diff --git a/SOURCES/ntp-4.2.6p1-logdefault.patch b/SOURCES/ntp-4.2.6p1-logdefault.patch
deleted file mode 100644
index ae816b7..0000000
--- a/SOURCES/ntp-4.2.6p1-logdefault.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ntp-4.2.6p1/ntpd/ntp_config.c.logdefault ntp-4.2.6p1/ntpd/ntp_config.c
---- ntp-4.2.6p1/ntpd/ntp_config.c.logdefault	2010-01-24 11:01:45.000000000 +0100
-+++ ntp-4.2.6p1/ntpd/ntp_config.c	2010-03-09 17:44:09.000000000 +0100
-@@ -3794,7 +3794,7 @@ getconfig(
- 
- #endif /* SYS_WINNT */
- 	res_fp = NULL;
--	ntp_syslogmask = NLOG_SYNCMASK; /* set more via logconfig */
-+	ntp_syslogmask = NLOG_SYNCMASK | NLOG_EVENT | NLOG_STATUS; /* set more via logconfig */
- 
- 	/*
- 	 * install a non default variable with this daemon version
diff --git a/SOURCES/ntp-4.2.6p4-rtnetlink.patch b/SOURCES/ntp-4.2.6p4-rtnetlink.patch
deleted file mode 100644
index 06d2e87..0000000
--- a/SOURCES/ntp-4.2.6p4-rtnetlink.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -up ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink ntp-4.2.6p4/ntpd/ntp_io.c
---- ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink	2011-10-05 15:49:17.061711033 +0200
-+++ ntp-4.2.6p4/ntpd/ntp_io.c	2011-10-05 15:49:17.074711042 +0200
-@@ -4549,10 +4549,7 @@ init_async_notifications()
- #ifdef HAVE_RTNETLINK
- 	memset(&sa, 0, sizeof(sa));
- 	sa.nl_family = PF_NETLINK;
--	sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR
--		       | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE
--		       | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE
--		       | RTMGRP_IPV6_MROUTE;
-+	sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR;
- 	if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
- 		msyslog(LOG_ERR,
- 			"bind failed on routing socket (%m) - using polled interface update");
diff --git a/SOURCES/ntp-4.2.6p5-logdefault.patch b/SOURCES/ntp-4.2.6p5-logdefault.patch
new file mode 100644
index 0000000..177a59b
--- /dev/null
+++ b/SOURCES/ntp-4.2.6p5-logdefault.patch
@@ -0,0 +1,30 @@
+diff -up ntp-4.2.6p5/html/miscopt.html.logdefault ntp-4.2.6p5/html/miscopt.html
+--- ntp-4.2.6p5/html/miscopt.html.logdefault	2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p5/html/miscopt.html	2014-01-03 15:08:11.947681966 +0100
+@@ -56,11 +56,11 @@
+ 			<dd>While not strictly a security function, the Autokey protocol provides means to securely retrieve the current or updated leapsecond values from a server.</dd>
+ 			<dt id="logconfig"><tt>logconfig <i>configkeyword</i></tt></dt>
+ 			<dd>This command controls the amount and type of output written to the system <tt>syslog</tt> facility or the alternate <tt>logfile</tt> log file. All <i><tt>configkeyword</tt></i> keywords can be prefixed with <tt>=</tt>, <tt>+</tt> and <tt>-</tt>, where <tt>=</tt> sets the <tt>syslogmask</tt>, <tt>+</tt> adds and <tt>-</tt> removes messages. <tt>syslog messages</tt> can be controlled in four classes (<tt>clock</tt>, <tt>peer</tt>, <tt>sys</tt> and <tt>sync</tt>). Within these classes four types of messages can be controlled: informational messages (<tt>info</tt>), event messages (<tt>events</tt>), statistics messages (<tt>statistics</tt>) and status messages (<tt>status</tt>).</dd>
