deadsimple BSD Security Advisories and Announcements

OpenNTPD 6.8p1 released

OpenNTPD 6.8p1 has been released, and is now available from your local
OpenBSD mirror. This is the first stable release based on OpenBSD 6.8.
It includes the following changes since OpenNTPD 6.2p3:

    * The ntpd daemon now gets and sets the clock in a secure way when booting
      even when a battery-backed clock is absent.

    * Improvements in DNS resolving and constraints checking, especially during
      startup. Unreliable NTP peers are removed from the pool and DNS resolving
      is repeated to add replacements.

    * Improved reliability and security of TLS constraint checking.

    * Improved logging of failure cases.

    * Prevent the case of multiple ntpds running at once by checking presence
      of the local control socket.

    * TLS certificates are now searched in TLS_CA_CERT_FILE.

    * The default ntpd.conf configuration file now uses and
      2620:fe::fe, in addition to, when performing time constraint

    * Improved handling unsynched mode when there is no replies from an NTP
      server, such as when there are network connectivity issues.

    * To build OpenNTPD with time constraint support, libtls from LibreSSL
	  3.2.2 or later is recommended.

OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP server itself, redistributing the local clock.