should be "outlier".
2799 from 'outlyer' to 'outl[iy]er'.
2802 * 'rlimit memlock' now has finer-grained control. A value of -1 means
2803 "don't lock ntpd into memore". This is the default for Linux boxes.
2804 A value of 0 means "lock ntpd into memory" with no limits. Otherwise
2805 the value is the number of megabytes of memory to lock. The default
2806 is 32 megabytes.
2809 based on http://www.throwtheswitch.org/unity/ .
2814 forcefully against 'libgcc_s' which does not always work. J.Perlinger
2815 * [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
2816 * [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
2817 * [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
2818 * [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
2819 * [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
2821 synchronize. Brian Utterback. Note that this patch might need to
2822 be reverted once Bug 2043 has been fixed.
2823 * [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
2824 * [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
2825 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
2826 * [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
2827 * [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
2828 * [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
2829 be configured for the distribution targets. Harlan Stenn.
2830 * [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
2831 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
2832 * [Bug 2888] streamline calendar functions. perlinger@ntp.org
2833 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
2834 * [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
2835 * [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
2836 * [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
2837 * [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
2838 * libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
2839 * Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
2840 * tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
2841 * Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
2842 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
2843 * top_srcdir can change based on ntp v. sntp. Harlan Stenn.
2844 * sntp/tests/ function parameter list cleanup. Damir Tomić.
2845 * tests/libntp/ function parameter list cleanup. Damir Tomić.
2846 * tests/ntpd/ function parameter list cleanup. Damir Tomić.
2847 * sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
2848 * sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
2849 * tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
2850 * tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
2851 * tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
2852 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
2854 changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
2855 * tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
2856 fix formatting, cleanup. Tomasz Flendrich
2857 * tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
2859 * tests/libntp/statestr.c remove empty functions, remove unnecessary include,
2860 fix formatting. Tomasz Flendrich
2861 * tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
2862 * tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
2863 * tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
2865 * tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
2866 * tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
2867 * tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
2868 * tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
2869 * tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
2870 * tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
2871 * tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
2872 fixed formatting. Tomasz Flendrich
2873 * tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
2874 removed unnecessary comments, cleanup. Tomasz Flendrich
2875 * tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
2876 comments, cleanup. Tomasz Flendrich
2877 * tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
2879 * tests/libntp/lfptest.h cleanup. Tomasz Flendrich
2880 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
2881 * sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
2883 * sntp/tests/kodDatabase.c added consts, deleted empty function,
2884 fixed formatting. Tomasz Flendrich
2885 * sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
2886 * sntp/tests/packetHandling.c is now using proper Unity's assertions,
2887 fixed formatting, deleted unused variable. Tomasz Flendrich
2888 * sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
2890 * sntp/tests/packetProcessing.c changed from sprintf to snprintf,
2891 fixed formatting. Tomasz Flendrich
2892 * sntp/tests/utilities.c is now using proper Unity's assertions, changed
2893 the order of includes, fixed formatting, removed unnecessary comments.
2895 * sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
2896 * sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
2897 made one function do its job, deleted unnecessary prints, fixed formatting.
2899 * sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
2900 * sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
2901 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
2902 * sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
2903 * sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
2904 * Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
2905 * Don't build sntp/libevent/sample/. Harlan Stenn.
2906 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
2907 * br-flock: --enable-local-libevent. Harlan Stenn.
2908 * Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
2909 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
2910 * Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
2911 * Code cleanup. Harlan Stenn.
2912 * libntp/icom.c: Typo fix. Harlan Stenn.
2913 * util/ntptime.c: initialization nit. Harlan Stenn.
2914 * ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
2915 * Add std_unity_tests to various Makefile.am files. Harlan Stenn.
2916 * ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
2918 * Changed progname to be const in many files - now it's consistent. Tomasz
2920 * Typo fix for GCC warning suppression. Harlan Stenn.
2921 * Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
2922 * Added declarations to all Unity tests, and did minor fixes to them.
2923 Reduced the number of warnings by half. Damir Tomić.
2924 * Updated generate_test_runner.rb and updated the sntp/unity/auto directory
2925 with the latest Unity updates from Mark. Damir Tomić.
2926 * Retire google test - phase I. Harlan Stenn.
2927 * Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
2928 * Update the NEWS file. Harlan Stenn.
2929 * Autoconf cleanup. Harlan Stenn.
2930 * Unit test dist cleanup. Harlan Stenn.
2931 * Cleanup various test Makefile.am files. Harlan Stenn.
2932 * Pthread autoconf macro cleanup. Harlan Stenn.
2933 * Fix progname definition in unity runner scripts. Harlan Stenn.
2934 * Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
2935 * Update the patch for bug 2817. Harlan Stenn.
2936 * More updates for bug 2817. Harlan Stenn.
2937 * Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
2938 * gcc on older HPUX may need +allowdups. Harlan Stenn.
2939 * Adding missing MCAST protection. Harlan Stenn.
2940 * Disable certain test programs on certain platforms. Harlan Stenn.
2941 * Implement --enable-problem-tests (on by default). Harlan Stenn.
2942 * build system tweaks. Harlan Stenn.
2945 NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)
2947 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
2954 ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.
2957 cause a vulnerable ntpd instance to crash. This requires each of the
2962 3) access to a computer entrusted to perform remote configuration.
2964 This vulnerability is considered low-risk.
2969 leap second time. A specially built and configured ntpd will only
2970 offer smeared time in response to client packets. These response
2971 packets will also contain a "refid" of 254.a.b.c, where the 24 bits
2973 format. See README.leapsmear and http://bugs.ntp.org/2855 for more
2974 information.
2977 *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*
2980 the existing google-test items to this new framework. If you want
2982 installed. You don't need ruby to run the test suite.
2986 * CID 739725: Fix a rare resource leak in libevent/listener.c.
2987 * CID 1295478: Quiet a pedantic potential error from the fix for Bug 2776.
2988 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
2989 * CID 1269537: Clean up a line of dead code in getShmTime().
2990 * [Bug 1060] Buffer overruns in libparse/clk_rawdcf.c. Helge Oldach.
2991 * [Bug 2590] autogen-5.18.5.
2993 of 'limited'.
2994 * [Bug 2650] fix includefile processing.
2997 any leapsecond information.
2999 proper jump distance limit and step correction is allowed at all.
3002 * [Bug 2776] Improve ntpq's 'help keytype'.
3003 * [Bug 2778] Implement "apeers" ntpq command to include associd.
3004 * [Bug 2782] Refactor refclock_shm.c, add memory barrier protection.
3007 interface is not usable (e.g., no link).
3008 * [Bug 2794] Clean up kernel clock status reports.
3009 * [Bug 2800] refclock_true.c true_debug() can't open debug log because
3010 of incompatible open/fdopen parameters.
3011 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
3012 * [Bug 2805] ntpd fails to join multicast group.
3013 * [Bug 2806] refclock_jjy.c supports the Telephone JJY.
3014 * [Bug 2808] GPSD_JSON driver enhancements, step 1.
3015 Fix crash during cleanup if GPS device not present and char device.
3016 Increase internal token buffer to parse all JSON data, even SKY.
3018 started, so the syslog is not cluttered when the driver is not used.
3019 Various improvements, see http://bugs.ntp.org/2808 for details.
3020 Changed libjsmn to a more recent version.
3021 * [Bug 2810] refclock_shm.c memory barrier code needs tweaks for QNX.
3022 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
3023 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
3024 * [Bug 2821] Add a missing NTP_PRINTF and a missing const.
3025 * [Bug 2822] New leap column in sntp broke NTP::Util.pm.
3026 * [Bug 2824] Convert update-leap to perl. (also see 2769)
3027 * [Bug 2825] Quiet file installation in html/ .
3029 NTPD transfers the current TAI (instead of an announcement) now.
3030 This might still needed improvement.
3031 Update autokey data ASAP when 'sys_tai' changes.
3032 Fix unit test that was broken by changes for autokey update.
3034 in ntp_crypto.c.
3035 * [Bug 2832] refclock_jjy.c supports the TDC-300.
3036 * [Bug 2834] Correct a broken html tag in html/refclock.html
3038 robust, and require 2 consecutive timestamps to be consistent.
3039 * [Bug 2837] Allow a configurable DSCP value.
3040 * [Bug 2837] add test for DSCP to ntpd/complete.conf.in
3041 * [Bug 2842] Glitch in ntp.conf.def documentation stanza.
3042 * [Bug 2842] Bug in mdoc2man.
3043 * [Bug 2843] make check fails on 4.3.36
3046 * [Bug 2845] Harden memory allocation in ntpd.
3047 * [Bug 2852] 'make check' can't find unity.h. Hal Murray.
3048 * [Bug 2854] Missing brace in libntp/strdup.c. Masanari Iida.
3049 * [Bug 2855] Parser fix for conditional leap smear code. Harlan Stenn.
3050 * [Bug 2855] Report leap smear in the REFID. Harlan Stenn.
3051 * [Bug 2855] Implement conditional leap smear code. Martin Burnicki.
3052 * [Bug 2856] ntpd should wait() on terminated child processes. Paul Green.
3053 * [Bug 2857] Stratus VOS does not support SIGIO. Paul Green.
3054 * [Bug 2859] Improve raw DCF77 robustness deconding. Frank Kardel.
3055 * [Bug 2860] ntpq ifstats sanity check is too stringent. Frank Kardel.
3056 * html/drivers/driver22.html: typo fix. Harlan Stenn.
3057 * refidsmear test cleanup. Tomasz Flendrich.
3058 * refidsmear function support and tests. Harlan Stenn.
3059 * sntp/tests/Makefile.am: remove g_nameresolution.cpp as it tested
3060 something that was only in the 4.2.6 sntp. Harlan Stenn.
3061 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
3063 * Modified tests/libtnp/Makefile.am so it builds Unity framework tests.
3065 * Modified sntp/tests/Makefile.am so it builds Unity framework tests.
3067 * tests/sandbox/smeartest.c: Harlan Stenn, Damir Tomic, Juergen Perlinger.
3068 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
3069 * Converted from gtest to Unity: tests/libntp/ a_md5encrypt, atoint.c,
3070 atouint.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
3071 calyearstart.c, clocktime.c, hextoint.c, lfpfunc.c, modetoa.c,
3072 numtoa.c, numtohost.c, refnumtoa.c, ssl_init.c, statestr.c,
3073 timespecops.c, timevalops.c, uglydate.c, vi64ops.c, ymd2yd.c.
3075 * Converted from gtest to Unity: sntp/tests/ kodDatabase.c, kodFile.c,
3076 networking.c, keyFile.c, utilities.cpp, sntptest.h,
3077 fileHandlingTest.h. Damir Tomić
3078 * Initial support for experimental leap smear code. Harlan Stenn.
3079 * Fixes to sntp/tests/fileHandlingTest.h.in. Harlan Stenn.
3080 * Report select() debug messages at debug level 3 now.
3081 * sntp/scripts/genLocInfo: treat raspbian as debian.
3082 * Unity test framework fixes.
3083 ** Requires ruby for changes to tests.
3084 * Initial support for PACKAGE_VERSION tests.
3085 * sntp/libpkgver belongs in EXTRA_DIST, not DIST_SUBDIRS.
3086 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
3087 * Add an assert to the ntpq ifstats code.
3088 * Clean up the RLIMIT_STACK code.
3089 * Improve the ntpq documentation around the controlkey keyid.
3090 * ntpq.c cleanup.
3091 * Windows port build cleanup.
3094 NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/07)
3096 Focus: Security and Bug fixes, enhancements.
3104 * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
3107 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
3108 including ntp-4.2.8p2 where the installation uses symmetric keys
3109 to authenticate remote associations.
3111 Date Resolved: Stable (4.2.8p2) 07 Apr 2015
3115 there actually is any MAC included. Packets without a MAC are
3116 accepted as if they had a valid MAC. This allows a MITM attacker to
3118 having to know the symmetric key. The attacker needs to know the
3121 reply from the server. The attacker doesn't necessarily need to be
3122 relaying the packets between the client and the server.
3126 which fails for packets without a MAC.
3128 Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
3130 Configure ntpd with enough time sources and monitor it properly.
3131 Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
3134 DoS attacks.
3137 Affects: All NTP releases starting with at least xntp3.3wy up to but
3138 not including ntp-4.2.8p2 where the installation uses symmetric
3139 key authentication.
3142 it could be higher than 5.4.
3143 Date Resolved: Stable (4.2.8p2) 07 Apr 2015
3147 on A to the values sent by the attacker. Host A will then send
3150 be dropped. If the attacker does this periodically for both
3151 hosts, they won't be able to synchronize to each other. This is
3153 https://www.eecis.udel.edu/~mills/onwire.html .
3157 doesn't seem to be the case. The state variables are updated even
3160 the receiving side.
3163 xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)
3165 symmetric associations and authentication may be vulnerable too.
3166 An update to the NTP RFC to correct this error is in-process.
3168 Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
3171 is simply a long-known potential problem.