+-				<dd>Configuration keywords are formed by concatenating the message class with the event class. The <tt>all</tt> prefix can be used instead of a message class. A message class may also be followed by the <tt>all</tt> keyword to enable/disable all messages of the respective message class. By default, <tt>logconfig</tt> output is set to <tt>allsync</tt>.</dd>
++				<dd>Configuration keywords are formed by concatenating the message class with the event class. The <tt>all</tt> prefix can be used instead of a message class. A message class may also be followed by the <tt>all</tt> keyword to enable/disable all messages of the respective message class. By default, <tt>logconfig</tt> output is set to <tt>=syncall +sysevents +sysstatus</tt>.</dd>
+ 				<dd>Thus, a minimal log configuration could look like this:</dd>
+-				<dd><tt>logconfig=syncstatus +sysevents</tt></dd>
++				<dd><tt>logconfig =syncstatus +sysevents</tt></dd>
+ 						<dd>This would just list the synchronizations state of <tt>ntpd</tt> and the major system events. For a simple reference server, the following minimum message configuration could be useful:</dd>
+-				<dd><tt>logconfig allsync +allclock</tt></dd>
++				<dd><tt>logconfig =syncall +clockall</tt></dd>
+ 				<dd>This configuration will list all clock information and synchronization information. All other events and messages about peers, system events and so on is suppressed.</dd>
+ 			<dt id="logfile"><tt>logfile <i>logfile</i></tt></dt>
+ 			<dd>This command specifies the location of an alternate log file to be used instead of the default system <tt>syslog</tt> facility. This is the same operation as the <tt>-l </tt>command line option.</dd>
+diff -up ntp-4.2.6p5/ntpd/ntp_config.c.logdefault ntp-4.2.6p5/ntpd/ntp_config.c
+--- ntp-4.2.6p5/ntpd/ntp_config.c.logdefault	2011-12-01 03:55:17.000000000 +0100
++++ ntp-4.2.6p5/ntpd/ntp_config.c	2014-01-03 15:05:44.293553494 +0100
+@@ -3835,7 +3835,7 @@ getconfig(
+ 
+ #endif /* SYS_WINNT */
+ 	res_fp = NULL;
+-	ntp_syslogmask = NLOG_SYNCMASK; /* set more via logconfig */
++	ntp_syslogmask = NLOG_SYNCMASK | NLOG_SYSEVENT | NLOG_SYSSTATUS; /* set more via logconfig */
+ 
+ 	/*
+ 	 * install a non default variable with this daemon version
diff --git a/SOURCES/ntp-4.2.6p5-refreshroute.patch b/SOURCES/ntp-4.2.6p5-refreshroute.patch
new file mode 100644
index 0000000..d8737e2
--- /dev/null
+++ b/SOURCES/ntp-4.2.6p5-refreshroute.patch
@@ -0,0 +1,111 @@
+Backported from ntp-dev-4.2.7p399
+
+diff -up ntp-4.2.6p5/ntpd/ntp_io.c.refreshroute ntp-4.2.6p5/ntpd/ntp_io.c
+--- ntp-4.2.6p5/ntpd/ntp_io.c.refreshroute	2013-10-17 13:48:34.808727175 +0200
++++ ntp-4.2.6p5/ntpd/ntp_io.c	2013-12-09 14:02:28.076249785 +0100
+@@ -1785,7 +1785,6 @@ update_interfaces(
+ 	isc_result_t		result;
+ 	isc_interface_t		isc_if;
+ 	int			new_interface_found;
+-	int			refresh_peers;
+ 	unsigned int		family;
+ 	endpt			enumep;
+ 	endpt *			ep;
+@@ -1800,7 +1799,6 @@ update_interfaces(
+ 	 */
+ 
+ 	new_interface_found = FALSE;
+-	refresh_peers = FALSE;
+ 	iter = NULL;
+ 	result = isc_interfaceiter_create(mctx, &iter);
+ 
+@@ -1836,6 +1834,8 @@ update_interfaces(
+ 
+ 		convert_isc_if(&isc_if, &enumep, port);
+ 
++		DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
++
+ 		/* 
+ 		 * Check if and how we are going to use the interface.
