Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

140 lines
5.3 KiB

7 years ago
10 years ago
  1. For detailed changes, see the changes either in the OpenBSD CVS repository or
  2. the GitHub mirror.
  3. 2019-XX-XX OpenNTPD 6.5p0
  4. * Improved reliability and security of TLS constraint checking.
  5. * Improved logging of failure cases.
  6. * Prevent the case of multiple ntpds running at once by checking presence
  7. of the local control socket.
  8. * TLS certificates are now searched in TLS_CA_CERT_FILE.
  9. 2017-09-17 OpenNTPD 6.2p3
  10. * Fixed build on OS X
  11. 2017-09-07 OpenNTPD 6.2p2
  12. * Fixed support for 'query from' and clarified usage.
  13. 2017-07-13 OpenNTPD 6.2p1
  14. * Added option "query from <ip>" to ntpd.conf, to specify a local IP
  15. address for outgoing NTP queries.
  16. 2017-07-13 OpenNTPD 6.1p1
  17. * Quieted warnings about constraint connection retries.
  18. * Implemented fork+exec for ntpd child processes.
  19. * Added imsg inter-process reliability fixes.
  20. * Fixed memory leaks and reduced heap memory usage.
  21. * Numerous logging improvements and additions.
  22. * Added macOS 10.12 getentropy support.
  23. * Fixed arc4random blacklist use native implementations where
  24. possible.
  25. 2016-05-30 OpenNTPD 6.0p1
  26. * Fixed a link failure on older Linux distributions and a build
  27. failure on FreeBSD.
  28. * Set MOD_MAXERROR to avoid unsynced time status when using
  29. ntp_adjtime.
  30. * Fixed HTTP Timestamp header parsing to use strptime in a more
  31. portable fashion.
  32. * Hardened TLS for ntpd constraints, enabling server name
  33. verification. Thanks to Luis M. Merino.
  34. 2016-03-29 OpenNTPD 5.9p1
  35. * When a single "constraint" is specified, try all returned addresses
  36. until one succeeds, rather than the first returned address.
  37. * Relaxed the constraint error margin to be proportional to the number
  38. of NTP peers, avoid constant reconnections when there is a bad NTP
  39. peer.
  40. * Removed disabled hotplug sensor support.
  41. * Added support for detecting crashes in constraint subprocesses.
  42. * Moved the execution of constraints from the ntp process to the
  43. parent process, allowing for better privilege separation since the
  44. ntp process can be further restricted.
  45. * Added pledge(2) support.
  46. * Updated to require LibreSSL 2.3.2 or greater.
  47. * Fixed high CPU usage when the network is down.
  48. * Fixed various memory leaks.
  49. * Switched to RMS for jitter calculations.
  50. * Unified logging functions with other OpenBSD base programs.
  51. OpenNTPD portable-specific changes:
  52. * Added support for syncing time with the Realtime Clock (RTC) on OSes
  53. that require it.
  54. * CFLAGS is no longer overridden by the build system.
  55. * FreeBSD RTABLE support is disabled
  56. * FreeBSD is no longer linked with -lmd to avoid hash function
  57. collisions, causing failures in constraint certificate loading.
  58. * Fixed crashes due to __progname being used before initialized.
  59. * Added Solaris 10 compatibility.
  60. * Added --disable-https-constraint build option for explicitly
  61. disabling constraint support.
  62. * Synced build system files with LibreSSL
  63. The libtls library, as shipped with LibreSSL 2.3.2 or later, is
  64. required to use the HTTPS constraint feature, though it is not
  65. required to use OpenNTPD.
  66. 2015-03-24 OpenNTPD 5.7p4
  67. * Added support for HTTPS constraints to validate NTP responses.
  68. See the man page and example config file for how to configure it.
  69. The initial announcement:
  70. http://marc.info/?l=openbsd-tech&m=142356166731390&w=2 is an
  71. explanation of the rationale and how the feature works.
  72. * Workaround an apparent bug in Solaris adjtime that cause the clock
  73. to report sync/unsync continuously.
  74. * Workaround an issue on systems with 32-bit time_t that causes an
  75. overflow if the system time is later than early 2036.
  76. The libtls library, as shipped with LibreSSL 2.1.4 or later, is
  77. required to use the HTTPS constraint feature, though it is not
  78. required to use OpenNTPD.
  79. 2015-01-27 OpenNTPD 5.7p3
  80. * Fixed issue resolving hostnames when the network is initially
  81. unavailable.
  82. * Fixed process name logging on Linux and OS X.
  83. * Fixed adjfreq failures on Solaris due to uninitialized struct timex.
  84. * Support building on Linux musl libc.
  85. * Default privilege separation directory changed from /var/empty/ntp
  86. to /var/empty. Please ensure that if you are using the default from
  87. previous releases that the privsep directory is empty, owned by
  88. root, and has no write privileges for other users.
  89. 2015-01-20 OpenNTPD 5.7p2
  90. * Switched the drift file from an unscaled frequency offset to ppm.
  91. The latter format is compatible with that of ntp.org. This allows
  92. easy switching between ntpd daemons
  93. * Fixed a memory leak in DNS lookups.
  94. * Added support for setting the process title on Linux and OS X.
  95. The different processes are now possible to tell apart by role in
  96. the process list.
  97. * Import NetBSD support.
  98. * Various bugfixes and refinements from the community.
  99. 2015-01-08 OpenNTPD 5.7p1
  100. * Support for a new build infrastructure based on the LibreSSL
  101. framework. Source code is integrated directly from the OpenBSD tree
  102. with few manual changes, easing maintenance.
  103. * Removed support for several OSes pending test reports and updated
  104. portability code.
  105. * Supports the Simple Network Time Protocol version 4 as described in
  106. RFC 5905
  107. * Added route virtualization (rdomain) support.
  108. * Added ntpctl(8), which allows for querying ntpd(8) at runtime.
  109. * Finer-grained clock adjustment via adjfreq / ntp_adjtime where
  110. available.
  111. * Improved latency on heavily-loaded machines.