3172 Configure ntpd with appropriate time sources and monitor ntpd.
3173 Alert your staff if problems are detected.
3174 Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
3178 leap-second definition file.
3183 Some may choose to run this from cron. It needs more portability testing.
3187 * [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
3188 * [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
3189 * [Bug 2346] "graceful termination" signals do not do peer cleanup.
3190 * [Bug 2728] See if C99-style structure initialization works.
3191 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
3192 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
3193 * [Bug 2751] jitter.h has stale copies of l_fp macros.
3194 * [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
3195 * [Bug 2757] Quiet compiler warnings.
3196 * [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
3197 * [Bug 2763] Allow different thresholds for forward and backward steps.
3198 * [Bug 2766] ntp-keygen output files should not be world-readable.
3199 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
3200 * [Bug 2771] nonvolatile value is documented in wrong units.
3203 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
3204 * [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
3205 Removed non-ASCII characters from some copyright comments.
3206 Removed trailing whitespace.
3207 Updated definitions for Meinberg clocks from current Meinberg header files.
3208 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
3209 Account for updated definitions pulled from Meinberg header files.
3210 Updated comments on Meinberg GPS receivers which are not only called GPS16x.
3211 Replaced some constant numbers by defines from ntp_calendar.h
3213 in gps16x_message().
3214 Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
3216 if the time status shall be printed.
3217 * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
3219 DoS attacks.
3220 * [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
3221 * [Bug 2789] Quiet compiler warnings from libevent.
3224 correct results.
3225 * Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
3227 used to set up function pointers.
3228 Account for changed prototype of parse_inp_fnc_t functions.
3230 compiler warnings.
3232 when called with pointers to different types.
3235 NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04)
3237 Focus: Security and Bug fixes, enhancements.
3244 * vallen is not validated in several places in ntp_crypto.c, leading
3248 Affects: All NTP4 releases before 4.2.8p1 that are running autokey.
3250 Date Resolved: Stable (4.2.8p1) 04 Feb 2015
3252 paths in ntp_crypto.c which can lead to information leakage
3253 or perhaps a crash of the ntpd process.
3255 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
3256 or the NTP Public Services Project Download Page.
3259 keyword in your ntp.conf file.
3263 Time Foundation.
3266 can be bypassed.
3269 Affects: All NTP4 releases before 4.2.8p1, under at least some
3270 versions of MacOS and Linux. *BSD has not been seen to be vulnerable.
3272 Date Resolved: Stable (4.2.8p1) 04 Feb 2014
3273 Summary: While available kernels will prevent 127.0.0.1 addresses
3276 IPv6 interfaces. Since NTP's access control is based on source
3279 by spoofing ::1 addresses from the outside. Note Well: This is
3280 not really a bug in NTP, it's a problem with some OSes. If you
3284 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
3287 ::1 from inappropriate network interfaces.
3289 the Google Security Team.
3291 Additionally, over 30 bugfixes and improvements were made to the codebase.
3292 See the ChangeLog for more information.
3295 NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18)
3297 Focus: Security and Bug fixes, enhancements.
3309 restrict default ... noquery
3311 in the ntp.conf file. With the exception of:
3318 restricted from sending a 'query'-class packet by your ntp.conf file.
3322 * Weak default key in config_auth().
3326 Vulnerable Versions: all releases prior to 4.2.7p11
3330 would generate a random key on the fly. There were two
3334 entropy. This was sufficient back in the late 1990s when the
3335 code was written. Not today.
3338 - Upgrade to 4.2.7p11 or later.
3339 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3341 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
3342 of the Google Security Team.
3345 ntp-keygen to generate symmetric keys.
3349 Vulnerable Versions: All NTP4 releases before 4.2.7p230
3350 Date Resolved: Dev (4.2.7p230) 01 Nov 2011
3352 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
3353 prepare a random number generator that was of good quality back
3354 in the late 1990s. The random numbers produced was then used to
3355 generate symmetric keys. In ntp-4.2.8 we use a current-technology
3357 OpenSSL, or arc4random().
3360 - Upgrade to 4.2.7p230 or later.
3361 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3363 Credit: This vulnerability was discovered in ntp-4.2.6 by
3364 Stephen Roettger of the Google Security Team.
3370 Versions: All releases before 4.2.8
3371 Date Resolved: Stable (4.2.8) 18 Dec 2014
3373 Summary: When Autokey Authentication is enabled (i.e. the ntp.conf
3374 file contains a 'crypto pw ...' directive) a remote attacker
3377 with the privilege level of the ntpd process.
3380 - Upgrade to 4.2.8, or later, or
3383 in your ntp.conf file.
3386 Google Security Team.
3392 Versions: All NTP4 releases before 4.2.8
3393 Date Resolved: Stable (4.2.8) 18 Dec 2014
3397 code to be executed with the privilege level of the ntpd process.
3400 - Upgrade to 4.2.8, or later.
3401 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3404 Google Security Team.
3410 Versions: All NTP4 releases before 4.2.8
3411 Date Resolved: Stable (4.2.8) 18 Dec 2014
3415 code to be executed with the privilege level of the ntpd process.
3418 - Upgrade to 4.2.8, or later.
3419 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
3422 Google Security Team.
3428 Versions: All NTP4 releases before 4.2.8
3429 Date Resolved: Stable (4.2.8) 18 Dec 2014
3431 Summary: Code in ntp_proto.c:receive() was missing a 'return;' in
3433 processing did not stop when a specific rare error occurred.
3434 We haven't found a way for this bug to affect system integrity.
3436 score for this bug is 0. If there is one avenue through which
3438 becomes a 5. If system integrity can be partially affected
3439 via all three integrity metrics, the CVSS base score become 7.5.
3442 - Upgrade to 4.2.8, or later,
3444 beginning with the crypto keyword in your ntp.conf file.
3447 Google Security Team.
3449 See http://support.ntp.org/security for more information.
3458 rolls over every 136 years'. The current "era" started at the stroke of
3460 1 Jan 2036.
3462 era we were in. Given the longevity of some products, it became clear
3464 more. We now compile a timestamp into the ntpd executable and when we
3465 get a timestamp we us the "built-on" to tell us what era we are in.
3466 This check "looks back" 10 years, and "looks forward" 126 years.
3474 request) protocol for runtime queries and configuration. There has
3476 capabilities exposed by ntpdc with no ntpq equivalent. I have been
3479 recently.
3483 ntpdc which is hard to get right. As ntpd grows and changes, the
3485 and backward compatibility between ntpdc and ntpd. In contrast,
3487 allows compatible changes without extra work in most cases.
3491 with other implementations. There is an early draft of an updated
3493 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
3495 For these reasons, ntpd 4.2.7p230 by default disables processing of
3497 deprecating ntpdc. If you are in the habit of using ntpdc for certain
3498 operations, please try the ntpq equivalent. If there's no equivalent,
3499 please open a bug report at http://bugs.ntp.org./
3502 the 4.2.6 branch and 4.2.8. The ChangeLog file in the distribution
3503 lists these.
3506 NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24)
3512 This is a recommended upgrade.
3519 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
3527 using the address/prefix format (e.g. fe80::/64)
3538 * sys.peer jitter weighting corrected in sys_jitter calculation
3546 NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22)
3552 This is a recommended upgrade.
3556 ref-clock issues, and documentation revisions.
3558 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
3565 * Update config.guess and config.sub for AIX
3605 * Update html2man. Fix some tags in the .html files
3606 * Distribute ntp-wait.html
3609 NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
3615 This is a recommended upgrade.
3619 ref-clock issues, and documentation revisions.
3622 FreeBSD4, Linux and Microsoft Windows.
3627 * Use lsb_release to get information about Linux distributions.
3628 * 'test' is in /usr/bin (instead of /bin) on some systems.
3629 * Basic sanity checks for the ChangeLog file.
3630 * Source certain build files with ./filename for systems without . in PATH.
3631 * IRIX portability fix.
3632 * Use a single copy of the "libopts" code.
3633 * autogen/libopts upgrade.
3634 * configure.ac m4 quoting cleanup.
3637 * Do not bind to IN6_IFF_ANYCAST addresses.
3638 * Log the reason for exiting under Windows.
3639 * Multicast fixes for Windows.
3640 * Interpolation fixes for Windows.
3641 * IPv4 and IPv6 Multicast fixes.
3642 * Manycast solicitation fixes and general repairs.
3643 * JJY refclock cleanup.
3644 * NMEA refclock improvements.
3645 * Oncore debug message cleanup.
3646 * Palisade refclock now builds under Linux.
3647 * Give RAWDCF more baud rates.
3648 * Support Truetime Satellite clocks under Windows.
3649 * Support Arbiter 1093C Satellite clocks under Windows.
3650 * Make sure that the "filegen" configuration command defaults to "enable".
3651 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
3652 * Prohibit 'includefile' directive in remote configuration command.
3653 * Fix 'nic' interface bindings.
3655 system.
3658 * Fix -V coredump.
3659 * OpenSSL version display cleanup.
3662 * Many counters should be treated as unsigned.
3665 * Do not ignore replies with equal receive and transmit timestamps.
3668 * libntpq warning cleanup.
3671 * Correct SNMP type for "precision" and "resolution".
3672 * Update the MIB from the draft version to RFC-5907.
3676 timezone.
3677 * Pay proper attention to RATE KoD packets.
3678 * Fix a miscalculation of the offset.
3679 * Properly parse empty lines in the key file.
3680 * Logging cleanup.
3681 * Use tv_usec correctly in set_time().
3682 * Documentation cleanup.
3685 NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
3691 This is a recommended upgrade.
3696 updates and documentation revisions.
3715 * support for the "passwd ..." syntax
3724 NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
3730 This is a recommended upgrade.
3733 NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
3735 Focus: enhancements and bug fixes.
3738 NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
3746 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
3748 See http://support.ntp.org/security for more information.
3750 NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
3752 transfers use modes 1 through 5. Upon receipt of an incorrect mode 7
3754 in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
3755 reply with a mode 7 error response (and log a message). In this case:
3760 those packets get through.
3764 endlessly, consuming CPU and logging excessively.
3767 Vinokurov of Alcatel-Lucent.
3769 THIS IS A STRONGLY RECOMMENDED UPGRADE.
3772 ntpd now syncs to refclocks right away.
3776 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
3777 Use '--var name' or '--dvar name' instead. (Bug 817)
3780 NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
3788 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
3790 See http://support.ntp.org/security for more information.
3792 If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
3795 with the privileges of the ntpd process (often root).
3797 Credit for finding this vulnerability goes to Chris Ries of CMU.
3801 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
3802 Credit for finding this vulnerability goes to Geoff Keating of Apple.
3805 Credit for finding this issue goes to Dave Hart.
3815 THIS IS A STRONGLY RECOMMENDED UPGRADE.
3818 NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
3824 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
3826 value of EVP_VerifyFinal function.
3829 finding the original issue with OpenSSL, and to ocert.org for finding
3830 the problem in NTP and telling us about it.
3832 This is a recommended upgrade.
3834 NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
3839 platform-independent ntpdate bugs. A logging bugfix has been applied
3840 to the ONCORE driver.
3843 interfaces is the new default. The minimum time restriction for the
3844 interface update interval has been dropped.
3846 A number of minor build system and documentation fixes are included.
3848 This is a recommended upgrade for Windows.
3851 NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
3860 interface to share addresses with other interfaces.
3863 NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
3868 terminate ntpd under windows.
3869 This is a recommended upgrade for Windows.
3872 NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
3878 ntpd crashing, and several other minor bugs. Handling of
3879 multicast interfaces and logging configuration were improved.
3880 The required versions of autogen and libopts were incremented.
3881 This is a recommended upgrade for Windows and multicast users.
3884 NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
3886 Focus: enhancements and bug fixes.
3889 conjunction with DHCP. GNU AutoGen is used for its command-line options
3890 processing. Separate PPS devices are supported for PARSE refclocks, MD5
3891 signatures are now provided for the release files. Drivers have been
3893 ref-clocks. This release also includes other improvements, documentation
3894 and bug fixes.
3896 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
3897 C support.
3900 NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
3902 Focus: enhancements and bug fixes.
3904 NTP 4.2.8p17 (Harlan Stenn <stenn@ntp.org>, 2023 Jun 06)
3908 Severity: HIGH (for people running 4.2.8p16)
3918 event_sync. Reported by Edward McGuire. <hart@ntp.org>
3919 * [Bug 3822] ntpd significantly delays first poll of servers specified by name.
3920 <hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16.
3921 * [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
3922 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to
3924 problem. <hart@ntp.org>
3925 * Add tests/libntp/digests.c to catch regressions reading keys file or with
3926 symmetric authentication digest output.
3929 NTP 4.2.8p16 (Harlan Stenn <stenn@ntp.org>, 2023 May 30)
3944 * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
3946 hypothetical input buffer overflow. Reported by ... stenn@
3947 * [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
3949 * [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
3950 <stenn@ntp.org>
3951 * [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@>
3952 * [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
3953 * [Bug 3814] First poll delay of new or cleared associations miscalculated.
