Ubuntu
ntp package

ntp in precise has disabled crypto

Bug #998403 reported by Yves-Alexis Perez
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ntp (Debian)
Fix Released
Unknown
ntp (Ubuntu)
Fix Released
High
Unassigned
Precise
Fix Released
High
Unassigned
Ubuntu ubuntu-12.04.1

Bug Description

[Impact]
ssl support in ntp is broken

[Text Case]
Not sure how to test, but check in the build log if "checking if we will use crypto..." is "yes" or "no"

the precise version:

https://launchpadlibrarian.net/95616971/buildlog_ubuntu-precise-i386.ntp_1%3A4.2.6.p3%2Bdfsg-1ubuntu3_BUILDING.txt.gz
"checking if we will use crypto... no"

the quantal one:
https://launchpadlibrarian.net/106850381/buildlog_ubuntu-quantal-i386.ntp_1%3A4.2.6.p3%2Bdfsg-1ubuntu4_BUILDING.txt.gz
"checking if we will use crypto... yes"

[Regression Potential]
should be limited, it's just pointing to the right location

[Original Report]

Hey,

this is the exact same bug as Debian's #670662 and #671626 but as it affects a stable (LTS) release I thought I would report it too, in case it can be fixed before the next release.

Basically a multi-arch change in OpenSSL package disabled the crypto part in ntp, meaning it's not possible anymore to use some kind of protection, wether on the client part or the server part.

I'm unsure about tagging it security since it's not really a vulnerability by itself, but you see the point. Attached patch should fix the problem, but the Debian maintainer tagged the bug “pending” so you might want to wait for his fix.

See original description
Revision history for this message
Yves-Alexis Perez (corsac) wrote :
Revision history for this message
Yves-Alexis Perez (corsac) wrote :

Well, in fact the package was indeed fixed in Debian, so you can pick the patch there.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "fix detection of openssl" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Bug Watch Updater (bug-watch-updater)
Changed in ntp (Debian):
status: Unknown → Fix Released
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

We need to fix this in precise and quantal. It should arrive via the merge from Debian in quantal, but we'll need to get the fix (thanks for the debdiff!) included in 12.04 as well.

Changed in ntp (Ubuntu):
status: New → Triaged
importance: Undecided → High
Changed in ntp (Ubuntu Precise):
status: New → Triaged
importance: Undecided → High
Bryce Harrington (bryce)
description: updated
Sebastien Bacher (seb128)
Changed in ntp (Ubuntu Precise):
milestone: none → ubuntu-12.04.1
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu4

---------------
ntp (1:4.2.6.p3+dfsg-1ubuntu4) quantal; urgency=low

  * Re-enable crypto support by pointing openssl libdir to multiarch dir,
    change backported from Debian, thanks Yves-Alexis Perez (lp: #998403)
 -- Sebastien Bacher <email address hidden> Mon, 04 Jun 2012 16:35:25 +0200

Changed in ntp (Ubuntu):
status: Triaged → Fix Released
Sebastien Bacher (seb128)
Changed in ntp (Ubuntu Precise):
status: Triaged → Fix Committed
Sebastien Bacher (seb128)
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Yves-Alexis, or anyone else affected,

Accepted ntp into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
Sebastien Bacher (seb128) wrote :

the sru build log:

https://launchpadlibrarian.net/106940695/buildlog_ubuntu-precise-i386.ntp_1%3A4.2.6.p3%2Bdfsg-1ubuntu3.1_BUILDING.txt.gz
"checking if we will use crypto... yes"

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.1

---------------
ntp (1:4.2.6.p3+dfsg-1ubuntu3.1) precise-proposed; urgency=low

  * Re-enable crypto support by pointing openssl libdir to multiarch dir,
    change backported from Debian, thanks Yves-Alexis Perez (lp: #998403)
 -- Sebastien Bacher <email address hidden> Mon, 04 Jun 2012 16:35:25 +0200

Changed in ntp (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.