Merge ~kick-d/ubuntu/+source/ntp:logical/4.2.8p4+dfsg-3-ntpdate.if-up into ~ubuntu-server-dev/ubuntu/+source/ntp:debian/sid
- Git
- lp:~kick-d/ubuntu/+source/ntp
- logical/4.2.8p4+dfsg-3-ntpdate.if-up
- Merge into debian/sid
Proposed by
Kick In
| Status: | Merged |
|---|---|
| Merge reported by: | Robie Basak |
| Merged at revision: | not available |
| Proposed branch: | ~kick-d/ubuntu/+source/ntp:logical/4.2.8p4+dfsg-3-ntpdate.if-up |
| Merge into: | ~ubuntu-server-dev/ubuntu/+source/ntp:debian/sid |
| Diff against target: |
1561 lines (+1171/-70) 14 files modified
debian/README.Debian (+22/-7) debian/apparmor-profile (+81/-0) debian/apparmor-profile.tunable (+15/-0) debian/changelog (+963/-39) debian/control (+6/-3) debian/ntp.conf (+19/-10) debian/ntp.cron.daily (+16/-6) debian/ntp.dhcp (+1/-1) debian/ntp.dirs (+3/-0) debian/ntp.init (+2/-2) debian/ntpdate.default (+1/-1) debian/ntpdate.if-up (+10/-0) debian/rules (+10/-1) debian/source_ntp.py (+22/-0) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Robie Basak | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
| Robie Basak (racb) wrote : | # |
Revision history for this message
| Robie Basak (racb) wrote : | # |
I made some tweaks to the changelog (I'll push the git tree to ~ubuntu-server-dev shortly with the breakdown) and uploaded. Thanks Pierre - this was a particularly complex merge and you handled it well.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | diff --git a/debian/README.Debian b/debian/README.Debian |
| 2 | index 09ffdc2..158fa9b 100644 |
| 3 | --- a/debian/README.Debian |
| 4 | +++ b/debian/README.Debian |
| 5 | @@ -111,10 +111,25 @@ of these keys has not yet been tested; please report success or |
| 6 | failure in using them to the maintainer. |
| 7 | |
| 8 | |
| 9 | -PPSkit |
| 10 | ------- |
| 11 | - |
| 12 | -If you're serious about building a high-quality stratum 1 timekeeper, |
| 13 | -please take a look at Ulrich Windl's PPSkit patchset for the Linux |
| 14 | -kernel, available from the kernel.org mirror network in |
| 15 | -pub/linux/daemons/ntp. |
| 16 | +PPS |
| 17 | +--- |
| 18 | + |
| 19 | +This build of ntp has been pps enabled. You can use a pps reference clock, |
| 20 | +the default discipline is ntpd pps. On Xenial you have core_pps kernel driver |
| 21 | +compiled as a module per default. To achieve better accuracy, you may need to |
| 22 | +rebuild your kernel with CONFIG_NTP_PPS, which need CONFIG_NO_HZ=n to be |
| 23 | +set, you may also add CONFIG_RCU_FAST_NO_HZ. |
| 24 | +You can find more information there: |
| 25 | +-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691672#41 |
| 26 | +-http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#S-CONFIG-ADV-PPS |
| 27 | +-http://www.ntp.org/ntpfaq/NTP-s-algo-kernel.htm#Q-ALGO-KERNEL-HARDPPS |
| 28 | + |
| 29 | + |
| 30 | +Apparmor Profile |
| 31 | +---------------- |
| 32 | + |
| 33 | +If your system uses AppArmor, please note that the shipped enforcing profile |
| 34 | +works with the default installation, and changes in your configuration may |
| 35 | +require changes to the installed apparmor profile. Please see |
| 36 | +https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this |
| 37 | +software. |
| 38 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile |
| 39 | new file mode 100644 |
| 40 | index 0000000..48e8d7a |
| 41 | --- /dev/null |
| 42 | +++ b/debian/apparmor-profile |
| 43 | @@ -0,0 +1,81 @@ |
| 44 | +# vim:syntax=apparmor |
| 45 | +# Updated for Ubuntu by: Jamie Strandboge <jamie@canonical.com> |
