ntpsec - Debian Package Tracker

general

source: ntpsec (main)
version: 1.2.3+dfsg1-8
maintainer: Richard Laager (DMD)
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.0+dfsg1-4
oldstable: 1.2.2+dfsg1-1+deb12u1
old-sec: 1.2.2+dfsg1-1+deb12u1
stable: 1.2.3+dfsg1-8
testing: 1.2.3+dfsg1-8
unstable: 1.2.3+dfsg1-8

versioned links

1.2.0+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2+dfsg1-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.3+dfsg1-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ntpsec (11 bugs: 0, 7, 4, 0)
ntpsec-doc
ntpsec-ntpdate (2 bugs: 0, 2, 0, 0)
ntpsec-ntpdig
ntpsec-ntpviz
python3-ntp (1 bugs: 0, 1, 0, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  ftp://ftp.ntpsec.org/pub/releases/

Created: 2025-11-27 Last update: 2026-02-12 16:00

Depends on packages which need a new maintainer normal

The packages that ntpsec depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2026-02-12 20:00

5 bugs tagged patch in the BTS normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-02-12 19:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.2.4+dfsg-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 87c540c351de2ac72b85a31b16faecac4bfc586d
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 23:24:16 2026 -0600

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 66ba3c626828b289fb80286c7f5b4c2ae9bfc1d4
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 23:22:30 2026 -0600

    Update to Standards-Version 4.7.3

commit b333b6845ab69af1bd2d95508ae6c218034f9c2b
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 23:21:43 2026 -0600

    Remove Rules-Requires-Root: no
    
    Lintian says, "As of dpkg version 1.22.13, this field is set to "no" by
    default."
    
    Gbp-Dch: Ignore

commit 76b8cb7d30bee241549e841f91a62666e6b6cacb
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 23:02:59 2026 -0600

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 05e8f3e4136153fdfd079e1c9c4319e3f1404939
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 22:43:49 2026 -0600

    Simplify doc installation
    
    This removes some indirection, by installing the files to the final
    location directly.
    
    Gbp-Dch: Ignore

commit eeae27e6f42db087143786952a070b2e2ce4254b
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 22:42:21 2026 -0600

    Fix waf handling of --libdir, etc.
    
    This is a bug in waf 2.1.4 that was fixed in 2.1.6.
    
    Gbp-Dch: Ignore

commit 2a7d0122f40370bc8806f2835f0a7043c77270f0
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 17:10:31 2026 -0600

    Build the gpsd JSON driver
    
    Gary E. Miller, one of the upstream developers in common between NTPsec
    and gpsd, who I had previously quoted in the justification for
    disabling it, said, "I find the SHM way easier to debug. I never use
    the JSON driver to talk to NTP. Choice is good, keep them both and let
    the user decide."
    -- https://gitlab.com/NTPsec/ntpsec/-/issues/668#note_2591150391
    
    This driver uses libjsmn.  Instead of using the embedded copy from the
    NTPsec source tree, I use the Debian libjsmn-dev package.
    
    Closes: 1108417

commit 1e5a6b034836142be0f0c80f88f0826783c4a6ab
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:48:34 2026 -0600

    ntp.conf: Add nomrulist to "restrict default"
    
    nomrulist is redundant with the default noquery, but if a user removes
    noquery, they will want nomrulist to avoid being a DDoS amplifier.
    
    Closes: 1108327
    Thanks: Dave Hart <davehart@gmail.com>

commit 91c1810fbc64332297cd79b1faea051706bcd26a
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:44:42 2026 -0600

    ntpsec-systemd-netif.service: Conditionalize...
    
    ... on the existence of the hook
    
    As noted by Christoph Anton Mitterer <calestyo@scientia.org>,
    "/etc/dhcp/dhclient-exit-hooks.d/ntpsec is a config file
    so a user may simply delete it because he doesn't want it executed
    for dhcp client.  In that case it would also fail for
    ntpsec-systemd-netif.service."
    
    Closes: 1121536

commit 29a4024573cf9ec239b40ce8201511db35277fc9
Author: Christoph Anton Mitterer <calestyo@scientia.org>
Date:   Sat Feb 7 16:41:14 2026 -0600

    ntpsec-systemd-netif.service: Simplify /bin/sh
    
    ntpsec-systemd-netif.service has:
      ExecStart=/bin/sh -c '. /etc/dhcp/dhclient-exit-hooks.d/ntpsec'
    
    First, why not simply /bin/sh /etc/dhcp/dhclient-exit-hooks.d/ntpsec?
    
