Git log: commit 87c540c351de2ac72b85a31b16faecac4bfc586d
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 23:24:16 2026 -0600
Update changelog for release
Gbp-Dch: Ignore
commit 66ba3c626828b289fb80286c7f5b4c2ae9bfc1d4
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 23:22:30 2026 -0600
Update to Standards-Version 4.7.3
commit b333b6845ab69af1bd2d95508ae6c218034f9c2b
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 23:21:43 2026 -0600
Remove Rules-Requires-Root: no
Lintian says, "As of dpkg version 1.22.13, this field is set to "no" by
default."
Gbp-Dch: Ignore
commit 76b8cb7d30bee241549e841f91a62666e6b6cacb
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 23:02:59 2026 -0600
Update changelog for release
Gbp-Dch: Ignore
commit 05e8f3e4136153fdfd079e1c9c4319e3f1404939
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 22:43:49 2026 -0600
Simplify doc installation
This removes some indirection, by installing the files to the final
location directly.
Gbp-Dch: Ignore
commit eeae27e6f42db087143786952a070b2e2ce4254b
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 22:42:21 2026 -0600
Fix waf handling of --libdir, etc.
This is a bug in waf 2.1.4 that was fixed in 2.1.6.
Gbp-Dch: Ignore
commit 2a7d0122f40370bc8806f2835f0a7043c77270f0
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 17:10:31 2026 -0600
Build the gpsd JSON driver
Gary E. Miller, one of the upstream developers in common between NTPsec
and gpsd, who I had previously quoted in the justification for
disabling it, said, "I find the SHM way easier to debug. I never use
the JSON driver to talk to NTP. Choice is good, keep them both and let
the user decide."
-- https://gitlab.com/NTPsec/ntpsec/-/issues/668#note_2591150391
This driver uses libjsmn. Instead of using the embedded copy from the
NTPsec source tree, I use the Debian libjsmn-dev package.
Closes: 1108417
commit 1e5a6b034836142be0f0c80f88f0826783c4a6ab
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:48:34 2026 -0600
ntp.conf: Add nomrulist to "restrict default"
nomrulist is redundant with the default noquery, but if a user removes
noquery, they will want nomrulist to avoid being a DDoS amplifier.
Closes: 1108327
Thanks: Dave Hart <davehart@gmail.com>
commit 91c1810fbc64332297cd79b1faea051706bcd26a
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:44:42 2026 -0600
ntpsec-systemd-netif.service: Conditionalize...
... on the existence of the hook
As noted by Christoph Anton Mitterer <calestyo@scientia.org>,
"/etc/dhcp/dhclient-exit-hooks.d/ntpsec is a config file
so a user may simply delete it because he doesn't want it executed
for dhcp client. In that case it would also fail for
ntpsec-systemd-netif.service."
Closes: 1121536
commit 29a4024573cf9ec239b40ce8201511db35277fc9
Author: Christoph Anton Mitterer <calestyo@scientia.org>
Date: Sat Feb 7 16:41:14 2026 -0600
ntpsec-systemd-netif.service: Simplify /bin/sh
ntpsec-systemd-netif.service has:
ExecStart=/bin/sh -c '. /etc/dhcp/dhclient-exit-hooks.d/ntpsec'
First, why not simply /bin/sh /etc/dhcp/dhclient-exit-hooks.d/ntpsec?
Closes: 1121536
Signed-off-by: Richard Laager <rlaager@debian.org>
[LGTM. I have no idea why this was sourcing instead of executing.]
commit 1157c1d6bb6e9a2d36ecd2430c254ba1fea942e7
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:38:57 2026 -0600
Refresh patches
Gbp-Dch: Ignore
commit d35e7ec791d7bb2e7c8c31012c9a3d9741b7be7c
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:28:08 2026 -0600
Remove patches applied upstream
Gbp-Dch: Ignore
commit 667196062f093b1fb77ad173b715017eb417525b
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:08:30 2026 -0600
New upstream version
commit 898516000707f411b40778b8ec891a82a341bd6d
Merge: 4c787641 e37f3a22
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 17:24:54 2026 -0600
Update upstream source from tag 'upstream/1.2.4+dfsg'
Update to upstream version '1.2.4+dfsg'
with Debian dir 46571159e3b4cbcdb89217bbf647637f69bfe88a
commit e37f3a221ac40564d61d5b5d92d36744cd66eede
Merge: 6ffc97a0 a9e66af4
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 17:24:49 2026 -0600
New upstream version 1.2.4+dfsg
commit 4c787641c33f4536ab08a084379e676986c22e55
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 17:23:14 2026 -0600
README.source: s/dfsg1/dfsg/
This was missed in commit d93e99ec3ad70cd0cf89130122e62c64fa60af3a.