| 46 | +# ------------------------------------------------------------------ |
| 47 | +# |
| 48 | +# Copyright (C) 2002-2005 Novell/SUSE |
| 49 | +# Copyright (C) 2009-2012 Canonical Ltd. |
| 50 | +# |
| 51 | +# This program is free software; you can redistribute it and/or |
| 52 | +# modify it under the terms of version 2 of the GNU General Public |
| 53 | +# License published by the Free Software Foundation. |
| 54 | +# |
| 55 | +# ------------------------------------------------------------------ |
| 56 | + |
| 57 | +#include <tunables/global> |
| 58 | +#include <tunables/ntpd> |
| 59 | +/usr/sbin/ntpd { |
| 60 | + #include <abstractions/base> |
| 61 | + #include <abstractions/nameservice> |
| 62 | + #include <abstractions/user-tmp> |
| 63 | + |
| 64 | + capability ipc_lock, |
| 65 | + capability net_bind_service, |
| 66 | + capability setgid, |
| 67 | + capability setuid, |
| 68 | + capability sys_chroot, |
| 69 | + capability sys_resource, |
| 70 | + capability sys_time, |
| 71 | + capability sys_nice, |
| 72 | + |
| 73 | + network inet dgram, |
| 74 | + network inet6 dgram, |
| 75 | + network inet stream, |
| 76 | + network inet6 stream, |
| 77 | + |
| 78 | + @{PROC}/net/if_inet6 r, |
| 79 | + @{PROC}/*/net/if_inet6 r, |
| 80 | + @{NTPD_DEVICE} rw, |
| 81 | + |
| 82 | + /{,s}bin/ r, |
| 83 | + /usr/{,s}bin/ r, |
| 84 | + /usr/sbin/ntpd rmix, |
| 85 | + |
| 86 | + /etc/ntp.conf r, |
| 87 | + /etc/ntp.conf.dhcp r, |
| 88 | + /etc/ntpd.conf r, |
| 89 | + /etc/ntpd.conf.tmp r, |
| 90 | + /var/lib/ntp/ntp.conf.dhcp r, |
| 91 | + |
| 92 | + /etc/ntp.keys r, |
| 93 | + /etc/ntp/** r, |
| 94 | + |
| 95 | + /etc/ntp.drift rwl, |
| 96 | + /etc/ntp.drift.TEMP rwl, |
| 97 | + /etc/ntp/drift* rwl, |
| 98 | + /var/lib/ntp/*drift rw, |
| 99 | + /var/lib/ntp/*drift.TEMP rw, |
| 100 | + |
| 101 | + /var/log/ntp w, |
| 102 | + /var/log/ntp.log w, |
| 103 | + /var/log/ntpd w, |
| 104 | + /var/log/ntpstats/clockstats* rwl, |
| 105 | + /var/log/ntpstats/loopstats* rwl, |
| 106 | + /var/log/ntpstats/peerstats* rwl, |
| 107 | + /var/log/ntpstats/protostats* rwl, |
| 108 | + /var/log/ntpstats/rawstats* rwl, |
| 109 | + /var/log/ntpstats/sysstats* rwl, |
| 110 | + |
| 111 | + /{,var/}run/ntpd.pid w, |
| 112 | + |
| 113 | + # samba4 ntp signing socket |
| 114 | + /{,var/}run/samba/ntp_signd/socket rw, |
| 115 | + |
| 116 | + # For use with clocks that report via shared memory (e.g. gpsd), |
| 117 | + # you may need to give ntpd access to all of shared memory, though |
| 118 | + # this can be considered dangerous. See https://launchpad.net/bugs/722815 |
| 119 | + # for details. To enable, add this to local/usr.sbin.ntpd: |
| 120 | + # capability ipc_owner, |
| 121 | + |
| 122 | + # Site-specific additions and overrides. See local/README for details. |
| 123 | + #include <local/usr.sbin.ntpd> |
| 124 | +} |
| 125 | diff --git a/debian/apparmor-profile.tunable b/debian/apparmor-profile.tunable |
| 126 | new file mode 100644 |
| 127 | index 0000000..1fc2d8f |
| 128 | --- /dev/null |
| 129 | +++ b/debian/apparmor-profile.tunable |
| 130 | @@ -0,0 +1,15 @@ |
| 131 | +# vim:syntax=apparmor |
| 132 | +# ------------------------------------------------------------------ |
| 133 | +# |
| 134 | +# Copyright (C) 2002-2005 Novell/SUSE |
| 135 | +# Copyright (C) 2011 Canonical, Ltd. |
| 136 | +# |
| 137 | +# This program is free software; you can redistribute it and/or |
| 138 | +# modify it under the terms of version 2 of the GNU General Public |
| 139 | +# License published by the Free Software Foundation. |
| 140 | +# |
