xref: /freebsd/contrib/ntp/NEWS (revision 9fe48b8076ae9c6dc486d713c468ff03ec056eda)
1---
2NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04)
3
4Focus: Security and Bug fixes, enhancements.
5
6Severity: HIGH
7
8In addition to bug fixes and enhancements, this release fixes the
9following high-severity vulnerabilities:
10
11* vallen is not validated in several places in ntp_crypto.c, leading
12  to a potential information leak or possibly a crash
13
14    References: Sec 2671 / CVE-2014-9297 / VU#852879
15    Affects: All NTP4 releases before 4.2.8p1 that are running autokey.
16    CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
17    Date Resolved: Stable (4.2.8p1) 04 Feb 2015
18    Summary: The vallen packet value is not validated in several code
19             paths in ntp_crypto.c which can lead to information leakage
20	     or perhaps a crash of the ntpd process.
21    Mitigation - any of:
22	Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
23		or the NTP Public Services Project Download Page.
24	Disable Autokey Authentication by removing, or commenting out,
25		all configuration directives beginning with the "crypto"
26		keyword in your ntp.conf file.
27    Credit: This vulnerability was discovered by Stephen Roettger of the
28    	Google Security Team, with additional cases found by Sebastian
29	Krahmer of the SUSE Security Team and Harlan Stenn of Network
30	Time Foundation.
31
32* ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses
33  can be bypassed.
34
35    References: Sec 2672 / CVE-2014-9298 / VU#852879
36    Affects: All NTP4 releases before 4.2.8p1, under at least some
37	versions of MacOS and Linux. *BSD has not been seen to be vulnerable.
38    CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Base Score: 9
39    Date Resolved: Stable (4.2.8p1) 04 Feb 2014
40    Summary: While available kernels will prevent 127.0.0.1 addresses
41	from "appearing" on non-localhost IPv4 interfaces, some kernels
42	do not offer the same protection for ::1 source addresses on
43	IPv6 interfaces. Since NTP's access control is based on source
44	address and localhost addresses generally have no restrictions,
45	an attacker can send malicious control and configuration packets
46	by spoofing ::1 addresses from the outside. Note Well: This is
47	not really a bug in NTP, it's a problem with some OSes. If you
48	have one of these OSes where ::1 can be spoofed, ALL ::1 -based
49	ACL restrictions on any application can be bypassed!
50    Mitigation:
51        Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
52	or the NTP Public Services Project Download Page
53        Install firewall rules to block packets claiming to come from
54	::1 from inappropriate network interfaces.
55    Credit: This vulnerability was discovered by Stephen Roettger of
56	the Google Security Team.
57
58Additionally, over 30 bugfixes and improvements were made to the codebase.
59See the ChangeLog for more information.
60
61---
62NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18)
63
64Focus: Security and Bug fixes, enhancements.
65
66Severity: HIGH
67
68In addition to bug fixes and enhancements, this release fixes the
69following high-severity vulnerabilities:
70
71************************** vv NOTE WELL vv *****************************
72
73The vulnerabilities listed below can be significantly mitigated by
74following the BCP of putting
75
76 restrict default ... noquery
77
78in the ntp.conf file.  With the exception of:
79
80   receive(): missing return on error
81   References: Sec 2670 / CVE-2014-9296 / VU#852879
82
83below (which is a limited-risk vulnerability), none of the recent
84vulnerabilities listed below can be exploited if the source IP is
85restricted from sending a 'query'-class packet by your ntp.conf file.
86
87************************** ^^ NOTE WELL ^^ *****************************
88
89* Weak default key in config_auth().
90
91  References: [Sec 2665] / CVE-2014-9293 / VU#852879
92  CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
93  Vulnerable Versions: all releases prior to 4.2.7p11
94  Date Resolved: 28 Jan 2010
95
96  Summary: If no 'auth' key is set in the configuration file, ntpd
97	would generate a random key on the fly.  There were two
98	problems with this: 1) the generated key was 31 bits in size,
99	and 2) it used the (now weak) ntp_random() function, which was
100	seeded with a 32-bit value and could only provide 32 bits of
101	entropy.  This was sufficient back in the late 1990s when the
102	code was written.  Not today.
103
104  Mitigation - any of:
105	- Upgrade to 4.2.7p11 or later.
106	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
107
108  Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
109  	of the Google Security Team.
110
111* Non-cryptographic random number generator with weak seed used by
112  ntp-keygen to generate symmetric keys.