3954 <hart@ntp.org>
3956 OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org>
3957 * [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
3958 * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
3959 * [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
3961 disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
3962 * [Bug 3795] pollskewlist documentation uses | when it shouldn't.
3963 - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
3964 * [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
3965 - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
3966 * [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
3967 * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
3968 <hart@ntp.org>
3969 * [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
3970 * [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
3971 - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
3972 * [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
3973 * [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
3974 * [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org>
3975 * [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
3976 Philippe De Muyter <phdm@macqel.be>
3977 * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
3978 - openssl applink needed again for openSSL-1.1.1
3979 * [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing.
3980 Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
3981 * [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org>
3985 * [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org>
3987 - misleading title; essentially a request to ignore the receiver status.
3988 Added a mode bit for this. <perlinger@ntp.org>
3989 * [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
3991 * [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org>
3994 - original patch by matt<ntpbr@mattcorallo.com>
3996 * [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org>
3998 * [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
4000 file, so having a binary secret >= 11 bytes is possible for all keys.
4002 * [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org>
4003 * [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org>
4005 * [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
4007 * [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org>
4012 * [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org>
4014 * [Bug 3672] fix biased selection in median cut <perlinger@ntp.org>
4015 * [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
4017 * [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
4018 * [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
4019 - fixed bug identified by Edward McGuire <perlinger@ntp.org>
4020 * [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org>
4022 * [Bug 3432] refclocks that 'write()' should check the result <perlinger@ntp.org>
4024 * [Bug 3428] ntpd spinning consuming CPU on Linux router with full table.
4025 Reported by Israel G. Lugo. <hart@ntp.org>
4026 * [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org>
4027 * [Bug 2990] multicastclient incorrectly causes bind to broadcast address.
4028 Integrated patch from Brian Utterback. <hart@ntp.org>
4029 * [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
4030 * [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com>
4031 * Use correct rounding in mstolfp(). perlinger/hart
4032 * M_ADDF should use u_int32. <hart@ntp.org>
4033 * Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org>
4034 * Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
4035 * Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org>
4037 are in force and that ntpd will abort if any are violated. <stenn@ntp.org>
4038 * syslog valid incoming KoDs. <stenn@ntp.org>
4039 * Rename a poorly-named variable. <stenn@ntp.org>
4040 * Disable "embedded NUL in string" messages in libopts, when we can. <stenn@>
4041 * Use https in the AC_INIT URLs in configure.ac. <stenn@ntp.org>
4042 * Implement NTP_FUNC_REALPATH. <stenn@ntp.org>
4043 * Lose a gmake construct in ntpd/Makefile.am. <stenn@ntp.org>
4044 * upgrade to: autogen-5.18.16
4045 * upgrade to: libopts-42.1.17
4047 * upgrade to: automake-1.16.15
4048 * Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
4052 NTP 4.2.8p15 (Harlan Stenn <stenn@ntp.org>, 2020 Jun 23)
4059 authentication between ntpd from versions 4.2.8p11/4.3.97 and
4060 4.2.8p14/4.3.100 will leak a small amount of memory for each packet.
4061 Eventually, ntpd will run out of memory and abort.
4063 It also fixes 13 other bugs.
4065 * [Sec 3661] memory leak with AES128CMAC keys <perlinger@ntp.org>
4068 * [Bug 3667] decodenetnum fails with numeric port <perlinger@ntp.org>
4070 * [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
4072 * [Bug 3664] Enable openSSL CMAC support on Windows <burnicki@ntp.org>
4073 * [Bug 3662] Fix build errors on Windows with VS2008 <burnicki@ntp.org>
4074 * [Bug 3660] Manycast orphan mode startup discovery problem. <stenn@ntp.org>
4076 * [Bug 3659] Move definition of psl[] from ntp_config.h to
4077 ntp_config.h <perlinger@ntp.org>
4078 * [Bug 3657] Wrong "Autokey group mismatch" debug message <perlinger@ntp.org>
4079 * [Bug 3655] ntpdc memstats hash counts <perlinger@ntp.org>
4081 * [Bug 3653] Refclock jitter RMS calculation <perlinger@ntp.org>
4083 * [Bug 3646] Avoid sync with unsync orphan <perlinger@ntp.org>
4085 * [Bug 3644] Unsynchronized server [...] selected as candidate <perlinger@ntp.org>
4086 * [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
4090 NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03)
4092 Focus: Security, Bug fixes, enhancements.
4102 unauthenticated time source. It also fixes 46 other bugs and addresses
4103 4 other issues.
4105 * [Sec 3610] process_control() should bail earlier on short packets. stenn@
4107 * [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
4109 * [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
4111 * [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
4112 * [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
4113 * [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
4114 * [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
4116 - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
4117 * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
4119 * [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
4121 * [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
4123 * [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
4125 * [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
4126 * [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
4128 * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
4130 * [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
4133 * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
4135 * [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
4138 ntp_io.c <perlinger@ntp.org>
4139 - fixed byte and paramter order as suggested by wei6410@sina.com
4140 * [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
4141 * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
4143 * [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
4144 * [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
4145 * [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
4146 * [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
4148 * [Bug 3583] synchronization error <perlinger@ntp.org>
4150 * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
4151 * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
4153 * [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
4154 - also updates for refclock_nmea.c and refclock_jupiter.c
4155 * [Bug 3576] New GPS date function API <perlinger@ntp.org>
4156 * [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
4157 * [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
4158 * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
4160 * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
4162 * [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
4163 * [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
4165 * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
4168 * [Bug 3517] Reducing build noise <perlinger@ntp.org>
4169 * [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
4171 * [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
4173 * [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
4175 * [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
4178 - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
4179 * [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
4181 * [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
4183 * [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
4186 <perlinger@ntp.org>
4188 is specified with -u <perlinger@ntp.org>
4191 - (modified) patch by Kurt Roeckx <perlinger@ntp.org>
4192 * Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
4193 * Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
4194 * Startup log improvements. <stenn@ntp.org>
4195 * Update the copyright year.
4198 NTP 4.2.8p13 (Harlan Stenn <stenn@ntp.org>, 2019 Mar 07)
4200 Focus: Security, Bug fixes, enhancements.
4206 packet that can trigger a NULL pointer dereference, crashing ntpd.
4210 mode 6 packet <perlinger@ntp.org>
4212 * [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
4214 * [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
4216 * [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
4218 * [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
4220 * [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
4222 * [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
4224 * [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
4226 * [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
4228 * [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
4230 * [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
4232 * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
4234 * [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
4237 * [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
4238 - patch by Daniel J. Luke; this does not fix a potential linker
4239 regression issue on MacOS.
4241 anomaly <perlinger@ntp.org>, reported by GGarvey.
4243 * [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
4245 * [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
4246 - added missing check, reported by Reinhard Max <perlinger@ntp.org>
4252 NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
4254 Focus: Security, Bug fixes, enhancements.
4259 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
4260 ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
4262 * [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
4264 * [Sec 3012] Fix a hole in the new "noepeer" processing.
4267 [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
4270 - applied patch by Ian Lepore <perlinger@ntp.org>
4271 [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
4273 [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
4275 [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
4277 [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
4279 [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
4281 [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
4283 [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
4285 [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
4287 [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
4289 [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
4291 [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
4292 - add #define ENABLE_CMAC support in configure. HStenn.
4293 [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
4294 [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
4296 [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
4298 [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
4299 [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
4301 [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
4303 - According to Brooks Davis, there was only one location <perlinger@ntp.org>
4304 [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
4306 [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
4310 New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
4311 [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
4313 [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
4314 [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
4316 [Bug 2821] minor build issues <perlinger@ntp.org>
4318 html/authopt.html: cleanup, from <stenn@ntp.org>
4319 ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
4320 Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
4323 NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
4325 Focus: Security, Bug fixes, enhancements.
4335 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
4337 Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
4339 2.9 and 6.8.
4345 and several broadcast modes. In addition to the basic NTP
4347 support an interleaved mode of operation. In ntp-4.2.8p4 a bug
4350 an authenticated interleaved peer association. If an attacker
4353 the 'victim' ntpd will reset its association. The attacker must
4355 disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
4356 interleave mode could be entered dynamically. As of ntp-4.2.8p7,
4357 interleaved mode must be explicitly configured/enabled.
4359 Implement BCP-38.
4360 Upgrade to 4.2.8p11, or later, from the NTP Project Download Page
4361 or the NTP Public Services Project Download Page.
4362 If you are unable to upgrade to 4.2.8p11 or later and have
4363 'peer HOST xleave' lines in your ntp.conf file, remove the
4364 'xleave' option.
4365 Have enough sources of time.
4366 Properly monitor your ntpd instances.
4367 If ntpd stops running, auto-restart it without -g .
4369 This weakness was discovered by Miroslav Lichvar of Red Hat.
4373 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
4375 Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
4377 Could score between 2.9 and 6.8.
4379 Could score between 2.6 and 6.0.
4382 problem it created another. Specifically, it drops bad packets
4383 before updating the "received" timestamp. This means a
4387 most recent "received" timestamp. The real remote peer does
4389 the association resets.
4391 Implement BCP-38.
4392 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4393 or the NTP Public Services Project Download Page.
4394 Use authentication with 'peer' mode.
4395 Have enough sources of time.
4396 Properly monitor your ntpd instances.
4397 If ntpd stops running, auto-restart it without -g .
4399 This weakness was discovered by Miroslav Lichvar of Red Hat.
4403 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
4406 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4407 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
4411 ntpd can be vulnerable to Sybil attacks. If a system is set up to
4413 ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
4415 -- i.e. one where the attacker knows the private symmetric key --
4417 the clock selection of ntpd and modify a victim's clock. Three
4418 additional protections are offered in ntp-4.2.8p11. One is the
4420 ephemeral peering. Another is the new 'ippeerlimit' directive,
4421 which limits the number of peers that can be created from an IP.
4423 ntp.keys file to include specifying a subnet range.
4425 Implement BCP-38.
4426 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4427 or the NTP Public Services Project Download Page.
4429 ephemeral associations.
4431 that can be created from an IP.
4432 Use the 4th argument in the ntp.keys file to limit the IPs and
4433 subnets that can be time servers.
4434 Have enough sources of time.
4435 Properly monitor your ntpd instances.
4436 If ntpd stops running, auto-restart it without -g .
4439 Cisco ASIG, and separately by Stefan Moser as Bug 3415.
4444 Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4448 ntpq is a monitoring and control program for ntpd. decodearr()
4451 displayed. This is a problem in affected versions of ntpq if a
4455 ntpd sends its response. It's potentially possible that the
4456 malicious data could become injectable/executable code.
4458 Implement BCP-38.
4459 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4460 or the NTP Public Services Project Download Page.
4462 This weakness was discovered by Michael Macnair of Thales e-Security.
4468 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
4473 ctl_getitem() is used by ntpd to process incoming mode 6 packets.
4475 if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will
4476 cause ctl_getitem() to read past the end of its buffer.
4478 Implement BCP-38.
4479 Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
4480 or the NTP Public Services Project Download Page.
4481 Have enough sources of time.
4482 Properly monitor your ntpd instances.
4483 If ntpd stops running, auto-restart it without -g .
4485 This weakness was discovered by Yihan Lian of Qihoo 360.
4488 Also see Bug 3415, above.
4489 Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
4490 Date Resolved: Stable (4.2.8p11) 27 Feb 2018
4492 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4493 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
4497 ntpd can be vulnerable to Sybil attacks. If a system is set up
4499 introduced in ntp-4.2.8p6 allowing an optional 4th field in the
4500 ntp.keys file to specify which IPs can serve time, a malicious
4501 authenticated peer -- i.e. one where the attacker knows the
4504 modify a victim's clock. Two additional protections are
4505 offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
4506 disables symmetric passive ephemeral peering. The other extends
4507 the functionality of the 4th field in the ntp.keys file to
4508 include specifying a subnet range.
4510 Implement BCP-38.
4511 Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or
4512 the NTP Public Services Project Download Page.
4514 ephemeral associations.
4516 associations from an IP.
4517 Use the 4th argument in the ntp.keys file to limit the IPs
4518 and subnets that can be time servers.
4519 Properly monitor your ntpd instances.
4521 This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
4524 [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
4525 [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
4527 [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
4529 - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
4530 [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
4532 [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
4533 [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
4535 [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
4538 - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
4539 [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
4540 [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
4543 ntpdc and the test suites <perlinger@ntp.org>
4544 [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
4547 wrong <perlinger@ntp.org>
4549 made IFSTATS counter quantities unsigned <perlinger@ntp.org>
4550 [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
4551 - raised receive buffer size to 1200 <perlinger@ntp.org>
4552 [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
4553 analysis tool. <abe@ntp.org>
4554 [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
4555 [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
4557 [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
4558 - initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
4559 [Bug 3398] tests fail with core dump <perlinger@ntp.org>
4562 rework of formatting & data transfer stuff in 'ntp_control.c'
4563 avoids unecessary buffers and size limitations. <perlinger@ntp.org>
4565 - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
4567 - increased mimimum stack size to 32kB <perlinger@ntp.org>
4568 [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
4569 - reverted handling of PPS kernel consumer to 4.2.6 behavior
4570 [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
4571 [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
4573 - fixed location counter & ntpq output <perlinger@ntp.org>
4574 [Bug 2900] libntp build order problem. HStenn.