| 141 | +# ------------------------------------------------------------------ |
| 142 | + |
| 143 | +#Add your ntpd devices here eg. if you have a DCF clock |
| 144 | +# @{NTPD_DEVICE}="/dev/ttyS1" |
| 145 | +@{NTPD_DEVICE}="/dev/null" |
| 146 | diff --git a/debian/changelog b/debian/changelog |
| 147 | index 3cad879..7b174ad 100644 |
| 148 | --- a/debian/changelog |
| 149 | +++ b/debian/changelog |
| 150 | @@ -1,3 +1,60 @@ |
| 151 | +ntp (1:4.2.8p4+dfsg-3ubuntu1~ppa12) xenial; urgency=medium |
| 152 | + |
| 153 | + * Merge from unstable (LP: #1479652). Remaining changes: |
| 154 | + + debian/rules: enable debugging. |
| 155 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. |
| 156 | + + Add enforcing AppArmor profile: |
| 157 | + - debian/control: Add Conflicts/Replaces on apparmor-profiles. |
| 158 | + - debian/control: Add Suggests on apparmor. |
| 159 | + - debian/control: Build-Depends on dh-apparmor. |
| 160 | + - add debian/apparmor-profile*. |
| 161 | + - debian/ntp.dirs: Add apparmor directories. |
| 162 | + - debian/rules: Install apparmor-profile and apparmor-profile.tunable. |
| 163 | + - debian/source_ntp.py: Add filter on AppArmor profile names to prevent |
| 164 | + false positives from denials originating in other packages. |
| 165 | + - debian/README.Debian: Add note on AppArmor. |
| 166 | + + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before |
| 167 | + running ntpdate when an interface comes up, then start again afterwards. |
| 168 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode, |
| 169 | + don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can |
| 170 | + get stale. Patch by Simon Déziel. |
| 171 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 172 | + ntp.ubuntu.com. |
| 173 | + + debian/ntp.dhcp: Rewrite sed rules. |
| 174 | + + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). |
| 175 | + * Add PPS support (LP: #1512980): |
| 176 | + + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. |
| 177 | + + debian/ntp.conf: Add some configuration examples from the offical documentation. |
| 178 | + + debian/control: Add Build-Depends on pps-tools |
| 179 | + * debian/ntp.cron.daily: Fix security issues wrt to cron.daily (LP: #1528050). |
| 180 | + * Drop Changes: |
| 181 | + + debian/rules: Update config.{guess,sub} for AArch64, because upstream use |
| 182 | + dh_autoreconf now. |
| 183 | + + debian/rules: Add and enable hardened build for PIE. Upstream use fPIC. |
| 184 | + Options -fPIC and -fPIE are uncompatible, thus this is never applied, |
| 185 | + (cf. dpkg-buildflags manual). |
| 186 | + + debian/control: Add depends on hardening-wrapper, deprecated. |
| 187 | + + debian/rules: Remove update-rcd-params in dh_installinit command. |
| 188 | + + debian/rules: Remove ntp/ntp_parser.{c,h} or they don't get properly |
| 189 | + regenerated for some reason. Seems to have been due to ntpd/ntp_parser.y |
| 190 | + patches from CVE-2015-5194 and CVE-2015-5196, already upstreamed. |
| 191 | + + debian/ntpdate.if-up: Drop lockfile mechanism as upstream is using flock |
| 192 | + now. |
| 193 | + + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. |
| 194 | + + debian/ntpdate-debian: Disregard empty ntp.conf files. |
| 195 | + * All previous ubuntu security patches/fixes have been upstreamed: |
| 196 | + + CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-7703, |
| 197 | + CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702, |
| 198 | + CVE-2015-7701, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, |
