NTPsec_1_1_8 version 1.1.8Release NTPsec_1_1_8
Fix bug in NTS-KE client so that NTP server names work.
Fix/tweak several NTS logging messages.
On this day in 1858, Modified Julian Day 0 also the city of Denver, Colorado founded.
NTPsec_1_1_7 version 1.1.7Release NTPsec_1_1_7
The numeric literal argument of the 'time1' fudge option on a clock can now have one or more letter suffixes that compensate for era rollover in a GPS device. Each "g" adds the number of seconds in a 1024-week (10-bit) GPS era. Each "G" adds the number of seconds in a 8192-week (13-bit) GPS era.
The neoclock4x driver has been removed, due to the hardware and the vendor having utterly vanished from the face of the earth.
The NTS ALPN negotiation sequence has been modified for improved interoperability with other NTS implementations.
NTS key rotation now happens every 24 hours. It used to rotate every hour to enable testing of recovery from stale cookies.
On this day in 1945, some important paperwork was signed by General MacArthur aboard the USS Missouri.
NTPsec_1_1_6 version 1.1.6Release NTPsec_1_1_6
Fixes to code quality checks.
Fixes to NTS server list.
Fix to bug #600.
On this day in 1913, in Death Valley, the temperature was 56.7°C, officially world's highest recorded temperature.
NTPsec_1_1_5 version 1.1.5Release NTPsec_1_1_5
Add ALPN for the NTS server, as required by the NTP draft.
Revert some ntpq behavior.
On this day in 1972 the first leap second is added to the UTC time system.
NTPsec_1_1_4 version 1.1.4Release NTPsec_1_1_4
NTS is now implemented. See devel/nts.adoc and https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp
We thank Cisco for sponsoring the NTS development.
Lots of fixes and cleanups to PPS, both implementation and documentation.
Pthread support is now required.
NIST lockclock mode is now a runtime option set by the (previously unused)
flag1mode bit of the local-clock driver.
As always, lots of minor fixups and cleanups everywhere. See the git log.
Today marks the summer solstice in the Northern Hemisphere.
NTPsec_1_1_3 version 1.1.3Release NTPsec_1_1_3
Security fixes for bugs inherited from NTP Classic:
- CVE-2019-6443: OOB read in ctl_getitem() in ntp_control.c (GitLab #507)
- CVE-2019-6444: OOB read in process_control() in ntp_control.c (GitLab #508)
- CVE-2019-6445: Remotely triggerable crash in ntp_control.c (GitLab #509)
- CVE-2019-6442: Authenticated OOB write in ntp_parser.y (GitLab #510)
Lots of typo fixes, documentation cleanups, test targets.
In memory of Arland D. Williams Jr.
NTPsec_1_1_2 version 1.1.2Release NTPsec_1_1_2
Use data minimization on client requests https://datatracker.ietf.org/doc/draft-ietf-ntp-data-minimization/
Support AES-128-CMAC for authentication https://www.rfc-editor.org/info/rfc8573
NTPsec_1_1_1 version 1.1.1Release NTPsec_1_1_1
Log timestamps now include the year. This is useful when investigating bugs involving time-setting and -g.
Many internal cleanups to clear the way for upcoming major features. They should generally not be user visible. Refer to the git-log if you are interested.
NTPsec_1_1_0 version 1.1.0Release NTPsec_1_1_0
RIP Stephen William Hawking, CH CBE FRS FRSA. 1942-01-08 - 2018-03-14 You gave us a Brief History of Time. We will just count it.
Enough user visible changes have been made that this is the 1.1.0 release instead of a 1.0.1.
The code size is now 55KLOC in C, 15KLOC in Python.
Digests longer then 20 bytes will be truncated.
We have merged NTP Classic's fix for CVE-2018-7182.
The following NTP Classic CVEs announced in February 2018 do not affect NTPsec:
- CVE-2016-1549: Sybil vulnerability: ephemeral association attack
- CVE-2018-7170: Multiple authenticated ephemeral associations
- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
- CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association
- CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit
We have dropped support for Broadcast servers. We had kept it for older desktop operating systems listening on the local network broadcast domain, a use case that is no longer employed in sane environments, and no longer necessary for modern desktop OSs.
