|
|
@ -1,101 +1,150 @@ |
|
|
For detailed changes, see the changes either in the OpenBSD CVS repository or |
|
|
|
|
|
the GitHub mirror. |
|
|
|
|
|
|
|
|
The OpenNTPD Portable project copies portions of the OpenBSD tree, along |
|
|
|
|
|
with relevant portions of the C library, to a Git repository. This makes it |
|
|
|
|
|
easier to follow all of the relevant changes to the upstream project in a |
|
|
|
|
|
single place: |
|
|
|
|
|
|
|
|
OpenNTPD 6.7p0 |
|
|
|
|
|
|
|
|
https://github.com/openntpd-portable/openntpd-openbsd |
|
|
|
|
|
|
|
|
|
|
|
The portable bits of the project are largely maintained out-of-tree, and their |
|
|
|
|
|
history is also available from Git. |
|
|
|
|
|
|
|
|
|
|
|
https://github.com/openntpd-portable/openntpd-portable |
|
|
|
|
|
|
|
|
|
|
|
OpenNTPD Portable Release Notes: |
|
|
|
|
|
|
|
|
|
|
|
6.7p1 - New release based on OpenBSD 6.7 |
|
|
|
|
|
|
|
|
* ntpd now does constraint validation against 9.9.9.9 and 2620:fe::fe by default. |
|
|
* ntpd now does constraint validation against 9.9.9.9 and 2620:fe::fe by default. |
|
|
|
|
|
|
|
|
* The ntpd daemon now gets and sets the clock in a secure way when booting |
|
|
* The ntpd daemon now gets and sets the clock in a secure way when booting |
|
|
even when a battery-backed clock is absent. |
|
|
even when a battery-backed clock is absent. |
|
|
|
|
|
|
|
|
* Improvements in DNS resolving and constraints checking, especially during |
|
|
* Improvements in DNS resolving and constraints checking, especially during |
|
|
startup. Unreliable NTP peers are removed from the pool and DNS resolving |
|
|
startup. Unreliable NTP peers are removed from the pool and DNS resolving |
|
|
is repeated to add replacements. |
|
|
is repeated to add replacements. |
|
|
|
|
|
|
|
|
* Improved reliability and security of TLS constraint checking. |
|
|
* Improved reliability and security of TLS constraint checking. |
|
|
|
|
|
|
|
|
* Improved logging of failure cases. |
|
|
* Improved logging of failure cases. |
|
|
|
|
|
|
|
|
* Prevent the case of multiple ntpds running at once by checking presence |
|
|
* Prevent the case of multiple ntpds running at once by checking presence |
|
|
of the local control socket. |
|
|
of the local control socket. |
|
|
|
|
|
|
|
|
* TLS certificates are now searched in TLS_CA_CERT_FILE. |
|
|
* TLS certificates are now searched in TLS_CA_CERT_FILE. |
|
|
|
|
|
|
|
|
2017-09-17 OpenNTPD 6.2p3 |
|
|
|
|
|
|
|
|
The libtls library, as shipped with LibreSSL 3.1.0 or later, is |
|
|
|
|
|
required to use the HTTPS constraint feature, though it is not |
|
|
|
|
|
required to use OpenNTPD. |
|
|
|
|
|
|
|
|
|
|
|
6.2p3 - Bug fixes |
|
|
|
|
|
|
|
|
* Fixed build on OS X |
|
|
* Fixed build on OS X |
|
|
|
|
|
|
|
|
2017-09-07 OpenNTPD 6.2p2 |
|
|
|
|
|
|
|
|
6.2p2 - Bug fixes |
|
|
|
|
|
|
|
|
* Fixed support for 'query from' and clarified usage. |
|
|
* Fixed support for 'query from' and clarified usage. |
|
|
|
|
|
|
|
|
2017-07-13 OpenNTPD 6.2p1 |
|
|
|
|
|
|
|
|
6.2p1 - New release based on OpenBSD 6.2 |
|
|
|
|
|
|
|
|
* Added option "query from <ip>" to ntpd.conf, to specify a local IP |
|
|
* Added option "query from <ip>" to ntpd.conf, to specify a local IP |
|
|
address for outgoing NTP queries. |
|
|
address for outgoing NTP queries. |
|
|
|
|
|
|
|
|
2017-07-13 OpenNTPD 6.1p1 |
|
|
|
|
|
|
|
|
6.1p1 - New release based on OpenBSD 6.1 |
|
|
|
|
|
|
|
|
* Quieted warnings about constraint connection retries. |
|
|
* Quieted warnings about constraint connection retries. |
|
|
|
|
|
|
|
|
* Implemented fork+exec for ntpd child processes. |
|
|