| 199 | + CVE-2015-7853, CVE-2015-7855, CVE-2015-7871, CVE-2015-1798, CVE-2015-1799, |
| 200 | + CVE-2014-9297, CVE-2014-9298, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, |
| 201 | + CVE-2014-9296 |
| 202 | + + Fix to ignore ENOBUFS on routing netlink socket |
| 203 | + + Fix use-after-free in routing socket code |
| 204 | + + ntp-keygen infinite loop or lack of randonmess on big endian platforms |
| 205 | + |
| 206 | + -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Sat, 23 Jan 2016 00:26:44 +0100 |
| 207 | + |
| 208 | ntp (1:4.2.8p4+dfsg-3) unstable; urgency=medium |
| 209 | |
| 210 | * Remove rlimit memlock from default config file, the default is now |
| 211 | @@ -105,6 +162,200 @@ ntp (1:4.2.6.p5+dfsg-3.1) unstable; urgency=low |
| 212 | |
| 213 | -- Wookey <wookey@debian.org> Tue, 15 Jul 2014 11:54:21 +0800 |
| 214 | |
| 215 | +ntp (1:4.2.6.p5+dfsg-3ubuntu9) xenial; urgency=medium |
| 216 | + |
| 217 | + [ Cam Cope ] |
| 218 | + * Use a single lockfile again - instead unlock the file before starting the |
| 219 | + init script. The lock sho uld be shared - both services can't run at the |
| 220 | + same time. (LP: #1125726) |
| 221 | + |
| 222 | + -- Iain Lane <iain@orangesquash.org.uk> Mon, 07 Dec 2015 13:38:16 +0000 |
| 223 | + |
| 224 | +ntp (1:4.2.6.p5+dfsg-3ubuntu8.1) wily-security; urgency=medium |
| 225 | + |
| 226 | + * SECURITY UPDATE: denial of service via crafted NUL-byte in |
| 227 | + configuration directive |
| 228 | + - debian/patches/CVE-2015-5146.patch: properly validate command in |
| 229 | + ntpd/ntp_control.c. |
| 230 | + - CVE-2015-5146 |
| 231 | + * SECURITY UPDATE: denial of service via malformed logconfig commands |
| 232 | + - debian/patches/CVE-2015-5194.patch: fix logconfig logic in |
| 233 | + ntpd/ntp_parser.y. |
| 234 | + - CVE-2015-5194 |
| 235 | + * SECURITY UPDATE: denial of service via disabled statistics type |
| 236 | + - debian/patches/CVE-2015-5195.patch: handle unrecognized types in |
| 237 | + ntpd/ntp_config.c. |
| 238 | + - CVE-2015-5195 |
| 239 | + * SECURITY UPDATE: file overwrite via remote pidfile and driftfile |
| 240 | + configuration directives |
| 241 | + - debian/patches/CVE-2015-5196.patch: disable remote configuration in |
| 242 | + ntpd/ntp_parser.y. |
| 243 | + - CVE-2015-5196 |
| 244 | + - CVE-2015-7703 |
| 245 | + * SECURITY UPDATE: denial of service via precision value conversion |
| 246 | + - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in |
| 247 | + include/ntp.h. |
| 248 | + - CVE-2015-5219 |
| 249 | + * SECURITY UPDATE: timeshifting by reboot issue |
| 250 | + - debian/patches/CVE-2015-5300.patch: disable panic in |
| 251 | + ntpd/ntp_loopfilter.c. |
| 252 | + - CVE-2015-5300 |
| 253 | + * SECURITY UPDATE: incomplete autokey data packet length checks |
| 254 | + - debian/patches/CVE-2015-7691.patch: add length and size checks to |
| 255 | + ntpd/ntp_crypto.c. |
| 256 | + - CVE-2015-7691 |
| 257 | + - CVE-2015-7692 |
| 258 | + - CVE-2015-7702 |
| 259 | + * SECURITY UPDATE: memory leak in CRYPTO_ASSOC |
| 260 | + - debian/patches/CVE-2015-7701.patch: add missing free in |
| 261 | + ntpd/ntp_crypto.c. |
| 262 | + - CVE-2015-7701 |
| 263 | + * SECURITY UPDATE: denial of service by spoofed KoD |
| 264 | + - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c. |
| 265 | + - CVE-2015-7704 |
| 266 | + - CVE-2015-7705 |
| 267 | + * SECURITY UPDATE: denial of service via same logfile and keyfile |
| 268 | + - debian/patches/CVE-2015-7850.patch: rate limit errors in |
| 269 | + include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c, |