113
114  References: [Sec 2666] / CVE-2014-9294 / VU#852879
115  CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
116  Vulnerable Versions: All NTP4 releases before 4.2.7p230
117  Date Resolved: Dev (4.2.7p230) 01 Nov 2011
118
119  Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
120  	prepare a random number generator that was of good quality back
121	in the late 1990s. The random numbers produced was then used to
122	generate symmetric keys. In ntp-4.2.8 we use a current-technology
123	cryptographic random number generator, either RAND_bytes from
124	OpenSSL, or arc4random().
125
126  Mitigation - any of:
127  	- Upgrade to 4.2.7p230 or later.
128	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
129
130  Credit:  This vulnerability was discovered in ntp-4.2.6 by
131  	Stephen Roettger of the Google Security Team.
132
133* Buffer overflow in crypto_recv()
134
135  References: Sec 2667 / CVE-2014-9295 / VU#852879
136  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
137  Versions: All releases before 4.2.8
138  Date Resolved: Stable (4.2.8) 18 Dec 2014
139
140  Summary: When Autokey Authentication is enabled (i.e. the ntp.conf
141  	file contains a 'crypto pw ...' directive) a remote attacker
142	can send a carefully crafted packet that can overflow a stack
143	buffer and potentially allow malicious code to be executed
144	with the privilege level of the ntpd process.
145
146  Mitigation - any of:
147  	- Upgrade to 4.2.8, or later, or
148	- Disable Autokey Authentication by removing, or commenting out,
149	  all configuration directives beginning with the crypto keyword
150	  in your ntp.conf file.
151
152  Credit: This vulnerability was discovered by Stephen Roettger of the
153  	Google Security Team.
154
155* Buffer overflow in ctl_putdata()
156
157  References: Sec 2668 / CVE-2014-9295 / VU#852879
158  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
159  Versions: All NTP4 releases before 4.2.8
160  Date Resolved: Stable (4.2.8) 18 Dec 2014
161
162  Summary: A remote attacker can send a carefully crafted packet that
163  	can overflow a stack buffer and potentially allow malicious
164	code to be executed with the privilege level of the ntpd process.
165
166  Mitigation - any of:
167  	- Upgrade to 4.2.8, or later.
168	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
169
170  Credit: This vulnerability was discovered by Stephen Roettger of the
171  	Google Security Team.
172
173* Buffer overflow in configure()
174
175  References: Sec 2669 / CVE-2014-9295 / VU#852879
176  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
177  Versions: All NTP4 releases before 4.2.8
178  Date Resolved: Stable (4.2.8) 18 Dec 2014
179
180  Summary: A remote attacker can send a carefully crafted packet that
181	can overflow a stack buffer and potentially allow malicious
182	code to be executed with the privilege level of the ntpd process.
183
184  Mitigation - any of:
185  	- Upgrade to 4.2.8, or later.
186	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
187
188  Credit: This vulnerability was discovered by Stephen Roettger of the
189	Google Security Team.
190
191* receive(): missing return on error
192
193  References: Sec 2670 / CVE-2014-9296 / VU#852879
194  CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0
195  Versions: All NTP4 releases before 4.2.8
196  Date Resolved: Stable (4.2.8) 18 Dec 2014
197
198  Summary: Code in ntp_proto.c:receive() was missing a 'return;' in
199  	the code path where an error was detected, which meant
200	processing did not stop when a specific rare error occurred.
201	We haven't found a way for this bug to affect system integrity.
202	If there is no way to affect system integrity the base CVSS
203	score for this bug is 0. If there is one avenue through which
204	system integrity can be partially affected, the base score
205	becomes a 5. If system integrity can be partially affected
206	via all three integrity metrics, the CVSS base score become 7.5.
207
208  Mitigation - any of:
209        - Upgrade to 4.2.8, or later,
210        - Remove or comment out all configuration directives
211	  beginning with the crypto keyword in your ntp.conf file.
212
213  Credit: This vulnerability was discovered by Stephen Roettger of the
214  	Google Security Team.
215
216See http://support.ntp.org/security for more information.
217
218New features / changes in this release:
219
220Important Changes
221
222* Internal NTP Era counters
223
224The internal counters that track the "era" (range of years) we are in
225rolls over every 136 years'.  The current "era" started at the stroke of
226midnight on 1 Jan 1900, and ends just before the stroke of midnight on
2271 Jan 2036.
228In the past, we have used the "midpoint" of the  range to decide which
229era we were in.  Given the longevity of some products, it became clear
230that it would be more functional to "look back" less, and "look forward"
231more.  We now compile a timestamp into the ntpd executable and when we
232get a timestamp we us the "built-on" to tell us what era we are in.