4575 [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
4576 [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
4577 perlinger@ntp.org
4578 [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
4579 [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
4580 Use strlcpy() to copy strings, not memcpy(). HStenn.
4581 Typos. HStenn.
4582 test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
4583 refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
4584 Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
4585 Fix trivial warnings from 'make check'. perlinger@ntp.org
4586 Fix bug in the override portion of the compiler hardening macro. HStenn.
4587 record_raw_stats(): Log entire packet. Log writes. HStenn.
4588 AES-128-CMAC support. BInglis, HStenn, JPerlinger.
4589 sntp: tweak key file logging. HStenn.
4590 sntp: pkt_output(): Improve debug output. HStenn.
4591 update-leap: updates from Paul McMath.
4592 When using pkg-config, report --modversion. HStenn.
4593 Clean up libevent configure checks. HStenn.
4594 sntp: show the IP of who sent us a crypto-NAK. HStenn.
4595 Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
4596 authistrustedip() - use it in more places. HStenn, JPerlinger.
4597 New sysstats: sys_lamport, sys_tsrounding. HStenn.
4598 Update ntp.keys .../N documentation. HStenn.
4599 Distribute testconf.yml. HStenn.
4600 Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
4601 Rename the configuration flag fifo variables. HStenn.
4602 Improve saveconfig output. HStenn.
4603 Decode restrict flags on receive() debug output. HStenn.
4604 Decode interface flags on receive() debug output. HStenn.
4605 Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
4606 Update the documentation in ntp.conf.def . HStenn.
4607 restrictions() must return restrict flags and ippeerlimit. HStenn.
4608 Update ntpq peer documentation to describe the 'p' type. HStenn.
4609 Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
4610 Provide dump_restricts() for debugging. HStenn.
4611 Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
4622 sys_tsrounding counts observed timestamp rounding events.
4624 * New ntp.conf items:
4626 - restrict ... noepeer
4627 - restrict ... ippeerlimit N
4630 requests.
4633 for each IP in the designated set of addresses. This limit does not
4634 apply to explicitly-configured associations. A value of -1, the current
4636 single IP. 0 means "none", etc. Ordinarily the only way multiple
4638 was using a proxy. But a trusted machine might become compromised,
4640 from different ports. This directive should be helpful in this case.
4642 * New ntp.keys feature: Each IP in the optional list of IPs in the 4th
4644 scope of IPs that may use this key. This IP/subnet restriction can be
4646 a key is used.
4648 NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21)
4650 Focus: Security, Bug fixes, enhancements.
4660 Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and
4661 ntp-4.3.0 up to, but not including ntp-4.3.94.
4667 configuration directive.
4669 Implement BCP-38.
4670 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or
4673 ntpd (without -g) if it stops running.
4675 This weakness was discovered by Cure53.
4680 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
4685 Programmable Time Server refclock driver. Here the packets are
4687 datum_pts_receive(). Since an attacker would be required to
4690 terms of severity.
4693 may maliciously change the device, upgrade to 4.2.8p10, or
4697 ntpd (without -g) if it stops running.
4699 This weakness was discovered by Cure53.
4704 Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and
4705 ntp-4.3.0 up to, but not including ntp-4.3.94.
4711 via the :config directive. The unpeer option expects a number or
4712 an address as an argument. In case the value is "0", a
4713 segmentation fault occurs.
4715 Implement BCP-38.
4716 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4719 ntpd (without -g) if it stops running.
4721 This weakness was discovered by Cure53.
4726 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4727 ntp-4.3.0 up to, but not including ntp-4.3.94.
4733 from a given string. According to the documentation, the function
4735 incorrect pointer usage this value is always zero. Although the
4737 flaw could lead to a vulnerability in the future. Since relying
4740 in accordance with the documentation pertinent to the code.
4742 Implement BCP-38.
4743 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4746 ntpd (without -g) if it stops running.
4748 This weakness was discovered by Cure53.
4753 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4754 ntp-4.3.0 up to, but not including ntp-4.3.94.
4757 allocation functions that are provided by libc. This is mainly
4759 several goals. First, they seek to ensure that memory is not
4762 correctly handled. There is an additional implementation for
4764 same size needs to be allocated. The handling can be found in
4766 parameter needs to be provided. Although no considerable threat
4769 option across all of the locations where it is possible.
4771 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4774 This weakness was discovered by Cure53.
4781 not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not
4782 including ntp-4.3.94.
4788 PPSAPI_DLLS. The code contained within those libraries is then
4790 privileges. Depending on how securely the machine is setup and
4792 this can easily lead to a code injection.
4794 Implement BCP-38.
4795 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4798 This weakness was discovered by Cure53.
4805 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up
4806 to, but not including ntp-4.3.94.
4812 function. The stack buffer is 70 bytes smaller than the buffer
4813 in the calling main() function. Together with the initially
4815 overflow and effectively overwrites the stack frame. The
4819 overflowing at all times.
4821 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4824 This weakness was discovered by Cure53.
4831 installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0
4832 up to, but not including ntp-4.3.94.
4837 that specifically contains multiple null bytes. strcpy() only
4840 addKeysToRegistry() function. As a consequence, a garbage
4841 registry entry can be created. The additional arsize parameter
4844 value, though this may not be true.
4846 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4849 This weakness was discovered by Cure53.
4857 must clearly be pointed out. The unnecessary unused code may or
4859 code-gadget-based branch-flow redirection exploits. Analogically,
4861 in taking advantage of the free feature for periodical updates.
4862 This solution is offered by the system's Package Manager. The
4863 three libraries identified are libisc, libevent, and libopts.
4865 For libisc, we already only use a portion of the original library.
4868 since we last upgraded the code. libisc is generally not
4869 installed, and when it it we usually only see the static libisc.a
4870 file installed. Until we know for sure that the bugs we've found
4872 are using.
4875 until recently, and we've been requiring version 2 for a long time.
4877 installed, we'll use the version that is installed on the system.
4878 Otherwise, we provide a copy of libevent that we know works.
4881 undergoes frequent API version updates. The version of autogen
4883 version in libopts. AutoGen can be ... difficult to build and
4884 install, and very few developers really need it. So we have it
4887 sure that the proper API version of libopts is available.
4890 NTP doesn't use, OK. But other packages used these libraries as
4893 libraries. It takes significant resources to analyze and
4895 date we believe the cost of this effort does not justify the benefit.
4897 This issue was discovered by Cure53.
4902 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4903 ntp-4.3.0 up to, but not including ntp-4.3.94.
4909 is weak / distorted and the decoding doesn't work.
4911 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or
4914 ntpd (without -g) if it stops running.
4916 This weakness was discovered by Cure53.
4921 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4922 ntp-4.3.0 up to, but not including ntp-4.3.94.
4927 create name/value ntpq (mode 6) response strings. For example,
4929 or string data). The formatting code was missing a length check
4930 for variable names. If somebody explicitly created any unusually
4933 added to the response list it would overflow a buffer.
4935 Implement BCP-38.
4936 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4939 longer than 200-512 bytes in your ntp.conf file.
4941 ntpd (without -g) if it stops running.
4943 This weakness was discovered by Cure53.
4948 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
4949 ntp-4.3.0 up to, but not including ntp-4.3.94.
4955 compile and use it. But it uses the libc functions snprintf()
4958 snprintf()/vsnprintf(). Since the return value is used as an
4961 allocated buffer space. This results in an out-of-bound memory
4962 write. This behavior can be leveraged to overwrite a saved
4964 execution flow. During testing it was not possible to identify
4965 any malicious usage for this vulnerability. Specifically, no
4967 unveiled. However, it has the potential to be exploited, so the
4968 code should be fixed.
4970 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
4971 or the NTP Public Services Project Download Page.
4973 ntpd (without -g) if it stops running.
4975 This weakness was discovered by Cure53.
4981 Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and
4982 ntp-4.3.0 up to, but not including ntp-4.3.94.
4987 ntpd server when ntpq requests the restriction list from the server.
4988 This is due to a missing length check in the reslist() function.
4990 encounters a flagstr variable of an excessive length. The string
4992 the function's stack-frame. Note well that this problem requires
4993 a malicious server, and affects ntpq, not ntpd.
4995 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
5000 a response that intends to crash your ntpq process.
5002 This weakness was discovered by Cure53.
5007 Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and
5008 ntp-4.3.0 up to, but not including ntp-4.3.94.
5013 or link flags to offer "hardened" security options. Package
5015 flags for their builds. As of ntp-4.2.8p10, the NTP build
5016 system has a way to provide OS-specific hardening flags. Please
5018 is specific to NTP builds. It's inefficient to have every
5020 target build. It would be much better if there was a common way
5022 packages could benefit from it.
5024 Implement BCP-38.
5025 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
5028 ntpd (without -g) if it stops running.
5030 This weakness was reported by Cure53.
5035 Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10
5040 origin timestamp check functionality of ntpd 4.2.8p9. A specially
5042 expected origin timestamp for target peers. Legitimate replies
5043 from targeted peers will fail the origin timestamp check (TEST2)
5045 condition. This vulnerability can only be exploited if the
5046 attacker can spoof all of the servers.
5048 Implement BCP-38.
5050 all of your time sources.
5051 Upgrade to 4.2.8p10, or later, from the NTP Project Download Page
5054 ntpd (without -g) if it stops running.
5056 This weakness was discovered by Matthew Van Gundy of Cisco.
5060 * [Bug 3393] clang scan-build findings <perlinger@ntp.org>
5061 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
5062 - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
5063 * [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>
5065 on 4.4BSD-Lite derived platforms <perlinger@ntp.org>
5066 - original patch by Majdi S. Abbas
5067 * [Bug 3215] 'make distcheck' fails with new BK repo format <perlinger@ntp.org>
5068 * [Bug 3173] forking async worker: interrupted pipe I/O <perlinger@ntp.org>
5070 * [Bug 3139] (...) time_pps_create: Exec format error <perlinger@ntp.org>
5074 * [Bug 3107] Incorrect Logic for Peer Event Limiting <perlinger@ntp.org>
5076 * [Bug 3065] Quiet warnings on NetBSD <perlinger@ntp.org>
5077 - applied some of the patches provided by Havard. Not all of them
5078 still match the current code base, and I did not touch libopt.
5079 * [Bug 3062] Change the process name of forked DNS worker <perlinger@ntp.org>
5080 - applied patch by Reinhard Max. See bugzilla for limitations.
5081 * [Bug 2923] Trap Configuration Fail <perlinger@ntp.org>
5084 - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org>
5085 * [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org>
5086 - applied patch by Miroslav Lichvar for ntp4.2.6 compat
5088 - Fixed these and some more locations of this pattern.
5089 Probably din't get them all, though. <perlinger@ntp.org>
5090 * Update copyright year.
5093 (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org>
5095 * [Bug 3144] NTP does not build without openSSL. <perlinger@ntp.org>
5098 * [Bug 3095] More compatibility with openssl 1.1. <perlinger@ntp.org>
5099 * configure.ac cleanup. stenn@ntp.org
5100 * openssl configure cleanup. stenn@ntp.org
5103 NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)
5105 Focus: Security, Bug fixes, enhancements.
5115 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5117 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5118 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5122 ntpd does not enable trap service by default. If trap service
5125 crash ntpd, resulting in a denial of service.
5127 Implement BCP-38.
5128 Use "restrict default noquery ..." in your ntp.conf file. Only
5129 allow mode 6 queries from trusted networks and hosts.
5130 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5133 (without -g) if it stops running.
5134 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
5137 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5139 Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not
5140 including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94.
5145 in the control mode (mode 6) functionality of ntpd. If, against
5146 long-standing BCP recommendations, "restrict default noquery ..."
5150 monitoring. A remote, unauthenticated, network attacker can
5151 trigger this vulnerability.
5153 Implement BCP-38.
5154 Use "restrict default noquery ..." in your ntp.conf file.
5155 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5158 (without -g) if it stops running.
5159 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
5162 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5164 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5165 ntp-4.3.90 up to, but not including ntp-4.3.94.
5170 trusted network. If the broadcast network is accessible to an
5173 functionality can be abused. An attacker with access to the NTP
5177 mode packets from legitimate NTP broadcast servers.
5179 Implement BCP-38.
5180 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5183 (without -g) if it stops running.
5184 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
5187 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5189 Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and
5190 ntp-4.3.90 up to, but not including ntp-4.3.94
5195 trusted network. If the broadcast network is accessible to an
5198 functionality can be abused. To limit abuse, ntpd restricts the
5200 packets. ntpd will reject broadcast mode packets that arrive
5202 packet expires. An attacker with access to the NTP broadcast
5206 broadcast servers.
