Merge ~kick-d/ubuntu/+source/ntp:logical/4.2.6.p5+dfsg-3ubuntu9 into ~ubuntu-server-dev/ubuntu/+source/ntp:logical

Proposed by Kick In
Status: Rejected
Rejected by: Robie Basak
Proposed branch: ~kick-d/ubuntu/+source/ntp:logical/4.2.6.p5+dfsg-3ubuntu9
Merge into: ~ubuntu-server-dev/ubuntu/+source/ntp:logical
Diff against target: 2416 lines (+2058/-21)
39 files modified
debian/apparmor-profile (+81/-0)
debian/apparmor-profile.tunable (+15/-0)
debian/control (+4/-2)
debian/ntp.conf (+12/-12)
debian/ntp.dhcp (+1/-1)
debian/ntp.dirs (+3/-0)
debian/ntp.init (+2/-2)
debian/ntp.preinst (+6/-0)
debian/ntpdate-debian (+1/-1)
debian/ntpdate.default (+1/-1)
debian/ntpdate.if-up (+10/-0)
debian/patches/CVE-2014-9293.patch (+42/-0)
debian/patches/CVE-2014-9294.patch (+118/-0)
debian/patches/CVE-2014-9295.patch (+108/-0)
debian/patches/CVE-2014-9296.patch (+16/-0)
debian/patches/CVE-2014-9297.patch (+371/-0)
debian/patches/CVE-2014-9298.patch (+43/-0)
debian/patches/CVE-2015-1798.patch (+33/-0)
debian/patches/CVE-2015-1799.patch (+42/-0)
debian/patches/CVE-2015-5146.patch (+128/-0)
debian/patches/CVE-2015-5194.patch (+49/-0)
debian/patches/CVE-2015-5195.patch (+47/-0)
debian/patches/CVE-2015-5196.patch (+57/-0)
debian/patches/CVE-2015-5219.patch (+27/-0)
debian/patches/CVE-2015-5300.patch (+16/-0)
debian/patches/CVE-2015-7691.patch (+225/-0)
debian/patches/CVE-2015-7701.patch (+23/-0)
debian/patches/CVE-2015-7704.patch (+19/-0)
debian/patches/CVE-2015-7850.patch (+235/-0)
debian/patches/CVE-2015-7852.patch (+35/-0)
debian/patches/CVE-2015-7853.patch (+46/-0)
debian/patches/CVE-2015-7855.patch (+29/-0)
debian/patches/CVE-2015-7871.patch (+40/-0)
debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch (+32/-0)
debian/patches/ntp-keygen-endless-loop.patch (+38/-0)
debian/patches/series (+25/-0)
debian/patches/use-after-free-in-routing-socket.patch (+33/-0)
debian/rules (+23/-2)
debian/source_ntp.py (+22/-0)
Reviewer Review Type Date Requested Status
Robie Basak Disapprove
Review via email: mp+284274@code.launchpad.net

Description of the change

Logical changes from ubuntu

To post a comment you must log in.
Revision history for this message
Robie Basak (racb) wrote :

Hi Pierre,

Good job on this one. The only diff between this and 1:4.2.6.p5+dfsg-3ubuntu9 are debian/changelog and update-maintainer as I expect.

Good job also squashing down all the different Apparmor-related changes into one commit.

My only complaint is on commits 93ec5cb and 8c7e386. These both touch the same lines in debian/ntpdate.if-up. In 8c7e386 the "LOCKFILE" line is changed and "invoke-rc.d" lines added, and in 93ec5cb the "LOCKFILE" line is changed back again and one of the previously added "invoke-rc.d" lines is moved. This is churn that we want to squash out at this logical stage.

For example:

@@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
        wait_for_file /usr/sbin/ntpdate-debian
 fi

-LOCKFILE=/var/lock/ntpdate
+LOCKFILE=/var/lock/ntpdate-ifup

 # Avoid running more than one at a time
 if [ -x /usr/bin/lockfile-create ]; then

and then later:

@@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
        wait_for_file /usr/sbin/ntpdate-debian
 fi

-LOCKFILE=/var/lock/ntpdate-ifup
+LOCKFILE=/var/lock/ntpdate

 # Avoid running more than one at a time
 if [ -x /usr/bin/lockfile-create ]; then

Indicate churn to me. When figuring out the logical set of changes made, these hunks cancel out and so should not appear at all. The same applies to one of the two invoke-rc.d lines.

I would split "debian/ntpdate.if-up: Fix interaction with openntpd", which I take to be the "if [ -e /usr/sbin/openntpd ]; then" stanza into its own commit. Then there would be a separate commit that doesn't need to touch LOCKFILE and just adds the two invoke-rc.d lines directly into their final places. Since this distils the previous uploads, the commit messages will probably need tweaking a little so that they make sense.

Apart from this, everything else is byte-perfect. I'm not sure it's necessary to redo this. It's minor enough that I can probably just keep it in mind while reviewing your merge. So I'll do that next. No action needed here for now. Thanks!

Revision history for this message
Kick In (kick-d) wrote :

Thanks, and sorry for this one. I kept this in my head, and forgot to
squash.

2016-01-28 14:31 GMT+01:00 Robie Basak <email address hidden>:

> Hi Pierre,
>
> Good job on this one. The only diff between this and
> 1:4.2.6.p5+dfsg-3ubuntu9 are debian/changelog and update-maintainer as I
> expect.
>
> Good job also squashing down all the different Apparmor-related changes
> into one commit.
>
> My only complaint is on commits 93ec5cb and 8c7e386. These both touch the
> same lines in debian/ntpdate.if-up. In 8c7e386 the "LOCKFILE" line is
> changed and "invoke-rc.d" lines added, and in 93ec5cb the "LOCKFILE" line
> is changed back again and one of the previously added "invoke-rc.d" lines
> is moved. This is churn that we want to squash out at this logical stage.
>
> For example:
>
> @@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
> wait_for_file /usr/sbin/ntpdate-debian
> fi
>
> -LOCKFILE=/var/lock/ntpdate
> +LOCKFILE=/var/lock/ntpdate-ifup
>
> # Avoid running more than one at a time
> if [ -x /usr/bin/lockfile-create ]; then
>
>
> and then later:
>
> @@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
> wait_for_file /usr/sbin/ntpdate-debian
> fi
>
> -LOCKFILE=/var/lock/ntpdate-ifup
> +LOCKFILE=/var/lock/ntpdate
>
> # Avoid running more than one at a time
> if [ -x /usr/bin/lockfile-create ]; then
>
> Indicate churn to me. When figuring out the logical set of changes made,
> these hunks cancel out and so should not appear at all. The same applies to
> one of the two invoke-rc.d lines.
>
> I would split "debian/ntpdate.if-up: Fix interaction with openntpd", which
> I take to be the "if [ -e /usr/sbin/openntpd ]; then" stanza into its own
> commit. Then there would be a separate commit that doesn't need to touch
> LOCKFILE and just adds the two invoke-rc.d lines directly into their final
> places. Since this distils the previous uploads, the commit messages will
> probably need tweaking a little so that they make sense.
>
> Apart from this, everything else is byte-perfect. I'm not sure it's
> necessary to redo this. It's minor enough that I can probably just keep it
> in mind while reviewing your merge. So I'll do that next. No action needed
> here for now. Thanks!
> --
>
> https://code.launchpad.net/~kick-d/ubuntu/+source/ntp/+git/ntp/+merge/284274
> You are the owner of
> ~kick-d/ubuntu/+source/ntp:logical/4.2.6.p5+dfsg-3ubuntu9.
>

Revision history for this message
Kick In (kick-d) wrote :

OK I'll split this out in my merge proposal.

2016-01-28 15:27 GMT+01:00 Pierre-Andre Morey <
<email address hidden>>:

> Thanks, and sorry for this one. I kept this in my head, and forgot to
> squash.
>
> 2016-01-28 14:31 GMT+01:00 Robie Basak <email address hidden>:
>
>> Hi Pierre,
>>
>> Good job on this one. The only diff between this and
>> 1:4.2.6.p5+dfsg-3ubuntu9 are debian/changelog and update-maintainer as I
>> expect.
>>
>> Good job also squashing down all the different Apparmor-related changes
>> into one commit.
>>
>> My only complaint is on commits 93ec5cb and 8c7e386. These both touch the
>> same lines in debian/ntpdate.if-up. In 8c7e386 the "LOCKFILE" line is
>> changed and "invoke-rc.d" lines added, and in 93ec5cb the "LOCKFILE" line
>> is changed back again and one of the previously added "invoke-rc.d" lines
>> is moved. This is churn that we want to squash out at this logical stage.
>>
>> For example:
>>
>> @@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
>> wait_for_file /usr/sbin/ntpdate-debian
>> fi
>>
>> -LOCKFILE=/var/lock/ntpdate
>> +LOCKFILE=/var/lock/ntpdate-ifup
>>
>> # Avoid running more than one at a time
>> if [ -x /usr/bin/lockfile-create ]; then
>>
>>
>> and then later:
>>
>> @@ -30,7 +30,7 @@ if [ -r /lib/udev/hotplug.functions ]; then
>> wait_for_file /usr/sbin/ntpdate-debian
>> fi
>>
>> -LOCKFILE=/var/lock/ntpdate-ifup
>> +LOCKFILE=/var/lock/ntpdate
>>
>> # Avoid running more than one at a time
>> if [ -x /usr/bin/lockfile-create ]; then
>>
>> Indicate churn to me. When figuring out the logical set of changes made,
>> these hunks cancel out and so should not appear at all. The same applies to
>> one of the two invoke-rc.d lines.
>>
>> I would split "debian/ntpdate.if-up: Fix interaction with openntpd",
>> which I take to be the "if [ -e /usr/sbin/openntpd ]; then" stanza into its
>> own commit. Then there would be a separate commit that doesn't need to
>> touch LOCKFILE and just adds the two invoke-rc.d lines directly into their
>> final places. Since this distils the previous uploads, the commit messages
>> will probably need tweaking a little so that they make sense.
>>
>> Apart from this, everything else is byte-perfect. I'm not sure it's
>> necessary to redo this. It's minor enough that I can probably just keep it
>> in mind while reviewing your merge. So I'll do that next. No action needed
>> here for now. Thanks!
>> --
>>
>> https://code.launchpad.net/~kick-d/ubuntu/+source/ntp/+git/ntp/+merge/284274
>> You are the owner of
>> ~kick-d/ubuntu/+source/ntp:logical/4.2.6.p5+dfsg-3ubuntu9.
>>
>
>

Revision history for this message
Robie Basak (racb) wrote :

This was resolved. Not merged, but superseded by the real merge.

review: Needs Resubmitting
Revision history for this message
Robie Basak (racb) wrote :

(not sure how to set the merge status to "Superseded")

review: Disapprove

Unmerged commits

c8a02ba... by Kick In

  * SECURITY UPDATE: symmetric association authentication bypass via
    crypto-NAK
    - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
      ntpd/ntp_proto.c.
    - CVE-2015-7871

da8c14c... by Kick In

  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
    - debian/patches/CVE-2015-7855.patch: simply return fail in
      libntp/decodenetnum.c.
    - CVE-2015-7855

f0f93bb... by Kick In

  * SECURITY UPDATE: buffer overflow via custom refclock driver
    - debian/patches/CVE-2015-7853.patch: properly calculate length in
      ntpd/ntp_io.c.
    - CVE-2015-7853

bca2843... by Kick In

  * SECURITY UPDATE: ntpq atoascii memory corruption
    - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
      ntpq/ntpq.c.
    - CVE-2015-7852

9af4d3a... by Kick In

  * SECURITY UPDATE: denial of service via same logfile and keyfile
    - debian/patches/CVE-2015-7850.patch: rate limit errors in
      include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
      libntp/msyslog.c.
    - CVE-2015-7850

56e59ee... by Kick In

  * SECURITY UPDATE: denial of service by spoofed KoD
    - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
    - CVE-2015-7704
    - CVE-2015-7705

a64bbbd... by Kick In

  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
    configuration directives
    - debian/patches/CVE-2015-5196.patch: disable remote configuration in
      ntpd/ntp_parser.y.
    - CVE-2015-5196
    - CVE-2015-7703

b574fc2... by Kick In

  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
    - debian/patches/CVE-2015-7701.patch: add missing free in
      ntpd/ntp_crypto.c.
    - CVE-2015-7701

5afebc5... by Kick In

  * SECURITY UPDATE: incomplete autokey data packet length checks
    - debian/patches/CVE-2015-7691.patch: add length and size checks to
      ntpd/ntp_crypto.c.
    - CVE-2015-7691
    - CVE-2015-7692
    - CVE-2015-7702

d8365e5... by Kick In

  * SECURITY UPDATE: timeshifting by reboot issue
    - debian/patches/CVE-2015-5300.patch: disable panic in
      ntpd/ntp_loopfilter.c.
    - CVE-2015-5300

