1--- 2NTP 4.2.8- 3 4Important Changes 5 6* Internal NTP Era counters 7 8The internal counters that track which "era" (range of years) we are in 9rolls over every 136 years'. The current "era" started at the stroke of 10midnight on 1 Jan 1900, and ends just before the stroke of midnight on 111 Jan 2036. 12In the past, we have used the "midpoint" of the range to decide which 13era we were in. Given the longevity of some products, it became clear 14that it would be more functional to "look back" less, and "look forward" 15more. We now compile a timestamp into the ntpd executable and when we 16get a timestamp we us the "built-on" to tell us what era we are in. 17This check "looks back" 10 years, and "looks forward" 126 years. 18 19So if you have a system that ... 20 21* ntpdc responses disabled by default 22 23Dave Hart writes: 24 25For a long time, ntpq and its mostly text-based mode 6 (control) 26protocol have been preferred over ntpdc and its mode 7 (private 27request) protocol for runtime queries and configuration. There has 28been a goal of deprecating ntpdc, previously held back by numerous 29capabilities exposed by ntpdc with no ntpq equivalent. I have been 30adding commands to ntpq to cover these cases, and I believe I've 31covered them all, though I've not compared command-by-command 32recently. 33 34As I've said previously, the binary mode 7 protocol involves a lot of 35hand-rolled structure layout and byte-swapping code in both ntpd and 36ntpdc which is hard to get right. As ntpd grows and changes, the 37changes are difficult to expose via ntpdc while maintaining forward 38and backward compatibility between ntpdc and ntpd. In contrast, 39ntpq's text-based, label=value approach involves more code reuse and 40allows compatible changes without extra work in most cases. 41 42Mode 7 has always been defined as vendor/implementation-specific while 43mode 6 is described in RFC 1305 and intended to be open to interop 44with other implementations. There is an early draft of an updated 45mode 6 description that likely will join the other NTPv4 RFCs 46eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01) 47 48For these reasons, ntpd 4.2.7p230 by default disables processing of 49ntpdc queries, reducing ntpd's attack surface and functionally 50deprecating ntpdc. If you are in the habit of using ntpdc for certain 51operations, please try the ntpq equivalent. If there's no equivalent, 52please open a bug report at http://bugs.ntp.org./ 53 54--- 55NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24) 56 57Focus: Bug fixes 58 59Severity: Medium 60 61This is a recommended upgrade. 62 63This release updates sys_rootdisp and sys_jitter calculations to match the 64RFC specification, fixes a potential IPv6 address matching error for the 65"nic" and "interface" configuration directives, suppresses the creation of 66extraneous ephemeral associations for certain broadcastclient and 67multicastclient configurations, cleans up some ntpq display issues, and 68includes improvements to orphan mode, minor bugs fixes and code clean-ups. 69 70New features / changes in this release: 71 72ntpd 73 74 * Updated "nic" and "interface" IPv6 address handling to prevent 75 mismatches with localhost [::1] and wildcard [::] which resulted from 76 using the address/prefix format (e.g. fe80::/64) 77 * Fix orphan mode stratum incorrectly counting to infinity 78 * Orphan parent selection metric updated to includes missing ntohl() 79 * Non-printable stratum 16 refid no longer sent to ntp 80 * Duplicate ephemeral associations suppressed for broadcastclient and 81 multicastclient without broadcastdelay 82 * Exclude undetermined sys_refid from use in loopback TEST12 83 * Exclude MODE_SERVER responses from KoD rate limiting 84 * Include root delay in clock_update() sys_rootdisp calculations 85 * get_systime() updated to exclude sys_residual offset (which only 86 affected bits "below" sys_tick, the precision threshold) 87 * sys.peer jitter weighting corrected in sys_jitter calculation 88 89ntpq 90 91 * -n option extended to include the billboard "server" column 92 * IPv6 addresses in the local column truncated to prevent overruns 93 94--- 95NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22) 96 97Focus: Bug fixes and portability improvements 98 99Severity: Medium 100 101This is a recommended upgrade. 102 103This release includes build infrastructure updates, code 104clean-ups, minor bug fixes, fixes for a number of minor 105ref-clock issues, and documentation revisions. 106 107Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 108 109New features / changes in this release: 110 111Build system 112 113* Fix checking for struct rtattr 114* Update config.guess and config.sub for AIX 115* Upgrade required version of autogen and libopts for building 116 from our source code repository 117 118ntpd 119 120* Back-ported several fixes for Coverity warnings from ntp-dev 121* Fix a rare boundary condition in UNLINK_EXPR_SLIST() 122* Allow "logconfig =allall" configuration directive 123* Bind tentative IPv6 addresses on Linux 124* Correct WWVB/Spectracom driver to timestamp CR instead of LF 125* Improved tally bit handling to prevent incorrect ntpq peer status reports 126* Exclude the Undisciplined Local Clock and ACTS drivers from the initial 127 candidate list unless they are designated a "prefer peer" 128* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for 129 selection during the 'tos orphanwait' period 130* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS 131 drivers 132* Improved support of the Parse Refclock trusttime flag in Meinberg mode 133* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 134* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline 135 clock slew on Microsoft Windows 136* Code cleanup in libntpq 137 138ntpdc 139 140* Fix timerstats reporting 141 142ntpdate 143 144* Reduce time required to set clock 145* Allow a timeout greater than 2 seconds 146 147sntp 148 149* Backward incompatible command-line option change: 150 -l/--filelog changed -l/--logfile (to be consistent with ntpd) 151 152Documentation 153 154* Update html2man. Fix some tags in the .html files 155* Distribute ntp-wait.html 156 157--- 158NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03) 159 160Focus: Bug fixes and portability improvements 161 162Severity: Medium 163 164This is a recommended upgrade. 165 166This release includes build infrastructure updates, code 167clean-ups, minor bug fixes, fixes for a number of minor 168ref-clock issues, and documentation revisions. 169 170Portability improvements in this release affect AIX, Atari FreeMiNT, 171FreeBSD4, Linux and Microsoft Windows. 172 173New features / changes in this release: 174 175Build system 176* Use lsb_release to get information about Linux distributions. 177* 'test' is in /usr/bin (instead of /bin) on some systems. 178* Basic sanity checks for the ChangeLog file. 179* Source certain build files with ./filename for systems without . in PATH. 180* IRIX portability fix. 181* Use a single copy of the "libopts" code. 182* autogen/libopts upgrade. 183* configure.ac m4 quoting cleanup. 184 185ntpd 186* Do not bind to IN6_IFF_ANYCAST addresses. 187* Log the reason for exiting under Windows. 188* Multicast fixes for Windows. 189* Interpolation fixes for Windows. 190* IPv4 and IPv6 Multicast fixes. 191* Manycast solicitation fixes and general repairs. 192* JJY refclock cleanup. 193* NMEA refclock improvements. 194* Oncore debug message cleanup. 195* Palisade refclock now builds under Linux. 196* Give RAWDCF more baud rates. 197* Support Truetime Satellite clocks under Windows. 198* Support Arbiter 1093C Satellite clocks under Windows. 199* Make sure that the "filegen" configuration command defaults to "enable". 200* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver. 201* Prohibit 'includefile' directive in remote configuration command. 202* Fix 'nic' interface bindings. 203* Fix the way we link with openssl if openssl is installed in the base 204 system. 205 206ntp-keygen 207* Fix -V coredump. 208* OpenSSL version display cleanup. 209 210ntpdc 211* Many counters should be treated as unsigned. 212 213ntpdate 214* Do not ignore replies with equal receive and transmit timestamps. 215 216ntpq 217* libntpq warning cleanup. 218 219ntpsnmpd 220* Correct SNMP type for "precision" and "resolution". 221* Update the MIB from the draft version to RFC-5907. 222 223sntp 224* Display timezone offset when showing time for sntp in the local 225 timezone. 226* Pay proper attention to RATE KoD packets. 227* Fix a miscalculation of the offset. 228* Properly parse empty lines in the key file. 229* Logging cleanup. 230* Use tv_usec correctly in set_time(). 231* Documentation cleanup. 232 233--- 234NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08) 235 236Focus: Bug fixes and portability improvements 237 238Severity: Medium 239 240This is a recommended upgrade. 241 242This release includes build infrastructure updates, code 243clean-ups, minor bug fixes, fixes for a number of minor 244ref-clock issues, improved KOD handling, OpenSSL related 245updates and documentation revisions. 246 247Portability improvements in this release affect Irix, Linux, 248Mac OS, Microsoft Windows, OpenBSD and QNX6 249 250New features / changes in this release: 251 252ntpd 253* Range syntax for the trustedkey configuration directive 254* Unified IPv4 and IPv6 restrict lists 255 256ntpdate 257* Rate limiting and KOD handling 258 259ntpsnmpd 260* default connection to net-snmpd via a unix-domain socket 261* command-line 'socket name' option 262 263ntpq / ntpdc 264* support for the "passwd ..." syntax 265* key-type specific password prompts 266 267sntp 268* MD5 authentication of an ntpd 269* Broadcast and crypto 270* OpenSSL support 271 272--- 273NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09) 274 275Focus: Bug fixes, portability fixes, and documentation improvements 276 277Severity: Medium 278 279This is a recommended upgrade. 280 281--- 282NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) 283 284Focus: enhancements and bug fixes. 285 286--- 287NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) 288 289Focus: Security Fixes 290 291Severity: HIGH 292 293This release fixes the following high-severity vulnerability: 294 295* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. 296 297 See http://support.ntp.org/security for more information. 298 299 NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. 