    Closes: 1121536
    Signed-off-by: Richard Laager <rlaager@debian.org>
    [LGTM. I have no idea why this was sourcing instead of executing.]

commit 1157c1d6bb6e9a2d36ecd2430c254ba1fea942e7
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:38:57 2026 -0600

    Refresh patches
    
    Gbp-Dch: Ignore

commit d35e7ec791d7bb2e7c8c31012c9a3d9741b7be7c
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:28:08 2026 -0600

    Remove patches applied upstream
    
    Gbp-Dch: Ignore

commit 667196062f093b1fb77ad173b715017eb417525b
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:08:30 2026 -0600

    New upstream version

commit 898516000707f411b40778b8ec891a82a341bd6d
Merge: 4c787641 e37f3a22
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 17:24:54 2026 -0600

    Update upstream source from tag 'upstream/1.2.4+dfsg'
    
    Update to upstream version '1.2.4+dfsg'
    with Debian dir 46571159e3b4cbcdb89217bbf647637f69bfe88a

commit e37f3a221ac40564d61d5b5d92d36744cd66eede
Merge: 6ffc97a0 a9e66af4
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 17:24:49 2026 -0600

    New upstream version 1.2.4+dfsg

commit 4c787641c33f4536ab08a084379e676986c22e55
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 17:23:14 2026 -0600

    README.source: s/dfsg1/dfsg/
    
    This was missed in commit d93e99ec3ad70cd0cf89130122e62c64fa60af3a.
    
    Gbp-Dch: Ignore

commit 6ffc97a0d108a172e02a85240a43fb7cc9adb170
Merge: 72dbbef8 a9e66af4
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:07:58 2026 -0600

    New upstream version 1.2.4+dfsg

commit 1bce0ec98846310fe91d5809aec191b2ef4dc9cf
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:07:41 2026 -0600

    debian/watch: Use https instead of ftp

commit 4639291dc3b947177da1ab1593d287b0b191d987
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Feb 7 16:06:12 2026 -0600

    Merge upstream signing keys
    
    Gbp-Dch: Ignore

commit 4d768363df8291d839b7c1ac559a99fe15e31baf
Author: Richard Laager <rlaager@debian.org>
Date:   Fri May 2 16:18:10 2025 -0500

    Update changelog for release
    
    Gbp-Dch: Ignore

commit cd83045eafa9b1f65ede69b146782892048cb54a
Author: Richard Laager <rlaager@debian.org>
Date:   Fri May 2 16:15:39 2025 -0500

    Set STA_UNSYNC on start
    
    > When ntpd starts, it immediately resets the kernel status field to
    > STA_PLL without STA_UNSYNC, before the clock is actually
    > synchronized. This may mislead applications that use ntp_gettime()
    > to check if the clock is synchronized.
    >
    > Also, the maxerror and esterror fields are set to 16 microseconds
    > instead of 16 seconds.
    
    See:
    http://bugs.ntp.org/show_bug.cgi?id=3434
    https://bugzilla.redhat.com/show_bug.cgi?id=1493452
    https://gitlab.com/NTPsec/ntpsec/-/issues/848
    
    Closes: 1103964

commit 6f85dc3c4cb3723c6fc720dc0223b08de295a31b
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Apr 14 23:53:02 2025 -0500

    Update changelog for release
    
    Gbp-Dch: Ignore

commit d25571fe6e2c7e405c91b69c3b248bda7ec387c2
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Apr 14 23:51:09 2025 -0500

    Add ntpsec-ntpdig back to debian/.gitignore
    
    This was improperly removed with the transitional packages in
    commit 729de5c1a790b24fb4b26261704553bb99fbd60e.
    
    Gbp-Dch: Ignore

commit 8053e6e3d6c362122238478b539c5d73272f0672
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Apr 14 23:45:04 2025 -0500

    Disable libaes-siv test_malloc_failure
    
    This breaks on some platforms, including Debian on s390x and apparently
    OpenSUSE.  This is using OpenSSL's CRYPTO_set_mem_functions(), which is
    documented as not working once allocations are made.  It is the first
    call in the program, so there doesn't seem to be much more we/I can do
    about this.
    