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..48e8d7a
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,81 @@
7+# vim:syntax=apparmor
8+# Updated for Ubuntu by: Jamie Strandboge <jamie@canonical.com>
9+# ------------------------------------------------------------------
10+#
11+# Copyright (C) 2002-2005 Novell/SUSE
12+# Copyright (C) 2009-2012 Canonical Ltd.
13+#
14+# This program is free software; you can redistribute it and/or
15+# modify it under the terms of version 2 of the GNU General Public
16+# License published by the Free Software Foundation.
17+#
18+# ------------------------------------------------------------------
19+
20+#include <tunables/global>
21+#include <tunables/ntpd>
22+/usr/sbin/ntpd {
23+ #include <abstractions/base>
24+ #include <abstractions/nameservice>
25+ #include <abstractions/user-tmp>
26+
27+ capability ipc_lock,
28+ capability net_bind_service,
29+ capability setgid,
30+ capability setuid,
31+ capability sys_chroot,
32+ capability sys_resource,
33+ capability sys_time,
34+ capability sys_nice,
35+
36+ network inet dgram,
37+ network inet6 dgram,
38+ network inet stream,
39+ network inet6 stream,
40+
41+ @{PROC}/net/if_inet6 r,
42+ @{PROC}/*/net/if_inet6 r,
43+ @{NTPD_DEVICE} rw,
44+
45+ /{,s}bin/ r,
46+ /usr/{,s}bin/ r,
47+ /usr/sbin/ntpd rmix,
48+
49+ /etc/ntp.conf r,
50+ /etc/ntp.conf.dhcp r,
51+ /etc/ntpd.conf r,
52+ /etc/ntpd.conf.tmp r,
53+ /var/lib/ntp/ntp.conf.dhcp r,
54+
55+ /etc/ntp.keys r,
56+ /etc/ntp/** r,
57+
58+ /etc/ntp.drift rwl,
59+ /etc/ntp.drift.TEMP rwl,
60+ /etc/ntp/drift* rwl,
61+ /var/lib/ntp/*drift rw,
62+ /var/lib/ntp/*drift.TEMP rw,
63+
64+ /var/log/ntp w,
65+ /var/log/ntp.log w,
66+ /var/log/ntpd w,
67+ /var/log/ntpstats/clockstats* rwl,
68+ /var/log/ntpstats/loopstats* rwl,
69+ /var/log/ntpstats/peerstats* rwl,
70+ /var/log/ntpstats/protostats* rwl,
71+ /var/log/ntpstats/rawstats* rwl,
72+ /var/log/ntpstats/sysstats* rwl,
73+
74+ /{,var/}run/ntpd.pid w,
75+
76+ # samba4 ntp signing socket
77+ /{,var/}run/samba/ntp_signd/socket rw,
78+
79+ # For use with clocks that report via shared memory (e.g. gpsd),
80+ # you may need to give ntpd access to all of shared memory, though
81+ # this can be considered dangerous. See https://launchpad.net/bugs/722815
82+ # for details. To enable, add this to local/usr.sbin.ntpd:
83+ # capability ipc_owner,
84+
85+ # Site-specific additions and overrides. See local/README for details.
86+ #include <local/usr.sbin.ntpd>
87+}
88diff --git a/debian/apparmor-profile.tunable b/debian/apparmor-profile.tunable
89new file mode 100644
90index 0000000..1fc2d8f
91--- /dev/null
92+++ b/debian/apparmor-profile.tunable
93@@ -0,0 +1,15 @@
94+# vim:syntax=apparmor
95+# ------------------------------------------------------------------
96+#
97+# Copyright (C) 2002-2005 Novell/SUSE
98+# Copyright (C) 2011 Canonical, Ltd.
99+#
100+# This program is free software; you can redistribute it and/or
101+# modify it under the terms of version 2 of the GNU General Public
102+# License published by the Free Software Foundation.
103+#
104+# ------------------------------------------------------------------
105+
106+#Add your ntpd devices here eg. if you have a DCF clock
107+# @{NTPD_DEVICE}="/dev/ttyS1"
108+@{NTPD_DEVICE}="/dev/null"
109diff --git a/debian/control b/debian/control
110index 5f175fd..f3624dd 100644
111--- a/debian/control
112+++ b/debian/control
113@@ -3,7 +3,7 @@ Section: net
114 Priority: optional
115 Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
116 Uploaders: Bdale Garbee <bdale@gag.com>, Peter Eisentraut <petere@debian.org>, Kurt Roeckx <kurt@roeckx.be>
117-Build-Depends: autotools-dev, debhelper (>= 6), libedit-dev, libcap2-dev [linux-any], libssl-dev (>= 1.0.0e-1), autogen (>= 1:5.11)
118+Build-Depends: autotools-dev, debhelper (>= 6), libedit-dev, libcap2-dev [linux-any], libssl-dev (>= 1.0.0e-1), autogen (>= 1:5.11), hardening-wrapper, dh-apparmor, bison
119 Build-Conflicts: libavahi-compat-libdnssd-dev, libwww-dev, libwww-ssl-dev
120 Standards-Version: 3.9.3
121 Homepage: http://support.ntp.org/
122@@ -15,7 +15,9 @@ Architecture: any
123 Depends: adduser, lsb-base (>= 3.2-13), netbase, ${misc:Depends}, ${shlibs:Depends}
124 Pre-Depends: dpkg (>= 1.15.7.2)
125 Recommends: ${perl:Depends}
126-Suggests: ntp-doc
127+Suggests: ntp-doc, apparmor (>= 2.1+1075-0ubuntu6)
128+Conflicts: apparmor-profiles (<< 2.3.1+1403-0ubuntu10), apparmor (<< 2.3.1+1403-0ubuntu10)
129+Replaces: apparmor-profiles (<< 2.3.1+1403-0ubuntu10), apparmor (<< 2.3.1+1403-0ubuntu10)
130 Breaks: dhcp3-client (<< 4.1.0-1)
131 Description: Network Time Protocol daemon and utility programs
132 NTP, the Network Time Protocol, is used to keep computer clocks
133diff --git a/debian/ntp.conf b/debian/ntp.conf
134index cb7d021..4457652 100644
135--- a/debian/ntp.conf
136+++ b/debian/ntp.conf
137@@ -11,18 +11,18 @@ filegen loopstats file loopstats type day enable
138 filegen peerstats file peerstats type day enable
139 filegen clockstats file clockstats type day enable
140
141-
142-# You do need to talk to an NTP server or two (or three).
143-#server ntp.your-provider.example
144-
145-# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
146-# pick a different set every time it starts up. Please consider joining the
147-# pool: <http://www.pool.ntp.org/join.html>
148-server 0.debian.pool.ntp.org iburst
149-server 1.debian.pool.ntp.org iburst
150-server 2.debian.pool.ntp.org iburst
151-server 3.debian.pool.ntp.org iburst
152-
153+# Specify one or more NTP servers.
154+
155+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
156+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
157+# more information.
158+server 0.ubuntu.pool.ntp.org
159+server 1.ubuntu.pool.ntp.org
160+server 2.ubuntu.pool.ntp.org
161+server 3.ubuntu.pool.ntp.org
162+
163+# Use Ubuntu's ntp server as a fallback.
164+server ntp.ubuntu.com
165
166 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
167 # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
168diff --git a/debian/ntp.dhcp b/debian/ntp.dhcp
169index a1acb21..a629d16 100644
170--- a/debian/ntp.dhcp
171+++ b/debian/ntp.dhcp
172@@ -40,7 +40,7 @@ ntp_servers_setup_add() {
173 echo "server $server iburst"
174 done
175 echo
176- sed -r -e '/^ *(server|peer).*$/d' $NTP_CONF
177+ sed -r -e '/^ *(server *[^1][^2][^7]\.|peer).*$/d' $NTP_CONF
178 ) >>$tmp
179
180 mv $tmp $NTP_DHCP_CONF
181diff --git a/debian/ntp.dirs b/debian/ntp.dirs
182index 49d3819..314ad95 100644
183--- a/debian/ntp.dirs
184+++ b/debian/ntp.dirs
185@@ -1,3 +1,6 @@
186 usr/sbin
187 var/lib/ntp
188 var/log/ntpstats
189+etc/apparmor.d/force-complain
190+etc/apparmor.d/tunables
191+usr/share/apport/package-hooks
192diff --git a/debian/ntp.init b/debian/ntp.init
193index 3a5ccc5..9755091 100644
194--- a/debian/ntp.init
195+++ b/debian/ntp.init
196@@ -5,7 +5,7 @@
197 # Required-Start: $network $remote_fs $syslog
198 # Required-Stop: $network $remote_fs $syslog
199 # Default-Start: 2 3 4 5
200-# Default-Stop:
201+# Default-Stop: 1
202 # Short-Description: Start NTP daemon
203 ### END INIT INFO
204
205@@ -22,7 +22,7 @@ if [ -r /etc/default/ntp ]; then
206 . /etc/default/ntp
207 fi
208
209-if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then
210+if [ /var/lib/ntp/ntp.conf.dhcp -nt /etc/ntp.conf ]; then
211 NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp"
212 fi
213
214diff --git a/debian/ntp.preinst b/debian/ntp.preinst
215index 3c9f0a0..25da0e3 100644
216--- a/debian/ntp.preinst
217+++ b/debian/ntp.preinst
218@@ -18,5 +18,11 @@ if dpkg-maintscript-helper supports mv_conffile; then
219 1:4.2.6.p1+dfsg-1 -- "$@"
220 fi
221
222+if [ "$1" = install ] && [ -e /etc/ntp.conf ] && [ ! -s /etc/ntp.conf ]; then
223+ # Work around system-tools-backends bug that left an empty file
224+ # (https://bugs.launchpad.net/bugs/83604).
225+ rm -f /etc/ntp.conf
226+fi
227+
228 #DEBHELPER#
229
230diff --git a/debian/ntpdate-debian b/debian/ntpdate-debian
231index 4748b3a..c0f8c3b 100644
232--- a/debian/ntpdate-debian
233+++ b/debian/ntpdate-debian
234@@ -8,7 +8,7 @@ fi
235
236 if [ "$NTPDATE_USE_NTP_CONF" = yes ]; then
237 for f in /var/lib/ntp/ntp.conf.dhcp /etc/ntp.conf /etc/openntpd/ntpd.conf; do
238- if [ -r "$f" ]; then
239+ if [ -r "$f" ] && [ -s "$f" ]; then
240 file=$f
241 break
242 fi
243diff --git a/debian/ntpdate.default b/debian/ntpdate.default
244index 3241694..f239b18 100644
245--- a/debian/ntpdate.default
246+++ b/debian/ntpdate.default
247@@ -7,7 +7,7 @@ NTPDATE_USE_NTP_CONF=yes
248
249 # List of NTP servers to use (Separate multiple servers with spaces.)
250 # Not used if NTPDATE_USE_NTP_CONF is yes.
251-NTPSERVERS="0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org"
252+NTPSERVERS="ntp.ubuntu.com"
253
254 # Additional options to pass to ntpdate
255 NTPOPTIONS=""
256diff --git a/debian/ntpdate.if-up b/debian/ntpdate.if-up
257index 8bd08b3..5271d4f 100644
258--- a/debian/ntpdate.if-up
259+++ b/debian/ntpdate.if-up
260@@ -39,6 +39,14 @@ if [ -x /usr/bin/lockfile-create ]; then
261 LOCKTOUCHPID="$!"
262 fi
263
264+if [ -e /usr/sbin/openntpd ]; then
265+ service='openntpd'
266+else
267+ service='ntp'
268+fi
269+
270+invoke-rc.d --quiet $service stop >/dev/null 2>&1 || true
271+
272 /usr/sbin/ntpdate-debian -s $OPTS 2>/dev/null || :
273
274 if [ -x /usr/bin/lockfile-create ] ; then
275@@ -46,4 +54,6 @@ if [ -x /usr/bin/lockfile-create ] ; then
276 lockfile-remove $LOCKFILE
277 fi
278
279+invoke-rc.d --quiet $service start >/dev/null 2>&1 || true
280+
281 ) &
282diff --git a/debian/patches/CVE-2014-9293.patch b/debian/patches/CVE-2014-9293.patch
283new file mode 100644
284index 0000000..2775e99
285--- /dev/null
286+++ b/debian/patches/CVE-2014-9293.patch
287@@ -0,0 +1,42 @@
288+Description: fix weak default key in config_auth()
289+Author: thanks to Red Hat
290+Origin: vendor, https://git.centos.org/blob/rpms!ntp.git/c054b85192ea340529fc9a659cac7ea6b893b50e/SOURCES!ntp-4.2.6p5-cve-2014-9293.patch
291+Bug: http://bugs.ntp.org/show_bug.cgi?id=2665
292+
293+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_config.c
294+===================================================================
295+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_config.c 2014-12-19 19:55:14.000000000 -0500
296++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_config.c 2014-12-20 05:45:33.818645887 -0500
297+@@ -1866,13 +1866,16 @@
298+ req_hashlen = digest_len;
299+ #endif
300+ } else {
301+- int rankey;
302++ unsigned char rankey[16];
303++
304++ if (ntp_crypto_random_buf(rankey, sizeof (rankey))) {
305++ msyslog(LOG_ERR, "ntp_crypto_random_buf() failed.");
306++ exit(1);
307++ }
308+
309+- rankey = ntp_random();
310+ req_keytype = NID_md5;
311+ req_hashlen = 16;
312+- MD5auth_setkey(req_keyid, req_keytype,
313+- (u_char *)&rankey, sizeof(rankey));
314++ MD5auth_setkey(req_keyid, req_keytype, rankey, sizeof(rankey));
315+ authtrust(req_keyid, 1);
316+ }
317+
318+Index: ntp-4.2.6.p5+dfsg/ntpd/ntpd.c
319+===================================================================
320+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntpd.c 2014-12-19 19:55:14.000000000 -0500
321++++ ntp-4.2.6.p5+dfsg/ntpd/ntpd.c 2014-12-20 05:45:33.818645887 -0500
322+@@ -597,6 +597,7 @@
323+ get_systime(&now);
324+
325+ ntp_srandom((int)(now.l_i * now.l_uf));
326++ ntp_crypto_srandom();
327+
328+ #if !defined(VMS)
329+ # ifndef NODETACH
330diff --git a/debian/patches/CVE-2014-9294.patch b/debian/patches/CVE-2014-9294.patch
331new file mode 100644
332index 0000000..052cc8d
333--- /dev/null
334+++ b/debian/patches/CVE-2014-9294.patch
335@@ -0,0 +1,118 @@
336+Description: fix non-cryptographic random number generator with weak
337+ seed used by ntp-keygen to generate symmetric keys
338+Author: thanks to Red Hat for backport
339+Origin: vendor, https://git.centos.org/blob/rpms!ntp.git/c054b85192ea340529fc9a659cac7ea6b893b50e/SOURCES!ntp-4.2.6p5-cve-2014-9294.patch
340+Origin: backport, http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548db6ddlELn4rnqUZ4kKGOjvtXwbQ