Gbp-Dch: Ignore
commit 6ffc97a0d108a172e02a85240a43fb7cc9adb170
Merge: 72dbbef8 a9e66af4
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:07:58 2026 -0600
New upstream version 1.2.4+dfsg
commit 1bce0ec98846310fe91d5809aec191b2ef4dc9cf
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:07:41 2026 -0600
debian/watch: Use https instead of ftp
commit 4639291dc3b947177da1ab1593d287b0b191d987
Author: Richard Laager <rlaager@debian.org>
Date: Sat Feb 7 16:06:12 2026 -0600
Merge upstream signing keys
Gbp-Dch: Ignore
commit 4d768363df8291d839b7c1ac559a99fe15e31baf
Author: Richard Laager <rlaager@debian.org>
Date: Fri May 2 16:18:10 2025 -0500
Update changelog for release
Gbp-Dch: Ignore
commit cd83045eafa9b1f65ede69b146782892048cb54a
Author: Richard Laager <rlaager@debian.org>
Date: Fri May 2 16:15:39 2025 -0500
Set STA_UNSYNC on start
> When ntpd starts, it immediately resets the kernel status field to
> STA_PLL without STA_UNSYNC, before the clock is actually
> synchronized. This may mislead applications that use ntp_gettime()
> to check if the clock is synchronized.
>
> Also, the maxerror and esterror fields are set to 16 microseconds
> instead of 16 seconds.
See:
http://bugs.ntp.org/show_bug.cgi?id=3434
https://bugzilla.redhat.com/show_bug.cgi?id=1493452
https://gitlab.com/NTPsec/ntpsec/-/issues/848
Closes: 1103964
commit 6f85dc3c4cb3723c6fc720dc0223b08de295a31b
Author: Richard Laager <rlaager@debian.org>
Date: Mon Apr 14 23:53:02 2025 -0500
Update changelog for release
Gbp-Dch: Ignore
commit d25571fe6e2c7e405c91b69c3b248bda7ec387c2
Author: Richard Laager <rlaager@debian.org>
Date: Mon Apr 14 23:51:09 2025 -0500
Add ntpsec-ntpdig back to debian/.gitignore
This was improperly removed with the transitional packages in
commit 729de5c1a790b24fb4b26261704553bb99fbd60e.
Gbp-Dch: Ignore
commit 8053e6e3d6c362122238478b539c5d73272f0672
Author: Richard Laager <rlaager@debian.org>
Date: Mon Apr 14 23:45:04 2025 -0500
Disable libaes-siv test_malloc_failure
This breaks on some platforms, including Debian on s390x and apparently
OpenSUSE. This is using OpenSSL's CRYPTO_set_mem_functions(), which is
documented as not working once allocations are made. It is the first
call in the program, so there doesn't seem to be much more we/I can do
about this.
Closes: 1102745
commit f2f2328236a1210762ffdcf0bf51bd69e01a21c6
Author: Richard Laager <rlaager@debian.org>
Date: Mon Apr 14 03:27:49 2025 -0500
Update changelog for release
Gbp-Dch: Ignore
commit a991b83987ce88a0b6e92aab9ed5e0521f88f19a
Author: Richard Laager <rlaager@debian.org>
Date: Mon Apr 14 03:16:41 2025 -0500
Specify PYTHONDIR/PYTHONARCHDIR at waf configure
While my system detects the paths correctly as
/usr/lib/python3/dist-packages/ntp, in the rebuild discussed in
bug #1102962, PYTHONDIR and PYTHONARCHDIR were detected as
/usr/local/lib/python3.13/dist-packages. Since the .install file hardcodes
the path anyway, there isn't really a downside of hardcoding these to
`waf configure`.
