NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
NOTE WELL: If
is upgraded on
and another release of
is planned, that tarball will be using the new
! (Also note that this means that upgrading
means there will be a relatively short validation cycle, as we would tend to want to do this just before a new release of
, at the end of a
I may have a solution to this - on whimsy I'll just run
and if I need to use the older
tarball we should be OK.
Fetch, build, and install the target version of
- See if any of the following need to be updated:
- Reconcile any
autogen file overrides we have placed in
tar xvzf `autoopts-config libsrc`
diff -ur libopts* | grep '^Only' and look for things other than
bk rm -f any files that are no longer needed
- copy over and
bk add ... any new files
diff -ur libopts-* libopts | grep '^diff' and use that output to copy the updated files from
- Add the following to any updated
+AM_CFLAGS = $(NTP_HARD_CFLAGS)
+AM_CPPFLAGS = $(NTP_HARD_CPPFLAGS)
+AM_LDFLAGS = $(NTP_HARD_LDFLAGS)
bk ci -y'Updated to libopts-whatever' (is this the right place?)
:run-autogen (this script is in
ntp-dev as that's the only place we would ordinarily be updating
- Make a note in the
ChangeLog and check that in.
check it out, then:
cd A.whatever && make distcheck
Once any problems have been fixed and any changes have been checked in:
bk commit -y'Updated to AutoGen-1.2.3 and libopts-4.5.6'
Watch some of the perms on the generated files.
This should not be a problem because the
scripts does a
option this should not be a problem at all.)
is being updated the snapshot roll will need a
before it runs.
may not do this for us...