341+Bug: http://bugs.ntp.org/show_bug.cgi?id=2666
342+
343+Index: ntp-4.2.6.p5+dfsg/include/ntp_random.h
344+===================================================================
345+--- ntp-4.2.6.p5+dfsg.orig/include/ntp_random.h 2009-12-09 02:36:35.000000000 -0500
346++++ ntp-4.2.6.p5+dfsg/include/ntp_random.h 2014-12-20 05:46:18.807038967 -0500
347+@@ -1,6 +1,9 @@
348+
349+ #include <ntp_types.h>
350+
351++void ntp_crypto_srandom(void);
352++int ntp_crypto_random_buf(void *buf, size_t nbytes);
353++
354+ long ntp_random (void);
355+ void ntp_srandom (unsigned long);
356+ void ntp_srandomdev (void);
357+Index: ntp-4.2.6.p5+dfsg/libntp/ntp_random.c
358+===================================================================
359+--- ntp-4.2.6.p5+dfsg.orig/libntp/ntp_random.c 2009-12-09 02:36:36.000000000 -0500
360++++ ntp-4.2.6.p5+dfsg/libntp/ntp_random.c 2014-12-20 05:46:18.807038967 -0500
361+@@ -481,3 +481,63 @@
362+ }
363+ return(i);
364+ }
365++
366++/*
367++ * Crypto-quality random number functions
368++ *
369++ * Author: Harlan Stenn, 2014
370++ *
371++ * This file is Copyright (c) 2014 by Network Time Foundation.
372++ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
373++ */
374++
375++#include <openssl/err.h>
376++#include <openssl/rand.h>
377++
378++int crypto_rand_init = 0;
379++
380++/*
381++ * ntp_crypto_srandom:
382++ *
383++ * Initialize the random number generator, if needed by the underlying
384++ * crypto random number generation mechanism.
385++ */
386++
387++void
388++ntp_crypto_srandom(
389++ void
390++ )
391++{
392++ if (!crypto_rand_init) {
393++ RAND_poll();
394++ crypto_rand_init = 1;
395++ }
396++}
397++
398++/*
399++ * ntp_crypto_random_buf:
400++ *
401++ * Returns 0 on success, -1 on error.
402++ */
403++int
404++ntp_crypto_random_buf(
405++ void *buf,
406++ size_t nbytes
407++ )
408++{
409++ int rc;
410++
411++ rc = RAND_bytes(buf, nbytes);
412++ if (1 != rc) {
413++ unsigned long err;
414++ char *err_str;
415++
416++ err = ERR_get_error();
417++ err_str = ERR_error_string(err, NULL);
418++ /* XXX: Log the error */
419++
420++ return -1;
421++ }
422++ return 0;
423++}
424++
425+Index: ntp-4.2.6.p5+dfsg/util/ntp-keygen.c
426+===================================================================
427+--- ntp-4.2.6.p5+dfsg.orig/util/ntp-keygen.c 2011-12-24 18:27:16.000000000 -0500
428++++ ntp-4.2.6.p5+dfsg/util/ntp-keygen.c 2014-12-20 05:46:18.811039002 -0500
429+@@ -261,6 +261,8 @@
430+ ssl_check_version();
431+ #endif /* OPENSSL */
432+
433++ ntp_crypto_srandom();
434++
435+ /*
436+ * Process options, initialize host name and timestamp.
437+ */
438+@@ -727,7 +729,14 @@
439+ int temp;
440+
441+ while (1) {
442+- temp = ntp_random() & 0xff;
443++ int rc;
444++
445++ rc = ntp_crypto_random_buf(&temp, 1);
446++ if (-1 == rc) {
447++ fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
448++ exit (-1);
449++ }
450++ temp &= 0xff;
451+ if (temp == '#')
452+ continue;
453+
454diff --git a/debian/patches/CVE-2014-9295.patch b/debian/patches/CVE-2014-9295.patch
455new file mode 100644
456index 0000000..97b12cb
457--- /dev/null
458+++ b/debian/patches/CVE-2014-9295.patch
459@@ -0,0 +1,108 @@
460+Description: fix buffer overflows in crypto_recv(), ctl_putdata(), configure()
461+Origin: backport, http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA
462+Origin: backport, http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg
463+Origin: backport, http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g
464+Bug: http://bugs.ntp.org/show_bug.cgi?id=2667
465+Bug: http://bugs.ntp.org/show_bug.cgi?id=2668
466+Bug: http://bugs.ntp.org/show_bug.cgi?id=2669
467+
468+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_control.c
469+===================================================================
470+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_control.c 2014-12-20 05:46:26.695107896 -0500
471++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_control.c 2014-12-20 05:46:40.583228864 -0500
472+@@ -486,6 +486,10 @@
473+ static char *reqpt;
474+ static char *reqend;
475+
476++#ifndef MIN
477++#define MIN(a, b) (((a) <= (b)) ? (a) : (b))
478++#endif
479++
480+ /*
481+ * init_control - initialize request data
482+ */
483+@@ -995,6 +999,7 @@
484+ )
485+ {
486+ int overhead;
487++ unsigned int currentlen;
488+
489+ overhead = 0;
490+ if (!bin) {
491+@@ -1018,12 +1023,22 @@
492+ /*
493+ * Save room for trailing junk
494+ */
495+- if (dlen + overhead + datapt > dataend) {
496++ while (dlen + overhead + datapt > dataend) {
497+ /*
498+ * Not enough room in this one, flush it out.
499+ */
500++ currentlen = MIN(dlen, dataend - datapt);
501++
502++ memcpy(datapt, dp, currentlen);
503++
504++ datapt += currentlen;
505++ dp += currentlen;
506++ dlen -= currentlen;
507++ datalinelen += currentlen;
508++
509+ ctl_flushpkt(CTL_MORE);
510+ }
511++
512+ memmove((char *)datapt, dp, (unsigned)dlen);
513+ datapt += dlen;
514+ datalinelen += dlen;
515+@@ -2492,6 +2507,20 @@
516+
517+ /* Initialize the remote config buffer */
518+ data_count = reqend - reqpt;
519++
520++ if (data_count > sizeof(remote_config.buffer) - 2) {
521++ snprintf(remote_config.err_msg,
522++ sizeof(remote_config.err_msg),
523++ "runtime configuration failed: request too long");
524++ ctl_putdata(remote_config.err_msg,
525++ strlen(remote_config.err_msg), 0);
526++ ctl_flushpkt(0);
527++ msyslog(LOG_NOTICE,
528++ "runtime config from %s rejected: request too long",
529++ stoa(&rbufp->recv_srcadr));
530++ return;
531++ }
532++
533+ memcpy(remote_config.buffer, reqpt, data_count);
534+ if (data_count > 0
535+ && '\n' != remote_config.buffer[data_count - 1])
536+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
537+===================================================================
538+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2011-11-30 21:55:17.000000000 -0500
539++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2014-12-20 05:46:40.579228829 -0500
540+@@ -789,15 +789,24 @@
541+ * errors.
542+ */
543+ if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
544++ u_int32 *cookiebuf = malloc(
545++ RSA_size(host_pkey->pkey.rsa));
546++ if (!cookiebuf) {
547++ rval = XEVNT_CKY;
548++ break;
549++ }
550++
551+ if (RSA_private_decrypt(vallen,
552+ (u_char *)ep->pkt,
553+- (u_char *)&temp32,
554++ (u_char *)cookiebuf,
555+ host_pkey->pkey.rsa,
556+- RSA_PKCS1_OAEP_PADDING) <= 0) {
557++ RSA_PKCS1_OAEP_PADDING) != 4) {
558+ rval = XEVNT_CKY;
559++ free(cookiebuf);
560+ break;
561+ } else {
562+- cookie = ntohl(temp32);
563++ cookie = ntohl(*cookiebuf);
564++ free(cookiebuf);
565+ }
566+ } else {
567+ rval = XEVNT_CKY;
568diff --git a/debian/patches/CVE-2014-9296.patch b/debian/patches/CVE-2014-9296.patch
569new file mode 100644
570index 0000000..0eb972c
571--- /dev/null
572+++ b/debian/patches/CVE-2014-9296.patch
573@@ -0,0 +1,16 @@
574+Description: fix missing return on error in receive()
575+Origin: backport, http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg
576+Bug: http://bugs.ntp.org/show_bug.cgi?id=2670
577+
578+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
579+===================================================================
580+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2011-12-08 21:00:53.000000000 -0500
581++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2014-12-20 05:47:01.139407818 -0500
582+@@ -947,6 +947,7 @@
583+ fast_xmit(rbufp, MODE_ACTIVE, 0,
584+ restrict_mask);
585+ sys_restricted++;
586++ return;
587+ }
588+ }
589+
590diff --git a/debian/patches/CVE-2014-9297.patch b/debian/patches/CVE-2014-9297.patch
591new file mode 100644
592index 0000000..b367d81
593--- /dev/null
594+++ b/debian/patches/CVE-2014-9297.patch
595@@ -0,0 +1,371 @@
596+Description: fix denial of service and possible info leakage via
597+ extension fields
598+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5492d353ncauuWt_PONxaDhC5Qv_SA
599+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54a7c595jlwS3KmAxBML75HFGLR_pQ
600+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54abb266In81wLNAqIaovtP8f2UmUw
601+Bug: http://bugs.ntp.org/show_bug.cgi?id=2671
602+
603+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
604+===================================================================
605+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2015-02-06 07:58:50.000000000 -0500
606++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2015-02-06 08:44:08.207402853 -0500
607+@@ -109,6 +109,7 @@
608+ #define TAI_1972 10 /* initial TAI offset (s) */
609+ #define MAX_LEAP 100 /* max UTC leapseconds (s) */
610+ #define VALUE_LEN (6 * 4) /* min response field length */
611++#define MAX_VALLEN (65535 - VALUE_LEN)
612+ #define YEAR (60 * 60 * 24 * 365) /* seconds in year */
613+
614+ /*
615+@@ -147,8 +148,8 @@
616+ */
617+ static int crypto_verify (struct exten *, struct value *,
618+ struct peer *);
619+-static int crypto_encrypt (struct exten *, struct value *,
620+- keyid_t *);
621++static int crypto_encrypt (const u_char *, u_int, keyid_t *,
622++ struct value *);
623+ static int crypto_alice (struct peer *, struct value *);
624+ static int crypto_alice2 (struct peer *, struct value *);
625+ static int crypto_alice3 (struct peer *, struct value *);
626+@@ -444,6 +445,12 @@
627+ tstamp = ntohl(ep->tstamp);
628+ fstamp = ntohl(ep->fstamp);
629+ vallen = ntohl(ep->vallen);
630++ /*
631++ * Bug 2761: I hope this isn't too early...
632++ */
633++ if ( vallen == 0
634++ || len - VALUE_LEN < vallen)
635++ return XEVNT_LEN;
636+ }
637+ switch (code) {
638+
639+@@ -494,8 +501,9 @@
640+ rval = XEVNT_ERR;
641+ break;
642+ }
643++ INSIST(len >= VALUE_LEN);
644+ if (vallen == 0 || vallen > MAXHOSTNAME ||
645+- len < VALUE_LEN + vallen) {
646++ len - VALUE_LEN < vallen) {
647+ rval = XEVNT_LEN;
648+ break;
649+ }
650+@@ -1162,8 +1170,9 @@
651+ * choice.
652+ */
653+ case CRYPTO_CERT | CRYPTO_RESP:
654+- vallen = ntohl(ep->vallen);
655+- if (vallen == 0 || vallen > MAXHOSTNAME) {
656++ vallen = ntohl(ep->vallen); /* Must be <64k */
657++ if (vallen == 0 || vallen > MAXHOSTNAME ||
658++ len - VALUE_LEN < vallen) {
659+ rval = XEVNT_LEN;
660+ break;
661+
662+@@ -1315,7 +1324,10 @@
663+ * anything goes wrong.
664+ */
665+ case CRYPTO_COOK | CRYPTO_RESP:
666+- if ((opcode & 0xffff) < VALUE_LEN) {
667++ vallen = ntohl(ep->vallen); /* Must be <64k */
668++ if ( vallen == 0
669++ || (vallen >= MAX_VALLEN)
670++ || (opcode & 0x0000ffff) < VALUE_LEN + vallen) {
671+ rval = XEVNT_LEN;
672+ break;
673+ }
674+@@ -1323,8 +1335,8 @@
675+ tcookie = cookie;
676+ else
677+ tcookie = peer->hcookie;
678+- if ((rval = crypto_encrypt(ep, &vtemp, &tcookie)) ==
679+- XEVNT_OK) {
680++ if ((rval = crypto_encrypt((const u_char *)ep->pkt, vallen, &tcookie, &vtemp))
681++ == XEVNT_OK) {
682+ len = crypto_send(fp, &vtemp, start);
683+ value_free(&vtemp);
684+ }
685+@@ -1464,13 +1476,16 @@
686+ * up to the next word (4 octets).
687+ */
688+ vallen = ntohl(ep->vallen);
689+- if (vallen == 0)
690++ if ( vallen == 0
691++ || vallen > MAX_VALLEN)
692+ return (XEVNT_LEN);
693+
694+ i = (vallen + 3) / 4;
695+ siglen = ntohl(ep->pkt[i++]);
696+- if (len < VALUE_LEN + ((vallen + 3) / 4) * 4 + ((siglen + 3) /
697+- 4) * 4)
698++ if ( siglen > MAX_VALLEN
699++ || len - VALUE_LEN < ((vallen + 3) / 4) * 4
700++ || len - VALUE_LEN - ((vallen + 3) / 4) * 4
701++ < ((siglen + 3) / 4) * 4)
702+ return (XEVNT_LEN);
703+
704+ /*
705+@@ -1528,6 +1543,7 @@
706+ * proventic bit. What a relief.
707+ */
708+ EVP_VerifyInit(&ctx, peer->digest);
709++ /* XXX: the "+ 12" needs to be at least documented... */
710+ EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
711+ if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen,
712+ pkey) <= 0)
713+@@ -1540,34 +1556,31 @@
714+
715+
716+ /*
717+- * crypto_encrypt - construct encrypted cookie and signature from
718+- * extension field and cookie
719++ * crypto_encrypt - construct vp (encrypted cookie and signature) from
720++ * the public key and cookie.
721+ *
722+- * Returns
723++ * Returns:
724+ * XEVNT_OK success