| 270 | + libntp/msyslog.c. |
| 271 | + - CVE-2015-7850 |
| 272 | + * SECURITY UPDATE: ntpq atoascii memory corruption |
| 273 | + - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in |
| 274 | + ntpq/ntpq.c. |
| 275 | + - CVE-2015-7852 |
| 276 | + * SECURITY UPDATE: buffer overflow via custom refclock driver |
| 277 | + - debian/patches/CVE-2015-7853.patch: properly calculate length in |
| 278 | + ntpd/ntp_io.c. |
| 279 | + - CVE-2015-7853 |
| 280 | + * SECURITY UPDATE: denial of service via ASSERT in decodenetnum |
| 281 | + - debian/patches/CVE-2015-7855.patch: simply return fail in |
| 282 | + libntp/decodenetnum.c. |
| 283 | + - CVE-2015-7855 |
| 284 | + * SECURITY UPDATE: symmetric association authentication bypass via |
| 285 | + crypto-NAK |
| 286 | + - debian/patches/CVE-2015-7871.patch: drop unhandled packet in |
| 287 | + ntpd/ntp_proto.c. |
| 288 | + - CVE-2015-7871 |
| 289 | + * debian/control: add bison to Build-Depends. |
| 290 | + * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly |
| 291 | + regenerated for some reason. |
| 292 | + |
| 293 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 22 Oct 2015 16:38:14 -0400 |
| 294 | + |
| 295 | +ntp (1:4.2.6.p5+dfsg-3ubuntu8) wily; urgency=medium |
| 296 | + |
| 297 | + * debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is |
| 298 | + newer - it can get stale. Patch by Simon Déziel. (LP: #1472056) |
| 299 | + |
| 300 | + -- Iain Lane <iain@orangesquash.org.uk> Fri, 02 Oct 2015 10:45:41 +0100 |
| 301 | + |
| 302 | +ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium |
| 303 | + |
| 304 | + * Fix use-after-free in routing socket code (LP: #1481388) |
| 305 | + - debian/patches/use-after-free-in-routing-socket.patch |
| 306 | + fix logic in ntpd/ntp_io.c |
| 307 | + * Fix to ignore ENOBUFS on routing netlink socket |
| 308 | + - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch |
| 309 | + fix logic in ntpd/ntp_io.c |
| 310 | + |
| 311 | + -- Eric Desrochers <eric.desrochers@canonical.com> Wed, 02 Sep 2015 09:57:16 -0400 |
| 312 | + |
| 313 | +ntp (1:4.2.6.p5+dfsg-3ubuntu6) vivid; urgency=medium |
| 314 | + |
| 315 | + * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big |
| 316 | + endian platforms |
| 317 | + - debian/patches/ntp-keygen-endless-loop.patch: fix logic in |
| 318 | + util/ntp-keygen.c. |
| 319 | + - CVE number pending |
| 320 | + |
| 321 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Apr 2015 08:58:57 -0400 |
| 322 | + |
| 323 | +ntp (1:4.2.6.p5+dfsg-3ubuntu5) vivid; urgency=medium |
| 324 | + |
| 325 | + * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack |
| 326 | + - debian/patches/CVE-2015-1798.patch: reject packets without MAC in |
| 327 | + ntpd/ntp_proto.c. |
| 328 | + - CVE-2015-1798 |
| 329 | + * SECURITY UPDATE: symmetric association DoS attack |
| 330 | + - debian/patches/CVE-2015-1799.patch: don't update state variables when |
| 331 | + authentication fails in ntpd/ntp_proto.c. |
| 332 | + - CVE-2015-1799 |
| 333 | + |
| 334 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 07 Apr 2015 12:48:31 -0400 |
| 335 | + |
| 336 | +ntp (1:4.2.6.p5+dfsg-3ubuntu4) vivid; urgency=medium |
| 337 | + |
| 338 | + * SECURITY UPDATE: denial of service and possible info leakage via |
| 339 | + extension fields |
| 340 | + - debian/patches/CVE-2014-9297.patch: properly check lengths in |
| 341 | + ntpd/ntp_crypto.c, ntpd/ntp_proto.c. |
| 342 | + - CVE-2014-9297 |
| 343 | + * SECURITY UPDATE: IPv6 ACL bypass |
| 344 | + - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in |