It is now possible to unpeer refclocks using a type/unit specification rather than a magic IP address. This was the last obligatory use of magic IP addresses in the configuration grammar.
OpenBSD has been removed from the list of supported platforms for ntpd. It will be restored if and when its clock API supports drift adjustment via ntp_adjtime() or equivalent facility.
Mac OS X support has been dropped pending the implementation of ntp_adjtime(2).
A bug that caused the rejection of 33% of packets from Amazon time service has been fixed.
NTPsec_1_0_0 version 1.0.0Release NTPsec_1_0_0
This is the 1.0 release. It has been a long road, getting from there to here.
The code size has been further reduced, to 55KLOC.
A bug inherited from Classic that could cause bad jitter from bad peers to be incorrectly zeroed, producing erratic or slow startup, has been fixed.
The dependency of local refclocks returning 4-digit years on pre-synchronization to a network peer has been removed. It is thus possible to run in a fully-autonomous mode using multiple refclocks and no network peers.
ntpmon now reports units on time figures.
ntpq now reports a count of Mode 6 messages received under sysstats.
You can now turn off restriction flags with an unrestrict statement that takes arguments exactly like a restrict, except that with no argument flags it removes any filter rule associated with the address/mask (as opposed to creating one with unrestricted access). This is expected to be useful mainly with the "ntpq :config" command.
Builds are fully reproducible; see SOURCE_DATE_EPOCH and BUILD_EPOCH.
NTPsec_0_9_8 version 0.9.8
NTPsec_0_9_7 version 0.9.7Release NTPsec_0_9_7
The code size has been further reduced, to 60KLOC.
A shell script, buildprep, has been added to the top level source directory. It prepares your system for an NTPsec source build by installing all required dependencies on the build host.
Extra digits of precision are now output in numerous places. The driftfile now stores 6 digits past the decimal point instead of 3. The stats files now stores 9 digits past the decimal point instead of 6 for some fields. ntpq and ntpmon also report extra digits of precision in multiple places. These changes may break simple parsing scripts.
Four contrib programs: cpu-temp-log; smartctl-temp-log, temper-temp-log, and zone-temp-log; have been combined into the new program ntplogtemp. The new program allows for easy logging of system temperatures and is installed by default.
The SHM refclock no longer limits the value of SHM time by default. This allows SHM to work on systems with no RTC by default.
The following CVEs revealed by a Mozilla penetration test and reported in CERT VU#325339 have been resolved:
CVE-2017-6464: Denial of Service via Malformed Config CVE-2017-6463: Authenticated DoS via Malicious Config Option CVE-2017-6458: Potential Overflows in ctl_put() functions CVE-2017-6451: Improper use of snprintf() in mx4200_send()
A Pentest report by Cure53 noted that a previously fixed CVE had been reintroduced into the code. This was resolved, again.
CVE-2014-9295: Multiple stack-based buffer overflows in ntpd
The following CVEs, announced simultaneously, affected NTP Classic but not NTPsec, because we had already removed the attack surface:
CVE-2017-6462: Buffer Overflow in DPTS Clock CVE-2017-6455: Privileged execution of User Library code CVE-2017-6452: Stack Buffer Overflow from Command Line CVE-2017-6459: Data Structure terminated insufficiently CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist
We gratefully acknowledge the work of of Dr.-Ing. Mario Hederich at cure53 in detecting these problems and his cooperation in resolving them.
NTPsec_0_9_6 version 0.9.6Release NTPsec_0_9_6
ntpkeygen has been moved from C to Python. This is not a functional change, just another move to improve maintainability and reduce attack surface by decreasing line count.
ntpdig has also been moved from C to Python. Though this is also mostly a move to reduce line count, the new version does have some functional changes. Obsolete options have been dropped, logging is done a bit differently, and the synchronization-distance computation has been brought up to date with ntpd's. Also, this version can be told to collect multiple samples and use whichever has the lowest combination of stratum and synchronization distance.
A new tool for time-service operators, ntpmon, supports real-time monitoring of your NTP installation's status.
NTPsec_0_9_5_1 version 0.9.5-1
NTPsec_0_9_5 version 0.9.5Release NTPsec_0_9_5
This release includes a substantial refactoring of the core protocol implementation. Due to unresolvable security issues, support for broadcast/multicast clients has been dropped; broadcast servers are still supported. Likewise, symmetric mode is now only partially supported. The
peerdirective has become a synonym for
server. Servers which receive symmetric-active mode packets will immediately give a symmetric-passive-mode response, but will not mobilize a new association.