5208 Implement BCP-38.
5209 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5212 (without -g) if it stops running.
5213 Credit: This weakness was discovered by Matthew Van Gundy of Cisco.
5216 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5218 Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9,
5219 and ntp-4.3.0 up to, but not including ntp-4.3.94.
5224 malicious packet that is "too big", ntpd will stop working.
5226 Implement BCP-38.
5227 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5230 (without -g) if it stops running.
5231 Credit: This weakness was discovered by Robert Pajak of ABB.
5234 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5236 Affects: ntp-4.2.8p8, and ntp-4.3.93.
5241 ntp-4.2.8p6. However, subsequent timestamp validation checks
5243 timestamp checks.
5245 Implement BCP-38.
5246 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5249 (without -g) if it stops running.
5251 Malhotra of Boston University.
5254 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5256 Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and
5257 ntp-4.3.0 up to, but not including ntp-4.3.94.
5263 on receipt of that crafted malicious mrulist query packet.
5265 Only allow mrulist query packets from trusted hosts.
5266 Implement BCP-38.
5267 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5270 (without -g) if it stops running.
5271 Credit: This weakness was discovered by Magnus Stubman.
5274 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5276 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5277 ntp-4.3.0 up to, but not including ntp-4.3.94
5283 structure is updated to use the interface for new requests. If
5286 received packets (e.g. rp_filter on Linux is set to 0), an
5291 routing changes or every 5 minutes by default. If the attack is
5293 synchronize with the source.
5295 Implement BCP-38.
5296 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5300 what interfaces can receive packets from what networks.
5302 (without -g) if it stops running.
5303 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
5306 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5308 Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and
5309 ntp-4.3.0 up to, but not including ntp-4.3.94
5314 (restrict default limited in ntp.conf), the limits are applied
5315 also to responses received from its configured sources. An
5316 attacker who knows the sources (e.g., from an IPv4 refid in
5320 valid responses from its sources.
5324 attack. Similarly, it allows the attacker to prevent mobilization
5325 of ephemeral associations.
5327 Implement BCP-38.
5328 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5331 (without -g) if it stops running.
5332 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
5335 Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016
5337 Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and
5338 ntp-4.3.0 up to, but not including ntp-4.3.94. But the
5340 of ntp-4 until this release.
5345 twice, causing the jitter value to be higher than expected. Due
5348 that did not include the peer dispersion. The calculations and
5350 updated accordingly.
5352 Upgrade to 4.2.8p9, or later, from the NTP Project Download Page
5355 (without -g) if it stops running.
5357 Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University.
5361 * [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
5362 * [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
5364 - moved retry decision where it belongs. <perlinger@ntp.org>
5365 * [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
5366 using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
5367 * [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
5368 * [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
5370 * [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
5371 - applied patches by Kurt Roeckx <kurt@roeckx.be> to source
5374 - simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
5375 * [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
5376 * [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
5377 - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
5378 * [Bug 3067] Root distance calculation needs improvement. HStenn
5379 * [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
5380 - PPS-HACK works again.
5381 * [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
5382 - applied patch by Brian Utterback <brian.utterback@oracle.com>
5383 * [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
5384 * [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
5385 <perlinger@ntp.org>
5386 - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
5387 * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
5388 - Patch provided by Kuramatsu.
5389 * [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
5391 * [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer
5392 * [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
5393 * [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
5394 * [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
5395 - fixed GPS week expansion to work based on build date. Special thanks
5396 to Craig Leres for initial patch and testing.
5398 - fixed Makefile.am <perlinger@ntp.org>
5400 even if it is very old <perlinger@ntp.org>
5403 * Fix typos in include/ntp.h.
5410 NTP 4.2.8p8 (Harlan Stenn <stenn@ntp.org>, 2016/06/02)
5412 Focus: Security, Bug fixes, enhancements.
5420 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
5422 Affects: ntp-4.2.8p7, and ntp-4.3.92.
5425 Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
5426 could cause ntpd to crash.
5428 Implement BCP-38.
5429 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
5431 If you cannot upgrade from 4.2.8p7, the only other alternatives
5432 are to patch your code or filter CRYPTO_NAK packets.
5434 (without -g) if it stops running.
5435 Credit: This weakness was discovered by Nicolas Edet of Cisco.
5438 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
5440 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5441 ntp-4.3.0 up to, but not including ntp-4.3.93.
5447 association.
5449 Implement BCP-38.
5450 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
5452 Properly monitor your ntpd instances.
5453 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
5456 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
5458 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5459 ntp-4.3.0 up to, but not including ntp-4.3.93.
5465 variables and, for example, cause a false leap indication to be set.
5467 Implement BCP-38.
5468 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
5470 Properly monitor your ntpd instances.
5471 Credit: This weakness was discovered by Jakub Prokes of Red Hat.
5474 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
5476 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5477 ntp-4.3.0 up to, but not including ntp-4.3.93.
5483 the association's peer variables to be cleared. If this can be
5484 done often enough, it will prevent that association from working.
5486 Implement BCP-38.
5487 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
5489 Properly monitor your ntpd instances.
5490 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
5493 Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
5495 Affects: ntp-4, up to but not including ntp-4.2.8p8, and
5496 ntp-4.3.0 up to, but not including ntp-4.3.93.
5500 so broadcast clients can be triggered to flip into interleave mode.
5502 Implement BCP-38.
5503 Upgrade to 4.2.8p8, or later, from the NTP Project Download Page
5505 Properly monitor your ntpd instances.
5506 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
5509 * [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
5513 * [Bug 3052] Add a .gitignore file. Edmund Wong.
5514 * [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
5515 * [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
5516 JPerlinger, HStenn.
5517 * Fix typo in ntp-wait and plot_summary. HStenn.
5518 * Make sure we have an "author" file for git imports. HStenn.
5519 * Update the sntp problem tests for MacOS. HStenn.
5522 NTP 4.2.8p7 (Harlan Stenn <stenn@ntp.org>, 2016/04/26)
5524 Focus: Security, Bug fixes, enhancements.
5529 available, --enable-dynamic-interleave. More information on this below.
5531 Also note that ntp-4.2.8p7 logs more "unexpected events" than previous
5532 versions of ntp. These events have almost certainly happened in the
5533 past, it's just that they were silently counted and not logged. With
5535 log these events to help detect abusive behavior. This increased
5536 logging can also help detect other problems, too.
5543 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5545 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5546 4.3.0 up to, but not including 4.3.92
5553 the digest has matched.
5555 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5556 or the NTP Public Services Project Download Page.
5557 Properly monitor your ntpd instances.
5559 Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.
5561 * Zero origin timestamp bypass: Additional KoD checks.
5563 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5564 Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.92.
5567 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5569 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5570 4.3.0 up to, but not including 4.3.92
5572 Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer
5573 associations did not address all of the issues.
5575 Implement BCP-38.
5576 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5579 "peer" associations.
5580 Monitor your ntpd instances.
5581 Credit: This problem was discovered by Michael Tatarinov.
5584 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5586 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5587 4.3.0 up to, but not including 4.3.92
5590 Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an
5593 with a spoofed source address of an existing associated peer.
5594 This is true even if authentication is enabled.
5599 legitimate server.
5601 For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more
5604 ntp-4.2.8p7.
5606 Implement BCP-38.
5607 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5611 Matthew Van Gundy of Cisco ASIG.
5614 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5616 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5617 4.3.0 up to, but not including 4.3.92
5621 in ntpd. It is possible to store a data value that is larger
5623 ntpd uses to report the return value. If the length of the
5625 the value NULL is returned instead. There are 2 cases where the
5628 that make sure the return value is not NULL. There are no data
5630 length. But if one has permission to store values and one stores
5632 is made to read that oversized value.
5634 Implement BCP-38.
5635 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5637 Properly monitor your ntpd instances.
5639 Security Team, Qihoo 360.
5642 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5644 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5645 4.3.0 up to, but not including 4.3.92
5650 out-of-bounds reference.
5652 Implement BCP-38.
5653 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5657 Security Team, Qihoo 360.
5661 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5663 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5664 4.3.0 up to, but not including 4.3.92
5673 authentication with ntpd until ntpd is restarted.
5675 Implement BCP-38.
5676 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5680 Security Team, Qihoo 360.
5683 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5685 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5686 4.3.0 up to, but not including 4.3.92
5694 line, ntpd will abort.
5696 Implement BCP-38.
5697 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5701 Security Team, Qihoo 360.
5704 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5707 not including 4.2.8p7, and 4.3.0 up to but not including 4.3.92.
5709 have yet been identified that have this vulnerability.
5713 network stack, at least regarding 127.0.0.0/8, some will allow
5714 packets claiming to be from 127.0.0.0/8 that arrive over a
5715 physical network. On these OSes, if ntpd is configured to use a
5717 that look like they are coming from that reference clock.
5719 Implement martian packet filtering and BCP-38.
5720 Configure ntpd to use an adequate number of time sources.
5721 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5728 time from protected resources.
5729 Properly monitor your ntpd instances.
5731 Cisco ASIG.
5734 improvements in 4.2.8p7:
5736 * Clients that receive a KoD should validate the origin timestamp field.
5738 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5739 Summary: Improvements to the fixes incorporated into 4.2.8p4 and 4.3.77.
5741 * Skeleton key: passive server with trusted key can serve time.
5743 Affects: All ntp-4 releases up to, but not including 4.2.8p7,
5744 Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.90.
5750 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5752 Affects: All ntp-4 releases.
5757 client/server mode to interleaved symmetric mode. An attacker
5760 server. After making this switch, the client will reject all
5761 future legitimate server responses. It is possible to force the
5762 victim client to move time after the mode has been changed.
5763 ntpq gives no indication that the mode has been switched.
5765 Implement BCP-38.
5766 Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
5767 or the NTP Public Services Project Download Page. These
5769 unless configured to do so.
5770 Properly monitor your ntpd instances.
5772 and separately by Jonathan Gardner of Cisco ASIG.
5775 Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
5777 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
5778 4.3.0 up to, but not including 4.3.92
5781 Summary: ntpd can be vulnerable to Sybil attacks. If one is not using
5782 the feature introduced in ntp-4.2.8p6 allowing an optional 4th
5783 field in the ntp.keys file to specify which IPs can serve time,
5786 ntpd and modify a victim's clock.
5788 Implement BCP-38.
5789 Use the 4th field in the ntp.keys file to specify which IPs
5790 can be time servers.
5791 Properly monitor your ntpd instances.
5792 Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
5796 * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
5797 - fixed yet another race condition in the threaded resolver code.
5798 * [Bug 2858] bool support. Use stdbool.h when available. HStenn.
5799 * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
5800 - integrated patches by Loganaden Velvidron <logan@ntp.org>
5802 * [Bug 2960] async name resolution fixes for chroot() environments.
5803 Reinhard Max.
5804 * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
5806 * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
5807 * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
5808 - Patch provided by Ch. Weisgerber
5811 remote config commands. perlinger@ntp.org
5813 - report and patch from Aleksandr Kostikov.
5814 - Overhaul of Windows IO completion port handling. perlinger@ntp.org
5815 * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
5816 - fixed memory leak in access list (auth[read]keys.c)
5817 - refactored handling of key access lists (auth[read]keys.c)
5818 - reduced number of error branches (authreadkeys.c)
5819 * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
5820 * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
5822 when the time of server changed. perlinger@ntp.org
5824 server if the delay exceeds 50ms. Retry again after the next
5825 broadcast packet.
5826 * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
5827 * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
5828 * Update html/xleave.html documentation. Harlan Stenn.
5829 * Update ntp.conf documentation. Harlan Stenn.
5830 * Fix some Credit: attributions in the NEWS file. Harlan Stenn.
5831 * Fix typo in html/monopt.html. Harlan Stenn.
5832 * Add README.pullrequests. Harlan Stenn.
5833 * Cleanup to include/ntp.h. Harlan Stenn.
5839 issues with interleave operations. We also realized that the interleave
5840 protocol was never added to the NTPv4 Standard, and it should have been.
5843 in two ways. Any 'peer' and 'broadcast' lines in the ntp.conf file may
5845 for that association. Additionally, if a time packet arrives and is
5848 dynamically switch to interleave mode. With sufficient knowledge, an
5850 triggers only one side to enter interleaved mode.
5859 engage dynamic interleave mode. Dynamic interleave mode is disabled by
5860 default in ntp-4.2.8p7.
5863 NTP 4.2.8p6 (Harlan Stenn <stenn@ntp.org>, 2016/01/20)
5865 Focus: Security, Bug fixes, enhancements.
5873 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
5875 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5876 4.3.0 up to, but not including 4.3.90
5879 Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'.
5881 correct response or hitting a small number of error conditions.
5883 the error conditions, the loop continues to receive new packets.
5893 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
5895 Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
5898 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
5900 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5901 4.3.0 up to, but not including 4.3.90
5908 transmitted in its last request. A logic error exists that
5910 check whenever there is not an outstanding request to the server.
