Author: Iain Lane
Revision Date: 2015-10-02 10:45:41 UTC

debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
newerit can get stale. Patch by Simon Déziel. (LP: #1472056)

Author: Iain Lane
Revision Date: 2015-10-02 10:45:41 UTC

debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
newerit can get stale. Patch by Simon Déziel. (LP: #1472056)

Author: Eric Desrochers
Revision Date: 2015-08-27 09:45:58 UTC

* Fix use-after-free in routing socket code (LP: #1481388)
  - debian/patches/use-after-free-in-routing-socket.patch
    fix logic in ntpd/ntp_io.c
* Fix to ignore ENOBUFS on routing netlink socket
  - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
    fix logic in ntpd/ntp_io.c

Author: Eric Desrochers
Revision Date: 2015-08-26 15:07:58 UTC

* Fix use-after-free in routing socket code (LP: #1481388)
  - debian/patches/use-after-free-in-routing-socket.patch
    fix logic in ntpd/ntp_io.c
* Fix to ignore ENOBUFS on routing netlink socket
  - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
    fix logic in ntpd/ntp_io.c

Author: Eric Desrochers
Revision Date: 2015-09-01 10:50:22 UTC

* Fix use-after-free in routing socket code (LP: #1481388)
  - debian/patches/use-after-free-in-routing-socket.patch
    fix logic in ntpd/ntp_io.c
* Fix to ignore ENOBUFS on routing netlink socket
  - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
    fix logic in ntpd/ntp_io.c

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:05:27 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:05:27 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:04:07 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:04:07 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:58:57 UTC

* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

Author: Marc Deslauriers
Revision Date: 2015-02-06 09:32:14 UTC

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

Author: Jamie Strandboge
Revision Date: 2013-10-09 12:28:02 UTC

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

Author: Chuck Short
Revision Date: 2009-12-07 20:03:59 UTC

ntp-ntptrace-man

Author: Jamie Strandboge
Revision Date: 2013-10-09 12:28:02 UTC

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

Author: Jamie Strandboge
Revision Date: 2013-10-09 12:28:02 UTC

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

Author: Jamie Strandboge
Revision Date: 2013-10-09 12:28:02 UTC

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

Author: Matthias Klose
Revision Date: 2013-04-03 07:21:01 UTC

* New upstream version, fixing build failure in raring.
* Merge with Debian; remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/apparmor-profile: Adjust location of drift files.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.ifup: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
    profile.
  + debian/apparmor-profile: adjust for IPv6.

Author: Matthias Klose
Revision Date: 2013-04-03 07:21:01 UTC

* New upstream version, fixing build failure in raring.
* Merge with Debian; remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/apparmor-profile: Adjust location of drift files.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.ifup: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
    profile.
  + debian/apparmor-profile: adjust for IPv6.

Author: Marc Deslauriers
Revision Date: 2012-08-20 10:13:30 UTC

debian/source_ntp.py: add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.

Author: Jamie Strandboge
Revision Date: 2012-03-06 08:06:06 UTC

* debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
  profile (LP: #930266)
* debian/control: Build-Depends on dh-apparmor

Author: Reinhard Tartler
Revision Date: 2011-10-11 10:35:13 UTC

Fix interaction with openntpd, LP: #872210

Author: Reinhard Tartler
Revision Date: 2011-10-11 10:35:13 UTC

Fix interaction with openntpd, LP: #872210

Author: Dave Walker
Revision Date: 2011-06-13 15:43:57 UTC

debian/patches/ntpdate-accept-same-timestamp-replies.patch:
Resolving regression where ntpdate ignores replies from some
ntp servers where recieve and transmit timestamps are equal.
Patch cherry picked from upstream commit. (LP: #787551)

Author: Dave Walker
Revision Date: 2011-06-13 15:43:57 UTC

debian/patches/ntpdate-accept-same-timestamp-replies.patch:
Resolving regression where ntpdate ignores replies from some
ntp servers where recieve and transmit timestamps are equal.
Patch cherry picked from upstream commit. (LP: #787551)

Author: James Page
Revision Date: 2011-04-06 11:19:26 UTC

debian/patches/fix-noipv4.patch: support running in IPv6 only
environments (LP: #715152).

Author: James Page
Revision Date: 2011-04-06 11:19:26 UTC

debian/patches/fix-noipv4.patch: support running in IPv6 only
environments (LP: #715152).

Author: James Page
Revision Date: 2011-04-11 11:27:28 UTC

debian/patches/fix-noipv4.patch: support running in IPv6 only
environments (LP: #715152).