Closes: 1102962
commit 0fbf0e98cc718eef1d0e9dd31d9b14598a175242
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 8 01:26:18 2025 +0000
Disable missing_breaks pipeline job
This job fails to take into account virtual packages, so it complains
that ntpsec does not Breaks: openntpd, when Conflicts: time-daemon does
that.
Gbp-Dch: Ignore
commit 4750ee0ecdf654360a268197f3cb357e982bd080
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 8 00:55:14 2025 +0000
Update changelog for release
Gbp-Dch: Ignore
commit 52890335a019ccd201b807fe61751ecc1565bccd
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 8 00:49:14 2025 +0000
Stop running with real-time priority
The -N option runs with the maximum possible SCHED_FIFO priority.
According to Felix Moessbauer, this could starve out kernel threads.
He said, "Some recent stalls of PREEMPT_RT systems we observed could
be related to this."
He further noted, "I checked a couple of other distros (OpenSuse 15.5,
Fedora 42) and all of them just run with default options (no change of
the priority)."
Closes: 1086000
commit c242f67c262980f43a23452f6e03ff73b46430c7
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 8 00:40:52 2025 +0000
Backport more armhf fixes
Closes: 1091303
commit 30cf771ee55ee62b3ded696d46ca6932ef11f7a6
Author: Richard Laager <rlaager@debian.org>
Date: Sat Mar 1 00:39:55 2025 -0600
Update changelog for release
Gbp-Dch: Ignore
commit 729de5c1a790b24fb4b26261704553bb99fbd60e
Author: Richard Laager <rlaager@debian.org>
Date: Sat Mar 1 00:08:18 2025 -0600
Drop transitional packages
These are not longer needed.
Closes: 1072973
commit e7941f6733b896c0ae43d0f0a14ce58e09e328e7
Author: Richard Laager <rlaager@debian.org>
Date: Sat Mar 1 00:41:29 2025 -0600
Refresh patches to eliminate fuzz
Gbp-Dch: Ignore
commit f1e76eeca9df330a0cd8685081f727c8366b4e9d
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 23:40:59 2025 -0600
Backport armhf fixes
I'm not sure that 0001-Remove-use-of-waf-define-NTP_SIZEOF_TIME_T.patch
is necessary, but it's still related to the whole issue of
sizeof(time_t). I wanted to get the whole set of fixes.
Closes: 1091303
commit 9f440b103e4e09bbdf34a7ec3685060a0316e943
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 23:30:16 2025 -0600
Update leap-seconds.list URL
Closes: 1089713
commit 3ea27e8b4bfb7a9ed8b1b8a3b3d5527666fb14b7
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Tue Nov 26 22:15:24 2024 +0100
Leverage ntpd's hourly leap-seconds.list file check & auto reload
NTPsec inherited from NTP Classic that the daemon checks once every
hour whether a configured leap-seconds.list file has changed (change
of either mtime or ctime, or both), and automatically reloads it if
it has.
This present change leverages that mechanism to automatically reload
the file at ntpd runtime when the file is being updated twice a year,
rather than forcibly restarting ntpd upon every update to the
tzdata package, regardless of whether the leap-seconds.list file has
changed or not.
commit 24fbf1be0ba4adbecfbfe5c6502c2b397af6016a
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Fri Aug 30 15:44:32 2024 +0200
ntp.conf: Specific paths for NTS certificate/key
ntp.conf currently has placeholder strings where the paths
for the NTS certificate and key should go. Replace those
placeholders by specific paths as those are mentioned in
README.Debian, and hard-coded in the certbot deploy hook and
AppArmor profile.