* Implemented fork+exec for ntpd child processes. |
|
|
|
|
|
|
|
|
* Added imsg inter-process reliability fixes. |
|
|
* Added imsg inter-process reliability fixes. |
|
|
|
|
|
|
|
|
* Fixed memory leaks and reduced heap memory usage. |
|
|
* Fixed memory leaks and reduced heap memory usage. |
|
|
|
|
|
|
|
|
* Numerous logging improvements and additions. |
|
|
* Numerous logging improvements and additions. |
|
|
|
|
|
|
|
|
* Added macOS 10.12 getentropy support. |
|
|
* Added macOS 10.12 getentropy support. |
|
|
|
|
|
|
|
|
* Fixed arc4random blacklist use native implementations where |
|
|
* Fixed arc4random blacklist use native implementations where |
|
|
possible. |
|
|
possible. |
|
|
|
|
|
|
|
|
2016-05-30 OpenNTPD 6.0p1 |
|
|
|
|
|
|
|
|
6.0p1 - New release based on OpenBSD 6.0 |
|
|
|
|
|
|
|
|
* Fixed a link failure on older Linux distributions and a build |
|
|
* Fixed a link failure on older Linux distributions and a build |
|
|
failure on FreeBSD. |
|
|
failure on FreeBSD. |
|
|
|
|
|
|
|
|
* Set MOD_MAXERROR to avoid unsynced time status when using |
|
|
* Set MOD_MAXERROR to avoid unsynced time status when using |
|
|
ntp_adjtime. |
|
|
ntp_adjtime. |
|
|
|
|
|
|
|
|
* Fixed HTTP Timestamp header parsing to use strptime in a more |
|
|
* Fixed HTTP Timestamp header parsing to use strptime in a more |
|
|
portable fashion. |
|
|
portable fashion. |
|
|
|
|
|
|
|
|
* Hardened TLS for ntpd constraints, enabling server name |
|
|
* Hardened TLS for ntpd constraints, enabling server name |
|
|
verification. Thanks to Luis M. Merino. |
|
|
verification. Thanks to Luis M. Merino. |
|
|
|
|
|
|
|
|
2016-03-29 OpenNTPD 5.9p1 |
|
|
|
|
|
|
|
|
5.9p1 - New release based on OpenBSD 5.9 |
|
|
|
|
|
|
|
|
* When a single "constraint" is specified, try all returned addresses |
|
|
* When a single "constraint" is specified, try all returned addresses |
|
|
until one succeeds, rather than the first returned address. |
|
|
until one succeeds, rather than the first returned address. |
|
|
|
|
|
|
|
|
* Relaxed the constraint error margin to be proportional to the number |
|
|
* Relaxed the constraint error margin to be proportional to the number |
|
|
of NTP peers, avoid constant reconnections when there is a bad NTP |
|
|
of NTP peers, avoid constant reconnections when there is a bad NTP |
|
|
peer. |
|
|
peer. |
|
|
|
|
|
|
|
|
* Removed disabled hotplug sensor support. |
|
|
* Removed disabled hotplug sensor support. |
|
|
|
|
|
|
|
|
* Added support for detecting crashes in constraint subprocesses. |
|
|
* Added support for detecting crashes in constraint subprocesses. |
|
|
|
|
|
|
|
|
* Moved the execution of constraints from the ntp process to the |
|
|
* Moved the execution of constraints from the ntp process to the |
|
|
parent process, allowing for better privilege separation since the |
|
|
parent process, allowing for better privilege separation since the |
|
|
ntp process can be further restricted. |
|
|
ntp process can be further restricted. |
|
|
|
|
|
|
|
|
* Added pledge(2) support. |
|
|
* Added pledge(2) support. |
|
|
|
|
|
|
|
|
* Updated to require LibreSSL 2.3.2 or greater. |
|
|
* Updated to require LibreSSL 2.3.2 or greater. |
|
|
|
|
|
|
|
|
* Fixed high CPU usage when the network is down. |
|
|
* Fixed high CPU usage when the network is down. |
|
|
|
|
|
|
|
|
* Fixed various memory leaks. |
|
|
* Fixed various memory leaks. |
|
|
|
|
|
|
|
|
* Switched to RMS for jitter calculations. |
|
|
* Switched to RMS for jitter calculations. |
|
|
|
|
|
|
|
|
* Unified logging functions with other OpenBSD base programs. |
|
|
