Imported from /home/lorry/working-area/delta_ntp/ntp-dev-4.2.7p482.tar.gz.ntp-dev-4.2.7p482

1 files changed, 451 insertions, 0 deletions

diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..bbd260e
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,451 @@
+---
+NTP 4.2.8-
+
+Important Changes
+
+* Internal NTP Era counters
+
+The internal counters that track which "era" (range of years) we are in
+rolls over every 136 years'.  The current "era" started at the stroke of
+midnight on 1 Jan 1900, and ends just before the stroke of midnight on
+1 Jan 2036.
+In the past, we have used the "midpoint" of the  range to decide which
+era we were in.  Given the longevity of some products, it became clear
+that it would be more functional to "look back" less, and "look forward"
+more.  We now compile a timestamp into the ntpd executable and when we
+get a timestamp we us the "built-on" to tell us what era we are in.
+This check "looks back" 10 years, and "looks forward" 126 years.
+
+So if you have a system that ...
+
+* ntpdc responses disabled by default
+
+Dave Hart writes:
+
+For a long time, ntpq and its mostly text-based mode 6 (control) 
+protocol have been preferred over ntpdc and its mode 7 (private 
+request) protocol for runtime queries and configuration.  There has 
+been a goal of deprecating ntpdc, previously held back by numerous 
+capabilities exposed by ntpdc with no ntpq equivalent.  I have been 
+adding commands to ntpq to cover these cases, and I believe I've 
+covered them all, though I've not compared command-by-command 
+recently. 
+
+As I've said previously, the binary mode 7 protocol involves a lot of 
+hand-rolled structure layout and byte-swapping code in both ntpd and 
+ntpdc which is hard to get right.  As ntpd grows and changes, the 
+changes are difficult to expose via ntpdc while maintaining forward 
+and backward compatibility between ntpdc and ntpd.  In contrast, 
+ntpq's text-based, label=value approach involves more code reuse and 
+allows compatible changes without extra work in most cases. 
+
+Mode 7 has always been defined as vendor/implementation-specific while 
+mode 6 is described in RFC 1305 and intended to be open to interop 
+with other implementations.  There is an early draft of an updated 
+mode 6 description that likely will join the other NTPv4 RFCs 
+eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01)
+
+For these reasons, ntpd 4.2.7p230 by default disables processing of 
+ntpdc queries, reducing ntpd's attack surface and functionally 
+deprecating ntpdc.  If you are in the habit of using ntpdc for certain 
+operations, please try the ntpq equivalent.  If there's no equivalent, 
+please open a bug report at http://bugs.ntp.org./
+
+--- 
+NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24) 
+ 
+Focus: Bug fixes
+ 
+Severity: Medium 
+ 
+This is a recommended upgrade. 
+
+This release updates sys_rootdisp and sys_jitter calculations to match the
+RFC specification, fixes a potential IPv6 address matching error for the
+"nic" and "interface" configuration directives, suppresses the creation of
+extraneous ephemeral associations for certain broadcastclient and
+multicastclient configurations, cleans up some ntpq display issues, and
+includes improvements to orphan mode, minor bugs fixes and code clean-ups.
+
+New features / changes in this release:
+
+ntpd
+
+ * Updated "nic" and "interface" IPv6 address handling to prevent 
+   mismatches with localhost [::1] and wildcard [::] which resulted from
+   using the address/prefix format (e.g. fe80::/64)
+ * Fix orphan mode stratum incorrectly counting to infinity
+ * Orphan parent selection metric updated to includes missing ntohl()
+ * Non-printable stratum 16 refid no longer sent to ntp
+ * Duplicate ephemeral associations suppressed for broadcastclient and
+   multicastclient without broadcastdelay
+ * Exclude undetermined sys_refid from use in loopback TEST12
+ * Exclude MODE_SERVER responses from KoD rate limiting
+ * Include root delay in clock_update() sys_rootdisp calculations
+ * get_systime() updated to exclude sys_residual offset (which only
+   affected bits "below" sys_tick, the precision threshold)
+ * sys.peer jitter weighting corrected in sys_jitter calculation
+
+ntpq
+
+ * -n option extended to include the billboard "server" column
+ * IPv6 addresses in the local column truncated to prevent overruns
+
+--- 
+NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22) 
+ 
+Focus: Bug fixes and portability improvements 
+ 
+Severity: Medium 
+ 
+This is a recommended upgrade. 
+ 
+This release includes build infrastructure updates, code 
+clean-ups, minor bug fixes, fixes for a number of minor 
+ref-clock issues, and documentation revisions. 
+ 
+Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. 