233This check "looks back" 10 years, and "looks forward" 126 years.
234
235* ntpdc responses disabled by default
236
237Dave Hart writes:
238
239For a long time, ntpq and its mostly text-based mode 6 (control)
240protocol have been preferred over ntpdc and its mode 7 (private
241request) protocol for runtime queries and configuration.  There has
242been a goal of deprecating ntpdc, previously held back by numerous
243capabilities exposed by ntpdc with no ntpq equivalent.  I have been
244adding commands to ntpq to cover these cases, and I believe I've
245covered them all, though I've not compared command-by-command
246recently.
247
248As I've said previously, the binary mode 7 protocol involves a lot of
249hand-rolled structure layout and byte-swapping code in both ntpd and
250ntpdc which is hard to get right.  As ntpd grows and changes, the
251changes are difficult to expose via ntpdc while maintaining forward
252and backward compatibility between ntpdc and ntpd.  In contrast,
253ntpq's text-based, label=value approach involves more code reuse and
254allows compatible changes without extra work in most cases.
255
256Mode 7 has always been defined as vendor/implementation-specific while
257mode 6 is described in RFC 1305 and intended to be open to interoperate
258with other implementations.  There is an early draft of an updated
259mode 6 description that likely will join the other NTPv4 RFCs
260eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
261
262For these reasons, ntpd 4.2.7p230 by default disables processing of
263ntpdc queries, reducing ntpd's attack surface and functionally
264deprecating ntpdc.  If you are in the habit of using ntpdc for certain
265operations, please try the ntpq equivalent.  If there's no equivalent,
266please open a bug report at http://bugs.ntp.org./
267
268In addition to the above, over 1100 issues have been resolved between
269the 4.2.6 branch and 4.2.8.  The ChangeLog file in the distribution
270lists these.
271
272---
273NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24)
274
275Focus: Bug fixes
276
277Severity: Medium
278
279This is a recommended upgrade.
280
281This release updates sys_rootdisp and sys_jitter calculations to match the
282RFC specification, fixes a potential IPv6 address matching error for the
283"nic" and "interface" configuration directives, suppresses the creation of
284extraneous ephemeral associations for certain broadcastclient and
285multicastclient configurations, cleans up some ntpq display issues, and
286includes improvements to orphan mode, minor bugs fixes and code clean-ups.
287
288New features / changes in this release:
289
290ntpd
291
292 * Updated "nic" and "interface" IPv6 address handling to prevent
293   mismatches with localhost [::1] and wildcard [::] which resulted from
294   using the address/prefix format (e.g. fe80::/64)
295 * Fix orphan mode stratum incorrectly counting to infinity
296 * Orphan parent selection metric updated to includes missing ntohl()
297 * Non-printable stratum 16 refid no longer sent to ntp
298 * Duplicate ephemeral associations suppressed for broadcastclient and
299   multicastclient without broadcastdelay
300 * Exclude undetermined sys_refid from use in loopback TEST12
301 * Exclude MODE_SERVER responses from KoD rate limiting
302 * Include root delay in clock_update() sys_rootdisp calculations
303 * get_systime() updated to exclude sys_residual offset (which only
304   affected bits "below" sys_tick, the precision threshold)
305 * sys.peer jitter weighting corrected in sys_jitter calculation
306
307ntpq
308
309 * -n option extended to include the billboard "server" column
310 * IPv6 addresses in the local column truncated to prevent overruns
311
312---
313NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22)
314
315Focus: Bug fixes and portability improvements
316
317Severity: Medium
318
319This is a recommended upgrade.
320
321This release includes build infrastructure updates, code
322clean-ups, minor bug fixes, fixes for a number of minor
323ref-clock issues, and documentation revisions.
324
325Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
326
327New features / changes in this release:
328
329Build system
330
331* Fix checking for struct rtattr
332* Update config.guess and config.sub for AIX
333* Upgrade required version of autogen and libopts for building
334  from our source code repository
335
336ntpd
337
338* Back-ported several fixes for Coverity warnings from ntp-dev
339* Fix a rare boundary condition in UNLINK_EXPR_SLIST()
340* Allow "logconfig =allall" configuration directive
341* Bind tentative IPv6 addresses on Linux
342* Correct WWVB/Spectracom driver to timestamp CR instead of LF
343* Improved tally bit handling to prevent incorrect ntpq peer status reports
344* Exclude the Undisciplined Local Clock and ACTS drivers from the initial
345  candidate list unless they are designated a "prefer peer"
346* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for
347  selection during the 'tos orphanwait' period
348* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS
349  drivers
350* Improved support of the Parse Refclock trusttime flag in Meinberg mode
351* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
352* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline
353  clock slew on Microsoft Windows
354* Code cleanup in libntpq
355
356ntpdc
357
358* Fix timerstats reporting
359
360ntpdate
361
362* Reduce time required to set clock
363* Allow a timeout greater than 2 seconds
364
365sntp
366
367* Backward incompatible command-line option change:
368  -l/--filelog changed -l/--logfile (to be consistent with ntpd)
369
370Documentation
371
372* Update html2man. Fix some tags in the .html files
373* Distribute ntp-wait.html
374
375---
376NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
377
378Focus: Bug fixes and portability improvements
379
380Severity: Medium
381
382This is a recommended upgrade.