+ 		 */
+@@ -1843,19 +1843,23 @@ update_interfaces(
+ 					 enumep.flags)) {
+ 
+ 		case ACTION_IGNORE:
++			DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n",
++				    enumep.name, stoa(&enumep.sin)));
+ 			continue;
+ 
+ 		case ACTION_LISTEN:
++			DPRINTF(4, ("listen interface %s (%s) - by nic rules\n",
++				    enumep.name, stoa(&enumep.sin)));
+ 			enumep.ignore_packets = ISC_FALSE;
+ 			break;
+ 
+ 		case ACTION_DROP:
++			DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n",
++				    enumep.name, stoa(&enumep.sin)));
+ 			enumep.ignore_packets = ISC_TRUE;
+ 			break;
+ 		}
+ 
+-		DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
+-
+ 		 /* interfaces must be UP to be usable */
+ 		if (!(enumep.flags & INT_UP)) {
+ 			DPRINTF(4, ("skipping interface %s (%s) - DOWN\n",
+@@ -1898,15 +1902,8 @@ update_interfaces(
+ 				 */
+ 				strncpy(ep->name, enumep.name,
+ 					sizeof(ep->name));
+-				if (ep->ignore_packets !=
+-				    enumep.ignore_packets) {
+-					ep->ignore_packets = 
++				ep->ignore_packets = 
+ 					    enumep.ignore_packets;
+-					refresh_peers = TRUE;
+-					DPRINTF(4, ("refreshing peers due to %s ignore_packets change to %d\n",
+-					    stoa(&ep->sin),
+-					    ep->ignore_packets));
+-				}
+ 			} else {
+ 				/* name collision - rename interface */
+ 				strncpy(ep->name, "*multiple*",
+@@ -1971,9 +1968,6 @@ update_interfaces(
+ 					(*receiver)(data, &ifi);
+ 
+ 				new_interface_found = TRUE;
+-				refresh_peers = TRUE;
+-				DPRINTF(4, ("refreshing peers due to new addr %s\n",
+-					stoa(&ep->sin)));
+ 				DPRINT_INTERFACE(3,
+ 					(ep, "updating ",
+ 					 " new - created\n"));
+@@ -2013,9 +2007,6 @@ update_interfaces(
+ 		DPRINT_INTERFACE(3, (ep, "updating ",
+ 				     "GONE - deleting\n"));
+ 		remove_interface(ep);
+-		refresh_peers = TRUE;
+-		DPRINTF(4, ("refreshing peers due to deleted addr %s",
+-			    stoa(&ep->sin)));
+ 
+ 		ifi.action = IFS_DELETED;
+ 		ifi.ep = ep;
+@@ -2037,12 +2028,12 @@ update_interfaces(
+ 	}
+ 
+ 	/*
+-	 * phase 3 - re-configure as the world has changed if necessary
++	 * phase 3 - re-configure as the world has possibly changed
++	 *
++	 * never ever make this conditional again - it is needed to track
++	 * routing updates. see bug #2506
+ 	 */
+-	if (refresh_peers) {
+-		refresh_all_peerinterfaces();
+-		msyslog(LOG_INFO, "peers refreshed");
+-	}
++	refresh_all_peerinterfaces();
+ 
+ 	if (sys_bclient)
+ 		io_setbclient();
diff --git a/SOURCES/ntp-4.2.6p5-rootdisp.patch b/SOURCES/ntp-4.2.6p5-rootdisp.patch
new file mode 100644
index 0000000..9d90359
--- /dev/null
+++ b/SOURCES/ntp-4.2.6p5-rootdisp.patch
@@ -0,0 +1,84 @@
+Backported from ntp-dev-4.2.7p385
+
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.rootdisp ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.rootdisp	2013-12-09 15:02:58.394459288 +0100
++++ ntp-4.2.6p5/ntpd/ntp_proto.c	2013-12-09 15:10:05.770954848 +0100
+@@ -1667,10 +1667,34 @@ clock_update(
+ 		sys_refid = peer->refid;
+ 	else
+ 		sys_refid = addr2refid(&peer->srcadr);
+-	dtemp = sys_jitter + fabs(sys_offset) + peer->disp +
+-	    (peer->delay + peer->rootdelay) / 2 + clock_phi *
+-	    (current_time - peer->update);
+-	sys_rootdisp = dtemp + peer->rootdisp;
++	/*
++	 * Root Dispersion (E) is defined (in RFC 5905) as:
++	 *
++	 * E = p.epsilon_r + p.epsilon + p.psi + PHI*(s.t - p.t) + |THETA|
++	 *
++	 * where:
++	 *  p.epsilon_r is the PollProc's root dispersion
++	 *  p.epsilon   is the PollProc's dispersion
++	 *  p.psi       is the PollProc's jitter
++	 *  THETA       is the combined offset
++	 *
++	 * NB: Think Hard about where these numbers come from and
++	 * what they mean.  When did peer->update happen?  Has anything
++	 * interesting happened since then?  What values are the most
++	 * defensible?  Why?
++	 *
++	 * DLM thinks this equation is probably the best of all worse choices.
++	 */
++	dtemp	= peer->rootdisp
++		+ peer->disp
++		+ sys_jitter
++		+ clock_phi * (current_time - peer->update)
++		+ fabs(sys_offset);
++
++	if (dtemp > sys_mindisp)                                                                                               
++		sys_rootdisp = dtemp;                                                                                          
++	else                                                                                                                   
++		sys_rootdisp = sys_mindisp;                                                                                    
+ 	sys_rootdelay = peer->delay + peer->rootdelay;
+ 	sys_reftime = peer->dst;
+ 
+@@ -2810,15 +2834,36 @@ root_distance(
+ 	double	dtemp;
+ 
+ 	/*
++	 * Root Distance (LAMBDA) is defined as:
++	 * (delta + DELTA)/2 + epsilon + EPSILON + phi
++	 *
++	 * where:
++	 *  delta   is the round-trip delay
++	 *  DELTA   is the root delay
++	 *  epsilon is the remote server precision + local precision
++	 *	    + (15 usec each second)
++	 *  EPSILON is the root dispersion
++	 *  phi     is the peer jitter statistic
++	 *
++	 * NB: Think hard about why we are using these values, and what
++	 * the alternatives are, and the various pros/cons.
++	 *
++	 * DLM thinks these are probably the best choices from any of the
++	 * other worse choices.
++	 */
++	dtemp = (peer->delay + peer->rootdelay) / 2
++		+ LOGTOD(peer->precision)
++		  + LOGTOD(sys_precision)
++		  + clock_phi * (current_time - peer->update)
++		+ peer->rootdisp
++		+ peer->jitter;
++	/*
+ 	 * Careful squeak here. The value returned must be greater than
+ 	 * the minimum root dispersion in order to avoid clockhop with
+ 	 * highly precise reference clocks. Note that the root distance
+ 	 * cannot exceed the sys_maxdist, as this is the cutoff by the
+ 	 * selection algorithm.
+ 	 */
+-	dtemp = (peer->delay + peer->rootdelay) / 2 + peer->disp +
+-	    peer->rootdisp + clock_phi * (current_time - peer->update) +
+-	    peer->jitter;
+ 	if (dtemp < sys_mindisp)
+ 		dtemp = sys_mindisp;
+ 	return (dtemp);
diff --git a/SOURCES/ntp.conf b/SOURCES/ntp.conf
index baa57b3..5ce2137 100644
--- a/SOURCES/ntp.conf
+++ b/SOURCES/ntp.conf
@@ -5,14 +5,13 @@ driftfile VARNTP/drift
 
 # Permit time synchronization with our time source, but do not
 # permit the source to query or modify the service on this system.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
+restrict default nomodify notrap nopeer noquery
 
 # Permit all access over the loopback interface.  This could
 # be tightened as well, but to do so would effect some of
 # the administrative functions.
 restrict 127.0.0.1 
-restrict -6 ::1
+restrict ::1
 
