1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
|
---
NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04)
Focus: Security and Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following high-severity vulnerabilities:
* vallen is not validated in several places in ntp_crypto.c, leading
to a potential information leak or possibly a crash
References: Sec 2671 / CVE-2014-9297 / VU#852879
Affects: All NTP4 releases before 4.2.8p1 that are running autokey.
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Date Resolved: Stable (4.2.8p1) 04 Feb 2015
Summary: The vallen packet value is not validated in several code
paths in ntp_crypto.c which can lead to information leakage
or perhaps a crash of the ntpd process.
Mitigation - any of:
Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Disable Autokey Authentication by removing, or commenting out,
all configuration directives beginning with the "crypto"
keyword in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team, with additional cases found by Sebastian
Krahmer of the SUSE Security Team and Harlan Stenn of Network
Time Foundation.
* ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses
can be bypassed.
References: Sec 2672 / CVE-2014-9298 / VU#852879
Affects: All NTP4 releases before 4.2.8p1, under at least some
versions of MacOS and Linux. *BSD has not been seen to be vulnerable.
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Base Score: 9
Date Resolved: Stable (4.2.8p1) 04 Feb 2014
Summary: While available kernels will prevent 127.0.0.1 addresses
from "appearing" on non-localhost IPv4 interfaces, some kernels
do not offer the same protection for ::1 source addresses on
IPv6 interfaces. Since NTP's access control is based on source
address and localhost addresses generally have no restrictions,
an attacker can send malicious control and configuration packets
by spoofing ::1 addresses from the outside. Note Well: This is
not really a bug in NTP, it's a problem with some OSes. If you
have one of these OSes where ::1 can be spoofed, ALL ::1 -based
ACL restrictions on any application can be bypassed!
Mitigation:
Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Install firewall rules to block packets claiming to come from
::1 from inappropriate network interfaces.
Credit: This vulnerability was discovered by Stephen Roettger of
the Google Security Team.
Additionally, over 30 bugfixes and improvements were made to the codebase.
See the ChangeLog for more information.
---
NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18)
Focus: Security and Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following high-severity vulnerabilities:
************************** vv NOTE WELL vv *****************************
The vulnerabilities listed below can be significantly mitigated by
following the BCP of putting
restrict default ... noquery
in the ntp.conf file. With the exception of:
receive(): missing return on error
References: Sec 2670 / CVE-2014-9296 / VU#852879
below (which is a limited-risk vulnerability), none of the recent
vulnerabilities listed below can be exploited if the source IP is
restricted from sending a 'query'-class packet by your ntp.conf file.
************************** ^^ NOTE WELL ^^ *****************************
* Weak default key in config_auth().
References: [Sec 2665] / CVE-2014-9293 / VU#852879
CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
Vulnerable Versions: all releases prior to 4.2.7p11
Date Resolved: 28 Jan 2010
Summary: If no 'auth' key is set in the configuration file, ntpd
would generate a random key on the fly. There were two
problems with this: 1) the generated key was 31 bits in size,
and 2) it used the (now weak) ntp_random() function, which was
seeded with a 32-bit value and could only provide 32 bits of
entropy. This was sufficient back in the late 1990s when the
code was written. Not today.
Mitigation - any of:
- Upgrade to 4.2.7p11 or later.
- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
of the Google Security Team.
* Non-cryptographic random number generator with weak seed used by
ntp-keygen to generate symmetric keys.
References: [Sec 2666] / CVE-2014-9294 / VU#852879
CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3
Vulnerable Versions: All NTP4 releases before 4.2.7p230
Date Resolved: Dev (4.2.7p230) 01 Nov 2011
Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to
prepare a random number generator that was of good quality back
in the late 1990s. The random numbers produced was then used to
generate symmetric keys. In ntp-4.2.8 we use a current-technology
cryptographic random number generator, either RAND_bytes from
OpenSSL, or arc4random().
Mitigation - any of:
- Upgrade to 4.2.7p230 or later.
- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
Credit: This vulnerability was discovered in ntp-4.2.6 by
Stephen Roettger of the Google Security Team.
* Buffer overflow in crypto_recv()
References: Sec 2667 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: When Autokey Authentication is enabled (i.e. the ntp.conf
file contains a 'crypto pw ...' directive) a remote attacker
can send a carefully crafted packet that can overflow a stack
buffer and potentially allow malicious code to be executed
with the privilege level of the ntpd process.
Mitigation - any of:
- Upgrade to 4.2.8, or later, or
- Disable Autokey Authentication by removing, or commenting out,
all configuration directives beginning with the crypto keyword
in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* Buffer overflow in ctl_putdata()
References: Sec 2668 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: A remote attacker can send a carefully crafted packet that
can overflow a stack buffer and potentially allow malicious
code to be executed with the privilege level of the ntpd process.