383
384This release includes build infrastructure updates, code
385clean-ups, minor bug fixes, fixes for a number of minor
386ref-clock issues, and documentation revisions.
387
388Portability improvements in this release affect AIX, Atari FreeMiNT,
389FreeBSD4, Linux and Microsoft Windows.
390
391New features / changes in this release:
392
393Build system
394* Use lsb_release to get information about Linux distributions.
395* 'test' is in /usr/bin (instead of /bin) on some systems.
396* Basic sanity checks for the ChangeLog file.
397* Source certain build files with ./filename for systems without . in PATH.
398* IRIX portability fix.
399* Use a single copy of the "libopts" code.
400* autogen/libopts upgrade.
401* configure.ac m4 quoting cleanup.
402
403ntpd
404* Do not bind to IN6_IFF_ANYCAST addresses.
405* Log the reason for exiting under Windows.
406* Multicast fixes for Windows.
407* Interpolation fixes for Windows.
408* IPv4 and IPv6 Multicast fixes.
409* Manycast solicitation fixes and general repairs.
410* JJY refclock cleanup.
411* NMEA refclock improvements.
412* Oncore debug message cleanup.
413* Palisade refclock now builds under Linux.
414* Give RAWDCF more baud rates.
415* Support Truetime Satellite clocks under Windows.
416* Support Arbiter 1093C Satellite clocks under Windows.
417* Make sure that the "filegen" configuration command defaults to "enable".
418* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
419* Prohibit 'includefile' directive in remote configuration command.
420* Fix 'nic' interface bindings.
421* Fix the way we link with openssl if openssl is installed in the base
422  system.
423
424ntp-keygen
425* Fix -V coredump.
426* OpenSSL version display cleanup.
427
428ntpdc
429* Many counters should be treated as unsigned.
430
431ntpdate
432* Do not ignore replies with equal receive and transmit timestamps.
433
434ntpq
435* libntpq warning cleanup.
436
437ntpsnmpd
438* Correct SNMP type for "precision" and "resolution".
439* Update the MIB from the draft version to RFC-5907.
440
441sntp
442* Display timezone offset when showing time for sntp in the local
443  timezone.
444* Pay proper attention to RATE KoD packets.
445* Fix a miscalculation of the offset.
446* Properly parse empty lines in the key file.
447* Logging cleanup.
448* Use tv_usec correctly in set_time().
449* Documentation cleanup.
450
451---
452NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
453
454Focus: Bug fixes and portability improvements
455
456Severity: Medium
457
458This is a recommended upgrade.
459
460This release includes build infrastructure updates, code
461clean-ups, minor bug fixes, fixes for a number of minor
462ref-clock issues, improved KOD handling, OpenSSL related
463updates and documentation revisions.
464
465Portability improvements in this release affect Irix, Linux,
466Mac OS, Microsoft Windows, OpenBSD and QNX6
467
468New features / changes in this release:
469
470ntpd
471* Range syntax for the trustedkey configuration directive
472* Unified IPv4 and IPv6 restrict lists
473
474ntpdate
475* Rate limiting and KOD handling
476
477ntpsnmpd
478* default connection to net-snmpd via a unix-domain socket
479* command-line 'socket name' option
480
481ntpq / ntpdc
482* support for the "passwd ..." syntax
483* key-type specific password prompts
484
485sntp
486* MD5 authentication of an ntpd
487* Broadcast and crypto
488* OpenSSL support
489
490---
491NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
492
493Focus: Bug fixes, portability fixes, and documentation improvements
494
495Severity: Medium
496
497This is a recommended upgrade.
498
499---
500NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
501
502Focus: enhancements and bug fixes.