    Closes: 1102745

commit f2f2328236a1210762ffdcf0bf51bd69e01a21c6
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Apr 14 03:27:49 2025 -0500

    Update changelog for release
    
    Gbp-Dch: Ignore

commit a991b83987ce88a0b6e92aab9ed5e0521f88f19a
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Apr 14 03:16:41 2025 -0500

    Specify PYTHONDIR/PYTHONARCHDIR at waf configure
    
    While my system detects the paths correctly as
    /usr/lib/python3/dist-packages/ntp, in the rebuild discussed in
    bug #1102962, PYTHONDIR and PYTHONARCHDIR were detected as
    /usr/local/lib/python3.13/dist-packages.  Since the .install file hardcodes
    the path anyway, there isn't really a downside of hardcoding these to
    `waf configure`.
    
    Closes: 1102962

commit 0fbf0e98cc718eef1d0e9dd31d9b14598a175242
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 8 01:26:18 2025 +0000

    Disable missing_breaks pipeline job
    
    This job fails to take into account virtual packages, so it complains
    that ntpsec does not Breaks: openntpd, when Conflicts: time-daemon does
    that.
    
    Gbp-Dch: Ignore

commit 4750ee0ecdf654360a268197f3cb357e982bd080
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 8 00:55:14 2025 +0000

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 52890335a019ccd201b807fe61751ecc1565bccd
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 8 00:49:14 2025 +0000

    Stop running with real-time priority
    
    The -N option runs with the maximum possible SCHED_FIFO priority.
    According to Felix Moessbauer, this could starve out kernel threads.
    He said, "Some recent stalls of PREEMPT_RT systems we observed could
    be related to this."
    
    He further noted, "I checked a couple of other distros (OpenSuse 15.5,
    Fedora 42) and all of them just run with default options (no change of
    the priority)."
    
    Closes: 1086000

commit c242f67c262980f43a23452f6e03ff73b46430c7
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 8 00:40:52 2025 +0000

    Backport more armhf fixes
    
    Closes: 1091303

commit 30cf771ee55ee62b3ded696d46ca6932ef11f7a6
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Mar 1 00:39:55 2025 -0600

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 729de5c1a790b24fb4b26261704553bb99fbd60e
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Mar 1 00:08:18 2025 -0600

    Drop transitional packages
    
    These are not longer needed.
    
    Closes: 1072973

commit e7941f6733b896c0ae43d0f0a14ce58e09e328e7
Author: Richard Laager <rlaager@debian.org>
Date:   Sat Mar 1 00:41:29 2025 -0600

    Refresh patches to eliminate fuzz
    
    Gbp-Dch: Ignore

commit f1e76eeca9df330a0cd8685081f727c8366b4e9d
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 23:40:59 2025 -0600

    Backport armhf fixes
    
    I'm not sure that 0001-Remove-use-of-waf-define-NTP_SIZEOF_TIME_T.patch
    is necessary, but it's still related to the whole issue of
    sizeof(time_t).  I wanted to get the whole set of fixes.
    
    Closes: 1091303

commit 9f440b103e4e09bbdf34a7ec3685060a0316e943
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 23:30:16 2025 -0600

    Update leap-seconds.list URL
    
    Closes: 1089713

commit 3ea27e8b4bfb7a9ed8b1b8a3b3d5527666fb14b7
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Tue Nov 26 22:15:24 2024 +0100

    Leverage ntpd's hourly leap-seconds.list file check & auto reload
    
    NTPsec inherited from NTP Classic that the daemon checks once every
    hour whether a configured leap-seconds.list file has changed (change
    of either mtime or ctime, or both), and automatically reloads it if
    it has.
    
    This present change leverages that mechanism to automatically reload
    the file at ntpd runtime when the file is being updated twice a year,
    rather than forcibly restarting ntpd upon every update to the
    tzdata package, regardless of whether the leap-seconds.list file has
    changed or not.

commit 24fbf1be0ba4adbecfbfe5c6502c2b397af6016a
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Fri Aug 30 15:44:32 2024 +0200

    ntp.conf: Specific paths for NTS certificate/key
    
    ntp.conf currently has placeholder strings where the paths
    for the NTS certificate and key should go. Replace those
    placeholders by specific paths as those are mentioned in
    README.Debian, and hard-coded in the certbot deploy hook and
    AppArmor profile.
    