 # Hosts on local network are less restricted.
 #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
@@ -51,3 +50,9 @@ keys ETCNTP/keys
 
 # Enable writing of statistics records.
 #statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
index 57276a6..8a45f0f 100644
--- a/SPECS/ntp.spec
+++ b/SPECS/ntp.spec
@@ -1,7 +1,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
 Version: 4.2.6p5
-Release: 14%{?dist}
+Release: 18%{?dist}
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -61,8 +61,8 @@ Patch5: ntp-4.2.6p1-linkfastmath.patch
 Patch6: ntp-4.2.6p5-fipsmd5.patch
 # ntpbz #759
 Patch7: ntp-4.2.6p1-retcode.patch
-# ntpbz #992
-Patch8: ntp-4.2.6p4-rtnetlink.patch
+# ntpbz #2085
+Patch8: ntp-4.2.6p5-rootdisp.patch
 # ntpbz #2309
 Patch9: ntp-4.2.6p5-hexpw.patch
 # ntpbz #898
@@ -72,7 +72,7 @@ Patch11: ntp-4.2.6p5-updatebclient.patch
 # fix precision calculation on fast CPUs
 Patch12: ntp-4.2.4p7-getprecision.patch
 # ntpbz #1408
-Patch13: ntp-4.2.6p1-logdefault.patch
+Patch13: ntp-4.2.6p5-logdefault.patch
 # add option -m to lock memory
 Patch14: ntp-4.2.6p5-mlock.patch
 # allow -u and -p options to be used twice (#639101)
@@ -87,6 +87,8 @@ Patch18: ntp-4.2.6p5-delaycalib.patch
 Patch19: ntp-4.2.6p5-pwcipher.patch
 # ntpbz #2320
 Patch20: ntp-4.2.6p5-noservres.patch
+# ntpbz #2506
+Patch21: ntp-4.2.6p5-refreshroute.patch
 
 # handle unknown clock types
 Patch50: ntpstat-0.2-clksrc.patch
@@ -182,7 +184,7 @@ This package contains NTP documentation in HTML format.
 %endif
 %patch6 -p1 -b .fipsmd5
 %patch7 -p1 -b .retcode
-%patch8 -p1 -b .rtnetlink
+%patch8 -p1 -b .rootdisp
 %patch9 -p1 -b .hexpw
 %patch10 -p1 -b .htmldoc
 %patch11 -p1 -b .updatebclient
@@ -195,6 +197,7 @@ This package contains NTP documentation in HTML format.
 %patch18 -p1 -b .delaycalib
 %patch19 -p1 -b .pwcipher
 %patch20 -p1 -b .noservres
+%patch21 -p1 -b .refreshroute
 
 # ntpstat patches
 %patch50 -p1 -b .clksrc
@@ -406,6 +409,22 @@ popd
 %{ntpdocdir}/html
 
 %changelog
+* Tue Feb 11 2014 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-18
+- disable monitor in default ntp.conf (#1047856)
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 4.2.6p5-17
+- Mass rebuild 2014-01-24
+
+* Fri Jan 03 2014 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-16
+- refresh peers on routing updates (#1048132)
+- fix calculation of root dispersion (#1045377)
+- remove unnecessary IPv6 restrict line from default ntp.conf (#1048255)
+- remove kod from default restrict in ntp.conf (#1048255)
+- update logconfig documentation for patched default (#1048252)
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 4.2.6p5-15
+- Mass rebuild 2013-12-27
+
 * Fri Oct 04 2013 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-14
 - remove ControlGroup in ntpd service (#999980)
 - don't build ntpsnmpd (#1015435)