Browse Source

add 6.7 changes, update format to match LibreSSL

master
Brent Cook 4 years ago
parent
commit
cc3292981b
1 changed files with 77 additions and 14 deletions
  1. +77
    -14
      ChangeLog

+ 77
- 14
ChangeLog View File

@ -1,101 +1,150 @@
For detailed changes, see the changes either in the OpenBSD CVS repository or
the GitHub mirror.
The OpenNTPD Portable project copies portions of the OpenBSD tree, along
with relevant portions of the C library, to a Git repository. This makes it
easier to follow all of the relevant changes to the upstream project in a
single place:
OpenNTPD 6.7p0
https://github.com/openntpd-portable/openntpd-openbsd
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.
https://github.com/openntpd-portable/openntpd-portable
OpenNTPD Portable Release Notes:
6.7p1 - New release based on OpenBSD 6.7
* ntpd now does constraint validation against 9.9.9.9 and 2620:fe::fe by default. * ntpd now does constraint validation against 9.9.9.9 and 2620:fe::fe by default.
* The ntpd daemon now gets and sets the clock in a secure way when booting * The ntpd daemon now gets and sets the clock in a secure way when booting
even when a battery-backed clock is absent. even when a battery-backed clock is absent.
* Improvements in DNS resolving and constraints checking, especially during * Improvements in DNS resolving and constraints checking, especially during
startup. Unreliable NTP peers are removed from the pool and DNS resolving startup. Unreliable NTP peers are removed from the pool and DNS resolving
is repeated to add replacements. is repeated to add replacements.
* Improved reliability and security of TLS constraint checking. * Improved reliability and security of TLS constraint checking.
* Improved logging of failure cases. * Improved logging of failure cases.
* Prevent the case of multiple ntpds running at once by checking presence * Prevent the case of multiple ntpds running at once by checking presence
of the local control socket. of the local control socket.
* TLS certificates are now searched in TLS_CA_CERT_FILE. * TLS certificates are now searched in TLS_CA_CERT_FILE.
2017-09-17 OpenNTPD 6.2p3
The libtls library, as shipped with LibreSSL 3.1.0 or later, is
required to use the HTTPS constraint feature, though it is not
required to use OpenNTPD.
6.2p3 - Bug fixes
* Fixed build on OS X * Fixed build on OS X
2017-09-07 OpenNTPD 6.2p2
6.2p2 - Bug fixes
* Fixed support for 'query from' and clarified usage. * Fixed support for 'query from' and clarified usage.
2017-07-13 OpenNTPD 6.2p1
6.2p1 - New release based on OpenBSD 6.2
* Added option "query from <ip>" to ntpd.conf, to specify a local IP * Added option "query from <ip>" to ntpd.conf, to specify a local IP
address for outgoing NTP queries. address for outgoing NTP queries.
2017-07-13 OpenNTPD 6.1p1
6.1p1 - New release based on OpenBSD 6.1
* Quieted warnings about constraint connection retries. * Quieted warnings about constraint connection retries.
* Implemented fork+exec for ntpd child processes. * Implemented fork+exec for ntpd child processes.
* Added imsg inter-process reliability fixes. * Added imsg inter-process reliability fixes.
* Fixed memory leaks and reduced heap memory usage. * Fixed memory leaks and reduced heap memory usage.
* Numerous logging improvements and additions. * Numerous logging improvements and additions.
* Added macOS 10.12 getentropy support. * Added macOS 10.12 getentropy support.
* Fixed arc4random blacklist use native implementations where * Fixed arc4random blacklist use native implementations where
possible. possible.
2016-05-30 OpenNTPD 6.0p1
6.0p1 - New release based on OpenBSD 6.0
* Fixed a link failure on older Linux distributions and a build * Fixed a link failure on older Linux distributions and a build
failure on FreeBSD. failure on FreeBSD.
* Set MOD_MAXERROR to avoid unsynced time status when using * Set MOD_MAXERROR to avoid unsynced time status when using
ntp_adjtime. ntp_adjtime.
* Fixed HTTP Timestamp header parsing to use strptime in a more * Fixed HTTP Timestamp header parsing to use strptime in a more
portable fashion. portable fashion.
* Hardened TLS for ntpd constraints, enabling server name * Hardened TLS for ntpd constraints, enabling server name
verification. Thanks to Luis M. Merino. verification. Thanks to Luis M. Merino.
2016-03-29 OpenNTPD 5.9p1
5.9p1 - New release based on OpenBSD 5.9
* When a single "constraint" is specified, try all returned addresses * When a single "constraint" is specified, try all returned addresses
until one succeeds, rather than the first returned address. until one succeeds, rather than the first returned address.
* Relaxed the constraint error margin to be proportional to the number * Relaxed the constraint error margin to be proportional to the number
of NTP peers, avoid constant reconnections when there is a bad NTP of NTP peers, avoid constant reconnections when there is a bad NTP
peer. peer.
* Removed disabled hotplug sensor support. * Removed disabled hotplug sensor support.
* Added support for detecting crashes in constraint subprocesses. * Added support for detecting crashes in constraint subprocesses.
* Moved the execution of constraints from the ntp process to the * Moved the execution of constraints from the ntp process to the
parent process, allowing for better privilege separation since the parent process, allowing for better privilege separation since the
ntp process can be further restricted. ntp process can be further restricted.
* Added pledge(2) support. * Added pledge(2) support.
* Updated to require LibreSSL 2.3.2 or greater. * Updated to require LibreSSL 2.3.2 or greater.
* Fixed high CPU usage when the network is down. * Fixed high CPU usage when the network is down.
* Fixed various memory leaks. * Fixed various memory leaks.
* Switched to RMS for jitter calculations. * Switched to RMS for jitter calculations.
* Unified logging functions with other OpenBSD base programs. * Unified logging functions with other OpenBSD base programs.