    Update README.Debian to reflect that, and other updates. E.g.,
    TLS 1.3 is the minimum TLS version permitted by the RFC, so no
    need to mention/set this explicitly anymore.

commit 58ff6e2797dcb48cf7ef7e885447c14f6f4a67af
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Fri Aug 30 14:35:43 2024 +0200

    Docs: ntpdate no longer supports "-o"

commit 7556c4e9ee3089addd05d5da3e346492d0dc6c3c
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 23:02:21 2025 -0600

    Depend on python3-setuptools
    
    Closes: 1080689

commit 63015ace006433d49db288e73c764f068c1aaf05
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 23:00:55 2025 -0600

    control: Run wrap-and-sort
    
    Gbp-Dch: Ignore

commit d1a332e8c49a71a64ff9c855e5f37a4d67c2fc9c
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:59:04 2025 -0600

    Handle BrokenPipeError in ntpq
    
    Closes: 1092198

commit cb828bac2b75a9f0ced9b106e3a2ad35ffb4d409
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:31:46 2025 -0600

    Add patch to fix out of bounds read
    
    Thanks: Artem Nasonov

commit 90f86276b7973f14a2e4e52b45efd6b17320e710
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:25:14 2025 -0600

    Remove ntpsec.timer systemd-cron workaround
    
    ntpsec.timer was masked (made a symlink to /dev/null) to cause
    systemd-cron to skip converting /etc/cron.d/ntpsec.  This has been
    special-cased in systemd-cron.
    
    Closes: 1098745

commit 1060ba56652fa3886e5aa501a8ad19593c8f18f2
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:21:03 2025 -0600

    Add more checks to ntpviz cron
    
    Similar to the last commit, we should probably be checking that
    /usr/bin/ntpviz is still installed.

commit 3c07e700ff9d7566b8670557deb813e0e3079b3a
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:18:23 2025 -0600

    Fix ntpviz cron errors (when uninstalled)
    
    When ntpviz is uninstalled but not purged, the cron job can error
    because /var/lib/ntpsec/ntpviz/day (and presumably the same for /week)
    does not exist.
    
    Closes: 1098796

commit 61d10cbb47b5983336fb27626322e834c5431633
Author: Richard Laager <rlaager@debian.org>
Date:   Fri Feb 28 22:14:07 2025 -0600

    ntplogtemp: Handle OSError
    
    Thanks: Daniel <daniel@developerdan.com>
    Closes: 1098368

commit 74f50e3170fb2417e05dd020f1e31f0b447a6565
Author: Richard Laager <rlaager@debian.org>
Date:   Mon May 6 22:15:44 2024 -0500

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 79e0a5ebbadb40f1aee616e32b50d931f6f12da0
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Mon May 6 19:32:39 2024 -0500

    Drop "nopeer" option of restrict command from configuration
    
    The "nopeer" option to the restrict command is being ignored
    since 2020, with ntpd emitting a log message to that effect
    if the option is found in the configuration.
    
    Drop the option from ntp.conf to prevent ntpd from emitting
    the related error message.
    
    Signed-off-by: Richard Laager <rlaager@debian.org>
    [I made the same edit to ntp.conf.ubuntu too.]

commit 2ad838246ffc6471e4d015f2cce0f0c023147d9e
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 30 00:22:22 2024 -0500

    Update changelog for release
    
    Gbp-Dch: Ignore

commit 05b63211d566fc8717fad908932b0a741714d670
Author: Richard Laager <rlaager@debian.org>
Date:   Tue Apr 30 00:21:11 2024 -0500

    Update Standards-Version (no changes)

commit 95b6904077c7e67674db96488d805dbd9ad80323
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Sun Apr 28 16:15:47 2024 +0200

    Add nts-keys-tmp to NTPsec apparmor profile
    
    As part of generating NTS crypto material, NTPsec is temporarily
    using the file /var/lib/ntpsec/nts-keys-tmp before storing the
    final material in /var/lib/ntpsec/nts-keys. However, unlike
    nts-keys, the file nts-keys-tmp is not covered by the apparmor
    profile. Thus, attempts to create/write to that file are denied
    and fail.
    