| 345 | + ntpd/ntp_io.c. |
| 346 | + - CVE-2014-9298 |
| 347 | + |
| 348 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Feb 2015 13:03:44 -0500 |
| 349 | + |
| 350 | +ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium |
| 351 | + |
| 352 | + * SECURITY UPDATE: weak default key in config_auth() |
| 353 | + - debian/patches/CVE-2014-9293.patch: use openssl for random key in |
| 354 | + ntpd/ntp_config.c, ntpd/ntpd.c. |
| 355 | + - CVE-2014-9293 |
| 356 | + * SECURITY UPDATE: non-cryptographic random number generator with weak |
| 357 | + seed used by ntp-keygen to generate symmetric keys |
| 358 | + - debian/patches/CVE-2014-9294.patch: use openssl for random key in |
| 359 | + include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c. |
| 360 | + - CVE-2014-9294 |
| 361 | + * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(), |
| 362 | + configure() |
| 363 | + - debian/patches/CVE-2014-9295.patch: check lengths in |
| 364 | + ntpd/ntp_control.c, ntpd/ntp_crypto.c. |
| 365 | + - CVE-2014-9295 |
| 366 | + * SECURITY UPDATE: missing return on error in receive() |
| 367 | + - debian/patches/CVE-2015-9296.patch: add missing return in |
| 368 | + ntpd/ntp_proto.c. |
| 369 | + - CVE-2014-9296 |
| 370 | + |
| 371 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sat, 20 Dec 2014 05:47:10 -0500 |
| 372 | + |
| 373 | +ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low |
| 374 | + |
| 375 | + * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508) |
| 376 | + |
| 377 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 09 Oct 2013 12:28:02 -0500 |
| 378 | + |
| 379 | +ntp (1:4.2.6.p5+dfsg-3ubuntu1) saucy; urgency=low |
| 380 | + |
| 381 | + * Merge from Debian testing to regain crypto support (LP: #1236065). Remaining |
| 382 | + changes: |
| 383 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 384 | + ntp.ubuntu.com. |
| 385 | + + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface |
| 386 | + comes up, then start again afterwards. |
| 387 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 388 | + + Add enforcing AppArmor profile: |
| 389 | + - debian/control: Add Conflicts/Replaces on apparmor-profiles. |
| 390 | + - debian/control: Add Suggests on apparmor. |
| 391 | + - debian/ntp.dirs: Add apparmor directories. |
| 392 | + - debian/ntp.preinst: Force complain on certain upgrades. |
| 393 | + - debian/ntp.postinst: Reload apparmor profile. |
| 394 | + - debian/ntp.postrm: Remove the force-complain file. |
| 395 | + - add debian/apparmor-profile*. |
| 396 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable. |
| 397 | + - debian/README.Debian: Add note on AppArmor. |
| 398 | + + debian/{control,rules}: Add and enable hardened build for PIE. |
| 399 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. |
| 400 | + + debian/ntpdate-debian: Disregard empty ntp.conf files. |
| 401 | + + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. |
| 402 | + + debian/ntpdate.if-up: Fix interaction with openntpd. |
| 403 | + + debian/source_ntp.py: Add filter on AppArmor profile names to prevent |
| 404 | + false positives from denials originating in other packages. |
| 405 | + + debian/rules: Update config.{guess,sub} for AArch64. |
| 406 | + |
| 407 | + -- Tyler Hicks <tyhicks@canonical.com> Sun, 06 Oct 2013 12:34:00 -0700 |
| 408 | + |
| 409 | ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low |
| 410 | |
| 411 | * Look for <openssl/opensslv.h> rather than <openssl/opensslconf.h>, which |