725+ * XEVNT_CKY bad or missing cookie
726+ * XEVNT_PUB bad or missing public key
727+ */
728+ static int
729+ crypto_encrypt(
730+- struct exten *ep, /* extension pointer */
731+- struct value *vp, /* value pointer */
732+- keyid_t *cookie /* server cookie */
733++ const u_char *ptr, /* Public Key */
734++ u_int vallen, /* Length of Public Key */
735++ keyid_t *cookie, /* server cookie */
736++ struct value *vp /* value pointer */
737+ )
738+ {
739+ EVP_PKEY *pkey; /* public key */
740+ EVP_MD_CTX ctx; /* signature context */
741+ tstamp_t tstamp; /* NTP timestamp */
742+ u_int32 temp32;
743+- u_int len;
744+- u_char *ptr;
745+
746+ /*
747+ * Extract the public key from the request.
748+ */
749+- len = ntohl(ep->vallen);
750+- ptr = (u_char *)ep->pkt;
751+- pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, len);
752++ pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, vallen);
753+ if (pkey == NULL) {
754+ msyslog(LOG_ERR, "crypto_encrypt: %s",
755+ ERR_error_string(ERR_get_error(), NULL));
756+@@ -1581,9 +1594,9 @@
757+ tstamp = crypto_time();
758+ vp->tstamp = htonl(tstamp);
759+ vp->fstamp = hostval.tstamp;
760+- len = EVP_PKEY_size(pkey);
761+- vp->vallen = htonl(len);
762+- vp->ptr = emalloc(len);
763++ vallen = EVP_PKEY_size(pkey);
764++ vp->vallen = htonl(vallen);
765++ vp->ptr = emalloc(vallen);
766+ ptr = vp->ptr;
767+ temp32 = htonl(*cookie);
768+ if (RSA_public_encrypt(4, (u_char *)&temp32, ptr,
769+@@ -1601,8 +1614,8 @@
770+ vp->sig = emalloc(sign_siglen);
771+ EVP_SignInit(&ctx, sign_digest);
772+ EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
773+- EVP_SignUpdate(&ctx, vp->ptr, len);
774+- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
775++ EVP_SignUpdate(&ctx, vp->ptr, vallen);
776++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
777+ vp->siglen = htonl(sign_siglen);
778+ return (XEVNT_OK);
779+ }
780+@@ -1673,6 +1686,9 @@
781+ * call in the protocol module.
782+ *
783+ * Returns extension field pointer (no errors)
784++ *
785++ * XXX: opcode and len should really be 32-bit quantities and
786++ * we should make sure that str is not too big.
787+ */
788+ struct exten *
789+ crypto_args(
790+@@ -1685,24 +1701,31 @@
791+ tstamp_t tstamp; /* NTP timestamp */
792+ struct exten *ep; /* extension field pointer */
793+ u_int len; /* extension field length */
794++ size_t slen;
795+
796+ tstamp = crypto_time();
797+ len = sizeof(struct exten);
798+- if (str != NULL)
799+- len += strlen(str);
800++ if (str != NULL) {
801++ slen = strlen(str);
802++ INSIST(slen < MAX_VALLEN);
803++ len += slen;
804++ }
805+ ep = emalloc(len);
806+ memset(ep, 0, len);
807+ if (opcode == 0)
808+ return (ep);
809+
810++ REQUIRE(0 == (len & ~0x0000ffff));
811++ REQUIRE(0 == (opcode & ~0xffff0000));
812++
813+ ep->opcode = htonl(opcode + len);
814+ ep->associd = htonl(associd);
815+ ep->tstamp = htonl(tstamp);
816+ ep->fstamp = hostval.tstamp;
817+ ep->vallen = 0;
818+ if (str != NULL) {
819+- ep->vallen = htonl(strlen(str));
820+- memcpy((char *)ep->pkt, str, strlen(str));
821++ ep->vallen = htonl(slen);
822++ memcpy((char *)ep->pkt, str, slen);
823+ }
824+ return (ep);
825+ }
826+@@ -1715,6 +1738,8 @@
827+ * Note: it is not polite to send a nonempty signature with zero
828+ * timestamp or a nonzero timestamp with an empty signature, but those
829+ * rules are not enforced here.
830++ *
831++ * XXX This code won't work on a box with 16-bit ints.
832+ */
833+ int
834+ crypto_send(
835+@@ -1730,8 +1755,9 @@
836+ * Calculate extension field length and check for buffer
837+ * overflow. Leave room for the MAC.
838+ */
839+- len = 16;
840++ len = 16; /* XXX Document! */
841+ vallen = ntohl(vp->vallen);
842++ INSIST(vallen <= MAX_VALLEN);
843+ len += ((vallen + 3) / 4 + 1) * 4;
844+ siglen = ntohl(vp->siglen);
845+ len += ((siglen + 3) / 4 + 1) * 4;
846+@@ -1772,6 +1798,7 @@
847+ }
848+ opcode = ntohl(ep->opcode);
849+ ep->opcode = htonl((opcode & 0xffff0000) | len);
850++ ENSURE(len <= MAX_VALLEN);
851+ return (len);
852+ }
853+
854+@@ -1807,7 +1834,6 @@
855+ if (hostval.tstamp == 0)
856+ return;
857+
858+-
859+ /*
860+ * Sign public key and timestamps. The filestamp is derived from
861+ * the host key file extension from wherever the file was
862+@@ -2108,7 +2134,8 @@
863+ tstamp_t tstamp; /* NTP timestamp */
864+ BIGNUM *bn, *bk, *r;
865+ u_char *ptr;
866+- u_int len;
867++ u_int len; /* extension field length */
868++ u_int vallen = 0; /* value length */
869+
870+ /*
871+ * If the IFF parameters are not valid, something awful
872+@@ -2123,8 +2150,11 @@
873+ /*
874+ * Extract r from the challenge.
875+ */
876+- len = ntohl(ep->vallen);
877+- if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
878++ vallen = ntohl(ep->vallen);
879++ len = ntohl(ep->opcode) & 0x0000ffff;
880++ if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen)
881++ return XEVNT_LEN;
882++ if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) {
883+ msyslog(LOG_ERR, "crypto_bob: %s",
884+ ERR_error_string(ERR_get_error(), NULL));
885+ return (XEVNT_ERR);
886+@@ -2136,7 +2166,7 @@
887+ */
888+ bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
889+ sdsa = DSA_SIG_new();
890+- BN_rand(bk, len * 8, -1, 1); /* k */
891++ BN_rand(bk, vallen * 8, -1, 1); /* k */
892+ BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
893+ BN_add(bn, bn, bk);
894+ BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
895+@@ -2155,30 +2185,37 @@
896+ * Encode the values in ASN.1 and sign. The filestamp is from
897+ * the local file.
898+ */
899+- len = i2d_DSA_SIG(sdsa, NULL);
900+- if (len == 0) {
901++ vallen = i2d_DSA_SIG(sdsa, NULL);
902++ if (vallen == 0) {
903+ msyslog(LOG_ERR, "crypto_bob: %s",
904+ ERR_error_string(ERR_get_error(), NULL));
905+ DSA_SIG_free(sdsa);
906+ return (XEVNT_ERR);
907+ }
908++ if (vallen > MAX_VALLEN) {
909++ msyslog(LOG_ERR, "crypto_bob: signature is too big: %d",
910++ vallen);
911++ DSA_SIG_free(sdsa);
912++ return (XEVNT_LEN);
913++ }
914+ memset(vp, 0, sizeof(struct value));
915+ tstamp = crypto_time();
916+ vp->tstamp = htonl(tstamp);
917+ vp->fstamp = htonl(iffkey_info->fstamp);
918+- vp->vallen = htonl(len);
919+- ptr = emalloc(len);
920++ vp->vallen = htonl(vallen);
921++ ptr = emalloc(vallen);
922+ vp->ptr = ptr;
923+ i2d_DSA_SIG(sdsa, &ptr);
924+ DSA_SIG_free(sdsa);
925+ if (tstamp == 0)
926+ return (XEVNT_OK);
927+
928++ /* XXX: more validation to make sure the sign fits... */
929+ vp->sig = emalloc(sign_siglen);
930+ EVP_SignInit(&ctx, sign_digest);
931+ EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
932+- EVP_SignUpdate(&ctx, vp->ptr, len);
933+- if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
934++ EVP_SignUpdate(&ctx, vp->ptr, vallen);
935++ if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
936+ vp->siglen = htonl(sign_siglen);
937+ return (XEVNT_OK);
938+ }
939+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
940+===================================================================
941+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-02-06 07:58:50.000000000 -0500
942++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-02-06 08:32:45.146114360 -0500
943+@@ -431,7 +431,7 @@
944+ */
945+ authlen = LEN_PKT_NOMAC;
946+ has_mac = rbufp->recv_length - authlen;
947+- while (has_mac != 0) {
948++ while (has_mac > 0) {
949+ u_int32 len;
950+
951+ if (has_mac % 4 != 0 || has_mac < MIN_MAC_LEN) {
952+@@ -456,6 +456,14 @@
953+ }
954+
955+ /*
956++ * If has_mac is < 0 we had a malformed packet.
957++ */
958++ if (has_mac < 0) {
959++ sys_badlength++;
960++ return; /* bad length */
961++ }
962++
963++ /*
964+ * If authentication required, a MAC must be present.
965+ */
966+ if (restrict_mask & RES_DONTTRUST && has_mac == 0) {
967diff --git a/debian/patches/CVE-2014-9298.patch b/debian/patches/CVE-2014-9298.patch
968new file mode 100644
969index 0000000..6a5ea31
970--- /dev/null
971+++ b/debian/patches/CVE-2014-9298.patch
972@@ -0,0 +1,43 @@
973+Description: fix IPv6 ACL bypass
974+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54922b65gDSbE4G7c3JjkuK1Tv33qQ
975+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5492d2879rotbnnuVch_ZC3RAfS8AA
976+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5493f333hALqPcXLR4-76bC6j-16xQ
977+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5496213frLaEz5PHLZVhuYjM7Lalkw
978+Origin: upstream, http://bk1.ntp.org/ntp-stable/ntpd/ntp_io.c?PAGE=diffs&REV=54a0f621LdfQSkkWKUKN6PaFbH25_Q
979+Origin: upstream, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=54c2228bpOp4_zrX9aGXdMEZJEGzkg
980+Bug: http://bugs.ntp.org/show_bug.cgi?id=2672
981+
982+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
983+===================================================================
984+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_io.c 2011-11-30 21:55:17.000000000 -0500
985++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c 2015-02-06 08:57:54.277845529 -0500
986+@@ -3470,6 +3470,29 @@
987+ fd, buflen, stoa(&rb->recv_srcadr)));
988+
989+ /*
990++ ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
991++ */
992++
993++ if (AF_INET6 == itf->family) {
994++ DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
995++ stoa(&rb->recv_srcadr),
996++ IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)),
997++ stoa(&itf->sin),
998++ !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
999++ ));
1000++
1001++ if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
1002++ && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
1003++ ) {
1004++ packets_dropped++;
1005++ DPRINTF(2, ("DROPPING that packet\n"));
1006++ freerecvbuf(rb);
1007++ return buflen;
1008++ }
1009++ DPRINTF(2, ("processing that packet\n"));
1010++ }
1011++
1012++ /*
1013+ * Got one. Mark how and when it got here,
1014+ * put it on the full list and do bookkeeping.
1015+ */
1016diff --git a/debian/patches/CVE-2015-1798.patch b/debian/patches/CVE-2015-1798.patch
1017new file mode 100644
1018index 0000000..1eb65ba
1019--- /dev/null
1020+++ b/debian/patches/CVE-2015-1798.patch
1021@@ -0,0 +1,33 @@
1022+Description: fix symmetric key unauthenticated packet MITM attack
1023+Origin: upstream, http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
1024+Bug: http://bugs.ntp.org/show_bug.cgi?id=2779
1025+
1026+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
1027+===================================================================
1028+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-04-07 12:47:11.000000000 -0400
1029++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-04-07 12:47:56.583800918 -0400
1030+@@ -1131,18 +1121,20 @@
1031+ return;
1032+
1033+ /*
1034+- * If the digest fails, the client cannot authenticate a server
1035++ * If the digest fails or it's missing for authenticated
1036++ * associations, the client cannot authenticate a server
1037+ * reply to a client packet previously sent. The loopback check
1038+ * is designed to avoid a bait-and-switch attack, which was
1039+ * possible in past versions. If symmetric modes, return a
1040+ * crypto-NAK. The peer should restart the protocol.
1041+ */
1042+- } else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
1043+- is_authentic)) {
1044++ } else if (!AUTH(peer->keyid || has_mac ||
1045++ (restrict_mask & RES_DONTTRUST), is_authentic)) {
1046+ report_event(PEVNT_AUTH, peer, "digest");
1047+ peer->flash |= TEST5; /* bad auth */
1048+ peer->badauth++;
1049+- if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
1050++ if (has_mac &&
1051++ (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
1052+ fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
1053+ if (peer->flags & FLAG_PREEMPT) {
1054+ unpeer(peer);
1055diff --git a/debian/patches/CVE-2015-1799.patch b/debian/patches/CVE-2015-1799.patch
1056new file mode 100644
1057index 0000000..4882970
1058--- /dev/null
1059+++ b/debian/patches/CVE-2015-1799.patch
1060@@ -0,0 +1,42 @@
1061+Description: fix symmetric association DoS attack
1062+Origin: upstream, http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