    Thus, this commit adds the temporary file to the apparmor profile.

commit 41aa2dbc5510feb2dce08eda8d5a54507ecbb612
Author: Joachim Kross <kross@kaffeeschluerfer.com>
Date:   Sun Apr 28 16:00:04 2024 +0200

    Add usestats log file to NTPsec apparmor profile
    
    The log file of type "usestats" is not covered by the current
    apparmor profile, leading to ntpd not being able to create
    this type of log file (actually, a file with a specific
    name reflecting the log file type).
    
    Add the file path+name of the usestats log file to the apparmor
    profile, in line with the other log file types/names.

commit 72dbbef84aa73b864ee826ed251dc31e30cceb5d
Merge: 12dde2da ba585cf7
Author: Richard Laager <rlaager@debian.org>
Date:   Sun Mar 10 18:32:27 2024 -0500

    New upstream version 1.2.3+dfsg1

commit ba585cf78aa75487b2d320f91471123adff80d19
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Sat Dec 30 23:52:08 2023 -0500

    version 1.2.3
    
    Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com>

commit fb98a72bc301c241f5cc45201dc24580e92dd0e3
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Thu Dec 28 23:21:38 2023 -0500

    Update PIVOT.h ahead of the release

commit 7965b5dce4bc8dbdd3aa4583846188727500c7cd
Author: James Stroud <james.jstroud@gmail.com>
Date:   Sat Dec 23 02:07:17 2023 +0000

    Update ntpsec.adoc - minor formatting change to stay consistent.  I hope you don't mind merging.  I just found out about your project and love it. Great job.

commit f295e2a43a3a0df2851b668216cbbb4a917c229f
Author: Fred Wright <fw@fwright.net>
Date:   Tue Dec 26 14:22:46 2023 -0800

    Fix attic build
    
    Removes a reference to an attic program that isn't provided.
    
    TESTED:
    Build now works with --enable-attic.

commit 9893b850f54d31a47b1ace513c209edd34cece16
Author: Richard Laager <rlaager@wiktel.com>
Date:   Sun Dec 24 15:44:35 2023 -0600

    Fix duplicate exit status in man pages
    
    The "EXIT STATUS" section is duplicated in several man pages.
    
    Reported-by: Bjarni Ingi Gislason <bjarniig@simnet.is>

commit 0fdfe69295d96ae7e94648faa8fedb6f4c8ec1b3
Author: Fred Wright <fw@fwright.net>
Date:   Thu Dec 21 00:56:09 2023 -0800

    aes_siv: Remove troublesome -Wconversion
    
    This warning is known to be overzealous in GCC 4.2, and apparently
    toned down in later GCC versions.
    
    According to devel/CommitLog-4.1.0, it was removed from the "classic"
    CFLAGS in 2001-04-21, and hadn't resurfaced until it was applied
    here solely to aes_siv components in 468fc5a7c9.
    
    TESTED:
    Now builds without warnings and passes tests, with 28 compilers
    from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.

commit bb663654817c5467c4bf0724af8cdff09f8f1621
Author: Fred Wright <fw@fwright.net>
Date:   Thu Dec 21 00:37:21 2023 -0800

    Fix some timespec initializer warnings
    
    Some compilers don't seem to recognize that clock_gettime() storing
    into a struct timespec counts as initializing it, and produce "may be
    used uninitialized" warnings.  Adding initializers to the structs gets
    rid of the warnings, without adding enough overhead to worry about.
    
    TESTED:
    Now builds without warnings and passes tests, with 28 compilers
    from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.

commit 60a2ad1438bdf8519d936f3f69c1f225eb882eb4
Author: Fred Wright <fw@fwright.net>
Date:   Thu Dec 21 00:27:15 2023 -0800

    ntp_control.c: Fix a compiler warning
    
    The expression was shifting a char left before promoting it to
    a short.  This should actually be OK, since intermediate results
    are supposed to be int or better, but it's more conceptually correct
    to promote it first, which avoids a warning from GCC 4.2.  It's
    also slightly better to do the mask before the shift.
    
