1--- 2NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04) 3 4Focus: Security and Bug fixes, enhancements. 5 6Severity: HIGH 7 8In addition to bug fixes and enhancements, this release fixes the 9following high-severity vulnerabilities: 10 11* vallen is not validated in several places in ntp_crypto.c, leading 12 to a potential information leak or possibly a crash 13 14 References: Sec 2671 / CVE-2014-9297 / VU#852879 15 Affects: All NTP4 releases before 4.2.8p1 that are running autokey. 16 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 17 Date Resolved: Stable (4.2.8p1) 04 Feb 2015 18 Summary: The vallen packet value is not validated in several code 19 paths in ntp_crypto.c which can lead to information leakage 20 or perhaps a crash of the ntpd process. 21 Mitigation - any of: 22 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page 23 or the NTP Public Services Project Download Page. 24 Disable Autokey Authentication by removing, or commenting out, 25 all configuration directives beginning with the "crypto" 26 keyword in your ntp.conf file. 27 Credit: This vulnerability was discovered by Stephen Roettger of the 28 Google Security Team, with additional cases found by Sebastian 29 Krahmer of the SUSE Security Team and Harlan Stenn of Network 30 Time Foundation. 31 32* ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses 33 can be bypassed. 34 35 References: Sec 2672 / CVE-2014-9298 / VU#852879 36 Affects: All NTP4 releases before 4.2.8p1, under at least some 37 versions of MacOS and Linux. *BSD has not been seen to be vulnerable. 38 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Base Score: 9 39 Date Resolved: Stable (4.2.8p1) 04 Feb 2014 40 Summary: While available kernels will prevent 127.0.0.1 addresses 41 from "appearing" on non-localhost IPv4 interfaces, some kernels 42 do not offer the same protection for ::1 source addresses on 43 IPv6 interfaces. Since NTP's access control is based on source 44 address and localhost addresses generally have no restrictions, 45 an attacker can send malicious control and configuration packets 46 by spoofing ::1 addresses from the outside. Note Well: This is 47 not really a bug in NTP, it's a problem with some OSes. If you 48 have one of these OSes where ::1 can be spoofed, ALL ::1 -based 49 ACL restrictions on any application can be bypassed! 50 Mitigation: 51 Upgrade to 4.2.8p1, or later, from the NTP Project Download Page 52 or the NTP Public Services Project Download Page 53 Install firewall rules to block packets claiming to come from 54 ::1 from inappropriate network interfaces. 55 Credit: This vulnerability was discovered by Stephen Roettger of 56 the Google Security Team. 57 58Additionally, over 30 bugfixes and improvements were made to the codebase. 59See the ChangeLog for more information. 60 61--- 62NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18) 63 64Focus: Security and Bug fixes, enhancements. 65 66Severity: HIGH 67 68In addition to bug fixes and enhancements, this release fixes the 69following high-severity vulnerabilities: 70 71************************** vv NOTE WELL vv ***************************** 72 73The vulnerabilities listed below can be significantly mitigated by 74following the BCP of putting 75 76 restrict default ... noquery 77 78in the ntp.conf file. With the exception of: 79 80 receive(): missing return on error 81 References: Sec 2670 / CVE-2014-9296 / VU#852879 82 83below (which is a limited-risk vulnerability), none of the recent 84vulnerabilities listed below can be exploited if the source IP is 85restricted from sending a 'query'-class packet by your ntp.conf file. 86 87************************** ^^ NOTE WELL ^^ ***************************** 88 89* Weak default key in config_auth(). 90 91 References: [Sec 2665] / CVE-2014-9293 / VU#852879 92 CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 93 Vulnerable Versions: all releases prior to 4.2.7p11 94 Date Resolved: 28 Jan 2010 95 96 Summary: If no 'auth' key is set in the configuration file, ntpd 97 would generate a random key on the fly. There were two 98 problems with this: 1) the generated key was 31 bits in size, 99 and 2) it used the (now weak) ntp_random() function, which was 100 seeded with a 32-bit value and could only provide 32 bits of 101 entropy. This was sufficient back in the late 1990s when the 102 code was written. Not today. 103 104 Mitigation - any of: 105 - Upgrade to 4.2.7p11 or later. 106 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. 107 108 Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta 109 of the Google Security Team. 110 111* Non-cryptographic random number generator with weak seed used by 112 ntp-keygen to generate symmetric keys. 113 114 References: [Sec 2666] / CVE-2014-9294 / VU#852879 115 CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 116 Vulnerable Versions: All NTP4 releases before 4.2.7p230 117 Date Resolved: Dev (4.2.7p230) 01 Nov 2011 118 119 Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to 120 prepare a random number generator that was of good quality back 121 in the late 1990s. The random numbers produced was then used to 122 generate symmetric keys. In ntp-4.2.8 we use a current-technology 123 cryptographic random number generator, either RAND_bytes from 124 OpenSSL, or arc4random(). 