Mitigation - any of:
- Upgrade to 4.2.8, or later.
- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* Buffer overflow in configure()
References: Sec 2669 / CVE-2014-9295 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: A remote attacker can send a carefully crafted packet that
can overflow a stack buffer and potentially allow malicious
code to be executed with the privilege level of the ntpd process.
Mitigation - any of:
- Upgrade to 4.2.8, or later.
- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
* receive(): missing return on error
References: Sec 2670 / CVE-2014-9296 / VU#852879
CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0
Versions: All NTP4 releases before 4.2.8
Date Resolved: Stable (4.2.8) 18 Dec 2014
Summary: Code in ntp_proto.c:receive() was missing a 'return;' in
the code path where an error was detected, which meant
processing did not stop when a specific rare error occurred.
We haven't found a way for this bug to affect system integrity.
If there is no way to affect system integrity the base CVSS
score for this bug is 0. If there is one avenue through which
system integrity can be partially affected, the base score
becomes a 5. If system integrity can be partially affected
via all three integrity metrics, the CVSS base score become 7.5.
Mitigation - any of:
- Upgrade to 4.2.8, or later,
- Remove or comment out all configuration directives
beginning with the crypto keyword in your ntp.conf file.
Credit: This vulnerability was discovered by Stephen Roettger of the
Google Security Team.
See http://support.ntp.org/security for more information.
New features / changes in this release:
Important Changes
* Internal NTP Era counters
The internal counters that track the "era" (range of years) we are in
rolls over every 136 years'. The current "era" started at the stroke of
midnight on 1 Jan 1900, and ends just before the stroke of midnight on
1 Jan 2036.
In the past, we have used the "midpoint" of the range to decide which
era we were in. Given the longevity of some products, it became clear
that it would be more functional to "look back" less, and "look forward"
more. We now compile a timestamp into the ntpd executable and when we
get a timestamp we us the "built-on" to tell us what era we are in.
This check "looks back" 10 years, and "looks forward" 126 years.
* ntpdc responses disabled by default
Dave Hart writes:
For a long time, ntpq and its mostly text-based mode 6 (control)
protocol have been preferred over ntpdc and its mode 7 (private
request) protocol for runtime queries and configuration. There has
been a goal of deprecating ntpdc, previously held back by numerous
capabilities exposed by ntpdc with no ntpq equivalent. I have been
adding commands to ntpq to cover these cases, and I believe I've
covered them all, though I've not compared command-by-command
recently.
As I've said previously, the binary mode 7 protocol involves a lot of
hand-rolled structure layout and byte-swapping code in both ntpd and
ntpdc which is hard to get right. As ntpd grows and changes, the
changes are difficult to expose via ntpdc while maintaining forward
and backward compatibility between ntpdc and ntpd. In contrast,
ntpq's text-based, label=value approach involves more code reuse and
allows compatible changes without extra work in most cases.
Mode 7 has always been defined as vendor/implementation-specific while
mode 6 is described in RFC 1305 and intended to be open to interoperate
with other implementations. There is an early draft of an updated
mode 6 description that likely will join the other NTPv4 RFCs
eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
For these reasons, ntpd 4.2.7p230 by default disables processing of
ntpdc queries, reducing ntpd's attack surface and functionally
deprecating ntpdc. If you are in the habit of using ntpdc for certain
operations, please try the ntpq equivalent. If there's no equivalent,
please open a bug report at http://bugs.ntp.org./
In addition to the above, over 1100 issues have been resolved between
the 4.2.6 branch and 4.2.8. The ChangeLog file in the distribution
lists these.
---
NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24)
Focus: Bug fixes
Severity: Medium
This is a recommended upgrade.
This release updates sys_rootdisp and sys_jitter calculations to match the
RFC specification, fixes a potential IPv6 address matching error for the
"nic" and "interface" configuration directives, suppresses the creation of
extraneous ephemeral associations for certain broadcastclient and
multicastclient configurations, cleans up some ntpq display issues, and
includes improvements to orphan mode, minor bugs fixes and code clean-ups.