    TESTED:
    Now builds without warnings and passes tests, with 28 compilers
    from GCC 4.2 and Clang 3.3 to GCC 13 and Clang 17.

commit 86636d8d5c7a1cac87a77dd9b0d808b09174e698
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Sun Dec 17 12:36:28 2023 -0800

    Update NEWS.adoc with random things from the history

commit 1b2327b9495b7572255e255392c1d6e065e9b4a1
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 18 01:21:23 2023 -0800

    Add names to unions in ntp_control's struct var
    
    Some old compilers need them.

commit a7accd9627e746a994cdad48949437c71d9c77a5
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Sat Dec 9 07:29:23 2023 -0800

    ntp.packet: Shim mode6 alignment to 4 & use it.

commit 96ab4b68c91827175ef1e707fc445382c3e89ca7
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Wed Dec 6 06:48:10 2023 -0800

    FFI: Revise comments and white space.

commit 65f0fb2eddc4fbf634f1000fc3ebf354bef0c19d
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Wed Dec 6 06:52:22 2023 -0800

    FFI: Wrap more code blocks with curly braces.

commit 80bcf512434855eae489731b66f2c0a033a1852f
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Wed Dec 6 06:59:58 2023 -0800

    FFI: Check return codes of CMAC_* from -lcrypto

commit fbcbd33d23a9703749c9d3a6bb859b42f0a56e6e
Author: Hal Murray <halmurray@sonic.net>
Date:   Tue Dec 5 23:31:56 2023 -0800

    More tweaks to ntpd/ntp_filegen.c
    
      1) fix brain-fart in previous edit
      2) merge 2 cases
      3) squish warning for signed/unsigned compare

commit 9dc9606b2cb6ea38f6e32a94f9ad392d511a9253
Author: Hal Murray <halmurray@sonic.net>
Date:   Tue Dec 5 23:08:22 2023 -0800

    Attempt to fix coverity 316495

commit f8513096ee4937f8b5df92c052567b811baeb3cc
Author: Hal Murray <halmurray@sonic.net>
Date:   Tue Dec 5 19:37:21 2023 -0800

    Add ntpq defaulting to AES

commit e3afd66839d79d6d0073d33b19b69ea0bf5ba58b
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Wed Dec 6 10:22:22 2023 -0800

    Fix #812 putarray sends right length to putunqstr

commit ba25900934da7430e4501f2d5895d72e734fad1b
Author: Hal Murray <halmurray@sonic.net>
Date:   Tue Dec 5 01:28:35 2023 -0800

    Another attempt at Coverity 356204

commit 1c79d66b43a5befb62a2795ba8746533ea1ed542
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 06:40:43 2023 -0800

    Update NEWS

commit 05d655cf0c033cebd3c4b866c626e643d9c522d3
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:57:28 2023 -0800

    Doc tweaks, mostly for shared keys

commit f71580d424ca2295706db56ea2f0abe95d48cda3
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:51:47 2023 -0800

    Add doc for mssntpinfo

commit 1b91d73e6cadc5b9334393ee14ee916972ef9bc1
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:28:54 2023 -0800

    Add SHA-1 as an alias for SHA1
    
    NIST uses SHA-1 but OpenSSL's crypto package uses SHA1.

commit 42523439d477de813a2293fd1496d660a48ca876
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:20:56 2023 -0800

    Add support for nts tlsecdhcurves to ntp_config
    
    Interesting that nobody had tried it yet.
    (It crashed on an ASSERT fail when I tested it.)

commit 08e27afad87916cd9bfdc543f1ae5e4736f10c5f
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:14:56 2023 -0800

    Drop T_Tlsciphers from ntp_parser.y
    
    It wasn't in keyword-gen.c or used by ntp_config.c
    or in any of the documentation

commit ed48d5c44a62b39719f9d90feacb3d94b82a8a7b
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 02:00:20 2023 -0800

    Tweak comment to refer to RFC 9327

commit eea06b5716dca0bc5d4c7da8f19664a91f138eb8
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 01:58:08 2023 -0800

    log curves used by nts ecdhcurves

commit 07231d10e2a507eed20457b706efda785b77bb9e
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 01:57:14 2023 -0800

    Add attic/cipher-find.c

commit 4cc149a3ae9a5d8c4f3ecc1e1bac04e6cd799781
Author: Hal Murray <halmurray@sonic.net>
Date:   Mon Dec 4 01:55:00 2023 -0800

