Ubuntu
ntp package

Crypto support missing in Saucy

Bug #1236065 reported by Tyler Hicks on 2013-10-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ntp (Debian)	Fix Released	Unknown	debbugs #696390
	ntp (Ubuntu)	Fix Released	High	Unassigned

Bug Description

From the ntp_1:4.2.6.p5+dfsg-2ubuntu3 buildlog:

  checking for openssl library directory... /usr/lib/x86_64-linux-gnu
  checking for openssl include directory... no
  checking if we will use crypto... no

I noticed this after the QRT test test-ntp.py had some unexpected failures due to ntp-keygen not working:

  # ntp-keygen -p test
  /usr/sbin/ntp-keygen: illegal option -- p
  ...

Looking through the source, the -p option is wrapped with "#ifdef OPENSSL". The same preprocessor conditional is used throughout the ntp source to enable/disable crypto support.

Debian bug #696390 has the needed fix.

Tags:

Related branches

lp:ubuntu/saucy-proposed/ntp

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-06:

ntp_4.2.6.p5+dfsg-3ubuntu1.debdiff Edit (48.8 KiB, text/plain)

Merge ntp 1:4.2.6.p5+dfsg-3 from Debian testing.

I've verified that QRT's test-ntp.py now passes. Here's the relevant snippet from the build log:

  checking for openssl library directory... /usr/lib/x86_64-linux-gnu
  checking for openssl include directory... /usr/include
  checking if we will use crypto... yes
  checking if linking with -lcrypto alone works... yes

tags:

added: patch

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-10-06:

old-saucy-to-new.debdiff Edit (5.0 KiB, text/plain)

Here's the debdiff between what's currently in Saucy and the update I'm proposing with the debdiff above. The merge from Debian testing only pulls in the fix for this bug.

Tyler Hicks (tyhicks) on 2013-10-07

Changed in ntp (Ubuntu):
assignee:	Tyler Hicks (tyhicks) → nobody
status:	In Progress → Confirmed

Bug Watch Updater (bug-watch-updater) on 2013-10-07

Changed in ntp (Debian):
status:	Unknown → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-10-07:

This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu1

---------------
ntp (1:4.2.6.p5+dfsg-3ubuntu1) saucy; urgency=low

  * Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
    changes:
    + debian/ntp.conf, debian/ntpdate.default: Change default server to
      ntp.ubuntu.com.
    + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface
      comes up, then start again afterwards.
    + debian/ntp.init, debian/rules: Only stop when entering single user mode.
    + Add enforcing AppArmor profile:
      - debian/control: Add Conflicts/Replaces on apparmor-profiles.
      - debian/control: Add Suggests on apparmor.
      - debian/ntp.dirs: Add apparmor directories.
      - debian/ntp.preinst: Force complain on certain upgrades.
      - debian/ntp.postinst: Reload apparmor profile.
      - debian/ntp.postrm: Remove the force-complain file.
      - add debian/apparmor-profile*.
      - debian/rules: install apparmor-profile and apparmor-profile.tunable.
      - debian/README.Debian: Add note on AppArmor.
    + debian/{control,rules}: Add and enable hardened build for PIE.
    + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
    + debian/ntpdate-debian: Disregard empty ntp.conf files.
    + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
    + debian/ntpdate.if-up: Fix interaction with openntpd.
    + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
      false positives from denials originating in other packages.
    + debian/rules: Update config.{guess,sub} for AArch64.

ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low

  * Look for <openssl/opensslv.h> rather than <openssl/opensslconf.h>, which
    is due to move to a different location in order to support multiarch.
    Patch by Colin Watson <email address hidden> (Closes: #696390)
-- Tyler Hicks <email address hidden> Sun, 06 Oct 2013 12:34:00 -0700