All remaining Perl code in the distribution has been moved to Python.
The trap feature, broken in NTP Classic at the time of the NTPSec fork, has been removed. So has its only known client, the ntptrap script in the distribution.
A new visualization tool, ntpviz, generates graphical summaries of logfile data that can be helpful for identifying problems such as misconfigured servers. It replaces a messy and poorly documented pile of ancient Perl, awk, and S scripts; those have been removed.
It is now possible (and sometimes useful) to say "minpoll 0" for a 1-second interval.
The ntpq tool for querying and configuring a running ntpd has been moved from C to Python. About the only visible effect this has is that ntpq now resizes its peers display to accommodate wide terminal-emulator windows.
This release includes fixes for four low and medium-severity vulnerabilities:
CVE-2016-7434: Null pointer dereference on malformed mrulist request CVE-2016-7429: Interface selection DoS CVE-2016-9311: Trap crash CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector
Note that the "fixes" for CVE-2016-9310/9311 consist of complete removal of the broken trap feature. This removal occurred post-0.9.4 but prior to the discovery of these issues.
Further, an additional low-severity issue impacting 0.9.0 through 0.9.3 has come to our attention:
CVE-2016-7433: Reboot sync calculation problem
This issue was already addressed in 0.9.4 but not treated as a vulnerability.
The following NTP Classic CVEs do not impact NTPsec: CVE-2016-7427, CVE-2016-7428, CVE-2016-9312, CVE-2016-7431. We reject CVE-2016-7426, as it describes known and intended behavior which is a necessary logical consequence of rate-limiting.
For more information on these security issues, see: https://lists.ntpsec.org/pipermail/devel/2016-November/002589.html http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
NTPsec_0_9_4 NTPsec 0.9.4Release NTPsec_0_9_4
usestats has been added to the statistics collection to record system resource usage statistics.
A new, simpler configuration syntax for refclocks has been implemented. Configuration examples in the new syntax have been added to each driver page.
Refclocks are now designated by name, not number. A list is available from "./waf configure --list".
The rarely-used saveconfig feature in ntpd, and various associated configuration directives, have been removed for security reasons. The ntpd --saveconfigquit option, undocumented in NTP Classic, has also been removed.
The ARCRON MSF refclock has been removed on the advice of last maintainer.
The Spectracom TSYNC PCI refclock has been removed. It required a proprietary driver. As a matter of good security policy, NTPsec will not trust nor attempt to support code it cannot audit.
The Conrad Parallel Port radio refclock has been removed. It required a third-party parallel-port driver for Linux that no longer exists.
Both Hopf refclocks have been removed. The 6039 driver required a kernel driver that no longer exists; the 6021 driver duplicated support in the generic driver.
The Austron refclock has been removed, on the grounds that it was EOLed more than 20 years ago and there's been no aftermarket activity or web chatter around it for a decade.
The audio-path drivers (IRIG and CHU) have been removed. The class of hardware required to support them has gone essentially extinct due to cheap DSP. The complexity/maintenance overhead of this code was high enough to motivate dropping them.
This release contains a fix for one vulnerability inherited from NTP Classic:
[Bug 3044] (CVE-2016-4954) Processing spoofed server packets
https://lists.ntpsec.org/pipermail/devel/2016-June/001299.html provides additional information on this issue.
It also includes the following fix cross-ported from Classic:
[Bug 3047] refclock_jjy does not work with C-DEX JST2000
NTPsec_0_9_3 tag version 0.9.3Release NTPsec_0_9_3
The long-deprecated Autokey feature has been removed.
This release contains fixes for three vulnerabilities inherited from NTP Classic:
- Bug 3020 (CVE-2016-1551) Refclock impersonation vulnerability (Credit: Matt Street et. al. of Cisco ASIG)
- Bug 3008 (CVE-2016-2519) ctl_getitem() return value not always checked (Credit: Yihan Lian of the Qihoo 360 cloud security team)
- Bug 2978 (CVE-2016-1548) Interleave-pivot (Credit: Miroslav Lichvar of RedHat and Jonathan Gardner of Cisco ASIG)
The following non-security fixes have been forward-ported from Classic:
- Bug 2772 adj_systime overflows tv_usec
- Bug 2814 msyslog deadlock when signaled.
