deadsimple BSD Security Advisories and Announcements

OpenNTPD 5.9p1 released

OpenNTPD 5.9p1 has just been released. t will be available from the
mirrors listed at shortly.

OpenNTPD is a FREE, secure, and easy to use implementation of the
Network Time Protocol. It provides the ability to sync the local clock
to remote NTP servers and can act as NTP server itself, redistributing
the local clock.

Changes since OpenNTPD 5.7p4
* When a single "constraint" is specified, try all returned addresses
  until one succeeds, rather than the first returned address.
* Relaxed the constraint error margin to be proportional to the number
  of NTP peers, avoid constant reconnections when there is a bad NTP
* Removed disabled hotplug sensor support.
* Added support for detecting crashes in constraint subprocesses.
* Moved the execution of constraints from the ntp process to the
  parent process, allowing for better privilege separation since the
  ntp process can be further restricted.
* Added pledge(2) support.
* Updated to require LibreSSL 2.3.2 or greater.
* Fixed high CPU usage when the network is down.
* Fixed various memory leaks.
* Switched to RMS for jitter calculations.
* Unified logging functions with other OpenBSD base programs.

OpenNTPD portable-specific changes:

* Added support for syncing time with the Realtime Clock (RTC) on OSes
  that require it.
* CFLAGS is no longer overridden by the build system.
* FreeBSD RTABLE support is disabled
* FreeBSD is no longer linked with -lmd to avoid hash function
  collisions, causing failures in constraint certificate loading.
* Fixed crashes due to __progname being used before initialized.
* Added Solaris 10 compatibility.
* Added --disable-https-constraint build option for explicitly
  disabling constraint support.
* Synced build system files with LibreSSL

The libtls library, as shipped with LibreSSL 2.3.2 or later, is
required to use the HTTPS constraint feature, though it is not
required to use OpenNTPD.

For detailed changes, see the changes either in the OpenBSD CVS
repository or the GitHub mirror.


SHA256 (openntpd-5.9p1.tar.gz) = 200c04056d4d6441653cac71d515611f3903aa7b15b8f5661a40dab3fb3697b3

Reporting Bugs:

General bugs may be reported to

Portable bugs may be filed at