Ntp in fedora is in a version who is 4 years old. Latest version fix several security issues. http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Please update (not everyone has switch to chrony )
The security issues from 4.2.8p4 have been backported to the Fedora package. https://bodhi.fedoraproject.org/updates/FEDORA-2015-de44abca87 As for updating to 4.2.8, that will probably happen at some point, but I think we should wait until 4.2.8 is a bit more stable.
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
Any update on this? Fedora's version of ntp is sorely out of date.
The current upstream code is not in a very good shape. It seems there are still some bugs causing crashes and there are unfixed security vulnerabilities. Some fixes were incorrect and some I think should be reworked to use a different approach. Upstream is working very slowly, so I'm not sure how long it will take before I feel comfortable with rebasing our package. It would be good to know what a typical user that still runs ntpd expects from it. Stability or new features? We can always throw away all our patches and just closely follow the upstream releases. I'm not sure if the users would be happy with that. For me as the Fedora mantainer it would probably be less work. Anyway, I'm trying to follow upstream bug reports and backport important fixes to the Fedora package. Do you miss some particular feature or bugfix from 4.2.8?
This is Fedora, not RHEL/CentOS. Fedora is supposed to generally track upstream releases, not backport fixes for 4 years. https://fedoraproject.org/wiki/Staying_close_to_upstream_projects I have read about features related to reporting (expanded ntpq functionality) and leap seconds (there's one scheduled for the end of this year) that I would like to explore.
Here is a copr repo with an experimental ntp-4.2.8 package if anyone is interested in testing. Most patches are disabled for now. Please be careful, there are known security issues that were not (properly) fixed yet. https://copr.fedorainfracloud.org/coprs/mlichvar/ntp/
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle. Changing version to '25'.
4.2.8p9 was released today and it adds support for new openssl. I'll update the Fedora package soon.
4.2.8p9 is now in rawhide. All patches that were not accepted by upstream were dropped. It's a fresh start of the Fedora ntp package with the intention of staying close to upstream.