300 In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time 301 transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 302 request or a mode 7 error response from an address which is not listed 303 in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will 304 reply with a mode 7 error response (and log a message). In this case: 305 306 * If an attacker spoofs the source address of ntpd host A in a 307 mode 7 response packet sent to ntpd host B, both A and B will 308 continuously send each other error responses, for as long as 309 those packets get through. 310 311 * If an attacker spoofs an address of ntpd host A in a mode 7 312 response packet sent to ntpd host A, A will respond to itself 313 endlessly, consuming CPU and logging excessively. 314 315 Credit for finding this vulnerability goes to Robin Park and Dmitri 316 Vinokurov of Alcatel-Lucent. 317 318THIS IS A STRONGLY RECOMMENDED UPGRADE. 319 320--- 321ntpd now syncs to refclocks right away. 322 323Backward-Incompatible changes: 324 325ntpd no longer accepts '-v name' or '-V name' to define internal variables. 326Use '--var name' or '--dvar name' instead. (Bug 817) 327 328--- 329NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04) 330 331Focus: Security and Bug Fixes 332 333Severity: HIGH 334 335This release fixes the following high-severity vulnerability: 336 337* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 338 339 See http://support.ntp.org/security for more information. 340 341 If autokey is enabled (if ntp.conf contains a "crypto pw whatever" 342 line) then a carefully crafted packet sent to the machine will cause 343 a buffer overflow and possible execution of injected code, running 344 with the privileges of the ntpd process (often root). 345 346 Credit for finding this vulnerability goes to Chris Ries of CMU. 347 348This release fixes the following low-severity vulnerabilities: 349 350* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 351 Credit for finding this vulnerability goes to Geoff Keating of Apple. 352 353* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows 354 Credit for finding this issue goes to Dave Hart. 355 356This release fixes a number of bugs and adds some improvements: 357 358* Improved logging 359* Fix many compiler warnings 360* Many fixes and improvements for Windows 361* Adds support for AIX 6.1 362* Resolves some issues under MacOS X and Solaris 363 364THIS IS A STRONGLY RECOMMENDED UPGRADE. 365 366--- 367NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07) 368 369Focus: Security Fix 370 371Severity: Low 372 373This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting 374the OpenSSL library relating to the incorrect checking of the return 375value of EVP_VerifyFinal function. 376 377Credit for finding this issue goes to the Google Security Team for 378finding the original issue with OpenSSL, and to ocert.org for finding 379the problem in NTP and telling us about it. 380 381This is a recommended upgrade. 382--- 383NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17) 384 385Focus: Minor Bugfixes 386 387This release fixes a number of Windows-specific ntpd bugs and 388platform-independent ntpdate bugs. A logging bugfix has been applied 389to the ONCORE driver. 390 391The "dynamic" keyword and is now obsolete and deferred binding to local 392interfaces is the new default. The minimum time restriction for the 393interface update interval has been dropped. 394 395A number of minor build system and documentation fixes are included. 396 397This is a recommended upgrade for Windows. 398 399--- 400NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10) 401 402Focus: Minor Bugfixes 403 404This release updates certain copyright information, fixes several display 405bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor 406shutdown in the parse refclock driver, removes some lint from the code, 407stops accessing certain buffers immediately after they were freed, fixes 408a problem with non-command-line specification of -6, and allows the loopback 409interface to share addresses with other interfaces. 410 411--- 412NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29) 413 414Focus: Minor Bugfixes 415 416This release fixes a bug in Windows that made it difficult to 417terminate ntpd under windows. 418This is a recommended upgrade for Windows. 419 420--- 421NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19) 422 423Focus: Minor Bugfixes 424 425This release fixes a multicast mode authentication problem, 426an error in NTP packet handling on Windows that could lead to 427ntpd crashing, and several other minor bugs. Handling of 428multicast interfaces and logging configuration were improved. 429The required versions of autogen and libopts were incremented. 430This is a recommended upgrade for Windows and multicast users. 431 432--- 433NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31) 434 435Focus: enhancements and bug fixes. 436 437Dynamic interface rescanning was added to simplify the use of ntpd in 438conjunction with DHCP. GNU AutoGen is used for its command-line options 439processing. Separate PPS devices are supported for PARSE refclocks, MD5 440signatures are now provided for the release files. Drivers have been 441added for some new ref-clocks and have been removed for some older 442ref-clocks. This release also includes other improvements, documentation 443and bug fixes. 444 445K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 446C support. 447 448--- 449NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15) 450 451Focus: enhancements and bug fixes. 452