+ 
+New features / changes in this release: 
+ 
+Build system 
+ 
+* Fix checking for struct rtattr 
+* Update config.guess and config.sub for AIX 
+* Upgrade required version of autogen and libopts for building 
+  from our source code repository 
+ 
+ntpd 
+ 
+* Back-ported several fixes for Coverity warnings from ntp-dev 
+* Fix a rare boundary condition in UNLINK_EXPR_SLIST() 
+* Allow "logconfig =allall" configuration directive 
+* Bind tentative IPv6 addresses on Linux 
+* Correct WWVB/Spectracom driver to timestamp CR instead of LF 
+* Improved tally bit handling to prevent incorrect ntpq peer status reports 
+* Exclude the Undisciplined Local Clock and ACTS drivers from the initial 
+  candidate list unless they are designated a "prefer peer" 
+* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for 
+  selection during the 'tos orphanwait' period 
+* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS 
+  drivers 
+* Improved support of the Parse Refclock trusttime flag in Meinberg mode 
+* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() 
+* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline 
+  clock slew on Microsoft Windows 
+* Code cleanup in libntpq 
+ 
+ntpdc 
+ 
+* Fix timerstats reporting 
+ 
+ntpdate 
+ 
+* Reduce time required to set clock 
+* Allow a timeout greater than 2 seconds 
+ 
+sntp 
+ 
+* Backward incompatible command-line option change: 
+  -l/--filelog changed -l/--logfile (to be consistent with ntpd) 
+ 
+Documentation 
+ 
+* Update html2man. Fix some tags in the .html files 
+* Distribute ntp-wait.html 
+
+---
+NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03)
+
+Focus: Bug fixes and portability improvements
+
+Severity: Medium
+
+This is a recommended upgrade.
+
+This release includes build infrastructure updates, code
+clean-ups, minor bug fixes, fixes for a number of minor
+ref-clock issues, and documentation revisions.
+
+Portability improvements in this release affect AIX, Atari FreeMiNT,
+FreeBSD4, Linux and Microsoft Windows.
+
+New features / changes in this release:
+
+Build system
+* Use lsb_release to get information about Linux distributions.
+* 'test' is in /usr/bin (instead of /bin) on some systems.
+* Basic sanity checks for the ChangeLog file.
+* Source certain build files with ./filename for systems without . in PATH.
+* IRIX portability fix.
+* Use a single copy of the "libopts" code.
+* autogen/libopts upgrade.
+* configure.ac m4 quoting cleanup.
+
+ntpd
+* Do not bind to IN6_IFF_ANYCAST addresses.
+* Log the reason for exiting under Windows.
+* Multicast fixes for Windows.
+* Interpolation fixes for Windows.
+* IPv4 and IPv6 Multicast fixes.
+* Manycast solicitation fixes and general repairs.
+* JJY refclock cleanup.
+* NMEA refclock improvements.
+* Oncore debug message cleanup.
+* Palisade refclock now builds under Linux.
+* Give RAWDCF more baud rates.
+* Support Truetime Satellite clocks under Windows.
+* Support Arbiter 1093C Satellite clocks under Windows.
+* Make sure that the "filegen" configuration command defaults to "enable".
+* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver.
+* Prohibit 'includefile' directive in remote configuration command.
+* Fix 'nic' interface bindings.
+* Fix the way we link with openssl if openssl is installed in the base
+  system.
+
+ntp-keygen
+* Fix -V coredump.
+* OpenSSL version display cleanup.
+
+ntpdc
+* Many counters should be treated as unsigned.
+
+ntpdate
+* Do not ignore replies with equal receive and transmit timestamps.
+
+ntpq
+* libntpq warning cleanup.
+
+ntpsnmpd
+* Correct SNMP type for "precision" and "resolution".
+* Update the MIB from the draft version to RFC-5907.
+
+sntp
+* Display timezone offset when showing time for sntp in the local
+  timezone.
+* Pay proper attention to RATE KoD packets.
+* Fix a miscalculation of the offset.
+* Properly parse empty lines in the key file.
+* Logging cleanup.
+* Use tv_usec correctly in set_time().
+* Documentation cleanup.
+
+---
+NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08)
+
+Focus: Bug fixes and portability improvements
+
+Severity: Medium
+
+This is a recommended upgrade.
+
+This release includes build infrastructure updates, code
+clean-ups, minor bug fixes, fixes for a number of minor
+ref-clock issues, improved KOD handling, OpenSSL related
+updates and documentation revisions.
+
+Portability improvements in this release affect Irix, Linux,
+Mac OS, Microsoft Windows, OpenBSD and QNX6
+
+New features / changes in this release:
+
+ntpd
+* Range syntax for the trustedkey configuration directive
+* Unified IPv4 and IPv6 restrict lists
+
+ntpdate
+* Rate limiting and KOD handling
+
+ntpsnmpd
+* default connection to net-snmpd via a unix-domain socket
+* command-line 'socket name' option
+
+ntpq / ntpdc
+* support for the "passwd ..." syntax
+* key-type specific password prompts
+
+sntp
+* MD5 authentication of an ntpd
+* Broadcast and crypto
+* OpenSSL support
+
+---
+NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09)
+
+Focus: Bug fixes, portability fixes, and documentation improvements
+
+Severity: Medium
+
+This is a recommended upgrade.