1063+Bug: http://bugs.ntp.org/show_bug.cgi?id=2781
1064+
1065+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
1066+===================================================================
1067+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-04-07 12:52:45.538476188 -0400
1068++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-04-07 12:52:45.534476151 -0400
1069+@@ -1102,16 +1102,6 @@
1070+ }
1071+
1072+ /*
1073+- * Update the state variables.
1074+- */
1075+- if (peer->flip == 0) {
1076+- if (hismode != MODE_BROADCAST)
1077+- peer->rec = p_xmt;
1078+- peer->dst = rbufp->recv_time;
1079+- }
1080+- peer->xmt = p_xmt;
1081+-
1082+- /*
1083+ * If this is a crypto_NAK, the server cannot authenticate a
1084+ * client packet. The server might have just changed keys. Clear
1085+ * the association and restart the protocol.
1086+@@ -1158,6 +1148,16 @@
1087+ }
1088+
1089+ /*
1090++ * Update the state variables.
1091++ */
1092++ if (peer->flip == 0) {
1093++ if (hismode != MODE_BROADCAST)
1094++ peer->rec = p_xmt;
1095++ peer->dst = rbufp->recv_time;
1096++ }
1097++ peer->xmt = p_xmt;
1098++
1099++ /*
1100+ * Set the peer ppoll to the maximum of the packet ppoll and the
1101+ * peer minpoll. If a kiss-o'-death, set the peer minpoll to
1102+ * this maximumn and advance the headway to give the sender some
1103diff --git a/debian/patches/CVE-2015-5146.patch b/debian/patches/CVE-2015-5146.patch
1104new file mode 100644
1105index 0000000..a6a05af
1106--- /dev/null
1107+++ b/debian/patches/CVE-2015-5146.patch
1108@@ -0,0 +1,128 @@
1109+Backport of:
1110+
1111+From c3e7afb9cd88784c6b4f81182bd878fc3a2d23a1 Mon Sep 17 00:00:00 2001
1112+From: <jnperlin@hydra.(none)>
1113+Date: Wed, 24 Jun 2015 09:18:52 +0200
1114+Subject: [PATCH] Bug 2853 - FICORA #829967
1115+
1116+---
1117+ ChangeLog | 1 +
1118+ ntpd/ntp_control.c | 77 +++++++++++++++++++++++++++++++++++++++---------------
1119+ 2 files changed, 57 insertions(+), 21 deletions(-)
1120+
1121+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_control.c
1122+===================================================================
1123+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_control.c 2015-10-23 08:51:25.428716718 -0400
1124++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_control.c 2015-10-23 08:53:11.285800571 -0400
1125+@@ -2471,6 +2471,35 @@
1126+ ctl_flushpkt(0);
1127+ }
1128+
1129++/* Bug 2853 */
1130++/* evaluate the length of the command sequence. This breaks at the first
1131++ * char that is not >= SPACE and <= 127 after trimming from the right.
1132++ */
1133++static size_t
1134++cmdlength(
1135++ const char *src_buf,
1136++ const char *src_end
1137++ )
1138++{
1139++ const char *scan;
1140++ unsigned char ch;
1141++
1142++ /* trim whitespace & garbage from the right */
1143++ while (src_end != src_buf) {
1144++ ch = src_end[-1];
1145++ if (ch > ' ' && ch < 128)
1146++ break;
1147++ --src_end;
1148++ }
1149++ /* now do a forward scan */
1150++ for (scan = src_buf; scan != src_end; ++scan) {
1151++ ch = scan[0];
1152++ if ((ch < ' ' || ch >= 128) && ch != '\t')
1153++ break;
1154++ }
1155++ return (size_t)(scan - src_buf);
1156++}
1157++
1158+ /*
1159+ * configure() processes ntpq :config/config-from-file, allowing
1160+ * generic runtime reconfiguration.
1161+@@ -2482,7 +2511,6 @@
1162+ {
1163+ size_t data_count;
1164+ int retval;
1165+- int replace_nl;
1166+
1167+ /* I haven't yet implemented changes to an existing association.
1168+ * Hence check if the association id is 0
1169+@@ -2506,7 +2534,7 @@
1170+ }
1171+
1172+ /* Initialize the remote config buffer */
1173+- data_count = reqend - reqpt;
1174++ data_count = cmdlength(reqpt, reqend);
1175+
1176+ if (data_count > sizeof(remote_config.buffer) - 2) {
1177+ snprintf(remote_config.err_msg,
1178+@@ -2520,32 +2548,41 @@
1179+ stoa(&rbufp->recv_srcadr));
1180+ return;
1181+ }
1182++ /* Bug 2853 -- check if all characters were acceptable */
1183++ if (data_count != (size_t)(reqend - reqpt)) {
1184++ snprintf(remote_config.err_msg,
1185++ sizeof(remote_config.err_msg),
1186++ "runtime configuration failed: request contains an unprintable character");
1187++ ctl_putdata(remote_config.err_msg,
1188++ strlen(remote_config.err_msg), 0);
1189++ ctl_flushpkt(0);
1190++ msyslog(LOG_NOTICE,
1191++ "runtime config from %s rejected: request contains an unprintable character: %0x",
1192++ stoa(&rbufp->recv_srcadr),
1193++ reqpt[data_count]);
1194++ return;
1195++ }
1196+
1197+ memcpy(remote_config.buffer, reqpt, data_count);
1198+- if (data_count > 0
1199+- && '\n' != remote_config.buffer[data_count - 1])
1200+- remote_config.buffer[data_count++] = '\n';
1201++ /* The buffer has no trailing linefeed or NUL right now. For
1202++ * logging, we do not want a newline, so we do that first after
1203++ * adding the necessary NUL byte.
1204++ */
1205+ remote_config.buffer[data_count] = '\0';
1206+- remote_config.pos = 0;
1207+- remote_config.err_pos = 0;
1208+- remote_config.no_errors = 0;
1209+-
1210+- /* do not include terminating newline in log */
1211+- if (data_count > 0
1212+- && '\n' == remote_config.buffer[data_count - 1]) {
1213+- remote_config.buffer[data_count - 1] = '\0';
1214+- replace_nl = 1;
1215+- } else
1216+- replace_nl = 0;
1217+-
1218+ DPRINTF(1, ("Got Remote Configuration Command: %s\n",
1219+ remote_config.buffer));
1220+ msyslog(LOG_NOTICE, "%s config: %s",
1221+ stoa(&rbufp->recv_srcadr),
1222+ remote_config.buffer);
1223+
1224+- if (replace_nl)
1225+- remote_config.buffer[data_count - 1] = '\n';
1226++ /* Now we have to make sure there is a NL/NUL sequence at the
1227++ * end of the buffer before we parse it.
1228++ */
1229++ remote_config.buffer[data_count++] = '\n';
1230++ remote_config.buffer[data_count] = '\0';
1231++ remote_config.pos = 0;
1232++ remote_config.err_pos = 0;
1233++ remote_config.no_errors = 0;
1234+
1235+ config_remotely(&rbufp->recv_srcadr);
1236+
1237diff --git a/debian/patches/CVE-2015-5194.patch b/debian/patches/CVE-2015-5194.patch
1238new file mode 100644
1239index 0000000..2938aa2
1240--- /dev/null
1241+++ b/debian/patches/CVE-2015-5194.patch
1242@@ -0,0 +1,49 @@
1243+Backport of:
1244+
1245+From 553f2fa65865c31c5e3c48812cfd46176cffdd27 Mon Sep 17 00:00:00 2001
1246+From: <davehart@shiny.ad.hartbrothers.com>
1247+Date: Wed, 28 Jul 2010 05:33:53 +0000
1248+Subject: [PATCH] [Bug 1593] ntpd abort in free() with logconfig syntax error.
1249+
1250+---
1251+ ChangeLog | 1 +
1252+ ntpd/ntp_parser.c | 114 +++++++++++++++++++++++++++++-------------------------
1253+ ntpd/ntp_parser.y | 24 ++++++++----
1254+ 3 files changed, 80 insertions(+), 59 deletions(-)
1255+
1256+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_parser.y
1257+===================================================================
1258+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_parser.y 2015-10-22 15:04:36.368602522 -0400
1259++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_parser.y 2015-10-22 15:04:36.368602522 -0400
1260+@@ -1037,14 +1037,24 @@
1261+ log_config_command
1262+ : T_String
1263+ {
1264+- char prefix = $1[0];
1265+- char *type = $1 + 1;
1266++ char prefix;
1267++ char * type;
1268+
1269+- if (prefix != '+' && prefix != '-' && prefix != '=') {
1270+- yyerror("Logconfig prefix is not '+', '-' or '='\n");
1271+- }
1272+- else
1273+- $$ = create_attr_sval(prefix, estrdup(type));
1274++ switch ($1[0]) {
1275++
1276++ case '+':
1277++ case '-':
1278++ case '=':
1279++ prefix = $1[0];
1280++ type = $1 + 1;
1281++ break;
1282++
1283++ default:
1284++ prefix = '=';
1285++ type = $1;
1286++ }
1287++
1288++ $$ = create_attr_sval(prefix, estrdup(type));
1289+ YYFREE($1);
1290+ }
1291+ ;
1292diff --git a/debian/patches/CVE-2015-5195.patch b/debian/patches/CVE-2015-5195.patch
1293new file mode 100644
1294index 0000000..507ffb4
1295--- /dev/null
1296+++ b/debian/patches/CVE-2015-5195.patch
1297@@ -0,0 +1,47 @@
1298+Backport of:
1299+
1300+From 52e977d79a0c4ace997e5c74af429844da2f27be Mon Sep 17 00:00:00 2001
1301+From: <davehart@shiny.ad.hartbrothers.com>
1302+Date: Thu, 6 Jan 2011 04:02:24 +0000
1303+Subject: [PATCH] [Bug 1773] openssl not detected during ./configure. [Bug
1304+ 1774] Segfaults if cryptostats enabled and built without OpenSSL.
1305+
1306+---
1307+ ChangeLog | 2 ++
1308+ m4/ntp_openssl.m4 | 38 ++++++++++++++++----------------------
1309+ ntpd/ntp_config.c | 12 ++++++++++++
1310+ ntpd/ntp_util.c | 12 ++----------
1311+ 4 files changed, 32 insertions(+), 32 deletions(-)
1312+
1313+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_config.c
1314+===================================================================
1315+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_config.c 2015-10-22 15:07:29.534321900 -0400
1316++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_config.c 2015-10-22 15:12:42.233434208 -0400
1317+@@ -2022,6 +2022,13 @@
1318+ while (pfilegen_token != NULL) {
1319+ filegen_string = keyword(*pfilegen_token);
1320+ filegen = filegen_get(filegen_string);
1321++ if (NULL == filegen) {
1322++ msyslog(LOG_ERR,
1323++ "stats %s unrecognized",
1324++ filegen_string);
1325++ pfilegen_token = next_node(pfilegen_token);
1326++ continue;
1327++ }
1328+
1329+ DPRINTF(4, ("enabling filegen for %s statistics '%s%s'\n",
1330+ filegen_string, filegen->prefix,
1331+@@ -2035,6 +2042,13 @@
1332+ while (my_node != NULL) {
1333+ filegen_file = keyword(my_node->filegen_token);
1334+ filegen = filegen_get(filegen_file);
1335++ if (NULL == filegen) {
1336++ msyslog(LOG_ERR,
1337++ "filegen category '%s' unrecognized",
1338++ filegen_file);
1339++ my_node = next_node(my_node);
1340++ continue;
1341++ }
1342+
1343+ /* Initialize the filegen variables to their pre-configurtion states */
1344+ filegen_flag = filegen->flag;
1345diff --git a/debian/patches/CVE-2015-5196.patch b/debian/patches/CVE-2015-5196.patch
1346new file mode 100644
1347index 0000000..2f7714a
1348--- /dev/null
1349+++ b/debian/patches/CVE-2015-5196.patch
1350@@ -0,0 +1,57 @@
1351+Description: fix file overwrite via remote pidfile and driftfile
1352+ configuration directives
1353+Origin: vendor, http://pkgs.fedoraproject.org/cgit/ntp.git/tree/ntp-4.2.6p5-cve-2015-5196.patch
1354+
1355+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_parser.y
1356+===================================================================
1357+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_parser.y 2015-10-22 15:55:22.498495669 -0400
1358++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_parser.y 2015-10-22 15:55:22.498495669 -0400
1359+@@ -988,23 +988,43 @@
1360+
1361+ misc_cmd_str_keyword
1362+ : T_Leapfile
1363+- | T_Pidfile
1364+ | T_Qos
1365+ ;
1366+
1367+ misc_cmd_str_lcl_keyword
1368+ : T_Logfile
1369++ | T_Pidfile
1370+ | T_Saveconfigdir
1371+ ;
1372+
1373+ drift_parm
1374+ : T_String
1375+- { enqueue(cfgt.vars, create_attr_sval(T_Driftfile, $1)); }
1376++ {
1377++ if (input_from_file) {
1378++ enqueue(cfgt.vars, create_attr_sval(T_Driftfile, $1));
1379++ } else {
1380++ YYFREE($1);
1381++ yyerror("driftfile remote configuration ignored");
1382++ }
1383++ }
1384+ | T_String T_Double
1385+- { enqueue(cfgt.vars, create_attr_dval(T_WanderThreshold, $2));
1386+- enqueue(cfgt.vars, create_attr_sval(T_Driftfile, $1)); }
1387++ {
1388++ if (input_from_file) {
1389++ enqueue(cfgt.vars, create_attr_dval(T_WanderThreshold, $2));
1390++ enqueue(cfgt.vars, create_attr_sval(T_Driftfile, $1));
1391++ } else {
1392++ YYFREE($1);
1393++ yyerror("driftfile remote configuration ignored");
1394++ }
1395++ }
1396+ | /* Null driftfile, indicated by null string "\0" */
1397+- { enqueue(cfgt.vars, create_attr_sval(T_Driftfile, "\0")); }
1398++ {
1399++ if (input_from_file) {
1400++ enqueue(cfgt.vars, create_attr_sval(T_Driftfile, estrdup("")));
1401++ } else {
1402++ yyerror("driftfile remote configuration ignored");
1403++ }
1404++ }
1405+ ;
1406+
1407+ variable_assign
1408diff --git a/debian/patches/CVE-2015-5219.patch b/debian/patches/CVE-2015-5219.patch
1409new file mode 100644
1410index 0000000..35a651e
1411--- /dev/null