Update README.Debian to reflect that, and other updates. E.g.,
TLS 1.3 is the minimum TLS version permitted by the RFC, so no
need to mention/set this explicitly anymore.
commit 58ff6e2797dcb48cf7ef7e885447c14f6f4a67af
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Fri Aug 30 14:35:43 2024 +0200
Docs: ntpdate no longer supports "-o"
commit 7556c4e9ee3089addd05d5da3e346492d0dc6c3c
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 23:02:21 2025 -0600
Depend on python3-setuptools
Closes: 1080689
commit 63015ace006433d49db288e73c764f068c1aaf05
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 23:00:55 2025 -0600
control: Run wrap-and-sort
Gbp-Dch: Ignore
commit d1a332e8c49a71a64ff9c855e5f37a4d67c2fc9c
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:59:04 2025 -0600
Handle BrokenPipeError in ntpq
Closes: 1092198
commit cb828bac2b75a9f0ced9b106e3a2ad35ffb4d409
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:31:46 2025 -0600
Add patch to fix out of bounds read
Thanks: Artem Nasonov
commit 90f86276b7973f14a2e4e52b45efd6b17320e710
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:25:14 2025 -0600
Remove ntpsec.timer systemd-cron workaround
ntpsec.timer was masked (made a symlink to /dev/null) to cause
systemd-cron to skip converting /etc/cron.d/ntpsec. This has been
special-cased in systemd-cron.
Closes: 1098745
commit 1060ba56652fa3886e5aa501a8ad19593c8f18f2
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:21:03 2025 -0600
Add more checks to ntpviz cron
Similar to the last commit, we should probably be checking that
/usr/bin/ntpviz is still installed.
commit 3c07e700ff9d7566b8670557deb813e0e3079b3a
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:18:23 2025 -0600
Fix ntpviz cron errors (when uninstalled)
When ntpviz is uninstalled but not purged, the cron job can error
because /var/lib/ntpsec/ntpviz/day (and presumably the same for /week)
does not exist.
Closes: 1098796
commit 61d10cbb47b5983336fb27626322e834c5431633
Author: Richard Laager <rlaager@debian.org>
Date: Fri Feb 28 22:14:07 2025 -0600
ntplogtemp: Handle OSError
Thanks: Daniel <daniel@developerdan.com>
Closes: 1098368
commit 74f50e3170fb2417e05dd020f1e31f0b447a6565
Author: Richard Laager <rlaager@debian.org>
Date: Mon May 6 22:15:44 2024 -0500
Update changelog for release
Gbp-Dch: Ignore
commit 79e0a5ebbadb40f1aee616e32b50d931f6f12da0
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Mon May 6 19:32:39 2024 -0500
Drop "nopeer" option of restrict command from configuration
The "nopeer" option to the restrict command is being ignored
since 2020, with ntpd emitting a log message to that effect
if the option is found in the configuration.
Drop the option from ntp.conf to prevent ntpd from emitting
the related error message.
Signed-off-by: Richard Laager <rlaager@debian.org>
[I made the same edit to ntp.conf.ubuntu too.]
commit 2ad838246ffc6471e4d015f2cce0f0c023147d9e
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 30 00:22:22 2024 -0500
Update changelog for release
Gbp-Dch: Ignore
commit 05b63211d566fc8717fad908932b0a741714d670
Author: Richard Laager <rlaager@debian.org>
Date: Tue Apr 30 00:21:11 2024 -0500
Update Standards-Version (no changes)
commit 95b6904077c7e67674db96488d805dbd9ad80323
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Sun Apr 28 16:15:47 2024 +0200
Add nts-keys-tmp to NTPsec apparmor profile
As part of generating NTS crypto material, NTPsec is temporarily
using the file /var/lib/ntpsec/nts-keys-tmp before storing the
final material in /var/lib/ntpsec/nts-keys. However, unlike
nts-keys, the file nts-keys-tmp is not covered by the apparmor
profile. Thus, attempts to create/write to that file are denied
and fail.
Thus, this commit adds the temporary file to the apparmor profile.
commit 41aa2dbc5510feb2dce08eda8d5a54507ecbb612
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date: Sun Apr 28 16:00:04 2024 +0200
Add usestats log file to NTPsec apparmor profile
The log file of type "usestats" is not covered by the current
apparmor profile, leading to ntpd not being able to create
this type of log file (actually, a file with a specific
name reflecting the log file type).
