NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Updating libopts

NOTE WELL: If autogen is upgraded on whimsy and another release of -stable is planned, that tarball will be using the new autogen! (Also note that this means that upgrading libopts means there will be a relatively short validation cycle, as we would tend to want to do this just before a new release of -stable, at the end of a -dev cycle.) I may have a solution to this - on whimsy I'll just run ../configure --prefix=/usr/local/gnu/autogen-X.Y.Z and if I need to use the older autogen for a -stable tarball we should be OK.

Fetch, build, and install the target version of autogen.

• See if any of the following need to be updated:
  • sntp/include/autogen-version.def
  • Main.SoftwareDevelopment
  • Reconcile any autogen file overrides we ave placed in sntp/ag-tpl/* .

• cd sntp
• tar xvzf `autoopts-config libsrc`
• diff -ur libopts*  | grep '^Only' and look for things other than Makefile.in or SCCS.
• bk rm -f any files that are no longer needed
• diff -ur libopts-* libopts | grep '^diff' and use that output to copy the updated files from libopts-whatever to libopts
• bk ci -y'Updated to libopts-whatever' (is this the right place?)
• run :run-autogen (this script is in ntp-dev as that's the only place we would ordinarily be updating libopts)
• Make a note in the ChangeLog and check that in.

check it out, build it, and:

• bk commit -y'Updated to AutoGen-1.2.3 and libopts-4.5.6'

Watch some of the perms on the generated files. This should not be a problem because the :run-autogen scripts does a chmod u+w . (Now that autogen supports the --writable option this should not be a problem at all.)

N.B.: If libopts is being updated the snapshot roll will need a make clean before it runs. ntp_configure_cache_version in configure.ac may not do this for us...