5912 Configure 'ntpd' to get time from multiple sources.
5913 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
5914 or the NTP Public Services Project Download Page.
5915 Monitor your 'ntpd' instances.
5917 Jonathan Gardner of Cisco ASIG.
5920 Date Resolved: Stable (4.2.8p6) 19 Jan 2016
5922 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5923 4.3.0 up to, but not including 4.3.90
5926 segmentation fault in ntpd by exhausting the call stack.
5928 Implement BCP-38.
5929 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
5930 or the NTP Public Services Project Download Page.
5932 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
5935 issue mode 7 requests.
5937 requests to trusted sources.
5938 Monitor your ntpd instances.
5939 Credit: This weakness was discovered by Stephen Gray at Cisco ASIG.
5942 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
5944 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5945 4.3.0 up to, but not including 4.3.90
5949 to broadcast clients. It is observed that the broadcast client
5951 receiving just one bad packet.
5953 Implement BCP-38.
5954 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
5955 or the NTP Public Services Project Download Page.
5956 Monitor your 'ntpd' instances.
5958 deeper problems to investigate. In this case also consider
5959 having smaller NTP broadcast domains.
5961 University.
5964 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
5966 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5967 4.3.0 up to, but not including 4.3.90
5970 segmentation fault in ntpd by causing a NULL pointer dereference.
5972 Implement BCP-38.
5973 Upgrade to 4.2.8p6, or later, from NTP Project Download Page or
5974 the NTP Public Services Project Download Page.
5976 mode 7 is disabled by default. Don't enable it.
5979 issue mode 7 requests.
5981 requests to trusted sources.
5982 Monitor your ntpd instances.
5983 Credit: This weakness was discovered by Stephen Gray of Cisco ASIG.
5985 * 'ntpq saveconfig' command allows dangerous characters in filenames.
5986 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
5988 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
5989 4.3.0 up to, but not including 4.3.90
5992 of special characters from the supplied filename.
5995 configuration is to disable this capability. If the ability to
5997 limited and restricted to a known small number of IP addresses.
5999 Implement BCP-38.
6000 use 'restrict default nomodify' in your 'ntp.conf' file.
6001 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page.
6005 use 'restrict default nomodify' in your 'ntp.conf' file. Be
6007 requests to 'ntpd'.
6008 Monitor your ntpd instances.
6009 'saveconfig' requests are logged to syslog - monitor your syslog files.
6010 Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
6013 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
6015 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6016 4.3.0 up to, but not including 4.3.90
6018 If you score A:C, this becomes 4.0.
6022 length of 256 bytes. Note well that we're taking about ntpq here.
6025 that did this will have stopped themselves.
6027 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
6028 or the NTP Public Services Project Download Page.
6031 some sanity checks on the input received from the "outside".
6032 This is potentially more dangerous if ntpq is run as root.
6033 Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG.
6036 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
6038 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6039 4.3.0 up to, but not including 4.3.90
6041 Summary: Symmetric key encryption uses a shared trusted key. The
6045 authenticate that server, other trusted keys should be refused."
6047 key and server v. clients machines and there has never been any
6048 way to specify a key only for one server. We have treated this as
6049 an enhancement request, and ntp-4.2.8p6 includes other checks and
6051 servers.
6053 Implement BCP-38.
6055 upgrade to 4.2.8p6, or later, from the NTP Project Download
6057 use the new field in the ntp.keys file that specifies the list
6058 of IPs that are allowed to serve time. Note that this alone
6060 addresses, however other changes in ntp-4.2.8p6 provide
6061 significant mitigation against broadcast attacks. MITM attacks
6062 are a different story.
6065 servers.
6071 in the shared-key group.
6072 Monitor your ntpd instances.
6073 Credit: This weakness was discovered by Matt Street of Cisco ASIG.
6076 Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
6078 Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
6079 4.3.0 up to, but not including 4.3.90
6083 that has the same trusted keys as the victim can replay time packets.
6085 Implement BCP-38.
6086 Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
6087 or the NTP Public Services Project Download Page.
6089 Don't use broadcast mode if you cannot monitor your client servers.
6090 Monitor your ntpd instances.
6092 University.
6096 * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
6097 * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
6098 - applied patch by shenpeng11@huawei.com with minor adjustments
6099 * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
6100 * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
6102 IPv6 is disabled in the build. perlinger@ntp.org
6103 - Found this already fixed, but validation led to cleanup actions.
6104 * [Bug 2905] DNS lookups broken. perlinger@ntp.org
6107 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6108 - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
6109 * [Bug 2980] reduce number of warnings. perlinger@ntp.org
6110 - integrated several patches from Havard Eidnes (he@uninett.no)
6111 * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
6113 * Make leapsec_query debug messages less verbose. Harlan Stenn.
6116 NTP 4.2.8p5 (Harlan Stenn <stenn@ntp.org>, 2016/01/07)
6118 Focus: Security, Bug fixes, enhancements.
6125 * Small-step/big-step. Close the panic gate earlier.
6127 Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
6128 4.3.0 up to, but not including 4.3.78
6136 arbitrary value. Similarly, if an attacker is able to respond
6143 most 900 seconds' time per attack.
6145 Configure ntpd to get time from multiple sources.
6146 Upgrade to 4.2.8p5, or later, from the NTP Project Download
6149 cold-start situations.
6150 Monitor your ntpd instances.
6152 Isaac E. Cohen, and Sharon Goldberg at Boston University.
6155 in ntpd, which is 900 seconds by default. The bug identified by
6158 clock that was greater than 128 milliseconds, by default. The
6160 re-enabled after any initial time correction.
6166 system's clock. There comes a point where your very best
6169 Configure ntpd to get time from multiple sources.
6170 Monitor your ntpd instances.
6174 * Coverity submission process updated from Coverity 5 to Coverity 7.
6176 ongoing basis since 2006. As part of our recent upgrade from
6178 the newly-written Unity test programs. These were fixed.
6179 * [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org
6181 - fudge stratum should only accept values [0..16]. perlinger@ntp.org
6182 * [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn.
6183 * [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
6184 * [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
6185 - applied patch by Christos Zoulas. perlinger@ntp.org
6186 * [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
6187 * [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
6188 - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
6189 - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
6190 * [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
6194 * [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
6195 * [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
6201 * [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki.
6203 - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
6205 lots of clients. perlinger@ntp.org
6207 - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
6208 * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
6209 * Unity test cleanup. Harlan Stenn.
6210 * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
6211 * Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn.
6212 * Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn.
6213 * Quiet a warning from clang. Harlan Stenn.
6216 NTP 4.2.8p4 (Harlan Stenn <stenn@ntp.org>, 2015/10/21)
6218 Focus: Security, Bug fixes, enhancements.
6225 * Incomplete vallen (value length) checks in ntp_crypto.c, leading
6226 to potential crashes or potential code injection/information leakage.
6229 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6230 and 4.3.0 up to, but not including 4.3.77
6235 validated. Receipt of these packets can cause ntpd to crash.
6237 Don't use autokey.
6238 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6240 Monitor your ntpd instances.
6241 Credit: This weakness was discovered by Tenable Network Security.
6243 * Clients that receive a KoD should validate the origin timestamp field.
6246 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6247 and 4.3.0 up to, but not including 4.3.77
6251 delay or stop querying its servers for time updates. Also, an
6257 machine. For either of these attacks to succeed, the attacker must
6258 know what servers the target is communicating with. An attacker
6261 time query.
6263 Implement BCP-38.
6264 Upgrade to 4.2.8p4, or later, from the NTP Project Download Page
6268 for the time. This mitigation is heavy-handed.
6269 Monitor your ntpd instances.
6271 4.2.8p4 protects against the first attack. For the second attack,
6272 all we can do is warn when it is happening, which we do in 4.2.8p4.
6274 Issac E. Cohen, and Sharon Goldberg of Boston University.
6277 only be allowed locally.
6280 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6281 and 4.3.0 up to, but not including 4.3.77
6288 overwrite other files.
6290 Implement BCP-38.
6291 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6293 If you cannot upgrade, don't enable remote configuration.
6297 configure a controlkey.
6298 - access from a permitted IP. You choose the IPs.
6299 - authentication. Don't disable it. Practice secure key safety.
6300 Monitor your ntpd instances.
6301 Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
6307 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6312 attack, cause it to run out of memory.
6314 Don't use autokey.
6315 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6317 Monitor your ntpd instances.
6318 Credit: This weakness was discovered by Tenable Network Security.
6323 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6324 and 4.3.0 up to, but not including 4.3.77
6331 to ntpd that will cause it to crash.
6333 Implement BCP-38.
6334 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6335 Page or the NTP Public Services Project Download Page.
6337 In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
6340 mode 7 requests.
6342 to trusted sources.
6343 Monitor your ntpd instances.
6344 Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos.
6349 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6357 perform a code injection attack.
6359 Implement BCP-38.
6360 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6361 Page or the NTP Public Services Project Download Page.
6364 an explicitly configured "trusted" key. Only configure
6365 this if you need it.
6366 access from a permitted IP address. You choose the IPs.
6367 authentication. Don't disable it. Practice secure key safety.
6368 Monitor your ntpd instances.
6369 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
6372 keyfile are the same.
6375 Affects: All ntp-4 releases up to, but not including 4.2.8p4,
6376 and 4.3.0 up to, but not including 4.3.77
6384 potentially huge log file. Specifically, the attacker could
6386 and cause what amounts to an infinite loop.
6388 Implement BCP-38.
6389 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6390 Page or the NTP Public Services Project Download Page.
6393 an explicitly configured "trusted" key. Only configure this
6394 if you need it.
6395 access from a permitted IP address. You choose the IPs.
6396 authentication. Don't disable it. Practice secure key safety.
6397 Monitor your ntpd instances.
6398 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
6401 ntpd on VMS.
6405 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6412 ntpd that may cause ntpd to overwrite files.
6414 Implement BCP-38.
6415 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6416 Page or the NTP Public Services Project Download Page.
6419 an explicitly configured "trusted" key. Only configure
6420 this if you need it.
6421 access from permitted IP addresses. You choose the IPs.
6422 authentication. Don't disable it. Practice key security safety.
6423 Monitor your ntpd instances.
6424 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
6429 Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
6430 and 4.3.0 up to, but not including 4.3.77
6437 can cause ntpq to crash.
6439 Implement BCP-38.
6440 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6441 Page or the NTP Public Services Project Download Page.
6443 and ntpq crashes, try again using raw mode. Build or get a
6444 patched ntpq and see if that fixes the problem. Report new
6445 bugs in ntpq or abusive servers appropriately.
6447 in your scripts.
6449 Aleksander Nikolich of Cisco Talos.
6452 a buffer overflow.
6456 including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
6461 data buffer. NTF's ntpd driver implementations always set this
6462 value to 0 and are therefore not vulnerable to this weakness.
6466 overflow a data buffer. It is even hypothetically possible
6468 could effect a code injection attack.
6470 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6471 Page or the NTP Public Services Project Download Page.
6474 the signed datalen value is either zero or positive.
6475 Monitor your ntpd instances.
6476 Credit: This weakness was discovered by Yves Younan of Cisco Talos.
6481 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6482 4.3.0 up to, but not including 4.3.77
6491 with the hypothetical possibility of a small code injection.
6493 Implement BCP-38.
6494 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6495 Page or the NTP Public Services Project Download Page.
6498 an explicitly configured "trusted" key. Only configure
6499 this if you need it.
6500 access from a permitted IP address. You choose the IPs.
6501 authentication. Don't disable it. Practice secure key safety.
6502 Monitor your ntpd instances.
6504 Aleksander Nikolich of Cisco Talos.
6507 bogus values.
6510 Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
6511 4.3.0 up to, but not including 4.3.77
6516 instead of simply returning a failure condition.
6518 Implement BCP-38.
6519 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6520 Page or the NTP Public Services Project Download Page.
6522 mode 7 is disabled by default. Don't enable it.
6524 and mode 7 requests.
6527 send mode 6 and mode 7 requests.
6528 Monitor your ntpd instances.
6529 Credit: This weakness was discovered by John D "Doug" Birdwell of IDA.org.
6532 crypto-NAK.
6535 Affects: All ntp-4 releases between 4.2.5p186 up to but not including
6536 4.2.8p4, and 4.3.0 up to but not including 4.3.77
6540 authentication required to mobilize peer associations. This
6541 vulnerability appears to have been introduced in ntp-4.2.5p186
6543 associations (lines 1103-1165) was refactored.
6545 Implement BCP-38.
6546 Upgrade to 4.2.8p4, or later, from the NTP Project Download
6547 Page or the NTP Public Services Project Download Page.
6550 block around line 1136 of ntp_proto.c.
6551 Monitor your ntpd instances.
6552 Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
6555 * [Bug 2817] Default on Linux is now "rlimit memlock -1".
6558 memory). A value of 0 means "lock ntpd into memory with whatever
6559 memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
6560 value in it, that value will continue to be used.