125 126 Mitigation - any of: 127 - Upgrade to 4.2.7p230 or later. 128 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. 129 130 Credit: This vulnerability was discovered in ntp-4.2.6 by 131 Stephen Roettger of the Google Security Team. 132 133* Buffer overflow in crypto_recv() 134 135 References: Sec 2667 / CVE-2014-9295 / VU#852879 136 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 137 Versions: All releases before 4.2.8 138 Date Resolved: Stable (4.2.8) 18 Dec 2014 139 140 Summary: When Autokey Authentication is enabled (i.e. the ntp.conf 141 file contains a 'crypto pw ...' directive) a remote attacker 142 can send a carefully crafted packet that can overflow a stack 143 buffer and potentially allow malicious code to be executed 144 with the privilege level of the ntpd process. 145 146 Mitigation - any of: 147 - Upgrade to 4.2.8, or later, or 148 - Disable Autokey Authentication by removing, or commenting out, 149 all configuration directives beginning with the crypto keyword 150 in your ntp.conf file. 151 152 Credit: This vulnerability was discovered by Stephen Roettger of the 153 Google Security Team. 154 155* Buffer overflow in ctl_putdata() 156 157 References: Sec 2668 / CVE-2014-9295 / VU#852879 158 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 159 Versions: All NTP4 releases before 4.2.8 160 Date Resolved: Stable (4.2.8) 18 Dec 2014 161 162 Summary: A remote attacker can send a carefully crafted packet that 163 can overflow a stack buffer and potentially allow malicious 164 code to be executed with the privilege level of the ntpd process. 165 166 Mitigation - any of: 167 - Upgrade to 4.2.8, or later. 168 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. 169 170 Credit: This vulnerability was discovered by Stephen Roettger of the 171 Google Security Team. 172 173* Buffer overflow in configure() 174 175 References: Sec 2669 / CVE-2014-9295 / VU#852879 176 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 177 Versions: All NTP4 releases before 4.2.8 178 Date Resolved: Stable (4.2.8) 18 Dec 2014 179 180 Summary: A remote attacker can send a carefully crafted packet that 181 can overflow a stack buffer and potentially allow malicious 182 code to be executed with the privilege level of the ntpd process. 183 184 Mitigation - any of: 185 - Upgrade to 4.2.8, or later. 186 - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. 187 188 Credit: This vulnerability was discovered by Stephen Roettger of the 189 Google Security Team. 190 191* receive(): missing return on error 192 193 References: Sec 2670 / CVE-2014-9296 / VU#852879 194 CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0 195 Versions: All NTP4 releases before 4.2.8 196 Date Resolved: Stable (4.2.8) 18 Dec 2014 197 198 Summary: Code in ntp_proto.c:receive() was missing a 'return;' in 199 the code path where an error was detected, which meant 200 processing did not stop when a specific rare error occurred. 201 We haven't found a way for this bug to affect system integrity. 202 If there is no way to affect system integrity the base CVSS 203 score for this bug is 0. If there is one avenue through which 204 system integrity can be partially affected, the base score 205 becomes a 5. If system integrity can be partially affected 206 via all three integrity metrics, the CVSS base score become 7.5. 207 208 Mitigation - any of: 209 - Upgrade to 4.2.8, or later, 210 - Remove or comment out all configuration directives 211 beginning with the crypto keyword in your ntp.conf file. 212 213 Credit: This vulnerability was discovered by Stephen Roettger of the 214 Google Security Team. 215 216See http://support.ntp.org/security for more information. 217 218New features / changes in this release: 219 220Important Changes 221 222* Internal NTP Era counters 223 224The internal counters that track the "era" (range of years) we are in 225rolls over every 136 years'. The current "era" started at the stroke of 226midnight on 1 Jan 1900, and ends just before the stroke of midnight on 2271 Jan 2036. 228In the past, we have used the "midpoint" of the range to decide which 229era we were in. Given the longevity of some products, it became clear 230that it would be more functional to "look back" less, and "look forward" 231more. We now compile a timestamp into the ntpd executable and when we 232get a timestamp we us the "built-on" to tell us what era we are in. 233This check "looks back" 10 years, and "looks forward" 126 years. 234 235* ntpdc responses disabled by default 236 237Dave Hart writes: 238 239For a long time, ntpq and its mostly text-based mode 6 (control) 240protocol have been preferred over ntpdc and its mode 7 (private 241request) protocol for runtime queries and configuration. There has 242been a goal of deprecating ntpdc, previously held back by numerous 243capabilities exposed by ntpdc with no ntpq equivalent. I have been 244adding commands to ntpq to cover these cases, and I believe I've 245covered them all, though I've not compared command-by-command 246recently. 