* Unified logging functions with other OpenBSD base programs. |
|
|
|
|
|
|
|
|
OpenNTPD portable-specific changes: |
|
|
OpenNTPD portable-specific changes: |
|
|
|
|
|
|
|
|
* Added support for syncing time with the Realtime Clock (RTC) on OSes |
|
|
* Added support for syncing time with the Realtime Clock (RTC) on OSes |
|
|
that require it. |
|
|
that require it. |
|
|
|
|
|
|
|
|
* CFLAGS is no longer overridden by the build system. |
|
|
* CFLAGS is no longer overridden by the build system. |
|
|
|
|
|
|
|
|
* FreeBSD RTABLE support is disabled |
|
|
* FreeBSD RTABLE support is disabled |
|
|
|
|
|
|
|
|
* FreeBSD is no longer linked with -lmd to avoid hash function |
|
|
* FreeBSD is no longer linked with -lmd to avoid hash function |
|
|
collisions, causing failures in constraint certificate loading. |
|
|
collisions, causing failures in constraint certificate loading. |
|
|
|
|
|
|
|
|
* Fixed crashes due to __progname being used before initialized. |
|
|
* Fixed crashes due to __progname being used before initialized. |
|
|
|
|
|
|
|
|
* Added Solaris 10 compatibility. |
|
|
* Added Solaris 10 compatibility. |
|
|
|
|
|
|
|
|
* Added --disable-https-constraint build option for explicitly |
|
|
* Added --disable-https-constraint build option for explicitly |
|
|
disabling constraint support. |
|
|
disabling constraint support. |
|
|
|
|
|
|
|
|
* Synced build system files with LibreSSL |
|
|
* Synced build system files with LibreSSL |
|
|
|
|
|
|
|
|
The libtls library, as shipped with LibreSSL 2.3.2 or later, is |
|
|
The libtls library, as shipped with LibreSSL 2.3.2 or later, is |
|
|
required to use the HTTPS constraint feature, though it is not |
|
|
required to use the HTTPS constraint feature, though it is not |
|
|
required to use OpenNTPD. |
|
|
required to use OpenNTPD. |
|
|
|
|
|
|
|
|
2015-03-24 OpenNTPD 5.7p4 |
|
|
|
|
|
|
|
|
5.7p4 - Bug fixes, HTTPS constraint support with LibreSSL |
|
|
|
|
|
|
|
|
* Added support for HTTPS constraints to validate NTP responses. |
|
|
* Added support for HTTPS constraints to validate NTP responses. |
|
|
See the man page and example config file for how to configure it. |
|
|
See the man page and example config file for how to configure it. |
|
|
The initial announcement: |
|
|
The initial announcement: |
|
|
http://marc.info/?l=openbsd-tech&m=142356166731390&w=2 is an |
|
|
http://marc.info/?l=openbsd-tech&m=142356166731390&w=2 is an |
|
|
explanation of the rationale and how the feature works. |
|
|
explanation of the rationale and how the feature works. |
|
|
|
|
|
|
|
|
* Workaround an apparent bug in Solaris adjtime that cause the clock |
|
|
* Workaround an apparent bug in Solaris adjtime that cause the clock |
|
|
to report sync/unsync continuously. |
|
|
to report sync/unsync continuously. |
|
|
|
|
|
|
|
|
* Workaround an issue on systems with 32-bit time_t that causes an |
|
|
* Workaround an issue on systems with 32-bit time_t that causes an |
|
|
overflow if the system time is later than early 2036. |
|
|
overflow if the system time is later than early 2036. |
|
|
|
|
|
|
|
|
@ -103,41 +152,55 @@ OpenNTPD 6.7p0 |
|
|
required to use the HTTPS constraint feature, though it is not |
|
|
required to use the HTTPS constraint feature, though it is not |
|
|
required to use OpenNTPD. |
|
|
required to use OpenNTPD. |
|
|
|
|
|
|
|
|
2015-01-27 OpenNTPD 5.7p3 |
|
|
|
|
|
|
|
|
5.7p3 - Bug fixes |
|
|
|
|
|
|
|
|
* Fixed issue resolving hostnames when the network is initially |
|
|
* Fixed issue resolving hostnames when the network is initially |
|
|
unavailable. |
|
|
unavailable. |
|
|
|
|
|
|
|
|