1412+++ b/debian/patches/CVE-2015-5219.patch
1413@@ -0,0 +1,27 @@
1414+From 5f295cd05c3c136d39f5b3e500a2d781bdbb59c8 Mon Sep 17 00:00:00 2001
1415+From: <stenn@deacon.udel.edu>
1416+Date: Wed, 24 Apr 2013 19:13:53 -0400
1417+Subject: [PATCH] [Bug 2382] Implement LOGTOD using ldexp() instead of shifting
1418+
1419+---
1420+ ChangeLog | 1 +
1421+ include/ntp.h | 5 ++---
1422+ 2 files changed, 3 insertions(+), 3 deletions(-)
1423+
1424+Index: ntp-4.2.6.p5+dfsg/include/ntp.h
1425+===================================================================
1426+--- ntp-4.2.6.p5+dfsg.orig/include/ntp.h 2015-10-22 15:17:12.632029576 -0400
1427++++ ntp-4.2.6.p5+dfsg/include/ntp.h 2015-10-22 15:17:12.632029576 -0400
1428+@@ -163,10 +163,9 @@
1429+ #define SQUARE(x) ((x) * (x))
1430+ #define SQRT(x) (sqrt(x))
1431+ #define DIFF(x, y) (SQUARE((x) - (y)))
1432+-#define LOGTOD(a) ((a) < 0 ? 1. / (1L << -(a)) : \
1433+- 1L << (int)(a)) /* log2 to double */
1434++#define LOGTOD(a) ldexp(1., (int)(a)) /* log2 to double */
1435+ #define UNIVAR(x) (SQUARE(.28867513 * LOGTOD(x))) /* std uniform distr */
1436+-#define ULOGTOD(a) (1L << (int)(a)) /* ulog2 to double */
1437++#define ULOGTOD(a) ldexp(1., (int)(a)) /* ulog2 to double */
1438+
1439+ #define EVENT_TIMEOUT 0 /* one second, that is */
1440+
1441diff --git a/debian/patches/CVE-2015-5300.patch b/debian/patches/CVE-2015-5300.patch
1442new file mode 100644
1443index 0000000..563a7ee
1444--- /dev/null
1445+++ b/debian/patches/CVE-2015-5300.patch
1446@@ -0,0 +1,16 @@
1447+Description: fix timeshifting by reboot issue
1448+Origin: vendor, http://pkgs.fedoraproject.org/cgit/ntp.git/plain/ntp-4.2.6p5-cve-2015-5300.patch
1449+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5300
1450+
1451+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_loopfilter.c
1452+===================================================================
1453+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_loopfilter.c 2015-10-22 16:10:31.039787300 -0400
1454++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_loopfilter.c 2015-10-22 16:10:31.039787300 -0400
1455+@@ -386,6 +386,7 @@
1456+ report_event(EVNT_CLOCKRESET, NULL, tbuf);
1457+ step_systime(fp_offset);
1458+ reinit_timer();
1459++ allow_panic = FALSE;
1460+ tc_counter = 0;
1461+ clock_jitter = LOGTOD(sys_precision);
1462+ rval = 2;
1463diff --git a/debian/patches/CVE-2015-7691.patch b/debian/patches/CVE-2015-7691.patch
1464new file mode 100644
1465index 0000000..7dbe95b
1466--- /dev/null
1467+++ b/debian/patches/CVE-2015-7691.patch
1468@@ -0,0 +1,225 @@
1469+Description: fix incomplete autokey data packet length checks
1470+Origin: upstream, https://github.com/ntp-project/ntp/commit/c4cd4aaf418f57f7225708a93bf48afb2bc9c1da
1471+Origin: upstream, https://github.com/ntp-project/ntp/commit/c454d5defd5679947ed34b988c85bab6ed9066cf
1472+Bug: http://bugs.ntp.org/show_bug.cgi?id=2899
1473+
1474+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
1475+===================================================================
1476+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2015-10-23 09:06:08.625810791 -0400
1477++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2015-10-23 09:07:35.018715125 -0400
1478+@@ -170,6 +170,7 @@
1479+ static struct pkey_info *crypto_key (char *, char *, sockaddr_u *);
1480+ static void bighash (BIGNUM *, BIGNUM *);
1481+ static struct cert_info *crypto_cert (char *);
1482++static u_int exten_payload_size(const struct exten *);
1483+
1484+ #ifdef SYS_WINNT
1485+ int
1486+@@ -389,7 +390,7 @@
1487+ struct autokey *ap, *bp; /* autokey pointer */
1488+ struct exten *ep, *fp; /* extension pointers */
1489+ struct cert_info *xinfo; /* certificate info pointer */
1490+- int has_mac; /* length of MAC field */
1491++ int macbytes; /* length of MAC field, signed by intention */
1492+ int authlen; /* offset of MAC field */
1493+ associd_t associd; /* association ID */
1494+ tstamp_t tstamp = 0; /* timestamp */
1495+@@ -417,7 +418,11 @@
1496+ */
1497+ authlen = LEN_PKT_NOMAC;
1498+ hismode = (int)PKT_MODE((&rbufp->recv_pkt)->li_vn_mode);
1499+- while ((has_mac = rbufp->recv_length - authlen) > MAX_MAC_LEN) {
1500++ while ((macbytes = rbufp->recv_length - authlen) > (int)MAX_MAC_LEN) {
1501++ /* We can be reasonably sure that we can read at least
1502++ * the opcode and the size field here. More stringent
1503++ * checks follow up shortly.
1504++ */
1505+ pkt = (u_int32 *)&rbufp->recv_pkt + authlen / 4;
1506+ ep = (struct exten *)pkt;
1507+ code = ntohl(ep->opcode) & 0xffff0000;
1508+@@ -441,6 +446,18 @@
1509+ code |= CRYPTO_ERROR;
1510+ }
1511+
1512++ /* Check if the declared size fits into the remaining
1513++ * buffer.
1514++ */
1515++ if (len > macbytes) {
1516++ DPRINTF(1, ("crypto_recv: possible attack detected, associd %d\n",
1517++ associd));
1518++ return XEVNT_LEN;
1519++ }
1520++
1521++ /* Check if the paylod of the extension fits into the
1522++ * declared frame.
1523++ */
1524+ if (len >= VALUE_LEN) {
1525+ tstamp = ntohl(ep->tstamp);
1526+ fstamp = ntohl(ep->fstamp);
1527+@@ -1170,9 +1187,8 @@
1528+ * choice.
1529+ */
1530+ case CRYPTO_CERT | CRYPTO_RESP:
1531+- vallen = ntohl(ep->vallen); /* Must be <64k */
1532+- if (vallen == 0 || vallen > MAXHOSTNAME ||
1533+- len - VALUE_LEN < vallen) {
1534++ vallen = exten_payload_size(ep); /* Must be <64k */
1535++ if (vallen == 0 || vallen >= sizeof(certname) ) {
1536+ rval = XEVNT_LEN;
1537+ break;
1538+
1539+@@ -2134,8 +2150,7 @@
1540+ tstamp_t tstamp; /* NTP timestamp */
1541+ BIGNUM *bn, *bk, *r;
1542+ u_char *ptr;
1543+- u_int len; /* extension field length */
1544+- u_int vallen = 0; /* value length */
1545++ u_int len; /* extension field value length */
1546+
1547+ /*
1548+ * If the IFF parameters are not valid, something awful
1549+@@ -2150,11 +2165,10 @@
1550+ /*
1551+ * Extract r from the challenge.
1552+ */
1553+- vallen = ntohl(ep->vallen);
1554+- len = ntohl(ep->opcode) & 0x0000ffff;
1555+- if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen)
1556+- return XEVNT_LEN;
1557+- if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) {
1558++ len = exten_payload_size(ep);
1559++ if (len == 0 || len > MAX_VALLEN)
1560++ return (XEVNT_LEN);
1561++ if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
1562+ msyslog(LOG_ERR, "crypto_bob: %s",
1563+ ERR_error_string(ERR_get_error(), NULL));
1564+ return (XEVNT_ERR);
1565+@@ -2166,7 +2180,7 @@
1566+ */
1567+ bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
1568+ sdsa = DSA_SIG_new();
1569+- BN_rand(bk, vallen * 8, -1, 1); /* k */
1570++ BN_rand(bk, len * 8, -1, 1); /* k */
1571+ BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
1572+ BN_add(bn, bn, bk);
1573+ BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
1574+@@ -2185,16 +2199,16 @@
1575+ * Encode the values in ASN.1 and sign. The filestamp is from
1576+ * the local file.
1577+ */
1578+- vallen = i2d_DSA_SIG(sdsa, NULL);
1579+- if (vallen == 0) {
1580++ len = i2d_DSA_SIG(sdsa, NULL);
1581++ if (len == 0) {
1582+ msyslog(LOG_ERR, "crypto_bob: %s",
1583+ ERR_error_string(ERR_get_error(), NULL));
1584+ DSA_SIG_free(sdsa);
1585+ return (XEVNT_ERR);
1586+ }
1587+- if (vallen > MAX_VALLEN) {
1588+- msyslog(LOG_ERR, "crypto_bob: signature is too big: %d",
1589+- vallen);
1590++ if (len > MAX_VALLEN) {
1591++ msyslog(LOG_ERR, "crypto_bob: signature is too big: %u",
1592++ len);
1593+ DSA_SIG_free(sdsa);
1594+ return (XEVNT_LEN);
1595+ }
1596+@@ -2202,8 +2216,8 @@
1597+ tstamp = crypto_time();
1598+ vp->tstamp = htonl(tstamp);
1599+ vp->fstamp = htonl(iffkey_info->fstamp);
1600+- vp->vallen = htonl(vallen);
1601+- ptr = emalloc(vallen);
1602++ vp->vallen = htonl(len);
1603++ ptr = emalloc(len);
1604+ vp->ptr = ptr;
1605+ i2d_DSA_SIG(sdsa, &ptr);
1606+ DSA_SIG_free(sdsa);
1607+@@ -2214,9 +2228,11 @@
1608+ vp->sig = emalloc(sign_siglen);
1609+ EVP_SignInit(&ctx, sign_digest);
1610+ EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
1611+- EVP_SignUpdate(&ctx, vp->ptr, vallen);
1612+- if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
1613+- vp->siglen = htonl(sign_siglen);
1614++ EVP_SignUpdate(&ctx, vp->ptr, len);
1615++ if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
1616++ INSIST(len <= sign_siglen);
1617++ vp->siglen = htonl(len);
1618++ }
1619+ return (XEVNT_OK);
1620+ }
1621+
1622+@@ -2462,7 +2478,9 @@
1623+ /*
1624+ * Extract r from the challenge.
1625+ */
1626+- len = ntohl(ep->vallen);
1627++ len = exten_payload_size(ep);
1628++ if (len == 0 || len > MAX_VALLEN)
1629++ return (XEVNT_LEN);
1630+ if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
1631+ msyslog(LOG_ERR, "crypto_bob2: %s",
1632+ ERR_error_string(ERR_get_error(), NULL));
1633+@@ -2787,7 +2805,9 @@
1634+ /*
1635+ * Extract r from the challenge.
1636+ */
1637+- len = ntohl(ep->vallen);
1638++ len = exten_payload_size(ep);
1639++ if (len == 0 || len > MAX_VALLEN)
1640++ return (XEVNT_LEN);
1641+ if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
1642+ msyslog(LOG_ERR, "crypto_bob3: %s",
1643+ ERR_error_string(ERR_get_error(), NULL));
1644+@@ -3002,8 +3022,11 @@
1645+ if (tstamp == 0)
1646+ return (XEVNT_TSP);
1647+
1648++ len = exten_payload_size(ep);
1649++ if (len == 0 || len > MAX_VALLEN)
1650++ return (XEVNT_LEN);
1651+ ptr = (u_char *)ep->pkt;
1652+- if ((req = d2i_X509(NULL, &ptr, ntohl(ep->vallen))) == NULL) {
1653++ if ((req = d2i_X509(NULL, &ptr, len)) == NULL) {
1654+ msyslog(LOG_ERR, "cert_sign: %s",
1655+ ERR_error_string(ERR_get_error(), NULL));
1656+ return (XEVNT_CRT);
1657+@@ -3968,6 +3991,36 @@
1658+ break;
1659+ }
1660+ }
1661++
1662++/*
1663++ * Get the payload size (internal value length) of an extension packet.
1664++ * If the inner value size does not match the outer packet size (that
1665++ * is, the value would end behind the frame given by the opcode/size
1666++ * field) the function will effectively return UINT_MAX. If the frame is
1667++ * too short to hold a variable-sized value, the return value is zero.
1668++ */
1669++static u_int
1670++exten_payload_size(
1671++ const struct exten * ep)
1672++{
1673++ typedef const u_char *BPTR;
1674++
1675++ size_t extn_size;
1676++ size_t data_size;
1677++ size_t head_size;
1678++
1679++ data_size = 0;
1680++ if (NULL != ep) {
1681++ head_size = (BPTR)(&ep->vallen + 1) - (BPTR)ep;
1682++ extn_size = (uint16_t)(ntohl(ep->opcode) & 0x0000ffff);
1683++ if (extn_size >= head_size) {
1684++ data_size = (uint32_t)ntohl(ep->vallen);
1685++ if (data_size > extn_size - head_size)
1686++ data_size = ~(size_t)0u;
1687++ }
1688++ }
1689++ return (u_int)data_size;
1690++}
1691+ # else
1692+ int ntp_crypto_bs_pubkey;
1693+ # endif /* OPENSSL */
1694diff --git a/debian/patches/CVE-2015-7701.patch b/debian/patches/CVE-2015-7701.patch
1695new file mode 100644
1696index 0000000..d04cb2c
1697--- /dev/null
1698+++ b/debian/patches/CVE-2015-7701.patch
1699@@ -0,0 +1,23 @@
1700+From d7cd5e186034340402f1393e0813c7d2b14ea6ca Mon Sep 17 00:00:00 2001
1701+From: <jnperlin@hydra.localnet>
1702+Date: Mon, 28 Sep 2015 18:22:06 +0200
1703+Subject: [PATCH] [Bug 2909] - Slow memory leak in CRYPTO_ASSOC - added
1704+ missing call to 'free()' in ntp_crypto.c.
1705+
1706+---
1707+ ChangeLog | 1 +
1708+ ntpd/ntp_crypto.c | 1 +
1709+ 2 files changed, 2 insertions(+)
1710+
1711+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
1712+===================================================================
1713+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2015-10-22 15:25:26.448658993 -0400
1714++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2015-10-22 15:25:26.448658993 -0400
1715+@@ -500,6 +500,7 @@
1716+ rval = XEVNT_ERR;
1717+ break;
1718+ }
1719++ free(peer->cmmd); /* will be set again! */
1720+ }
1721+ fp = emalloc(len);
1722+ memcpy(fp, ep, len);
1723diff --git a/debian/patches/CVE-2015-7704.patch b/debian/patches/CVE-2015-7704.patch
1724new file mode 100644
1725index 0000000..351c7da
1726--- /dev/null
1727+++ b/debian/patches/CVE-2015-7704.patch
1728@@ -0,0 +1,19 @@
1729+Description: fix denial of service by spoofed KoD