247 248As I've said previously, the binary mode 7 protocol involves a lot of 249hand-rolled structure layout and byte-swapping code in both ntpd and 250ntpdc which is hard to get right. As ntpd grows and changes, the 251changes are difficult to expose via ntpdc while maintaining forward 252and backward compatibility between ntpdc and ntpd. In contrast, 253ntpq's text-based, label=value approach involves more code reuse and 254allows compatible changes without extra work in most cases. 255 256Mode 7 has always been defined as vendor/implementation-specific while 257mode 6 is described in RFC 1305 and intended to be open to interoperate 258with other implementations. There is an early draft of an updated 259mode 6 description that likely will join the other NTPv4 RFCs 260eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01) 261 262For these reasons, ntpd 4.2.7p230 by default disables processing of 263ntpdc queries, reducing ntpd's attack surface and functionally 264deprecating ntpdc. If you are in the habit of using ntpdc for certain 265operations, please try the ntpq equivalent. If there's no equivalent, 266please open a bug report at http://bugs.ntp.org./ 267 268In addition to the above, over 1100 issues have been resolved between 269the 4.2.6 branch and 4.2.8. The ChangeLog file in the distribution 270lists these. 271 272--- 273NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24) 274 275Focus: Bug fixes 276 277Severity: Medium 278 279This is a recommended upgrade. 280 281This release updates sys_rootdisp and sys_jitter calculations to match the 282RFC specification, fixes a potential IPv6 address matching error for the 283"nic" and "interface" configuration directives, suppresses the creation of 284extraneous ephemeral associations for certain broadcastclient and 285multicastclient configurations, cleans up some ntpq display issues, and 286includes improvements to orphan mode, minor bugs fixes and code clean-ups. 287 288New features / changes in this release: 289 290ntpd 291 292 * Updated "nic" and "interface" IPv6 address handling to prevent 293 mismatches with localhost [::1] and wildcard [::] which resulted from 294 using the address/prefix format (e.g. fe80::/64) 295 * Fix orphan mode stratum incorrectly counting to infinity 296 * Orphan parent selection metric updated to includes missing ntohl() 297 * Non-printable stratum 16 refid no longer sent to ntp 298 * Duplicate ephemeral associations suppressed for broadcastclient and 299 multicastclient without broadcastdelay 300 * Exclude undetermined sys_refid from use in loopback TEST12 301 * Exclude MODE_SERVER responses from KoD rate limiting 302 * Include root delay in clock_update() sys_rootdisp calculations 303 * get_systime() updated to exclude sys_residual offset (which only 304 affected bits "below" sys_tick, the precision threshold) 305 * sys.peer jitter weighting corrected in sys_jitter calculation 306 307ntpq 308 309 * -n option extended to include the billboard "server" column 310 * IPv6 addresses in the local column truncated to prevent overruns 311 312--- 313NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22) 314 315Focus: Bug fixes and portability improvements 316 317Severity: Medium 318 319This is a recommended upgrade. 320 321This release includes build infrastructure updates, code 322clean-ups, minor bug fixes, fixes for a number of minor 323ref-clock issues, and documentation revisions. 324 325Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 326 327New features / changes in this release: 328 329Build system 330 331* Fix checking for struct rtattr 332* Update config.guess and config.sub for AIX 333* Upgrade required version of autogen and libopts for building 334 from our source code repository 335 336ntpd 337 338* Back-ported several fixes for Coverity warnings from ntp-dev 339* Fix a rare boundary condition in UNLINK_EXPR_SLIST() 340* Allow "logconfig =allall" configuration directive 341* Bind tentative IPv6 addresses on Linux 342* Correct WWVB/Spectracom driver to timestamp CR instead of LF 343* Improved tally bit handling to prevent incorrect ntpq peer status reports 344* Exclude the Undisciplined Local Clock and ACTS drivers from the initial 345 candidate list unless they are designated a "prefer peer" 346* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for 347 selection during the 'tos orphanwait' period 348* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS 349 drivers 350* Improved support of the Parse Refclock trusttime flag in Meinberg mode 351* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 352* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline 353 clock slew on Microsoft Windows 354* Code cleanup in libntpq 355 356ntpdc 357 358* Fix timerstats reporting 359 360ntpdate 361 362* Reduce time required to set clock 363* Allow a timeout greater than 2 seconds 364 365sntp 366 367* Backward incompatible command-line option change: 368 -l/--filelog changed -l/--logfile (to be consistent with ntpd) 369 370Documentation 371 372* Update html2man. Fix some tags in the .html files 373* Distribute ntp-wait.html 374 375--- 376NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03) 377 378Focus: Bug fixes and portability improvements 379 380Severity: Medium 381 382This is a recommended upgrade. 