BSDSec

deadsimple BSD Security Advisories and Announcements

OpenNTPD 5.7p4 released

OpenNTPD 5.7p4 has just been released. It will be available from the mirrors
listed at http://www.openntpd.org/ shortly.

OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP server itself, redistributing the local clock.

Changes since OpenNTPD 5.7p3
============================
* Added support for using HTTPS time constraints to validate NTP responses.

  You can find a detailed description of the feature and how it works here:
    http://marc.info/?l=openbsd-tech&m=142356166731390&w=2
  See the man page and example config file for configuration details.

  The libtls library, as shipped with LibreSSL 2.1.4 or later, is
  required to use the HTTPS constraint feature, though it is not
  required to use OpenNTPD.

* Workaround a bug in the Solaris adjtime call that caused the olddelta to
  never reach 0, leading to continual sync/unsync messages from ntpd.

* Workaround an overflow on systems with 32-bit time_t. This can result in a
  failure to set the time if the initial clock is set later than early 2036.
  Systems with a 32-bit time_t should upgrade well in advance of this date, but
  today this helps with systems that boot with an invalid initial time.

This marks the last release based on the OpenBSD 5.7 tree.
The next release will be OpenNTPD 5.8p1.

For detailed changes, see the changes either in the OpenBSD CVS repository or
the GitHub mirror. Special thanks to all of the contributors who helped
with this release.

Checksums:
==========

SHA1 (openntpd-5.7p4.tar.gz) = ba885dc7cf599161b351cd90af2af175071e3a9d
SHA256 (openntpd-5.7p4.tar.gz) = a993d95976e375acc0ab1a677fd268f55024477835633c8ae404895046bccb23

Reporting Bugs:
===============

General bugs may be reported to tech@openbsd.org

Portable bugs may be filed at https://github.com/openntpd-portable/openntpd-portable/