    Add DES and DES3 to list

commit 4e21ea3ecc817f522222255aaac2fb67d2cfaf14
Author: Hal Murray <halmurray@sonic.net>
Date:   Sun Dec 3 20:09:18 2023 -0800

    Hack around const bug in OpenSSL API
    
    cast discards ‘const’ warning from SSL_CTX_set1_groups_list()
    https://github.com/openssl/openssl/issues/22535

commit 6a08498f620179d00bb1aa8425038380e0ba8cf9
Author: Hal Murray <halmurray@sonic.net>
Date:   Sun Dec 3 19:56:52 2023 -0800

    Minor cleanup to ntp_filegen, fix Coverity 356204

commit 62ee9a8b422305e1a80b0300222e48c56de41a85
Author: Hal Murray <halmurray@sonic.net>
Date:   Sun Dec 3 19:52:44 2023 -0800

    Update TODO-NTS

commit 59e305105186dfd59491abc45f0971b92fb9437d
Author: James Browning <jamesb.fe80@gmail.com>
Date:   Sun Dec 3 17:48:37 2023 -0800

    Make pylint shut up about f-strings.

commit 12dde2da4ba2fbd93bac3813e7ef106af6241f5c
Merge: d7b142a9 969e4692
Author: Richard Laager <rlaager@debian.org>
Date:   Mon Jan 16 17:31:53 2023 -0600

    New upstream version 1.2.2+dfsg1

commit 969e469209bfda91bf2f2cae98b14c7ecd98fd48
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Wed Dec 28 23:45:49 2022 -0500

    version 1.2.2
    
    Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com>

commit a4b03a72d02f2aede7b707d890b34beae6016ec6
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Wed Dec 28 23:16:44 2022 -0500

    Make sure tarball doesn't contain versioned shared library symlinks

commit 5ff55406c90406dca9617c4394a1045f4df50867
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Wed Dec 28 23:02:08 2022 -0500

    Explicitly run waf via python3 in make-tarball

commit 63de6cd02a99cc69e940704e4e4965f01ee9cbc0
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Wed Dec 28 22:28:16 2022 -0500

    Take 2 on cleaning up the asciidoc syntax

commit 45dd4d642e750d8685ddacd879f870f4944c1186
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Wed Dec 28 22:28:16 2022 -0500

    Tidy up asciidoc syntax in NEWS

commit 93b5a395da026937998a5c1977d30853e046e4ec
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Fri Dec 23 20:39:34 2022 -0500

    No need to install gpgv on ubuntu-rolling now that clone3() issue is resolved

commit 7a09186ce6eec2ed0241dc1a03331a8c9df2e7fe
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Fri Dec 23 13:28:09 2022 -0500

    Update docker build files to use the distributions implied by their names
    
    This partially reverts 64e2c355ac601b57eebec75a13da40e7d47fbf54 ("I: Some
    remaining image have repo verification issues")
    
    The underlying issue with upstream repository verification was fixed in
    eff644a4262ef1eb0d78a8958cc59b33b0541d57 ("Use latest docker image when
    building docker images")

commit 4acc911050e157235111ad6cfc96a3a65457e2df
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Thu Dec 22 23:25:40 2022 -0500

    Update release manager user for ftp server

commit b8900bfc21cb3df44a3d17df4acb2a533dfd36a3
Author: Hal Murray <hmurray@megapathdsl.net>
Date:   Thu Dec 22 17:44:05 2022 -0800

    Fix for gliitches found by Google's oss-fuzz

commit 1195ff029fd12d0cb112d1100bf1769910b1681f
Author: Hal Murray <hmurray@megapathdsl.net>
Date:   Thu Dec 22 17:04:15 2022 -0800

    Cleanup NTPv1 processing
    
    ntpq sysstats now shows NTPv1 activity
    add NTPv1 packet count to sysstats log files

commit 21962ae0a1cd4d85fe2b2a96aeef8c489fe691ff
Author: Hal Murray <hmurray@megapathdsl.net>
Date:   Thu Dec 22 15:07:39 2022 -0800

    Update NEWS to include NTS wildcard support

commit dc948158a2ce64479b296bdb973992a7f0521a3b
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Thu Dec 22 12:42:40 2022 -0500

    Remove call to emerge-webrsync in Gentoo docker image building
    
    We pull portage from docker so there's no need to pull portage over the web
    additionally.

commit eff644a4262ef1eb0d78a8958cc59b33b0541d57
Author: Matt Selsky <matthew.selsky@twosigma.com>
Date:   Thu Dec 22 12:37:24 2022 -0500

    Use latest docker image when building docker images
    
    We were previously using the "stable" version of docker and this tag hasn't
    been updated in 2 years. We instead switch to "latest" since we have no need to
    pin to a specific version.
    