383 384This release includes build infrastructure updates, code 385clean-ups, minor bug fixes, fixes for a number of minor 386ref-clock issues, and documentation revisions. 387 388Portability improvements in this release affect AIX, Atari FreeMiNT, 389FreeBSD4, Linux and Microsoft Windows. 390 391New features / changes in this release: 392 393Build system 394* Use lsb_release to get information about Linux distributions. 395* 'test' is in /usr/bin (instead of /bin) on some systems. 396* Basic sanity checks for the ChangeLog file. 397* Source certain build files with ./filename for systems without . in PATH. 398* IRIX portability fix. 399* Use a single copy of the "libopts" code. 400* autogen/libopts upgrade. 401* configure.ac m4 quoting cleanup. 402 403ntpd 404* Do not bind to IN6_IFF_ANYCAST addresses. 405* Log the reason for exiting under Windows. 406* Multicast fixes for Windows. 407* Interpolation fixes for Windows. 408* IPv4 and IPv6 Multicast fixes. 409* Manycast solicitation fixes and general repairs. 410* JJY refclock cleanup. 411* NMEA refclock improvements. 412* Oncore debug message cleanup. 413* Palisade refclock now builds under Linux. 414* Give RAWDCF more baud rates. 415* Support Truetime Satellite clocks under Windows. 416* Support Arbiter 1093C Satellite clocks under Windows. 417* Make sure that the "filegen" configuration command defaults to "enable". 418* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver. 419* Prohibit 'includefile' directive in remote configuration command. 420* Fix 'nic' interface bindings. 421* Fix the way we link with openssl if openssl is installed in the base 422 system. 423 424ntp-keygen 425* Fix -V coredump. 426* OpenSSL version display cleanup. 427 428ntpdc 429* Many counters should be treated as unsigned. 430 431ntpdate 432* Do not ignore replies with equal receive and transmit timestamps. 433 434ntpq 435* libntpq warning cleanup. 436 437ntpsnmpd 438* Correct SNMP type for "precision" and "resolution". 439* Update the MIB from the draft version to RFC-5907. 440 441sntp 442* Display timezone offset when showing time for sntp in the local 443 timezone. 444* Pay proper attention to RATE KoD packets. 445* Fix a miscalculation of the offset. 446* Properly parse empty lines in the key file. 447* Logging cleanup. 448* Use tv_usec correctly in set_time(). 449* Documentation cleanup. 450 451--- 452NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08) 453 454Focus: Bug fixes and portability improvements 455 456Severity: Medium 457 458This is a recommended upgrade. 459 460This release includes build infrastructure updates, code 461clean-ups, minor bug fixes, fixes for a number of minor 462ref-clock issues, improved KOD handling, OpenSSL related 463updates and documentation revisions. 464 465Portability improvements in this release affect Irix, Linux, 466Mac OS, Microsoft Windows, OpenBSD and QNX6 467 468New features / changes in this release: 469 470ntpd 471* Range syntax for the trustedkey configuration directive 472* Unified IPv4 and IPv6 restrict lists 473 474ntpdate 475* Rate limiting and KOD handling 476 477ntpsnmpd 478* default connection to net-snmpd via a unix-domain socket 479* command-line 'socket name' option 480 481ntpq / ntpdc 482* support for the "passwd ..." syntax 483* key-type specific password prompts 484 485sntp 486* MD5 authentication of an ntpd 487* Broadcast and crypto 488* OpenSSL support 489 490--- 491NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09) 492 493Focus: Bug fixes, portability fixes, and documentation improvements 494 495Severity: Medium 496 497This is a recommended upgrade. 498 499--- 500NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) 501 502Focus: enhancements and bug fixes. 503 504--- 505NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) 506 507Focus: Security Fixes 508 509Severity: HIGH 510 511This release fixes the following high-severity vulnerability: 512 513* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. 514 515 See http://support.ntp.org/security for more information. 516 517 NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. 518 In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time 519 transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 520 request or a mode 7 error response from an address which is not listed 521 in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will 522 reply with a mode 7 error response (and log a message). In this case: 523 524 * If an attacker spoofs the source address of ntpd host A in a 525 mode 7 response packet sent to ntpd host B, both A and B will 526 continuously send each other error responses, for as long as 527 those packets get through. 