New features / changes in this release:
ntpd
* Updated "nic" and "interface" IPv6 address handling to prevent
mismatches with localhost [::1] and wildcard [::] which resulted from
using the address/prefix format (e.g. fe80::/64)
* Fix orphan mode stratum incorrectly counting to infinity
* Orphan parent selection metric updated to includes missing ntohl()
* Non-printable stratum 16 refid no longer sent to ntp
* Duplicate ephemeral associations suppressed for broadcastclient and
multicastclient without broadcastdelay
* Exclude undetermined sys_refid from use in loopback TEST12
* Exclude MODE_SERVER responses from KoD rate limiting
* Include root delay in clock_update() sys_rootdisp calculations
* get_systime() updated to exclude sys_residual offset (which only
affected bits "below" sys_tick, the precision threshold)
* sys.peer jitter weighting corrected in sys_jitter calculation
ntpq
* -n option extended to include the billboard "server" column
* IPv6 addresses in the local column truncated to prevent overruns
---
NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22)
Focus: Bug fixes and portability improvements
Severity: Medium
This is a recommended upgrade.
This release includes build infrastructure updates, code
clean-ups, minor bug fixes, fixes for a number of minor
ref-clock issues, and documentation revisions.
Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t.
New features / changes in this release:
Build system
* Fix checking for struct rtattr
* Update config.guess and config.sub for AIX
* Upgrade required version of autogen and libopts for building
from our source code repository
ntpd
* Back-ported several fixes for Coverity warnings from ntp-dev
* Fix a rare boundary condition in UNLINK_EXPR_SLIST()
* Allow "logconfig =allall" configuration directive
* Bind tentative IPv6 addresses on Linux
* Correct WWVB/Spectracom driver to timestamp CR instead of LF
* Improved tally bit handling to prevent incorrect ntpq peer status reports
* Exclude the Undisciplined Local Clock and ACTS drivers from the initial
candidate list unless they are designated a "prefer peer"
* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for
selection during the 'tos orphanwait' period
* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS
drivers
* Improved support of the Parse Refclock trusttime flag in Meinberg mode
* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero()
* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline
clock slew on Microsoft Windows
* Code cleanup in libntpq
ntpdc
* Fix timerstats reporting
ntpdate
* Reduce time required to set clock
* Allow a timeout greater than 2 seconds
sntp
* Backward incompatible command-line option change:
-l/--filelog changed -l/--logfile (to be consistent with ntpd)
Documentation
* Update html2man. Fix some tags in the .html files
* Distribute ntp-wait.html
---
NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
Focus: Bug fixes and portability improvements
Severity: Medium
This is a recommended upgrade.
This release includes build infrastructure updates, code
clean-ups, minor bug fixes, fixes for a number of minor
ref-clock issues, and documentation revisions.
Portability improvements in this release affect AIX, Atari FreeMiNT,
FreeBSD4, Linux and Microsoft Windows.
New features / changes in this release:
Build system
* Use lsb_release to get information about Linux distributions.
* 'test' is in /usr/bin (instead of /bin) on some systems.
* Basic sanity checks for the ChangeLog file.
* Source certain build files with ./filename for systems without . in PATH.
* IRIX portability fix.
* Use a single copy of the "libopts" code.
* autogen/libopts upgrade.
* configure.ac m4 quoting cleanup.
ntpd
* Do not bind to IN6_IFF_ANYCAST addresses.
* Log the reason for exiting under Windows.
* Multicast fixes for Windows.
* Interpolation fixes for Windows.
* IPv4 and IPv6 Multicast fixes.
* Manycast solicitation fixes and general repairs.
* JJY refclock cleanup.
* NMEA refclock improvements.
* Oncore debug message cleanup.
* Palisade refclock now builds under Linux.
* Give RAWDCF more baud rates.
* Support Truetime Satellite clocks under Windows.
* Support Arbiter 1093C Satellite clocks under Windows.
* Make sure that the "filegen" configuration command defaults to "enable".
* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
* Prohibit 'includefile' directive in remote configuration command.
* Fix 'nic' interface bindings.
* Fix the way we link with openssl if openssl is installed in the base
system.
ntp-keygen
* Fix -V coredump.
* OpenSSL version display cleanup.
ntpdc
* Many counters should be treated as unsigned.
ntpdate
* Do not ignore replies with equal receive and transmit timestamps.
ntpq
* libntpq warning cleanup.
ntpsnmpd
* Correct SNMP type for "precision" and "resolution".
* Update the MIB from the draft version to RFC-5907.
sntp
* Display timezone offset when showing time for sntp in the local
timezone.
* Pay proper attention to RATE KoD packets.
* Fix a miscalculation of the offset.
* Properly parse empty lines in the key file.
* Logging cleanup.
* Use tv_usec correctly in set_time().
* Documentation cleanup.
---
NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
Focus: Bug fixes and portability improvements
Severity: Medium
This is a recommended upgrade.
This release includes build infrastructure updates, code
clean-ups, minor bug fixes, fixes for a number of minor
ref-clock issues, improved KOD handling, OpenSSL related
updates and documentation revisions.