Add the file path+name of the usestats log file to the apparmor
profile, in line with the other log file types/names.
commit 72dbbef84aa73b864ee826ed251dc31e30cceb5d
Merge: 12dde2da ba585cf7
Author: Richard Laager <rlaager@debian.org>
Date: Sun Mar 10 18:32:27 2024 -0500
New upstream version 1.2.3+dfsg1
commit ba585cf78aa75487b2d320f91471123adff80d19
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Sat Dec 30 23:52:08 2023 -0500
version 1.2.3
Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com>
commit fb98a72bc301c241f5cc45201dc24580e92dd0e3
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Thu Dec 28 23:21:38 2023 -0500
Update PIVOT.h ahead of the release
commit 7965b5dce4bc8dbdd3aa4583846188727500c7cd
Author: James Stroud <james.jstroud@gmail.com>
Date: Sat Dec 23 02:07:17 2023 +0000
Update ntpsec.adoc - minor formatting change to stay consistent. I hope you don't mind merging. I just found out about your project and love it. Great job.
commit f295e2a43a3a0df2851b668216cbbb4a917c229f
Author: Fred Wright <fw@fwright.net>
Date: Tue Dec 26 14:22:46 2023 -0800
Fix attic build
Removes a reference to an attic program that isn't provided.
TESTED:
Build now works with --enable-attic.
commit 9893b850f54d31a47b1ace513c209edd34cece16
Author: Richard Laager <rlaager@wiktel.com>
Date: Sun Dec 24 15:44:35 2023 -0600
Fix duplicate exit status in man pages
The "EXIT STATUS" section is duplicated in several man pages.
Reported-by: Bjarni Ingi Gislason <bjarniig@simnet.is>
commit 0fdfe69295d96ae7e94648faa8fedb6f4c8ec1b3
Author: Fred Wright <fw@fwright.net>
Date: Thu Dec 21 00:56:09 2023 -0800
aes_siv: Remove troublesome -Wconversion
This warning is known to be overzealous in GCC 4.2, and apparently
toned down in later GCC versions.
According to devel/CommitLog-4.1.0, it was removed from the "classic"
CFLAGS in 2001-04-21, and hadn't resurfaced until it was applied
here solely to aes_siv components in 468fc5a7c9.
TESTED:
Now builds without warnings and passes tests, with 28 compilers
from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.
commit bb663654817c5467c4bf0724af8cdff09f8f1621
Author: Fred Wright <fw@fwright.net>
Date: Thu Dec 21 00:37:21 2023 -0800
Fix some timespec initializer warnings
Some compilers don't seem to recognize that clock_gettime() storing
into a struct timespec counts as initializing it, and produce "may be
used uninitialized" warnings. Adding initializers to the structs gets
rid of the warnings, without adding enough overhead to worry about.
TESTED:
Now builds without warnings and passes tests, with 28 compilers
from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.
commit 60a2ad1438bdf8519d936f3f69c1f225eb882eb4
Author: Fred Wright <fw@fwright.net>
Date: Thu Dec 21 00:27:15 2023 -0800
ntp_control.c: Fix a compiler warning
The expression was shifting a char left before promoting it to
a short. This should actually be OK, since intermediate results
are supposed to be int or better, but it's more conceptually correct
to promote it first, which avoids a warning from GCC 4.2. It's
also slightly better to do the mask before the shift.
TESTED:
Now builds without warnings and passes tests, with 28 compilers
from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.
commit 86636d8d5c7a1cac87a77dd9b0d808b09174e698
Author: James Browning <jamesb.fe80@gmail.com>
Date: Sun Dec 17 12:36:28 2023 -0800
Update NEWS.adoc with random things from the history
commit 1b2327b9495b7572255e255392c1d6e065e9b4a1
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 18 01:21:23 2023 -0800
Add names to unions in ntp_control's struct var
Some old compilers need them.
commit a7accd9627e746a994cdad48949437c71d9c77a5
Author: James Browning <jamesb.fe80@gmail.com>
Date: Sat Dec 9 07:29:23 2023 -0800
ntp.packet: Shim mode6 alignment to 4 & use it.
commit 96ab4b68c91827175ef1e707fc445382c3e89ca7
Author: James Browning <jamesb.fe80@gmail.com>
Date: Wed Dec 6 06:48:10 2023 -0800
FFI: Revise comments and white space.