Author: James Page
Revision Date: 2011-04-14 19:07:27 UTC

Added patch headers

Author: James Page
Revision Date: 2011-04-14 19:05:29 UTC

Added patch headers

Author: Kees Cook
Revision Date: 2011-03-10 12:54:59 UTC

debian/apparmor-profile: add note about using shared memory for
a clock source (LP: #722815).

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:16:12 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:16:12 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2010-08-06 17:40:04 UTC

debian/rules: move dh_apparmor before dh_installinit

Author: Chuck Short
Revision Date: 2010-01-25 16:28:19 UTC

* debian/rules: install symlink for early loading of per-interface
  triggered ntp AppArmor profile.
* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2010-04-08 16:24:42 UTC

debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
(LP: #517701)

Author: Chuck Short
Revision Date: 2009-12-08 16:18:21 UTC

Fix typo in debian/rules

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:34:25 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - update ntpd/ntp_request.c to not send a response packet for and rate
    limit logging of invalid mode 7 requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:34:25 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - update ntpd/ntp_request.c to not send a response packet for and rate
    limit logging of invalid mode 7 requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:33:27 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:33:27 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:28:25 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:28:25 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:26:18 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Jamie Strandboge
Revision Date: 2009-12-03 14:26:18 UTC

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

Author: Chuck Short
Revision Date: 2009-12-03 11:42:50 UTC

debian/rules: enable debugging (LP: #47683)

Author: Jamie Strandboge
Revision Date: 2009-10-21 07:07:31 UTC

debian/apparmor-profile: adjust location of drift files (LP: #456308)

Author: Steve Langasek
Revision Date: 2009-03-20 19:53:25 UTC

Build against libcap2 instead of libcap1, fixing a kernel warning
about using an old interface. LP: #328376.

Author: Matt LaPlante
Revision Date: 2008-12-09 10:29:30 UTC

Add ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 work.
(LP: #305043)

Author: Kees Cook
Revision Date: 2008-08-20 09:48:33 UTC

debian/ntpdate.ifup: use a different lockfile to avoid dead-locks
when restarting ntpd (LP: #246203).

Author: Onno Benschop
Revision Date: 2008-03-06 14:00:42 UTC

Stop ntp before running ntpdate when an interface
comes up, then start again afterwards (LP: #114505)

Author: Jamie Strandboge
Revision Date: 2009-01-06 01:31:51 UTC

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates.
  - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
    check the return code of EVP_VerifyFinal()
  - CVE-2009-0021

Author: Jamie Strandboge
Revision Date: 2009-01-06 01:31:51 UTC

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates.
  - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
    check the return code of EVP_VerifyFinal()
  - CVE-2009-0021

Author: LaMont Jones
Revision Date: 2007-10-04 12:15:33 UTC

Trigger rebuild for hppa

Author: Matthias Klose
Revision Date: 2007-03-05 01:23:22 UTC

* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.

Author: Scott James Remnant (Canonical)
Revision Date: 2006-09-15 17:47:40 UTC

Remove stop script symlinks from rc0 and rc6.

Author: Adam Conrad
Revision Date: 2006-05-29 10:25:43 UTC

Call dh_installinit with --error-handler=true, which will prevent
ntp-server's prerm and postinst from bombing out on upgrades from
previous broken versions. ntp-{simple,refclock} still try to
restart the server in their postinst, so it won't be left dead.

Author: Fabio Massimo Di Nitto
Revision Date: 2005-09-09 06:35:08 UTC

Fix error message in ntp-server init script.
(Closes: #14726)

Author: Martin Pitt
Revision Date: 2005-03-14 13:24:46 UTC

* ntpd/ntpd.c:
  - Revert the hardcoded root dropping parameters from previous version.
    This is now done in init script.
  - Bugfix: If group was specified as name, previous versions erroneously
    used the uid as gid.
* debian/ntp-server.init.d:
  - Run as user/group ntp by default (previously hardcoded in ntpd.c).
  - Already determine the uid/gid of 'ntp' instead of doing it in ntpd.c
    (for some reason this fails directly after boot). (Ubuntu #5399)
  - Add -e to interpreter to stop on errors.
  - append "/usr/bin/" to PATH setting (for getent and cut).

Author: Martin Pitt
Revision Date: 2005-09-01 17:12:51 UTC

* SECURITY UPDATE: Use the correct group when dropping privileges.
* ntpd/ntpd.c:
  - Use the id of the group, not the gid of the user (simple copy&paste
    error).
  - CAN-2005-2496

Author: Matt Zimmerman
Revision Date: 2004-10-11 16:10:27 UTC

Use ntp.ubuntulinux.org instead of pool.ntp.org