6562 * [Bug 2886] Misspelling: "outlyer" should be "outlier".
6565 from 'outlyer' to 'outl[iy]er'.
6568 * 'rlimit memlock' now has finer-grained control. A value of -1 means
6569 "don't lock ntpd into memore". This is the default for Linux boxes.
6570 A value of 0 means "lock ntpd into memory" with no limits. Otherwise
6571 the value is the number of megabytes of memory to lock. The default
6572 is 32 megabytes.
6575 based on http://www.throwtheswitch.org/unity/ .
6580 forcefully against 'libgcc_s' which does not always work. J.Perlinger
6581 * [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
6582 * [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
6583 * [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
6584 * [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
6585 * [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
6587 synchronize. Brian Utterback. Note that this patch might need to
6588 be reverted once Bug 2043 has been fixed.
6589 * [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
6590 * [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
6591 * [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
6592 * [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
6593 * [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
6594 * [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
6595 be configured for the distribution targets. Harlan Stenn.
6596 * [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
6597 * [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
6598 * [Bug 2888] streamline calendar functions. perlinger@ntp.org
6599 * [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
6600 * [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
6601 * [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
6602 * [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
6603 * [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
6604 * libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
6605 * Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
6606 * tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
6607 * Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
6608 * On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
6609 * top_srcdir can change based on ntp v. sntp. Harlan Stenn.
6610 * sntp/tests/ function parameter list cleanup. Damir Tomić.
6611 * tests/libntp/ function parameter list cleanup. Damir Tomić.
6612 * tests/ntpd/ function parameter list cleanup. Damir Tomić.
6613 * sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
6614 * sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
6615 * tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
6616 * tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
6617 * tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
6618 caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
6620 changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
6621 * tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
6622 fix formatting, cleanup. Tomasz Flendrich
6623 * tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
6625 * tests/libntp/statestr.c remove empty functions, remove unnecessary include,
6626 fix formatting. Tomasz Flendrich
6627 * tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
6628 * tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
6629 * tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
6631 * tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
6632 * tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
6633 * tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
6634 * tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
6635 * tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
6636 * tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
6637 * tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
6638 fixed formatting. Tomasz Flendrich
6639 * tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
6640 removed unnecessary comments, cleanup. Tomasz Flendrich
6641 * tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
6642 comments, cleanup. Tomasz Flendrich
6643 * tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
6645 * tests/libntp/lfptest.h cleanup. Tomasz Flendrich
6646 * tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
6647 * sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
6649 * sntp/tests/kodDatabase.c added consts, deleted empty function,
6650 fixed formatting. Tomasz Flendrich
6651 * sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
6652 * sntp/tests/packetHandling.c is now using proper Unity's assertions,
6653 fixed formatting, deleted unused variable. Tomasz Flendrich
6654 * sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
6656 * sntp/tests/packetProcessing.c changed from sprintf to snprintf,
6657 fixed formatting. Tomasz Flendrich
6658 * sntp/tests/utilities.c is now using proper Unity's assertions, changed
6659 the order of includes, fixed formatting, removed unnecessary comments.
6661 * sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
6662 * sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
6663 made one function do its job, deleted unnecessary prints, fixed formatting.
6665 * sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
6666 * sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
6667 * sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
6668 * sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
6669 * sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
6670 * Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
6671 * Don't build sntp/libevent/sample/. Harlan Stenn.
6672 * tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
6673 * br-flock: --enable-local-libevent. Harlan Stenn.
6674 * Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
6675 * scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
6676 * Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
6677 * Code cleanup. Harlan Stenn.
6678 * libntp/icom.c: Typo fix. Harlan Stenn.
6679 * util/ntptime.c: initialization nit. Harlan Stenn.
6680 * ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
6681 * Add std_unity_tests to various Makefile.am files. Harlan Stenn.
6682 * ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
6684 * Changed progname to be const in many files - now it's consistent. Tomasz
6686 * Typo fix for GCC warning suppression. Harlan Stenn.
6687 * Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
6688 * Added declarations to all Unity tests, and did minor fixes to them.
6689 Reduced the number of warnings by half. Damir Tomić.
6690 * Updated generate_test_runner.rb and updated the sntp/unity/auto directory
6691 with the latest Unity updates from Mark. Damir Tomić.
6692 * Retire google test - phase I. Harlan Stenn.
6693 * Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
6694 * Update the NEWS file. Harlan Stenn.
6695 * Autoconf cleanup. Harlan Stenn.
6696 * Unit test dist cleanup. Harlan Stenn.
6697 * Cleanup various test Makefile.am files. Harlan Stenn.
6698 * Pthread autoconf macro cleanup. Harlan Stenn.
6699 * Fix progname definition in unity runner scripts. Harlan Stenn.
6700 * Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
6701 * Update the patch for bug 2817. Harlan Stenn.
6702 * More updates for bug 2817. Harlan Stenn.
6703 * Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
6704 * gcc on older HPUX may need +allowdups. Harlan Stenn.
6705 * Adding missing MCAST protection. Harlan Stenn.
6706 * Disable certain test programs on certain platforms. Harlan Stenn.
6707 * Implement --enable-problem-tests (on by default). Harlan Stenn.
6708 * build system tweaks. Harlan Stenn.
6711 NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)
6713 Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
6720 ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.
6723 cause a vulnerable ntpd instance to crash. This requires each of the
6728 3) access to a computer entrusted to perform remote configuration.
6730 This vulnerability is considered low-risk.
6735 leap second time. A specially built and configured ntpd will only
6736 offer smeared time in response to client packets. These response
6737 packets will also contain a "refid" of 254.a.b.c, where the 24 bits
6739 format. See README.leapsmear and http://bugs.ntp.org/2855 for more
6740 information.
6743 *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*
6746 the existing google-test items to this new framework. If you want
6748 installed. You don't need ruby to run the test suite.
6752 * CID 739725: Fix a rare resource leak in libevent/listener.c.
6753 * CID 1295478: Quiet a pedantic potential error from the fix for Bug 2776.
6754 * CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html
6755 * CID 1269537: Clean up a line of dead code in getShmTime().
6756 * [Bug 1060] Buffer overruns in libparse/clk_rawdcf.c. Helge Oldach.
6757 * [Bug 2590] autogen-5.18.5.
6759 of 'limited'.
6760 * [Bug 2650] fix includefile processing.
6763 any leapsecond information.
6765 proper jump distance limit and step correction is allowed at all.
6768 * [Bug 2776] Improve ntpq's 'help keytype'.
6769 * [Bug 2778] Implement "apeers" ntpq command to include associd.
6770 * [Bug 2782] Refactor refclock_shm.c, add memory barrier protection.
6773 interface is not usable (e.g., no link).
6774 * [Bug 2794] Clean up kernel clock status reports.
6775 * [Bug 2800] refclock_true.c true_debug() can't open debug log because
6776 of incompatible open/fdopen parameters.
6777 * [Bug 2804] install-local-data assumes GNU 'find' semantics.
6778 * [Bug 2805] ntpd fails to join multicast group.
6779 * [Bug 2806] refclock_jjy.c supports the Telephone JJY.
6780 * [Bug 2808] GPSD_JSON driver enhancements, step 1.
6781 Fix crash during cleanup if GPS device not present and char device.
6782 Increase internal token buffer to parse all JSON data, even SKY.
6784 started, so the syslog is not cluttered when the driver is not used.
6785 Various improvements, see http://bugs.ntp.org/2808 for details.
6786 Changed libjsmn to a more recent version.
6787 * [Bug 2810] refclock_shm.c memory barrier code needs tweaks for QNX.
6788 * [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h.
6789 * [Bug 2815] net-snmp before v5.4 has circular library dependencies.
6790 * [Bug 2821] Add a missing NTP_PRINTF and a missing const.
6791 * [Bug 2822] New leap column in sntp broke NTP::Util.pm.
6792 * [Bug 2824] Convert update-leap to perl. (also see 2769)
6793 * [Bug 2825] Quiet file installation in html/ .
6795 NTPD transfers the current TAI (instead of an announcement) now.
6796 This might still needed improvement.
6797 Update autokey data ASAP when 'sys_tai' changes.
6798 Fix unit test that was broken by changes for autokey update.
6800 in ntp_crypto.c.
6801 * [Bug 2832] refclock_jjy.c supports the TDC-300.
6802 * [Bug 2834] Correct a broken html tag in html/refclock.html
6804 robust, and require 2 consecutive timestamps to be consistent.
6805 * [Bug 2837] Allow a configurable DSCP value.
6806 * [Bug 2837] add test for DSCP to ntpd/complete.conf.in
6807 * [Bug 2842] Glitch in ntp.conf.def documentation stanza.
6808 * [Bug 2842] Bug in mdoc2man.
6809 * [Bug 2843] make check fails on 4.3.36
6812 * [Bug 2845] Harden memory allocation in ntpd.
6813 * [Bug 2852] 'make check' can't find unity.h. Hal Murray.
6814 * [Bug 2854] Missing brace in libntp/strdup.c. Masanari Iida.
6815 * [Bug 2855] Parser fix for conditional leap smear code. Harlan Stenn.
6816 * [Bug 2855] Report leap smear in the REFID. Harlan Stenn.
6817 * [Bug 2855] Implement conditional leap smear code. Martin Burnicki.
6818 * [Bug 2856] ntpd should wait() on terminated child processes. Paul Green.
6819 * [Bug 2857] Stratus VOS does not support SIGIO. Paul Green.
6820 * [Bug 2859] Improve raw DCF77 robustness deconding. Frank Kardel.
6821 * [Bug 2860] ntpq ifstats sanity check is too stringent. Frank Kardel.
6822 * html/drivers/driver22.html: typo fix. Harlan Stenn.
6823 * refidsmear test cleanup. Tomasz Flendrich.
6824 * refidsmear function support and tests. Harlan Stenn.
6825 * sntp/tests/Makefile.am: remove g_nameresolution.cpp as it tested
6826 something that was only in the 4.2.6 sntp. Harlan Stenn.
6827 * Modified tests/bug-2803/Makefile.am so it builds Unity framework tests.
6829 * Modified tests/libtnp/Makefile.am so it builds Unity framework tests.
6831 * Modified sntp/tests/Makefile.am so it builds Unity framework tests.
6833 * tests/sandbox/smeartest.c: Harlan Stenn, Damir Tomic, Juergen Perlinger.
6834 * Converted from gtest to Unity: tests/bug-2803/. Damir Tomić
6835 * Converted from gtest to Unity: tests/libntp/ a_md5encrypt, atoint.c,
6836 atouint.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
6837 calyearstart.c, clocktime.c, hextoint.c, lfpfunc.c, modetoa.c,
6838 numtoa.c, numtohost.c, refnumtoa.c, ssl_init.c, statestr.c,
6839 timespecops.c, timevalops.c, uglydate.c, vi64ops.c, ymd2yd.c.
6841 * Converted from gtest to Unity: sntp/tests/ kodDatabase.c, kodFile.c,
6842 networking.c, keyFile.c, utilities.cpp, sntptest.h,
6843 fileHandlingTest.h. Damir Tomić
6844 * Initial support for experimental leap smear code. Harlan Stenn.
6845 * Fixes to sntp/tests/fileHandlingTest.h.in. Harlan Stenn.
6846 * Report select() debug messages at debug level 3 now.
6847 * sntp/scripts/genLocInfo: treat raspbian as debian.
6848 * Unity test framework fixes.
6849 ** Requires ruby for changes to tests.
6850 * Initial support for PACKAGE_VERSION tests.
6851 * sntp/libpkgver belongs in EXTRA_DIST, not DIST_SUBDIRS.
6852 * tests/bug-2803/Makefile.am must distribute bug-2803.h.
6853 * Add an assert to the ntpq ifstats code.
6854 * Clean up the RLIMIT_STACK code.
6855 * Improve the ntpq documentation around the controlkey keyid.
6856 * ntpq.c cleanup.
6857 * Windows port build cleanup.
6860 NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/07)
6862 Focus: Security and Bug fixes, enhancements.
6870 * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
6873 Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
6874 including ntp-4.2.8p2 where the installation uses symmetric keys
6875 to authenticate remote associations.
6877 Date Resolved: Stable (4.2.8p2) 07 Apr 2015
6881 there actually is any MAC included. Packets without a MAC are
6882 accepted as if they had a valid MAC. This allows a MITM attacker to
6884 having to know the symmetric key. The attacker needs to know the
6887 reply from the server. The attacker doesn't necessarily need to be
6888 relaying the packets between the client and the server.
6892 which fails for packets without a MAC.
6894 Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
6896 Configure ntpd with enough time sources and monitor it properly.
6897 Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
6900 DoS attacks.
6903 Affects: All NTP releases starting with at least xntp3.3wy up to but
6904 not including ntp-4.2.8p2 where the installation uses symmetric
6905 key authentication.
6908 it could be higher than 5.4.