commit 65f0fb2eddc4fbf634f1000fc3ebf354bef0c19d
Author: James Browning <jamesb.fe80@gmail.com>
Date: Wed Dec 6 06:52:22 2023 -0800
FFI: Wrap more code blocks with curly braces.
commit 80bcf512434855eae489731b66f2c0a033a1852f
Author: James Browning <jamesb.fe80@gmail.com>
Date: Wed Dec 6 06:59:58 2023 -0800
FFI: Check return codes of CMAC_* from -lcrypto
commit fbcbd33d23a9703749c9d3a6bb859b42f0a56e6e
Author: Hal Murray <halmurray@sonic.net>
Date: Tue Dec 5 23:31:56 2023 -0800
More tweaks to ntpd/ntp_filegen.c
1) fix brain-fart in previous edit
2) merge 2 cases
3) squish warning for signed/unsigned compare
commit 9dc9606b2cb6ea38f6e32a94f9ad392d511a9253
Author: Hal Murray <halmurray@sonic.net>
Date: Tue Dec 5 23:08:22 2023 -0800
Attempt to fix coverity 316495
commit f8513096ee4937f8b5df92c052567b811baeb3cc
Author: Hal Murray <halmurray@sonic.net>
Date: Tue Dec 5 19:37:21 2023 -0800
Add ntpq defaulting to AES
commit e3afd66839d79d6d0073d33b19b69ea0bf5ba58b
Author: James Browning <jamesb.fe80@gmail.com>
Date: Wed Dec 6 10:22:22 2023 -0800
Fix #812 putarray sends right length to putunqstr
commit ba25900934da7430e4501f2d5895d72e734fad1b
Author: Hal Murray <halmurray@sonic.net>
Date: Tue Dec 5 01:28:35 2023 -0800
Another attempt at Coverity 356204
commit 1c79d66b43a5befb62a2795ba8746533ea1ed542
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 06:40:43 2023 -0800
Update NEWS
commit 05d655cf0c033cebd3c4b866c626e643d9c522d3
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:57:28 2023 -0800
Doc tweaks, mostly for shared keys
commit f71580d424ca2295706db56ea2f0abe95d48cda3
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:51:47 2023 -0800
Add doc for mssntpinfo
commit 1b91d73e6cadc5b9334393ee14ee916972ef9bc1
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:28:54 2023 -0800
Add SHA-1 as an alias for SHA1
NIST uses SHA-1 but OpenSSL's crypto package uses SHA1.
commit 42523439d477de813a2293fd1496d660a48ca876
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:20:56 2023 -0800
Add support for nts tlsecdhcurves to ntp_config
Interesting that nobody had tried it yet.
(It crashed on an ASSERT fail when I tested it.)
commit 08e27afad87916cd9bfdc543f1ae5e4736f10c5f
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:14:56 2023 -0800
Drop T_Tlsciphers from ntp_parser.y
It wasn't in keyword-gen.c or used by ntp_config.c
or in any of the documentation
commit ed48d5c44a62b39719f9d90feacb3d94b82a8a7b
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 02:00:20 2023 -0800
Tweak comment to refer to RFC 9327
commit eea06b5716dca0bc5d4c7da8f19664a91f138eb8
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 01:58:08 2023 -0800
log curves used by nts ecdhcurves
commit 07231d10e2a507eed20457b706efda785b77bb9e
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 01:57:14 2023 -0800
Add attic/cipher-find.c
commit 4cc149a3ae9a5d8c4f3ecc1e1bac04e6cd799781
Author: Hal Murray <halmurray@sonic.net>
Date: Mon Dec 4 01:55:00 2023 -0800
Add DES and DES3 to list
commit 4e21ea3ecc817f522222255aaac2fb67d2cfaf14
Author: Hal Murray <halmurray@sonic.net>
Date: Sun Dec 3 20:09:18 2023 -0800
Hack around const bug in OpenSSL API
cast discards ‘const’ warning from SSL_CTX_set1_groups_list()
https://github.com/openssl/openssl/issues/22535
commit 6a08498f620179d00bb1aa8425038380e0ba8cf9
Author: Hal Murray <halmurray@sonic.net>
Date: Sun Dec 3 19:56:52 2023 -0800
Minor cleanup to ntp_filegen, fix Coverity 356204
commit 62ee9a8b422305e1a80b0300222e48c56de41a85
Author: Hal Murray <halmurray@sonic.net>
Date: Sun Dec 3 19:52:44 2023 -0800
Update TODO-NTS
commit 59e305105186dfd59491abc45f0971b92fb9437d
Author: James Browning <jamesb.fe80@gmail.com>
Date: Sun Dec 3 17:48:37 2023 -0800
Make pylint shut up about f-strings.