Portability improvements in this release affect Irix, Linux,
Mac OS, Microsoft Windows, OpenBSD and QNX6
New features / changes in this release:
ntpd
* Range syntax for the trustedkey configuration directive
* Unified IPv4 and IPv6 restrict lists
ntpdate
* Rate limiting and KOD handling
ntpsnmpd
* default connection to net-snmpd via a unix-domain socket
* command-line 'socket name' option
ntpq / ntpdc
* support for the "passwd ..." syntax
* key-type specific password prompts
sntp
* MD5 authentication of an ntpd
* Broadcast and crypto
* OpenSSL support
---
NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
Focus: Bug fixes, portability fixes, and documentation improvements
Severity: Medium
This is a recommended upgrade.
---
NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
Focus: enhancements and bug fixes.
---
NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
Focus: Security Fixes
Severity: HIGH
This release fixes the following high-severity vulnerability:
* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
See http://support.ntp.org/security for more information.
NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
transfers use modes 1 through 5. Upon receipt of an incorrect mode 7
request or a mode 7 error response from an address which is not listed
in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
reply with a mode 7 error response (and log a message). In this case:
* If an attacker spoofs the source address of ntpd host A in a
mode 7 response packet sent to ntpd host B, both A and B will
continuously send each other error responses, for as long as
those packets get through.
* If an attacker spoofs an address of ntpd host A in a mode 7
response packet sent to ntpd host A, A will respond to itself
endlessly, consuming CPU and logging excessively.
Credit for finding this vulnerability goes to Robin Park and Dmitri
Vinokurov of Alcatel-Lucent.
THIS IS A STRONGLY RECOMMENDED UPGRADE.
---
ntpd now syncs to refclocks right away.
Backward-Incompatible changes:
ntpd no longer accepts '-v name' or '-V name' to define internal variables.
Use '--var name' or '--dvar name' instead. (Bug 817)
---
NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
Focus: Security and Bug Fixes
Severity: HIGH
This release fixes the following high-severity vulnerability:
* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
See http://support.ntp.org/security for more information.
If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
line) then a carefully crafted packet sent to the machine will cause
a buffer overflow and possible execution of injected code, running
with the privileges of the ntpd process (often root).
Credit for finding this vulnerability goes to Chris Ries of CMU.
This release fixes the following low-severity vulnerabilities:
* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.
* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.
This release fixes a number of bugs and adds some improvements:
* Improved logging
* Fix many compiler warnings
* Many fixes and improvements for Windows
* Adds support for AIX 6.1
* Resolves some issues under MacOS X and Solaris
THIS IS A STRONGLY RECOMMENDED UPGRADE.
---
NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
Focus: Security Fix
Severity: Low
This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
the OpenSSL library relating to the incorrect checking of the return
value of EVP_VerifyFinal function.
Credit for finding this issue goes to the Google Security Team for
finding the original issue with OpenSSL, and to ocert.org for finding
the problem in NTP and telling us about it.
This is a recommended upgrade.
---
NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
Focus: Minor Bugfixes
This release fixes a number of Windows-specific ntpd bugs and
platform-independent ntpdate bugs. A logging bugfix has been applied
to the ONCORE driver.
The "dynamic" keyword and is now obsolete and deferred binding to local
interfaces is the new default. The minimum time restriction for the
interface update interval has been dropped.
A number of minor build system and documentation fixes are included.
This is a recommended upgrade for Windows.
---
NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
Focus: Minor Bugfixes
This release updates certain copyright information, fixes several display
bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor
shutdown in the parse refclock driver, removes some lint from the code,
stops accessing certain buffers immediately after they were freed, fixes
a problem with non-command-line specification of -6, and allows the loopback
interface to share addresses with other interfaces.
---
NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
Focus: Minor Bugfixes
This release fixes a bug in Windows that made it difficult to
terminate ntpd under windows.
This is a recommended upgrade for Windows.
---
NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
Focus: Minor Bugfixes
This release fixes a multicast mode authentication problem,
an error in NTP packet handling on Windows that could lead to
ntpd crashing, and several other minor bugs. Handling of
multicast interfaces and logging configuration were improved.
The required versions of autogen and libopts were incremented.
This is a recommended upgrade for Windows and multicast users.
---
NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
Focus: enhancements and bug fixes.
Dynamic interface rescanning was added to simplify the use of ntpd in
conjunction with DHCP. GNU AutoGen is used for its command-line options
processing. Separate PPS devices are supported for PARSE refclocks, MD5
signatures are now provided for the release files. Drivers have been
added for some new ref-clocks and have been removed for some older
ref-clocks. This release also includes other improvements, documentation
and bug fixes.
K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI
C support.
---
NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
Focus: enhancements and bug fixes.
|