* Fixed process name logging on Linux and OS X. |
|
|
* Fixed process name logging on Linux and OS X. |
|
|
|
|
|
|
|
|
* Fixed adjfreq failures on Solaris due to uninitialized struct timex. |
|
|
* Fixed adjfreq failures on Solaris due to uninitialized struct timex. |
|
|
|
|
|
|
|
|
* Support building on Linux musl libc. |
|
|
* Support building on Linux musl libc. |
|
|
|
|
|
|
|
|
* Default privilege separation directory changed from /var/empty/ntp |
|
|
* Default privilege separation directory changed from /var/empty/ntp |
|
|
to /var/empty. Please ensure that if you are using the default from |
|
|
to /var/empty. Please ensure that if you are using the default from |
|
|
previous releases that the privsep directory is empty, owned by |
|
|
previous releases that the privsep directory is empty, owned by |
|
|
root, and has no write privileges for other users. |
|
|
root, and has no write privileges for other users. |
|
|
|
|
|
|
|
|
2015-01-20 OpenNTPD 5.7p2 |
|
|
|
|
|
|
|
|
5.7p2 - Bug fixes, and new OS support |
|
|
|
|
|
|
|
|
* Switched the drift file from an unscaled frequency offset to ppm. |
|
|
* Switched the drift file from an unscaled frequency offset to ppm. |
|
|
The latter format is compatible with that of ntp.org. This allows |
|
|
The latter format is compatible with that of ntp.org. This allows |
|
|
easy switching between ntpd daemons |
|
|
easy switching between ntpd daemons |
|
|
|
|
|
|
|
|
* Fixed a memory leak in DNS lookups. |
|
|
* Fixed a memory leak in DNS lookups. |
|
|
|
|
|
|
|
|
* Added support for setting the process title on Linux and OS X. |
|
|
* Added support for setting the process title on Linux and OS X. |
|
|
The different processes are now possible to tell apart by role in |
|
|
The different processes are now possible to tell apart by role in |
|
|
the process list. |
|
|
the process list. |
|
|
|
|
|
|
|
|
* Import NetBSD support. |
|
|
* Import NetBSD support. |
|
|
|
|
|
|
|
|
* Various bugfixes and refinements from the community. |
|
|
* Various bugfixes and refinements from the community. |
|
|
|
|
|
|
|
|
2015-01-08 OpenNTPD 5.7p1 |
|
|
|
|
|
|
|
|
5.7p1 - New release based on OpenBSD 5.7 |
|
|
|
|
|
|
|
|
* Support for a new build infrastructure based on the LibreSSL |
|
|
* Support for a new build infrastructure based on the LibreSSL |
|
|
framework. Source code is integrated directly from the OpenBSD tree |
|
|
framework. Source code is integrated directly from the OpenBSD tree |
|
|
with few manual changes, easing maintenance. |
|
|
with few manual changes, easing maintenance. |
|
|
|
|
|
|
|
|
* Removed support for several OSes pending test reports and updated |
|
|
* Removed support for several OSes pending test reports and updated |
|
|
portability code. |
|
|
portability code. |
|
|
|
|
|
|
|
|
* Supports the Simple Network Time Protocol version 4 as described in |
|
|
* Supports the Simple Network Time Protocol version 4 as described in |
|
|
RFC 5905 |
|
|
RFC 5905 |
|
|
|
|
|
|
|
|
* Added route virtualization (rdomain) support. |
|
|
* Added route virtualization (rdomain) support. |
|
|
|
|
|
|
|
|
* Added ntpctl(8), which allows for querying ntpd(8) at runtime. |
|
|
* Added ntpctl(8), which allows for querying ntpd(8) at runtime. |
|
|
|
|
|
|
|
|
* Finer-grained clock adjustment via adjfreq / ntp_adjtime where |
|
|
* Finer-grained clock adjustment via adjfreq / ntp_adjtime where |
|
|
available. |
|
|
available. |
|
|
* Improved latency on heavily-loaded machines. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Improved latency on heavily-loaded machines. |
Brent Cook
4 years ago