503
504---
505NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
506
507Focus: Security Fixes
508
509Severity: HIGH
510
511This release fixes the following high-severity vulnerability:
512
513* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
514
515  See http://support.ntp.org/security for more information.
516
517  NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
518  In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
519  transfers use modes 1 through 5.  Upon receipt of an incorrect mode 7
520  request or a mode 7 error response from an address which is not listed
521  in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
522  reply with a mode 7 error response (and log a message).  In this case:
523
524	* If an attacker spoofs the source address of ntpd host A in a
525	  mode 7 response packet sent to ntpd host B, both A and B will
526	  continuously send each other error responses, for as long as
527	  those packets get through.
528
529	* If an attacker spoofs an address of ntpd host A in a mode 7
530	  response packet sent to ntpd host A, A will respond to itself
531	  endlessly, consuming CPU and logging excessively.
532
533  Credit for finding this vulnerability goes to Robin Park and Dmitri
534  Vinokurov of Alcatel-Lucent.
535
536THIS IS A STRONGLY RECOMMENDED UPGRADE.
537
538---
539ntpd now syncs to refclocks right away.
540
541Backward-Incompatible changes:
542
543ntpd no longer accepts '-v name' or '-V name' to define internal variables.
544Use '--var name' or '--dvar name' instead. (Bug 817)
545
546---
547NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
548
549Focus: Security and Bug Fixes
550
551Severity: HIGH
552
553This release fixes the following high-severity vulnerability:
554
555* [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
556
557  See http://support.ntp.org/security for more information.
558
559  If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
560  line) then a carefully crafted packet sent to the machine will cause
561  a buffer overflow and possible execution of injected code, running
562  with the privileges of the ntpd process (often root).
563
564  Credit for finding this vulnerability goes to Chris Ries of CMU.
565
566This release fixes the following low-severity vulnerabilities:
567
568* [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
569  Credit for finding this vulnerability goes to Geoff Keating of Apple.
570
571* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
572  Credit for finding this issue goes to Dave Hart.
573
574This release fixes a number of bugs and adds some improvements:
575
576* Improved logging
577* Fix many compiler warnings
578* Many fixes and improvements for Windows
579* Adds support for AIX 6.1
580* Resolves some issues under MacOS X and Solaris
581
582THIS IS A STRONGLY RECOMMENDED UPGRADE.
583
584---
585NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
586
587Focus: Security Fix
588
589Severity: Low
590
591This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
592the OpenSSL library relating to the incorrect checking of the return
593value of EVP_VerifyFinal function.
594
595Credit for finding this issue goes to the Google Security Team for
596finding the original issue with OpenSSL, and to ocert.org for finding
597the problem in NTP and telling us about it.
598
599This is a recommended upgrade.
600---
601NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
602
603Focus: Minor Bugfixes
604
605This release fixes a number of Windows-specific ntpd bugs and
606platform-independent ntpdate bugs. A logging bugfix has been applied
607to the ONCORE driver.
608
609The "dynamic" keyword and is now obsolete and deferred binding to local
610interfaces is the new default. The minimum time restriction for the
611interface update interval has been dropped.
612
613A number of minor build system and documentation fixes are included.
614
615This is a recommended upgrade for Windows.
616
617---
618NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
619
620Focus: Minor Bugfixes
621
622This release updates certain copyright information, fixes several display
623bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor
624shutdown in the parse refclock driver, removes some lint from the code,
625stops accessing certain buffers immediately after they were freed, fixes
626a problem with non-command-line specification of -6, and allows the loopback
627interface to share addresses with other interfaces.
628
629---
630NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
631
632Focus: Minor Bugfixes
633
634This release fixes a bug in Windows that made it difficult to
635terminate ntpd under windows.
636This is a recommended upgrade for Windows.
637
638---
639NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
640
641Focus: Minor Bugfixes
642
643This release fixes a multicast mode authentication problem,
644an error in NTP packet handling on Windows that could lead to
645ntpd crashing, and several other minor bugs. Handling of
646multicast interfaces and logging configuration were improved.
647The required versions of autogen and libopts were incremented.
648This is a recommended upgrade for Windows and multicast users.
649
650---
651NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
652
653Focus: enhancements and bug fixes.
654
655Dynamic interface rescanning was added to simplify the use of ntpd in
656conjunction with DHCP. GNU AutoGen is used for its command-line options
657processing. Separate PPS devices are supported for PARSE refclocks, MD5
658signatures are now provided for the release files. Drivers have been
659added for some new ref-clocks and have been removed for some older
660ref-clocks. This release also includes other improvements, documentation
661and bug fixes.
662
663K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
664C support.
665
666---
667NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
668
669Focus: enhancements and bug fixes.
670