6909 Date Resolved: Stable (4.2.8p2) 07 Apr 2015
6913 on A to the values sent by the attacker. Host A will then send
6916 be dropped. If the attacker does this periodically for both
6917 hosts, they won't be able to synchronize to each other. This is
6919 https://www.eecis.udel.edu/~mills/onwire.html .
6923 doesn't seem to be the case. The state variables are updated even
6926 the receiving side.
6929 xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)
6931 symmetric associations and authentication may be vulnerable too.
6932 An update to the NTP RFC to correct this error is in-process.
6934 Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
6937 is simply a long-known potential problem.
6938 Configure ntpd with appropriate time sources and monitor ntpd.
6939 Alert your staff if problems are detected.
6940 Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
6944 leap-second definition file.
6949 Some may choose to run this from cron. It needs more portability testing.
6953 * [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
6954 * [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
6955 * [Bug 2346] "graceful termination" signals do not do peer cleanup.
6956 * [Bug 2728] See if C99-style structure initialization works.
6957 * [Bug 2747] Upgrade libevent to 2.1.5-beta.
6958 * [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
6959 * [Bug 2751] jitter.h has stale copies of l_fp macros.
6960 * [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
6961 * [Bug 2757] Quiet compiler warnings.
6962 * [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
6963 * [Bug 2763] Allow different thresholds for forward and backward steps.
6964 * [Bug 2766] ntp-keygen output files should not be world-readable.
6965 * [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
6966 * [Bug 2771] nonvolatile value is documented in wrong units.
6969 * [Bug 2775] ntp-keygen.c fails to compile under Windows.
6970 * [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
6971 Removed non-ASCII characters from some copyright comments.
6972 Removed trailing whitespace.
6973 Updated definitions for Meinberg clocks from current Meinberg header files.
6974 Now use C99 fixed-width types and avoid non-ASCII characters in comments.
6975 Account for updated definitions pulled from Meinberg header files.
6976 Updated comments on Meinberg GPS receivers which are not only called GPS16x.
6977 Replaced some constant numbers by defines from ntp_calendar.h
6979 in gps16x_message().
6980 Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
6982 if the time status shall be printed.
6983 * [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
6985 DoS attacks.
6986 * [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
6987 * [Bug 2789] Quiet compiler warnings from libevent.
6990 correct results.
6991 * Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
6993 used to set up function pointers.
6994 Account for changed prototype of parse_inp_fnc_t functions.
6996 compiler warnings.
6998 when called with pointers to different types.
7001 NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04)
7003 Focus: Security and Bug fixes, enhancements.
7010 * vallen is not validated in several places in ntp_crypto.c, leading
7014 Affects: All NTP4 releases before 4.2.8p1 that are running autokey.
7016 Date Resolved: Stable (4.2.8p1) 04 Feb 2015
7018 paths in ntp_crypto.c which can lead to information leakage
7019 or perhaps a crash of the ntpd process.
7021 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
7022 or the NTP Public Services Project Download Page.
7025 keyword in your ntp.conf file.
7029 Time Foundation.
7032 can be bypassed.
7035 Affects: All NTP4 releases before 4.2.8p1, under at least some
7036 versions of MacOS and Linux. *BSD has not been seen to be vulnerable.
7038 Date Resolved: Stable (4.2.8p1) 04 Feb 2014
7039 Summary: While available kernels will prevent 127.0.0.1 addresses
7042 IPv6 interfaces. Since NTP's access control is based on source
7045 by spoofing ::1 addresses from the outside. Note Well: This is
7046 not really a bug in NTP, it's a problem with some OSes. If you
7050 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
7053 ::1 from inappropriate network interfaces.
7055 the Google Security Team.
7057 Additionally, over 30 bugfixes and improvements were made to the codebase.
7058 See the ChangeLog for more information.
7061 NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18)
7063 Focus: Security and Bug fixes, enhancements.
7075 restrict default ... noquery
7077 in the ntp.conf file. With the exception of:
7084 restricted from sending a 'query'-class packet by your ntp.conf file.
7088 * Weak default key in config_auth().
7092 Vulnerable Versions: all releases prior to 4.2.7p11
7096 would generate a random key on the fly. There were two
7100 entropy. This was sufficient back in the late 1990s when the
7101 code was written. Not today.
7104 - Upgrade to 4.2.7p11 or later.
7105 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7107 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
7108 of the Google Security Team.
7111 ntp-keygen to generate symmetric keys.
7115 Vulnerable Versions: All NTP4 releases before 4.2.7p230
7116 Date Resolved: Dev (4.2.7p230) 01 Nov 2011
7118 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
7119 prepare a random number generator that was of good quality back
7120 in the late 1990s. The random numbers produced was then used to
7121 generate symmetric keys. In ntp-4.2.8 we use a current-technology
7123 OpenSSL, or arc4random().
7126 - Upgrade to 4.2.7p230 or later.
7127 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7129 Credit: This vulnerability was discovered in ntp-4.2.6 by
7130 Stephen Roettger of the Google Security Team.
7136 Versions: All releases before 4.2.8
7137 Date Resolved: Stable (4.2.8) 18 Dec 2014
7139 Summary: When Autokey Authentication is enabled (i.e. the ntp.conf
7140 file contains a 'crypto pw ...' directive) a remote attacker
7143 with the privilege level of the ntpd process.
7146 - Upgrade to 4.2.8, or later, or
7149 in your ntp.conf file.
7152 Google Security Team.
7158 Versions: All NTP4 releases before 4.2.8
7159 Date Resolved: Stable (4.2.8) 18 Dec 2014
7163 code to be executed with the privilege level of the ntpd process.
7166 - Upgrade to 4.2.8, or later.
7167 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7170 Google Security Team.
7176 Versions: All NTP4 releases before 4.2.8
7177 Date Resolved: Stable (4.2.8) 18 Dec 2014
7181 code to be executed with the privilege level of the ntpd process.
7184 - Upgrade to 4.2.8, or later.
7185 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
7188 Google Security Team.
7194 Versions: All NTP4 releases before 4.2.8
7195 Date Resolved: Stable (4.2.8) 18 Dec 2014
7197 Summary: Code in ntp_proto.c:receive() was missing a 'return;' in
7199 processing did not stop when a specific rare error occurred.
7200 We haven't found a way for this bug to affect system integrity.
7202 score for this bug is 0. If there is one avenue through which
7204 becomes a 5. If system integrity can be partially affected
7205 via all three integrity metrics, the CVSS base score become 7.5.
7208 - Upgrade to 4.2.8, or later,
7210 beginning with the crypto keyword in your ntp.conf file.
7213 Google Security Team.
7215 See http://support.ntp.org/security for more information.
7224 rolls over every 136 years'. The current "era" started at the stroke of
7226 1 Jan 2036.
7228 era we were in. Given the longevity of some products, it became clear
7230 more. We now compile a timestamp into the ntpd executable and when we
7231 get a timestamp we us the "built-on" to tell us what era we are in.
7232 This check "looks back" 10 years, and "looks forward" 126 years.
7240 request) protocol for runtime queries and configuration. There has
7242 capabilities exposed by ntpdc with no ntpq equivalent. I have been
7245 recently.
7249 ntpdc which is hard to get right. As ntpd grows and changes, the
7251 and backward compatibility between ntpdc and ntpd. In contrast,
7253 allows compatible changes without extra work in most cases.
7257 with other implementations. There is an early draft of an updated
7259 eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
7261 For these reasons, ntpd 4.2.7p230 by default disables processing of
7263 deprecating ntpdc. If you are in the habit of using ntpdc for certain
7264 operations, please try the ntpq equivalent. If there's no equivalent,
7265 please open a bug report at http://bugs.ntp.org./
7268 the 4.2.6 branch and 4.2.8. The ChangeLog file in the distribution
7269 lists these.
7272 NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24)
7278 This is a recommended upgrade.
7285 includes improvements to orphan mode, minor bugs fixes and code clean-ups.
7293 using the address/prefix format (e.g. fe80::/64)
7304 * sys.peer jitter weighting corrected in sys_jitter calculation
7312 NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22)
7318 This is a recommended upgrade.
7322 ref-clock issues, and documentation revisions.
7324 Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
7331 * Update config.guess and config.sub for AIX
7371 * Update html2man. Fix some tags in the .html files
7372 * Distribute ntp-wait.html
7375 NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
7381 This is a recommended upgrade.
7385 ref-clock issues, and documentation revisions.
7388 FreeBSD4, Linux and Microsoft Windows.
7393 * Use lsb_release to get information about Linux distributions.
7394 * 'test' is in /usr/bin (instead of /bin) on some systems.
7395 * Basic sanity checks for the ChangeLog file.
7396 * Source certain build files with ./filename for systems without . in PATH.
7397 * IRIX portability fix.
7398 * Use a single copy of the "libopts" code.
7399 * autogen/libopts upgrade.
7400 * configure.ac m4 quoting cleanup.
7403 * Do not bind to IN6_IFF_ANYCAST addresses.
7404 * Log the reason for exiting under Windows.
7405 * Multicast fixes for Windows.
7406 * Interpolation fixes for Windows.
7407 * IPv4 and IPv6 Multicast fixes.
7408 * Manycast solicitation fixes and general repairs.
7409 * JJY refclock cleanup.
7410 * NMEA refclock improvements.
7411 * Oncore debug message cleanup.
7412 * Palisade refclock now builds under Linux.
7413 * Give RAWDCF more baud rates.
7414 * Support Truetime Satellite clocks under Windows.
7415 * Support Arbiter 1093C Satellite clocks under Windows.
7416 * Make sure that the "filegen" configuration command defaults to "enable".
7417 * Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
7418 * Prohibit 'includefile' directive in remote configuration command.
7419 * Fix 'nic' interface bindings.
7421 system.
7424 * Fix -V coredump.
7425 * OpenSSL version display cleanup.
7428 * Many counters should be treated as unsigned.
7431 * Do not ignore replies with equal receive and transmit timestamps.
7434 * libntpq warning cleanup.
7437 * Correct SNMP type for "precision" and "resolution".
7438 * Update the MIB from the draft version to RFC-5907.
7442 timezone.
7443 * Pay proper attention to RATE KoD packets.
7444 * Fix a miscalculation of the offset.
7445 * Properly parse empty lines in the key file.
7446 * Logging cleanup.
7447 * Use tv_usec correctly in set_time().
7448 * Documentation cleanup.
7451 NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
7457 This is a recommended upgrade.
7462 updates and documentation revisions.
7481 * support for the "passwd ..." syntax
7490 NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
7496 This is a recommended upgrade.
7499 NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
7501 Focus: enhancements and bug fixes.
7504 NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
7512 * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
7514 See http://support.ntp.org/security for more information.
7516 NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
7518 transfers use modes 1 through 5. Upon receipt of an incorrect mode 7
7520 in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
7521 reply with a mode 7 error response (and log a message). In this case:
7526 those packets get through.
7530 endlessly, consuming CPU and logging excessively.
7533 Vinokurov of Alcatel-Lucent.
7535 THIS IS A STRONGLY RECOMMENDED UPGRADE.
7538 ntpd now syncs to refclocks right away.
7542 ntpd no longer accepts '-v name' or '-V name' to define internal variables.
7543 Use '--var name' or '--dvar name' instead. (Bug 817)
7546 NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
7554 * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
7556 See http://support.ntp.org/security for more information.
7558 If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
7561 with the privileges of the ntpd process (often root).
7563 Credit for finding this vulnerability goes to Chris Ries of CMU.
7567 * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
7568 Credit for finding this vulnerability goes to Geoff Keating of Apple.
7571 Credit for finding this issue goes to Dave Hart.
7581 THIS IS A STRONGLY RECOMMENDED UPGRADE.
7584 NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
7590 This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
7592 value of EVP_VerifyFinal function.
7595 finding the original issue with OpenSSL, and to ocert.org for finding
7596 the problem in NTP and telling us about it.
7598 This is a recommended upgrade.
7600 NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
7605 platform-independent ntpdate bugs. A logging bugfix has been applied
7606 to the ONCORE driver.
7609 interfaces is the new default. The minimum time restriction for the
7610 interface update interval has been dropped.
7612 A number of minor build system and documentation fixes are included.
7614 This is a recommended upgrade for Windows.
7617 NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
7626 interface to share addresses with other interfaces.
7629 NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
7634 terminate ntpd under windows.
7635 This is a recommended upgrade for Windows.
7638 NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
7644 ntpd crashing, and several other minor bugs. Handling of
7645 multicast interfaces and logging configuration were improved.
7646 The required versions of autogen and libopts were incremented.
7647 This is a recommended upgrade for Windows and multicast users.
7650 NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
7652 Focus: enhancements and bug fixes.
7655 conjunction with DHCP. GNU AutoGen is used for its command-line options
7656 processing. Separate PPS devices are supported for PARSE refclocks, MD5
7657 signatures are now provided for the release files. Drivers have been
7659 ref-clocks. This release also includes other improvements, documentation
7660 and bug fixes.
7662 K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
7663 C support.
7666 NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
7668 Focus: enhancements and bug fixes.