After a year and a half of development, the release of the NTPsec 1.2.2 precise time synchronization system has been published, which is a fork of the reference implementation of the NTPv4 protocol (NTP Classic 4.3.34), focused on reworking the code base in order to improve security (obsolete code has been cleaned, attack prevention methods and secure functions for working with memory and strings). The project is being developed under the leadership of Eric S. Raymond with the participation of some of the developers of the original NTP Classic, engineers from Hewlett Packard and Akamai Technologies, as well as the GPSD and RTEMS projects. The NTPsec source code is distributed under the BSD, MIT, and NTP licenses.
Among the changes in the new version:
- Support for the NTPv1 protocol has been restored and its implementation has been cleaned. Information about NTPv1 traffic has been added to the output of the “ntpq sysstats” command, and counters for NTPv1 have been added to the sysstats log.
- The implementation of the NTS (Network Time Security) protocol has added the ability to use host name masks, for example, *.example.com. The NTS server provides storage of cookie keys for 10 days, which allows clients accessing once a day to do without using NTS-KE (NTS Key Establishment) to keep cookies up to date.
- rawstats provides logging of dropped packets.
- Support for Python 2.6 has been restored in the build system.
- Added support for OpenSSL 3.0 and LibreSSL.
- FreeBSD provides nanosecond-level accuracy when retrieving time information.
Source: opennet.ru