528 529 * If an attacker spoofs an address of ntpd host A in a mode 7 530 response packet sent to ntpd host A, A will respond to itself 531 endlessly, consuming CPU and logging excessively. 532 533 Credit for finding this vulnerability goes to Robin Park and Dmitri 534 Vinokurov of Alcatel-Lucent. 535 536THIS IS A STRONGLY RECOMMENDED UPGRADE. 537 538--- 539ntpd now syncs to refclocks right away. 540 541Backward-Incompatible changes: 542 543ntpd no longer accepts '-v name' or '-V name' to define internal variables. 544Use '--var name' or '--dvar name' instead. (Bug 817) 545 546--- 547NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04) 548 549Focus: Security and Bug Fixes 550 551Severity: HIGH 552 553This release fixes the following high-severity vulnerability: 554 555* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 556 557 See http://support.ntp.org/security for more information. 558 559 If autokey is enabled (if ntp.conf contains a "crypto pw whatever" 560 line) then a carefully crafted packet sent to the machine will cause 561 a buffer overflow and possible execution of injected code, running 562 with the privileges of the ntpd process (often root). 563 564 Credit for finding this vulnerability goes to Chris Ries of CMU. 565 566This release fixes the following low-severity vulnerabilities: 567 568* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 569 Credit for finding this vulnerability goes to Geoff Keating of Apple. 570 571* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows 572 Credit for finding this issue goes to Dave Hart. 573 574This release fixes a number of bugs and adds some improvements: 575 576* Improved logging 577* Fix many compiler warnings 578* Many fixes and improvements for Windows 579* Adds support for AIX 6.1 580* Resolves some issues under MacOS X and Solaris 581 582THIS IS A STRONGLY RECOMMENDED UPGRADE. 583 584--- 585NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07) 586 587Focus: Security Fix 588 589Severity: Low 590 591This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting 592the OpenSSL library relating to the incorrect checking of the return 593value of EVP_VerifyFinal function. 594 595Credit for finding this issue goes to the Google Security Team for 596finding the original issue with OpenSSL, and to ocert.org for finding 597the problem in NTP and telling us about it. 598 599This is a recommended upgrade. 600--- 601NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17) 602 603Focus: Minor Bugfixes 604 605This release fixes a number of Windows-specific ntpd bugs and 606platform-independent ntpdate bugs. A logging bugfix has been applied 607to the ONCORE driver. 608 609The "dynamic" keyword and is now obsolete and deferred binding to local 610interfaces is the new default. The minimum time restriction for the 611interface update interval has been dropped. 612 613A number of minor build system and documentation fixes are included. 614 615This is a recommended upgrade for Windows. 616 617--- 618NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10) 619 620Focus: Minor Bugfixes 621 622This release updates certain copyright information, fixes several display 623bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor 624shutdown in the parse refclock driver, removes some lint from the code, 625stops accessing certain buffers immediately after they were freed, fixes 626a problem with non-command-line specification of -6, and allows the loopback 627interface to share addresses with other interfaces. 628 629--- 630NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29) 631 632Focus: Minor Bugfixes 633 634This release fixes a bug in Windows that made it difficult to 635terminate ntpd under windows. 636This is a recommended upgrade for Windows. 637 638--- 639NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19) 640 641Focus: Minor Bugfixes 642 643This release fixes a multicast mode authentication problem, 644an error in NTP packet handling on Windows that could lead to 645ntpd crashing, and several other minor bugs. Handling of 646multicast interfaces and logging configuration were improved. 647The required versions of autogen and libopts were incremented. 648This is a recommended upgrade for Windows and multicast users. 649 650--- 651NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31) 652 653Focus: enhancements and bug fixes. 654 655Dynamic interface rescanning was added to simplify the use of ntpd in 656conjunction with DHCP. GNU AutoGen is used for its command-line options 657processing. Separate PPS devices are supported for PARSE refclocks, MD5 658signatures are now provided for the release files. Drivers have been 659added for some new ref-clocks and have been removed for some older 660ref-clocks. This release also includes other improvements, documentation 661and bug fixes. 662 663K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 664C support. 665 666--- 667NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15) 668 669Focus: enhancements and bug fixes. 670