NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Embedded Version String Content

While fixing Bug #683 it was noted that the version string in the code takes the form:

 Version @ CSet [ build-flags ] date buildnumber

where:

Version

the version string, eg 4.2.3p29

@

the @ sign

CSet

A number indicating the latest changeset in the repository

build-flags

$ $ -o for -lcrypto OpenSSL support (through 4.2.7p32), $ $ -a for Autokey support (4.2.7p33 and later), $ $ -? for unrecognized OpenSSL /Autokey support.

date

the date and time of program linkage

buildnumber

(n), where n counts the number of times the program has been linked in this directory

Note that previous versions of NTP used different values for build-flags and the file scripts/mkver describes them.

It has been suggested that some users are confused by the information after the @. While the remaining information is important and useful, it is not part of the software version.

The following suggestions have been made in this regard:

• Leave it alone
• Get rid of the information after the @
  • Harlan says not without finding somewhere else for the info
• Change the @ to something else:
  • 4.2.3p29; 1.123-o
  • 4.2.3p29, build 1.123-o

-- HarlanStenn - 22 Aug 2006

-- DaveHart (added -a for Autokey) - 23 May 2010