- Bug 2829 Look at pipe_fds in ntpd.c
- Bug 2887 fudge stratum only accepts values [0..16].
- Bug 2958 ntpq: fatal error messages need a final newline.
- Bug 2965 Local clock didn't work since 4.2.8p4.
- Bug 2969 Segfault from ntpq/mrulist when looking at server with lots of clients
We regard the following NTP Classic bug -
- Bug 3012 (CVE-2016-1549) Sybil vulnerability: ephemeral association attack (Credit: Matthew van Gundy of Cisco ASIG)
as a duplicate of CVE-2015-7974 (see 0.9.1 release notes) and it is WONTFIX for the time being: it is correct-but-unfortunate behavior consequent to confusing and inflexible semantics of ntp.conf's access control language, and we will address it with a future redesign effort. NTP Classic has partially addressed this pair of issues by extending the syntax of ntp.keys to support IP ACLing. We are not currently aware of any demand for this feature among NTPsec users and have no plans to implement it; if you have a need for it, please file a bug at https://gitlab.com/groups/NTPsec/issues to let us know you're out there.
The remainder of the security issues patched in NTP Classic 4.2.8p7 either are not believed to impact NTPsec or were already fixed in a previous release.
NTPsec_0_9_2 NTPsec 0.9.2Release NTPsec_0_9_2
- can now cross-compile
- many documentation fixes
- Coverity is even more strict
- remove WWV, transmitter protocol changed, nobody builds receivers
- remove updwtmpx stuff, no longer useful
NTPsec_0_9_1 NTPsec 0.9.1Release NTPsec_0_9_1
Point release for security. Fixes:
- CVE-2015-7973: Replay attack on authenticated broadcast mode (Aanchal Malhotra)
- CVE-2015-7975: nextvar() missing length check (Jonathan Gardner)
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast and other preemptable modes (Aanchal Malhotra)
- CVE-2015-8138: Zero Origin Timestamp Bypass (Matthew van Gundy & Jonathan Gardner)
- CVE-2015-8139: Origin Leak: ntpq and ntpdc Disclose Origin Timestamp to Unauthenticated Clients (Matthew van Gundy)
- CVE-2015-8158: Potential Infinite Loop in ntpq (Jonathan Gardner)
- CVE-2016-1550: Timing attack on MAC verification (Daniel Franke)
- Missing length checks in decodearr() and outputarr() (Daniel Franke)
Two additional security issues have been reported to us for which we are not implementing code changes, but the user should be aware of their impact.
The first (CVE-2015-8140) pertains to NTP's dynamic reconfiguration feature, which permits on-the-fly modification of NTP's configuration via ntpq. This feature is rarely used, typically disabled, and can only be enabled when authentication is configured. ntpd has no means of detecting that a request to change its configuration is a replay of an old packet. Therefore, if an administrator sets ntpd to configuration A and then to configuration B, an attacker who captures the packets commanding these changes can replay the first one and restore ntpd's state to configuration A. This is only a concern when the configuration commands are sent over an untrusted network. Configuration changes made via localhost are not susceptible.
This is an inherent design flaw in NTP cryptography and in the remote reconfiguration protocol, and can be fixed only with a considerable reworking and by changing the protocol in a way that is neither forward nor backward compatible. This cryptographic rework is on the horizon in the form of Network Time Security (currently a draft in the IETF network time working group). Given that this vulnerability impacts few if any real users, we have chosen to defer fixing it until we have tools more suitable to the task. For the mean time, if you rely on NTP's reconfiguration support, we recommend either restricting its use to localhost or trusted networks, or tunneling through SSH or a VPN. The 'nomodify' option to the 'restrict' directive may be used to enforce this policy.
The second (CVE-2015-7974) pertains to the fact that when multiple trusted keys are configured, no mechanism exists to associate particular keys with particular peers or assign particular privileges. This is not a bug, per se, but rather a lack of expressiveness in NTP's configuration language. We intend to address in a future release as part of a larger redesign aimed at giving clearer semantics to the configuration language and making it easier to write safe configurations.