1730+Author: Miroslav Lichvar <mlichvar@redhat.com>
1731+Origin: other, http://lists.ntp.org/pipermail/pool/2015-October/007631.html
1732+Bug: http://bugs.ntp.org/show_bug.cgi?id=2901
1733+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7704
1734+
1735+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
1736+===================================================================
1737+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-10-22 15:55:30.498577692 -0400
1738++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-10-22 15:57:47.587982624 -0400
1739+@@ -1166,7 +1166,7 @@
1740+ peer->ppoll = max(peer->minpoll, pkt->ppoll);
1741+ if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
1742+ hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
1743+- "RATE", 4) == 0) {
1744++ "RATE", 4) == 0 && !(peer->flash & PKT_TEST_MASK)) {
1745+ peer->selbroken++;
1746+ report_event(PEVNT_RATE, peer, NULL);
1747+ if (pkt->ppoll > peer->minpoll)
1748diff --git a/debian/patches/CVE-2015-7850.patch b/debian/patches/CVE-2015-7850.patch
1749new file mode 100644
1750index 0000000..e7d9491
1751--- /dev/null
1752+++ b/debian/patches/CVE-2015-7850.patch
1753@@ -0,0 +1,235 @@
1754+backport of:
1755+
1756+From bb928ef08eec020ef6008f3a140702ccc0536b8e Mon Sep 17 00:00:00 2001
1757+From: <jnperlin@hydra.localnet>
1758+Date: Sat, 3 Oct 2015 09:08:20 +0200
1759+Subject: [PATCH] [TALOS-CAN-0055] Infinite loop if extended logging enabled
1760+ and the logfile and keyfile are the same
1761+
1762+---
1763+ ChangeLog | 2 ++
1764+ include/ntp_stdlib.h | 1 +
1765+ include/ntp_syslog.h | 1 +
1766+ libntp/authreadkeys.c | 89 ++++++++++++++++++++++++++++++++++++++++-----------
1767+ libntp/msyslog.c | 12 +++++++
1768+ 5 files changed, 87 insertions(+), 18 deletions(-)
1769+
1770+Index: ntp-4.2.6.p5+dfsg/include/ntp_stdlib.h
1771+===================================================================
1772+--- ntp-4.2.6.p5+dfsg.orig/include/ntp_stdlib.h 2015-10-23 08:30:31.515986332 -0400
1773++++ ntp-4.2.6.p5+dfsg/include/ntp_stdlib.h 2015-10-23 08:30:31.511986291 -0400
1774+@@ -46,7 +46,8 @@
1775+ __attribute__((__format__(__printf__, 3, 4)));
1776+ extern void msyslog(int, const char *, ...)
1777+ __attribute__((__format__(__printf__, 2, 3)));
1778+-
1779++extern void mvsyslog(int, const char *, va_list)
1780++ __attribute__((__format__(__printf__, 2, 0)));
1781+ /*
1782+ * When building without OpenSSL, use a few macros of theirs to
1783+ * minimize source differences in NTP.
1784+Index: ntp-4.2.6.p5+dfsg/include/ntp_syslog.h
1785+===================================================================
1786+--- ntp-4.2.6.p5+dfsg.orig/include/ntp_syslog.h 2015-10-23 08:30:31.515986332 -0400
1787++++ ntp-4.2.6.p5+dfsg/include/ntp_syslog.h 2015-10-23 08:30:31.511986291 -0400
1788+@@ -9,6 +9,7 @@
1789+
1790+ # ifdef VMS
1791+ extern void msyslog();
1792++extern void mvsyslog();
1793+ # else
1794+ # ifndef SYS_VXWORKS
1795+ # include <syslog.h>
1796+Index: ntp-4.2.6.p5+dfsg/libntp/authreadkeys.c
1797+===================================================================
1798+--- ntp-4.2.6.p5+dfsg.orig/libntp/authreadkeys.c 2015-10-23 08:30:31.515986332 -0400
1799++++ ntp-4.2.6.p5+dfsg/libntp/authreadkeys.c 2015-10-23 08:32:05.104935695 -0400
1800+@@ -61,6 +61,40 @@
1801+ }
1802+
1803+
1804++/* TALOS-CAN-0055: possibly DoS attack by setting the key file to the
1805++ * log file. This is hard to prevent (it would need to check two files
1806++ * to be the same on the inode level, which will not work so easily with
1807++ * Windows or VMS) but we can avoid the self-amplification loop: We only
1808++ * log the first 5 errors, silently ignore the next 10 errors, and give
1809++ * up when when we have found more than 15 errors.
1810++ *
1811++ * This avoids the endless file iteration we will end up with otherwise,
1812++ * and also avoids overflowing the log file.
1813++ *
1814++ * Nevertheless, once this happens, the keys are gone since this would
1815++ * require a save/swap strategy that is not easy to apply due to the
1816++ * data on global/static level.
1817++ */
1818++
1819++static const size_t nerr_loglimit = 5u;
1820++static const size_t nerr_maxlimit = 15;
1821++
1822++static void log_maybe(size_t*, const char*, ...) __attribute__((__format__(__printf__, 2, 3)));
1823++
1824++static void
1825++log_maybe(
1826++ size_t *pnerr,
1827++ const char *fmt ,
1828++ ...)
1829++{
1830++ va_list ap;
1831++ if (++(*pnerr) <= nerr_loglimit) {
1832++ va_start(ap, fmt);
1833++ mvsyslog(LOG_ERR, fmt, ap);
1834++ va_end(ap);
1835++ }
1836++}
1837++
1838+ /*
1839+ * authreadkeys - (re)read keys from a file.
1840+ */
1841+@@ -78,7 +112,7 @@
1842+ u_char keystr[20];
1843+ int len;
1844+ int j;
1845+-
1846++ size_t nerr;
1847+ /*
1848+ * Open file. Complain and return if it can't be opened.
1849+ */
1850+@@ -98,7 +132,10 @@
1851+ /*
1852+ * Now read lines from the file, looking for key entries
1853+ */
1854++ nerr = 0;
1855+ while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
1856++ if (nerr > nerr_maxlimit)
1857++ break;
1858+ token = nexttok(&line);
1859+ if (token == NULL)
1860+ continue;
1861+@@ -108,15 +145,16 @@
1862+ */
1863+ keyno = atoi(token);
1864+ if (keyno == 0) {
1865+- msyslog(LOG_ERR,
1866+- "authreadkeys: cannot change key %s", token);
1867++ log_maybe(&nerr,
1868++ "authreadkeys: cannot change key %s",
1869++ token);
1870+ continue;
1871+ }
1872+
1873+ if (keyno > NTP_MAXKEY) {
1874+- msyslog(LOG_ERR,
1875+- "authreadkeys: key %s > %d reserved for Autokey",
1876+- token, NTP_MAXKEY);
1877++ log_maybe(&nerr,
1878++ "authreadkeys: key %s > %d reserved for Autokey",
1879++ token, NTP_MAXKEY);
1880+ continue;
1881+ }
1882+
1883+@@ -125,8 +163,9 @@
1884+ */
1885+ token = nexttok(&line);
1886+ if (token == NULL) {
1887+- msyslog(LOG_ERR,
1888+- "authreadkeys: no key type for key %d", keyno);
1889++ log_maybe(&nerr,
1890++ "authreadkeys: no key type for key %d",
1891++ keyno);
1892+ continue;
1893+ }
1894+ #ifdef OPENSSL
1895+@@ -138,13 +177,15 @@
1896+ */
1897+ keytype = keytype_from_text(token, NULL);
1898+ if (keytype == 0) {
1899+- msyslog(LOG_ERR,
1900+- "authreadkeys: invalid type for key %d", keyno);
1901++ log_maybe(&nerr,
1902++ "authreadkeys: invalid type for key %d",
1903++ keyno);
1904+ continue;
1905+ }
1906+ if (EVP_get_digestbynid(keytype) == NULL) {
1907+- msyslog(LOG_ERR,
1908+- "authreadkeys: no algorithm for key %d", keyno);
1909++ log_maybe(&nerr,
1910++ "authreadkeys: no algorithm for key %d",
1911++ keyno);
1912+ continue;
1913+ }
1914+ #else /* OPENSSL */
1915+@@ -154,8 +195,9 @@
1916+ * 'm' for compatibility.
1917+ */
1918+ if (!(*token == 'M' || *token == 'm')) {
1919+- msyslog(LOG_ERR,
1920+- "authreadkeys: invalid type for key %d", keyno);
1921++ log_maybe(&nerr,
1922++ "authreadkeys: invalid type for key %d",
1923++ keyno);
1924+ continue;
1925+ }
1926+ keytype = KEY_TYPE_MD5;
1927+@@ -169,8 +211,8 @@
1928+ */
1929+ token = nexttok(&line);
1930+ if (token == NULL) {
1931+- msyslog(LOG_ERR,
1932+- "authreadkeys: no key for key %d", keyno);
1933++ log_maybe(&nerr,
1934++ "authreadkeys: no key for key %d", keyno);
1935+ continue;
1936+ }
1937+ len = strlen(token);
1938+@@ -186,8 +228,9 @@
1939+ for (j = 0; j < jlim; j++) {
1940+ ptr = strchr(hex, tolower(token[j]));
1941+ if (ptr == NULL) {
1942+- msyslog(LOG_ERR,
1943+- "authreadkeys: invalid hex digit for key %d", keyno);
1944++ log_maybe(&nerr,
1945++ "authreadkeys: invalid hex digit for key %d",
1946++ keyno);
1947+ continue;
1948+ }
1949+ temp = (u_char)(ptr - hex);
1950+@@ -200,5 +243,15 @@
1951+ }
1952+ }
1953+ fclose(fp);
1954++ if (nerr > nerr_maxlimit) {
1955++ msyslog(LOG_ERR,
1956++ "authreadkeys: emergency break after %u errors",
1957++ nerr);
1958++ return (0);
1959++ } else if (nerr > nerr_loglimit) {
1960++ msyslog(LOG_ERR,
1961++ "authreadkeys: found %u more error(s)",
1962++ nerr - nerr_loglimit);
1963++ }
1964+ return (1);
1965+ }
1966+Index: ntp-4.2.6.p5+dfsg/libntp/msyslog.c
1967+===================================================================
1968+--- ntp-4.2.6.p5+dfsg.orig/libntp/msyslog.c 2015-10-23 08:30:31.515986332 -0400
1969++++ ntp-4.2.6.p5+dfsg/libntp/msyslog.c 2015-10-23 08:30:31.511986291 -0400
1970+@@ -271,6 +271,18 @@
1971+ return rc;
1972+ }
1973+
1974++void
1975++mvsyslog(
1976++ int level,
1977++ const char * fmt,
1978++ va_list ap
1979++ )
1980++{
1981++ char buf[1024];
1982++ mvsnprintf(buf, sizeof(buf), fmt, ap);
1983++ addto_syslog(level, buf);
1984++}
1985++
1986+
1987+ void
1988+ msyslog(
1989diff --git a/debian/patches/CVE-2015-7852.patch b/debian/patches/CVE-2015-7852.patch
1990new file mode 100644
1991index 0000000..33cc916
1992--- /dev/null
1993+++ b/debian/patches/CVE-2015-7852.patch
1994@@ -0,0 +1,35 @@
1995+Backport of:
1996+
1997+From 07a5b8141e354a998a52994c3c9cd547927e56ce Mon Sep 17 00:00:00 2001
1998+From: <jnperlin@hydra.localnet>
1999+Date: Wed, 30 Sep 2015 20:15:13 +0200
2000+Subject: [PATCH] [TALOS-CAN-0063] avoid buffer overrun in ntpq
2001+
2002+---
2003+ ChangeLog | 1 +
2004+ ntpq/ntpq.c | 7 ++++++-
2005+ 2 files changed, 7 insertions(+), 1 deletion(-)
2006+
2007+Index: ntp-4.2.6.p5+dfsg/ntpq/ntpq.c
2008+===================================================================
2009+--- ntp-4.2.6.p5+dfsg.orig/ntpq/ntpq.c 2015-10-22 16:25:23.504874749 -0400
2010++++ ntp-4.2.6.p5+dfsg/ntpq/ntpq.c 2015-10-22 16:27:01.905821489 -0400
2011+@@ -3448,12 +3448,17 @@
2012+ char bv[401];
2013+ int len;
2014+
2015++ /* TALOS-CAN-0063: avoid buffer overrun */
2016+ atoascii(name, MAXVARLEN, bn, sizeof(bn));
2017+- atoascii(value, MAXVARLEN, bv, sizeof(bv));
2018+ if (output_raw != '*') {
2019++ atoascii(value, MAXVALLEN,
2020++ bv, sizeof(bv) - 1);
2021+ len = strlen(bv);
2022+ bv[len] = output_raw;
2023+ bv[len+1] = '\0';
2024++ } else {
2025++ atoascii(value, MAXVALLEN,
2026++ bv, sizeof(bv));
2027+ }
2028+ output(fp, bn, bv);
2029+ }
2030diff --git a/debian/patches/CVE-2015-7853.patch b/debian/patches/CVE-2015-7853.patch
2031new file mode 100644
2032index 0000000..f6a1202
2033--- /dev/null
2034+++ b/debian/patches/CVE-2015-7853.patch
2035@@ -0,0 +1,46 @@
2036+Backport of:
2037+
2038+From 8482b536f9494a5d45196ab5b7e13040f5940261 Mon Sep 17 00:00:00 2001
2039+From: <jnperlin@hydra.localnet>
2040+Date: Wed, 30 Sep 2015 21:55:09 +0200
2041+Subject: [PATCH] [TALOS-CAN-0064] signed/unsiged clash could lead to buffer
2042+ overun
2043+
2044+---
2045+ ChangeLog | 2 ++
2046+ ntpd/ntp_io.c | 15 +++++++++------
2047+ 2 files changed, 11 insertions(+), 6 deletions(-)
2048+
2049+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
2050+===================================================================
2051+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_io.c 2015-10-22 16:27:40.686182025 -0400
2052++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c 2015-10-22 16:32:28.776865553 -0400
2053+@@ -3255,7 +3255,7 @@
2054+ static inline int
2055+ read_refclock_packet(SOCKET fd, struct refclockio *rp, l_fp ts)
2056+ {
2057+- int i;
2058++ u_int read_count;
2059+ int buflen;
2060+ register struct recvbuf *rb;
2061+
2062+@@ -3272,11 +3272,14 @@
2063+ return (buflen);
2064+ }
2065+
2066+- i = (rp->datalen == 0
2067+- || rp->datalen > sizeof(rb->recv_space))
2068+- ? sizeof(rb->recv_space)
2069+- : rp->datalen;
2070+- buflen = read(fd, (char *)&rb->recv_space, (unsigned)i);
2071++ /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
2072++ * to buffer overrun and memory corruption
2073++ */
2074++ if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space))
2075++ read_count = sizeof(rb->recv_space);
2076++ else
2077++ read_count = (u_int)rp->datalen;
2078++ buflen = read(fd, (char *)&rb->recv_space, read_count);
2079+
2080+ if (buflen < 0) {
2081+ if (errno != EINTR && errno != EAGAIN)
2082diff --git a/debian/patches/CVE-2015-7855.patch b/debian/patches/CVE-2015-7855.patch
2083new file mode 100644
2084index 0000000..91a44e3
2085--- /dev/null
2086+++ b/debian/patches/CVE-2015-7855.patch
2087@@ -0,0 +1,29 @@
2088+Backport of:
2089+
2090+From ba716a464ecb20618560075f2e4e1051e5b6f24f Mon Sep 17 00:00:00 2001
2091+From: <stenn@psp-deb1.ntp.org>
2092+Date: Tue, 6 Oct 2015 08:51:27 +0000
2093+Subject: [PATCH] [Sec 2922] decodenetnum() will ASSERT botch instead of
2094+ returning FAIL on some bogus values. Harlan Stenn.
2095+
2096+---
2097+ ChangeLog | 2 ++
2098+ libntp/decodenetnum.c | 5 ++++-
2099+ 2 files changed, 6 insertions(+), 1 deletion(-)
2100+
2101+Index: ntp-4.2.6.p5+dfsg/libntp/decodenetnum.c
2102+===================================================================
2103+--- ntp-4.2.6.p5+dfsg.orig/libntp/decodenetnum.c 2015-10-22 16:33:46.801593867 -0400
2104++++ ntp-4.2.6.p5+dfsg/libntp/decodenetnum.c 2015-10-22 16:34:20.921912557 -0400
2105+@@ -36,7 +36,10 @@
2106+ char name[80];
2107+
2108+ NTP_REQUIRE(num != NULL);
2109+- NTP_REQUIRE(strlen(num) < sizeof(name));
2110++
2111++ if (strlen(num) >= sizeof(name)) {
2112++ return 0;
2113++ }
2114+
2115+ port_str = NULL;
2116+ if ('[' != num[0]) {
2117diff --git a/debian/patches/CVE-2015-7871.patch b/debian/patches/CVE-2015-7871.patch
2118new file mode 100644
2119index 0000000..249882b
2120--- /dev/null
2121+++ b/debian/patches/CVE-2015-7871.patch
2122@@ -0,0 +1,40 @@
2123+From aa44b5835d69d8ee031736bb8ee2730a514edb7d Mon Sep 17 00:00:00 2001
2124+From: <jnperlin@hydra.localnet>
2125+Date: Sun, 11 Oct 2015 08:10:20 +0200
2126+Subject: [PATCH] [Bug 2941] NAK to the Future: Symmetric association
2127+ authentication bypass via crypto-NAK
2128+
2129+---
2130+ ChangeLog | 3 +++
2131+ ntpd/ntp_proto.c | 18 ++++++++++++++++++
2132+ 2 files changed, 21 insertions(+)
2133+
2134+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
2135+===================================================================
2136+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-10-22 16:35:02.202298283 -0400
2137++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-10-22 16:37:51.971886405 -0400
2138+@@ -957,6 +957,24 @@
2139+ sys_restricted++;
2140+ return;
2141+ }
2142++ /* [Bug 2941]
2143++ * If we got here, the packet isn't part of an
2144++ * existing association, it isn't correctly
2145++ * authenticated, and it didn't meet either of
2146++ * the previous two special cases so we should
2147++ * just drop it on the floor. For example,
2148++ * crypto-NAKs (is_authentic == AUTH_CRYPTO)
2149++ * will make it this far. This is just
2150++ * debug-printed and not logged to avoid log
2151++ * flooding.
2152++ */
2153++ DPRINTF(1, ("receive: at %ld refusing to mobilize passive association"
2154++ " with unknown peer %s mode %d keyid %08x len %d auth %d\n",
2155++ current_time, stoa(&rbufp->recv_srcadr),
2156++ hismode, skeyid, (authlen + has_mac),
2157++ is_authentic));
2158++ sys_declined++;
2159++ return;
2160+ }
2161+
2162+ /*
2163diff --git a/debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch b/debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
2164new file mode 100644
2165index 0000000..3d1ec56
2166--- /dev/null
2167+++ b/debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
2168@@ -0,0 +1,32 @@
2169+Description: [Bug 2890] Ignore ENOBUFS on routing netlink socket.
2170+
2171+Recv from netlink socket can return ENOBUFS if kernel failed to allocate buffer
2172+for broadcast message. This happens from time-time on high-loaded systems with
2173+a lot of interface and huge routing tables.
2174+
2175+Bug : http://bugs.ntp.org/show_bug.cgi?id=2890
2176+Author: <stenn@psp-at1.ntp.org>
2177+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
2178+===================================================================
2179+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_io.c
2180++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
2181+@@ -4433,10 +4433,15 @@ process_routing_msgs(struct asyncio_read
2182+ cnt = read(reader->fd, buffer, sizeof(buffer));
2183+
2184+ if (cnt < 0) {
2185+- msyslog(LOG_ERR,
2186+- "i/o error on routing socket %m - disabling");
2187+- remove_asyncio_reader(reader);
2188+- delete_asyncio_reader(reader);
2189++ if (errno == ENOBUFS) {
2190++ msyslog(LOG_ERR,
2191++ "routing socket reports: %m");
2192++ } else {
2193++ msyslog(LOG_ERR,
2194++ "routing socket reports: %m - disabling");
2195++ remove_asyncio_reader(reader);
2196++ delete_asyncio_reader(reader);
2197++ }
2198+ return;
2199+ }
2200+
2201diff --git a/debian/patches/ntp-keygen-endless-loop.patch b/debian/patches/ntp-keygen-endless-loop.patch
2202new file mode 100644
2203index 0000000..f0e387c
2204--- /dev/null
2205+++ b/debian/patches/ntp-keygen-endless-loop.patch
2206@@ -0,0 +1,38 @@
2207+Description: fix ntp-keygen infinite loop or lack of randonmess on big
2208+ endian platforms
2209+Origin: backport, http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
2210+Bug: https://bugs.ntp.org/show_bug.cgi?id=2797
2211+
2212+Index: ntp-4.2.6.p5+dfsg/util/ntp-keygen.c
2213+===================================================================
2214+--- ntp-4.2.6.p5+dfsg.orig/util/ntp-keygen.c 2015-04-13 08:58:49.317778349 -0400
2215++++ ntp-4.2.6.p5+dfsg/util/ntp-keygen.c 2015-04-13 08:58:49.317778349 -0400
2216+@@ -726,24 +726,24 @@
2217+ ntp_srandom((u_long)epoch);
2218+ for (i = 1; i <= MD5KEYS; i++) {
2219+ for (j = 0; j < MD5SIZE; j++) {
2220+- int temp;
2221++ u_char temp;
2222+
2223+ while (1) {
2224+ int rc;
2225+
2226+- rc = ntp_crypto_random_buf(&temp, 1);
2227++ rc = ntp_crypto_random_buf(
2228++ &temp, sizeof(temp));
2229+ if (-1 == rc) {
2230+ fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
2231+ exit (-1);
2232+ }
2233+- temp &= 0xff;
2234+ if (temp == '#')
2235+ continue;
2236+
2237+ if (temp > 0x20 && temp < 0x7f)
2238+ break;
2239+ }
2240+- md5key[j] = (u_char)temp;
2241++ md5key[j] = temp;
2242+ }
2243+ md5key[j] = '\0';
2244+ fprintf(str, "%2d MD5 %s # MD5 key\n", i,
2245diff --git a/debian/patches/series b/debian/patches/series
2246index c2ec25e..a1ccd71 100644
2247--- a/debian/patches/series
2248+++ b/debian/patches/series
2249@@ -10,3 +10,28 @@ format-security.patch
2250 sntp-manpage.patch
2251 openssl-headers.patch
2252 autotools.patch
2253+CVE-2014-9293.patch
2254+CVE-2014-9294.patch
2255+CVE-2014-9295.patch
2256+CVE-2014-9296.patch
2257+CVE-2014-9297.patch
2258+CVE-2014-9298.patch
2259+CVE-2015-1798.patch
2260+CVE-2015-1799.patch
2261+ntp-keygen-endless-loop.patch
2262+use-after-free-in-routing-socket.patch
2263+ignore-ENOBUFS-on-routing-netlink-socket.patch
2264+CVE-2015-5146.patch
2265+CVE-2015-5194.patch
2266+CVE-2015-5195.patch
2267+CVE-2015-5219.patch
2268+CVE-2015-5300.patch
2269+CVE-2015-7691.patch
2270+CVE-2015-7701.patch
2271+CVE-2015-5196.patch
2272+CVE-2015-7704.patch
2273+CVE-2015-7850.patch
2274+CVE-2015-7852.patch
2275+CVE-2015-7853.patch
2276+CVE-2015-7855.patch
2277+CVE-2015-7871.patch
2278diff --git a/debian/patches/use-after-free-in-routing-socket.patch b/debian/patches/use-after-free-in-routing-socket.patch
2279new file mode 100644
2280index 0000000..e7c8dec
2281--- /dev/null
2282+++ b/debian/patches/use-after-free-in-routing-socket.patch
2283@@ -0,0 +1,33 @@
2284+Description: Fix use-after-free in routing socket code.
2285+Origin: backport, https://bugs.ntp.org/attachment.cgi?id=883
2286+Bug: http://bugs.ntp.org/2224
2287+Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
2288+===================================================================
2289+--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_io.c
2290++++ ntp-4.2.6.p5+dfsg/ntpd/ntp_io.c
2291+@@ -3534,7 +3534,8 @@ input_handler(
2292+ int select_count = 0;
2293+ endpt *ep;
2294+ #if defined(HAS_ROUTING_SOCKET)
2295+- struct asyncio_reader *asyncio_reader;
2296++ struct asyncio_reader * asyncio_reader;
2297++ struct asyncio_reader * next_asyncio_reader;
2298+ #endif
2299+
2300+ handler_calls++;
2301+@@ -3637,11 +3638,13 @@ input_handler(
2302+ asyncio_reader = asyncio_reader_list;
2303+
2304+ while (asyncio_reader != NULL) {
2305++ /* callback may unlink and free asyncio_reader */
2306++ next_asyncio_reader = asyncio_reader->link;
2307+ if (FD_ISSET(asyncio_reader->fd, &fds)) {
2308+ ++select_count;
2309+- (asyncio_reader->receiver)(asyncio_reader);
2310++ (*asyncio_reader->receiver)(asyncio_reader);
2311+ }
2312+- asyncio_reader = asyncio_reader->link;
2313++ asyncio_reader = next_asyncio_reader;
2314+ }
2315+ #endif /* HAS_ROUTING_SOCKET */
2316+
2317diff --git a/debian/rules b/debian/rules
2318index 6effbda..0a1733d 100755
2319--- a/debian/rules
2320+++ b/debian/rules
2321@@ -1,11 +1,15 @@
2322 #!/usr/bin/make -f
2323
2324+export DEB_BUILD_HARDENING=1
2325+
2326 # hacks to avoid running these things during the build
2327 export ACLOCAL = : aclocal
2328 export AUTOCONF = : autoconf
2329 export AUTOMAKE = : automake
2330 export AUTOHEADER = : autoheader
2331
2332+genfiles:=ntpd/ntp_parser.c ntpd/ntp_parser.h
2333+
2334 DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
2335
2336 CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) -D_GNU_SOURCE
2337@@ -19,10 +23,14 @@ ifeq (hurd, $(DEB_HOST_ARCH_OS))
2338 exit 1
2339 endif
2340 cp /usr/share/misc/config.guess /usr/share/misc/config.sub .
2341+ cp /usr/share/misc/config.guess /usr/share/misc/config.sub sntp/.
2342+ # backup autogenerated files
2343+ for f in $(genfiles); do mv -f $$f $$f.backup; done
2344+
2345 ./configure CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' \
2346 --prefix=/usr \
2347 --enable-all-clocks --enable-parse-clocks --enable-SHM \
2348- --disable-debugging --sysconfdir=/var/lib/ntp \
2349+ --enable-debugging --sysconfdir=/var/lib/ntp \
2350 --with-sntp=no \
2351 --with-lineeditlibs=edit \
2352 --without-ntpsnmpd \
2353@@ -45,6 +53,10 @@ clean:
2354 rm -f build-stamp
2355 [ ! -f Makefile ] || $(MAKE) -k distclean
2356 rm -f config.guess config.sub
2357+ # restore autogenerated files
2358+ for f in $(genfiles); do \
2359+ [ ! -e $$f.backup ] || ( rm -rf $$f; mv $$f.backup $$f ) ; \
2360+ done
2361 dh_clean
2362
2363 install: build-stamp
2364@@ -73,6 +85,14 @@ install: build-stamp
2365 # remove upstream man pages, which are currently not as nice as ours / ntpsnmpd we don't want
2366 rm $(addprefix debian/ntp/usr/share/man/man1/,ntpd.1 ntpdc.1 ntp-keygen.1 ntpq.1 ntpsnmpd.1)
2367
2368+ # install apparmor profile
2369+ install -D -m 0644 debian/apparmor-profile debian/ntp/etc/apparmor.d/usr.sbin.ntpd
2370+ install -D -m 0644 debian/apparmor-profile.tunable debian/ntp/etc/apparmor.d/tunables/ntpd
2371+ dh_link -pntp etc/apparmor.d/usr.sbin.ntpd etc/apparmor/init/network-interface-security/usr.sbin.ntpd
2372+
2373+ # install apport hook
2374+ install -D -m 644 debian/source_ntp.py debian/ntp/usr/share/apport/package-hooks/source_ntp.py
2375+
2376 dh_movefiles --sourcedir=debian/ntp
2377
2378 binary-indep: build install
2379@@ -100,7 +120,8 @@ binary-arch: build install
2380 dh_installdocs -a
2381 dh_installexamples -a
2382 dh_installman -a
2383- dh_installinit -pntp --update-rcd-params="start 23 2 3 4 5 ." --error-handler=installinit_error
2384+ dh_apparmor -pntp --profile-name=usr.sbin.ntpd
2385+ dh_installinit -pntp --update-rcd-params="start 23 2 3 4 5 . stop 77 1 ." --error-handler=installinit_error
2386 dh_installinit -pntpdate
2387 dh_installcron -a
2388 dh_installlogcheck -a
2389diff --git a/debian/source_ntp.py b/debian/source_ntp.py
2390new file mode 100644
2391index 0000000..3debc68
2392--- /dev/null
2393+++ b/debian/source_ntp.py
2394@@ -0,0 +1,22 @@
2395+'''apport package hook for ntp
2396+
2397+(c) 2010-2011 Canonical Ltd.
2398+Author: Chuck Short <zulcss@ubuntu.com>
2399+'''
2400+
2401+from apport.hookutils import *
2402+from os import path
2403+import re
2404+
2405+def add_info(report):
2406+ attach_conffiles(report, 'ntp')
2407+
2408+ # get apparmor stuff
2409+ attach_mac_events(report, '/usr/sbin/ntpd')
2410+ attach_file(report, '/etc/apparmor.d/usr.sbin.ntpd')
2411+
2412+ # get syslog stuff
2413+ recent_syslog(re.compile(r'ntpd\['))
2414+
2415+ # Get debug information
2416+ report['NtpStatus'] = command_output(['ntpq', '-p'])

Subscribers

People subscribed via source and target branches