+
+---
+NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
+
+Focus: enhancements and bug fixes.
+
+---
+NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
+
+Focus: Security Fixes
+
+Severity: HIGH
+
+This release fixes the following high-severity vulnerability:
+
+* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+
+  See http://support.ntp.org/security for more information.
+
+  NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
+  In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
+  transfers use modes 1 through 5.  Upon receipt of an incorrect mode 7
+  request or a mode 7 error response from an address which is not listed
+  in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
+  reply with a mode 7 error response (and log a message).  In this case:
+
+	* If an attacker spoofs the source address of ntpd host A in a
+	  mode 7 response packet sent to ntpd host B, both A and B will
+	  continuously send each other error responses, for as long as
+	  those packets get through.
+
+	* If an attacker spoofs an address of ntpd host A in a mode 7
+	  response packet sent to ntpd host A, A will respond to itself
+	  endlessly, consuming CPU and logging excessively.
+
+  Credit for finding this vulnerability goes to Robin Park and Dmitri
+  Vinokurov of Alcatel-Lucent.
+
+THIS IS A STRONGLY RECOMMENDED UPGRADE.
+
+---
+ntpd now syncs to refclocks right away.
+
+Backward-Incompatible changes:
+
+ntpd no longer accepts '-v name' or '-V name' to define internal variables.
+Use '--var name' or '--dvar name' instead. (Bug 817)
+
+---
+NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
+
+Focus: Security and Bug Fixes
+
+Severity: HIGH
+
+This release fixes the following high-severity vulnerability:
+
+* [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
+
+  See http://support.ntp.org/security for more information.
+
+  If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
+  line) then a carefully crafted packet sent to the machine will cause
+  a buffer overflow and possible execution of injected code, running
+  with the privileges of the ntpd process (often root).
+
+  Credit for finding this vulnerability goes to Chris Ries of CMU.
+
+This release fixes the following low-severity vulnerabilities:
+
+* [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
+  Credit for finding this vulnerability goes to Geoff Keating of Apple.
+  
+* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
+  Credit for finding this issue goes to Dave Hart.
+
+This release fixes a number of bugs and adds some improvements:
+
+* Improved logging
+* Fix many compiler warnings
+* Many fixes and improvements for Windows
+* Adds support for AIX 6.1
+* Resolves some issues under MacOS X and Solaris
+
+THIS IS A STRONGLY RECOMMENDED UPGRADE.
+
+---
+NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
+
+Focus: Security Fix
+
+Severity: Low
+
+This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
+the OpenSSL library relating to the incorrect checking of the return
+value of EVP_VerifyFinal function.
+
+Credit for finding this issue goes to the Google Security Team for
+finding the original issue with OpenSSL, and to ocert.org for finding
+the problem in NTP and telling us about it.
+
+This is a recommended upgrade.
+---
+NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
+
+Focus: Minor Bugfixes 
+
+This release fixes a number of Windows-specific ntpd bugs and 
+platform-independent ntpdate bugs. A logging bugfix has been applied
+to the ONCORE driver.
+
+The "dynamic" keyword and is now obsolete and deferred binding to local 
+interfaces is the new default. The minimum time restriction for the 
+interface update interval has been dropped. 
+
+A number of minor build system and documentation fixes are included. 
+
+This is a recommended upgrade for Windows. 
+
+---
+NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10)
+
+Focus: Minor Bugfixes
+
+This release updates certain copyright information, fixes several display
+bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor
+shutdown in the parse refclock driver, removes some lint from the code,
+stops accessing certain buffers immediately after they were freed, fixes
+a problem with non-command-line specification of -6, and allows the loopback
+interface to share addresses with other interfaces.
+
+---
+NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29)
+
+Focus: Minor Bugfixes
+
+This release fixes a bug in Windows that made it difficult to
+terminate ntpd under windows.
+This is a recommended upgrade for Windows.
+
+---
+NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19)
+
+Focus: Minor Bugfixes
+
+This release fixes a multicast mode authentication problem, 
+an error in NTP packet handling on Windows that could lead to 
+ntpd crashing, and several other minor bugs. Handling of 
+multicast interfaces and logging configuration were improved. 
+The required versions of autogen and libopts were incremented.
+This is a recommended upgrade for Windows and multicast users.
+
+---
+NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31)
+
+Focus: enhancements and bug fixes.
+
+Dynamic interface rescanning was added to simplify the use of ntpd in 
+conjunction with DHCP. GNU AutoGen is used for its command-line options 
+processing. Separate PPS devices are supported for PARSE refclocks, MD5 
+signatures are now provided for the release files. Drivers have been 
+added for some new ref-clocks and have been removed for some older 
+ref-clocks. This release also includes other improvements, documentation 
+and bug fixes. 
+
+K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 
+C support.
+
+---
+NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15)
+
+Focus: enhancements and bug fixes.