OpenNTPD portable-specific changes: OpenNTPD portable-specific changes:
* Added support for syncing time with the Realtime Clock (RTC) on OSes * Added support for syncing time with the Realtime Clock (RTC) on OSes
that require it. that require it.
* CFLAGS is no longer overridden by the build system. * CFLAGS is no longer overridden by the build system.
* FreeBSD RTABLE support is disabled * FreeBSD RTABLE support is disabled
* FreeBSD is no longer linked with -lmd to avoid hash function * FreeBSD is no longer linked with -lmd to avoid hash function
collisions, causing failures in constraint certificate loading. collisions, causing failures in constraint certificate loading.
* Fixed crashes due to __progname being used before initialized. * Fixed crashes due to __progname being used before initialized.
* Added Solaris 10 compatibility. * Added Solaris 10 compatibility.
* Added --disable-https-constraint build option for explicitly * Added --disable-https-constraint build option for explicitly
disabling constraint support. disabling constraint support.
* Synced build system files with LibreSSL * Synced build system files with LibreSSL
The libtls library, as shipped with LibreSSL 2.3.2 or later, is The libtls library, as shipped with LibreSSL 2.3.2 or later, is
required to use the HTTPS constraint feature, though it is not required to use the HTTPS constraint feature, though it is not
required to use OpenNTPD. required to use OpenNTPD.
2015-03-24 OpenNTPD 5.7p4
5.7p4 - Bug fixes, HTTPS constraint support with LibreSSL
* Added support for HTTPS constraints to validate NTP responses. * Added support for HTTPS constraints to validate NTP responses.
See the man page and example config file for how to configure it. See the man page and example config file for how to configure it.
The initial announcement: The initial announcement:
http://marc.info/?l=openbsd-tech&m=142356166731390&w=2 is an http://marc.info/?l=openbsd-tech&m=142356166731390&w=2 is an
explanation of the rationale and how the feature works. explanation of the rationale and how the feature works.
* Workaround an apparent bug in Solaris adjtime that cause the clock * Workaround an apparent bug in Solaris adjtime that cause the clock
to report sync/unsync continuously. to report sync/unsync continuously.
* Workaround an issue on systems with 32-bit time_t that causes an * Workaround an issue on systems with 32-bit time_t that causes an
overflow if the system time is later than early 2036. overflow if the system time is later than early 2036.
@ -103,41 +152,55 @@ OpenNTPD 6.7p0
required to use the HTTPS constraint feature, though it is not required to use the HTTPS constraint feature, though it is not
required to use OpenNTPD. required to use OpenNTPD.
2015-01-27 OpenNTPD 5.7p3
5.7p3 - Bug fixes
* Fixed issue resolving hostnames when the network is initially * Fixed issue resolving hostnames when the network is initially
unavailable. unavailable.
* Fixed process name logging on Linux and OS X. * Fixed process name logging on Linux and OS X.
* Fixed adjfreq failures on Solaris due to uninitialized struct timex. * Fixed adjfreq failures on Solaris due to uninitialized struct timex.
* Support building on Linux musl libc. * Support building on Linux musl libc.
* Default privilege separation directory changed from /var/empty/ntp * Default privilege separation directory changed from /var/empty/ntp
to /var/empty. Please ensure that if you are using the default from to /var/empty. Please ensure that if you are using the default from
previous releases that the privsep directory is empty, owned by previous releases that the privsep directory is empty, owned by
root, and has no write privileges for other users. root, and has no write privileges for other users.
2015-01-20 OpenNTPD 5.7p2
5.7p2 - Bug fixes, and new OS support
* Switched the drift file from an unscaled frequency offset to ppm. * Switched the drift file from an unscaled frequency offset to ppm.
The latter format is compatible with that of ntp.org. This allows The latter format is compatible with that of ntp.org. This allows
easy switching between ntpd daemons easy switching between ntpd daemons
* Fixed a memory leak in DNS lookups. * Fixed a memory leak in DNS lookups.
* Added support for setting the process title on Linux and OS X. * Added support for setting the process title on Linux and OS X.
The different processes are now possible to tell apart by role in The different processes are now possible to tell apart by role in
the process list. the process list.
* Import NetBSD support. * Import NetBSD support.
* Various bugfixes and refinements from the community. * Various bugfixes and refinements from the community.
2015-01-08 OpenNTPD 5.7p1
5.7p1 - New release based on OpenBSD 5.7
* Support for a new build infrastructure based on the LibreSSL * Support for a new build infrastructure based on the LibreSSL
framework. Source code is integrated directly from the OpenBSD tree framework. Source code is integrated directly from the OpenBSD tree
with few manual changes, easing maintenance. with few manual changes, easing maintenance.
* Removed support for several OSes pending test reports and updated * Removed support for several OSes pending test reports and updated
portability code. portability code.
* Supports the Simple Network Time Protocol version 4 as described in * Supports the Simple Network Time Protocol version 4 as described in
RFC 5905 RFC 5905
* Added route virtualization (rdomain) support. * Added route virtualization (rdomain) support.
* Added ntpctl(8), which allows for querying ntpd(8) at runtime. * Added ntpctl(8), which allows for querying ntpd(8) at runtime.
* Finer-grained clock adjustment via adjfreq / ntp_adjtime where * Finer-grained clock adjustment via adjfreq / ntp_adjtime where
available. available.
* Improved latency on heavily-loaded machines.
* Improved latency on heavily-loaded machines.

Loading…
Cancel
Save