commit 12dde2da4ba2fbd93bac3813e7ef106af6241f5c
Merge: d7b142a9 969e4692
Author: Richard Laager <rlaager@debian.org>
Date: Mon Jan 16 17:31:53 2023 -0600
New upstream version 1.2.2+dfsg1
commit 969e469209bfda91bf2f2cae98b14c7ecd98fd48
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Wed Dec 28 23:45:49 2022 -0500
version 1.2.2
Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com>
commit a4b03a72d02f2aede7b707d890b34beae6016ec6
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Wed Dec 28 23:16:44 2022 -0500
Make sure tarball doesn't contain versioned shared library symlinks
commit 5ff55406c90406dca9617c4394a1045f4df50867
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Wed Dec 28 23:02:08 2022 -0500
Explicitly run waf via python3 in make-tarball
commit 63de6cd02a99cc69e940704e4e4965f01ee9cbc0
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Wed Dec 28 22:28:16 2022 -0500
Take 2 on cleaning up the asciidoc syntax
commit 45dd4d642e750d8685ddacd879f870f4944c1186
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Wed Dec 28 22:28:16 2022 -0500
Tidy up asciidoc syntax in NEWS
commit 93b5a395da026937998a5c1977d30853e046e4ec
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Fri Dec 23 20:39:34 2022 -0500
No need to install gpgv on ubuntu-rolling now that clone3() issue is resolved
commit 7a09186ce6eec2ed0241dc1a03331a8c9df2e7fe
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Fri Dec 23 13:28:09 2022 -0500
Update docker build files to use the distributions implied by their names
This partially reverts 64e2c355ac601b57eebec75a13da40e7d47fbf54 ("I: Some
remaining image have repo verification issues")
The underlying issue with upstream repository verification was fixed in
eff644a4262ef1eb0d78a8958cc59b33b0541d57 ("Use latest docker image when
building docker images")
commit 4acc911050e157235111ad6cfc96a3a65457e2df
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Thu Dec 22 23:25:40 2022 -0500
Update release manager user for ftp server
commit b8900bfc21cb3df44a3d17df4acb2a533dfd36a3
Author: Hal Murray <hmurray@megapathdsl.net>
Date: Thu Dec 22 17:44:05 2022 -0800
Fix for gliitches found by Google's oss-fuzz
commit 1195ff029fd12d0cb112d1100bf1769910b1681f
Author: Hal Murray <hmurray@megapathdsl.net>
Date: Thu Dec 22 17:04:15 2022 -0800
Cleanup NTPv1 processing
ntpq sysstats now shows NTPv1 activity
add NTPv1 packet count to sysstats log files
commit 21962ae0a1cd4d85fe2b2a96aeef8c489fe691ff
Author: Hal Murray <hmurray@megapathdsl.net>
Date: Thu Dec 22 15:07:39 2022 -0800
Update NEWS to include NTS wildcard support
commit dc948158a2ce64479b296bdb973992a7f0521a3b
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Thu Dec 22 12:42:40 2022 -0500
Remove call to emerge-webrsync in Gentoo docker image building
We pull portage from docker so there's no need to pull portage over the web
additionally.
commit eff644a4262ef1eb0d78a8958cc59b33b0541d57
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date: Thu Dec 22 12:37:24 2022 -0500
Use latest docker image when building docker images
We were previously using the "stable" version of docker and this tag hasn't
been updated in 2 years. We instead switch to "latest" since we have no need to
pin to a specific version.
The "stable" version of docker was older than 20.10.10 and it caused issues for
linux distributions using glibc >= 2.34 because of how clone3() is used.
See https://github.com/AkihiroSuda/clone3-workaround for additional details.
ntpsec (1.2.3+dfsg1-8)
[PTS] [DDPO]