Note that NTPsec is not impacted by CVE-2015-7976, CVE-2015-7977, or CVE-2015-7978. CVE-2015-7977 and CVE-2015-7978 both pertain to mode 7 packets, support for which was completely removed before NTPsec's first beta. CVE-2015-7976 is a feature request to restrict the format of filenames used in saveconfig commands. Saveconfig support is disabled at compile time in NTPsec and will not be re-enabled without much more extensive hardening.
Coverity found a slow memory leak in the asynchronous-DNS code.
- Canonical forge for git clones and issue tracking is https://gitlab.com/NTPsec/ntpsec
- The documentation has been extensively updated and revised. One important change is that manual pages are now generated from the same masters as this web documentation, so the two will no longer drift out of synchronization.
- Internally, there is more consistent use of nanosecond precision. A visible effect of this is that time stepping with sufficiently high-precision time sources could be accurate down to nanoseconds rather than microseconds; this might actually matter for GPSDOs and high-quality radio clocks.
- The deprecated
ntpdcutility, long since replaced by
ntpq, has been removed.
ntpsnmpddaemon, incomplete and not conformant with RFC 5907, has been removed.
- A number of obsolete refclocks have been removed.
sntpprogram has been renamed
ntpdigin order to make NTP installables have a uniform name prefix and take up less namespace. Also,
- A new utility,
ntpfrob, collects several small diagnostic functions for reading and tweaking the local clock hardware, including reading the clock tick rate, precision, and jitter. Part of it formerly traveled as
- The deprecated
ntpdateprogram has been replaced with a shell wrapper around
- Log timestamps look a little different; they are now in ISO 8601 format.
- Autokey is not supported in this release.
These reflect fixes to NTP Classic between the 2015-06-06 fork point and the 0.9.0 beta release.
- Bug 2625 Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
- Bug 2778 Implement "apeers" ntpq command to include associd.
- Bug 2823 ntpsweep with recursive peers option doesn't work. H.Stenn.
- Bug 2836 DCF77 patches from Frank Kardel to make decoding more robust, and require 2 consecutive timestamps to be consistent.
- Bug 2845 Harden memory allocation in ntpd; implement and use 'eallocarray(...)' where appropriate.
- Bug 2846 Report 'unsynchronized' status during the leap second.
- Bug 2849 Systems with more than one default route may never synchronize. Brian Utterback. Note that this patch might need to be reverted once Bug 2043 has been fixed.
- Bug 2855 Implement conditional leap smear feature; includes later fixes for parser support and reporting leap smear in the REFID.
- Bug 2859 Improve raw DCF77 robustness decoding. Frank Kardel.
- Bug 2860 ntpq ifstats sanity check is too stringent. Frank Kardel.
- Bug 2866 segmentation fault at initgroups(). Harlan Stenn.
- Bug 2867 ntpd with autokey active crashed by 'ntpq -crv'
- Bug 2883 ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
- Bug 2886 Misspelling: "outlyer" should be "outlier"
- Bug 2890 Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
- Bug 2901 Clients that receive a KoD should validate the origin timestamp field (CVE-2015-7704, CVE-2015-7705)
- Bug 2902 configuration directives "pidfile" and "driftfile" should be local-only. (patch by Miroslav Lichvar) (CVE-2015-7703)
- Bug 2909 Slow memory leak in CRYPTO_ASSOC (CVE-2015-7701)
- Bug 2916 trusted key use-after-free (CVE-2015-7849)
- Bug 2918 saveconfig Directory Traversal Vulnerability. (OpenVMS) (CVE-2015-7851)
- Bug 2919 ntpq atoascii() potential memory corruption (CVE-2015-7852)
- Bug 2920 Invalid length data provided by a custom refclock driver could cause a buffer overflow (CVE-2015-7853)
- Bug 2921 Password Length Memory Corruption Vulnerability (CVE-2015-7854)
- Bug 2922 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (CVE-2015-7855)
- Bug 2941 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (CVE-2015-7871)
Additionally the NTPsec team is aware of the following vulnerabilities impacting autokey: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702. NTPsec does not support building with autokey support and therefore is not exposed; the vulnerable code will not be fixed, but will be removed in a future release.
NTPsec is not impacted by CVE-2015-7848 (mode 7 loop counter underrun) because ntpdc and support for mode 7 packets have been removed.