    The "stable" version of docker was older than 20.10.10 and it caused issues for
    linux distributions using glibc >= 2.34 because of how clone3() is used.
    
    See https://github.com/AkihiroSuda/clone3-workaround for additional details.

Created: 2026-02-08 Last update: 2026-02-08 07:00

debian/patches: 11 patches to forward upstream low

Among the 31 debian patches available in version 1.2.3+dfsg1-8 of the package, we noticed the following issues:

11 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-03-01 Last update: 2025-05-03 10:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-12-23 20:00

news

[rss feed]

[2025-05-13] ntpsec 1.2.3+dfsg1-8 MIGRATED to testing (Debian testing watch)
[2025-05-02] Accepted ntpsec 1.2.3+dfsg1-8 (source) into unstable (Richard Laager)
[2025-04-29] ntpsec 1.2.3+dfsg1-7 MIGRATED to testing (Debian testing watch)
[2025-04-15] Accepted ntpsec 1.2.3+dfsg1-7 (source) into unstable (Richard Laager)
[2025-04-14] Accepted ntpsec 1.2.3+dfsg1-6 (source) into unstable (Richard Laager)
[2025-04-12] Accepted ntpsec 1.2.3+dfsg1-5 (source) into unstable (Richard Laager)
[2025-03-01] Accepted ntpsec 1.2.3+dfsg1-4 (source) into unstable (Richard Laager)
[2024-05-17] ntpsec 1.2.3+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2024-05-17] ntpsec 1.2.3+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2024-05-07] Accepted ntpsec 1.2.3+dfsg1-3 (source) into unstable (Richard Laager)
[2024-05-05] ntpsec 1.2.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2024-04-30] Accepted ntpsec 1.2.3+dfsg1-2 (source) into unstable (Richard Laager)
[2024-04-29] ntpsec 1.2.3+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2024-03-11] Accepted ntpsec 1.2.3+dfsg1-1 (source) into unstable (Richard Laager)
[2023-12-30] ntpsec 1.2.2+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2023-12-24] Accepted ntpsec 1.2.2+dfsg1-4 (source) into unstable (Richard Laager)
[2023-12-13] ntpsec 1.2.2+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-12-11] Accepted ntpsec 1.2.2+dfsg1-3 (source) into unstable (Richard Laager)
[2023-08-05] Accepted ntpsec 1.2.2+dfsg1-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Richard Laager)
[2023-08-04] Accepted ntpsec 1.2.2+dfsg1-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Richard Laager)
[2023-08-02] ntpsec 1.2.2+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2023-07-30] Accepted ntpsec 1.2.2+dfsg1-2 (source) into unstable (Richard Laager)
[2023-01-22] ntpsec 1.2.2+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2023-01-17] Accepted ntpsec 1.2.2+dfsg1-1 (source) into unstable (Richard Laager)
[2022-10-23] ntpsec 1.2.1+dfsg1-8 MIGRATED to testing (Debian testing watch)
[2022-10-18] Accepted ntpsec 1.2.1+dfsg1-8 (source) into unstable (Richard Laager)
[2022-06-11] ntpsec 1.2.1+dfsg1-7 MIGRATED to testing (Debian testing watch)
[2022-05-11] Accepted ntpsec 1.2.1+dfsg1-7 (source) into unstable (Richard Laager)
[2022-04-09] ntpsec 1.2.1+dfsg1-6 MIGRATED to testing (Debian testing watch)
[2022-04-03] Accepted ntpsec 1.2.1+dfsg1-6 (source) into unstable (Richard Laager)

bugs [bug history graph]

all: 76 77
RC: 0
I&N: 50 51
M&W: 26
F&P: 0
patch: 5

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.3+dfsg1-8ubuntu1
10 bugs
patches for 1.2.3+dfsg1-8ubuntu1