| 412 | @@ -113,6 +364,51 @@ ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low |
| 413 | |
| 414 | -- Kurt Roeckx <kurt@roeckx.be> Mon, 20 May 2013 16:14:07 +0200 |
| 415 | |
| 416 | +ntp (1:4.2.6.p5+dfsg-2ubuntu3) saucy; urgency=low |
| 417 | + |
| 418 | + * Update config.{guess,sub} for AArch64. |
| 419 | + |
| 420 | + -- Matthias Klose <doko@ubuntu.com> Mon, 05 Aug 2013 18:51:48 +0200 |
| 421 | + |
| 422 | +ntp (1:4.2.6.p5+dfsg-2ubuntu2) saucy; urgency=low |
| 423 | + |
| 424 | + * debian/apparmor-profile: Add /var/log/ntpstats/protostats* (LP: #1195898) |
| 425 | + |
| 426 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 05 Jul 2013 10:06:47 -0500 |
| 427 | + |
| 428 | +ntp (1:4.2.6.p5+dfsg-2ubuntu1) raring; urgency=low |
| 429 | + |
| 430 | + * New upstream version, fixing build failure in raring. |
| 431 | + * Merge with Debian; remaining changes: |
| 432 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 433 | + ntp.ubuntu.com. |
| 434 | + + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 435 | + comes up, then start again afterwards. |
| 436 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 437 | + + Add enforcing AppArmor profile: |
| 438 | + - debian/control: Add Conflicts/Replaces on apparmor-profiles. |
| 439 | + - debian/control: Add Suggests on apparmor. |
| 440 | + - debian/ntp.dirs: Add apparmor directories. |
| 441 | + - debian/ntp.preinst: Force complain on certain upgrades. |
| 442 | + - debian/ntp.postinst: Reload apparmor profile. |
| 443 | + - debian/ntp.postrm: Remove the force-complain file. |
| 444 | + - add debian/apparmor-profile*. |
| 445 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable. |
| 446 | + - debian/README.Debian: Add note on AppArmor. |
| 447 | + + debian/{control,rules}: Add and enable hardened build for PIE. |
| 448 | + + debian/apparmor-profile: Adjust location of drift files. |
| 449 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. |
| 450 | + + debian/ntpdate-debian: Disregard empty ntp.conf files. |
| 451 | + + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. |
| 452 | + + debian/ntpdate.ifup: Fix interaction with openntpd. |
| 453 | + + debian/source_ntp.py: Add filter on AppArmor profile names to prevent |
| 454 | + false positives from denials originating in other packages. |
| 455 | + + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor |
| 456 | + profile. |
| 457 | + + debian/apparmor-profile: adjust for IPv6. |
| 458 | + |
| 459 | + -- Matthias Klose <doko@ubuntu.com> Wed, 03 Apr 2013 07:21:01 +0200 |
| 460 | + |
| 461 | ntp (1:4.2.6.p5+dfsg-2) unstable; urgency=medium |
| 462 | |
| 463 | * Re-enable crypto support by pointing openssl libdir to multiarch dir. |
| 464 | @@ -167,6 +463,67 @@ ntp (1:4.2.6.p3+dfsg-2) unstable; urgency=low |
| 465 | |
| 466 | -- Peter Eisentraut <petere@debian.org> Sat, 17 Dec 2011 19:00:10 +0200 |
| 467 | |
| 468 | +ntp (1:4.2.6.p3+dfsg-1dbuntu5) quantal; urgency=low |
| 469 | + |
| 470 | + * debian/source_ntp.py: add filter on AppArmor profile names to prevent |
| 471 | + false positives from denials originating in other packages. |
| 472 | + |
| 473 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 10:13:30 -0400 |
| 474 | + |
| 475 | +ntp (1:4.2.6.p3+dfsg-1ubuntu4) quantal; urgency=low |
| 476 | + |
| 477 | + * Re-enable crypto support by pointing openssl libdir to multiarch dir, |
| 478 | + change backported from Debian, thanks Yves-Alexis Perez (lp: #998403) |
| 479 | + |
| 480 | + -- Sebastien Bacher <seb128@ubuntu.com> Mon, 04 Jun 2012 16:35:25 +0200 |
| 481 | + |
| 482 | +ntp (1:4.2.6.p3+dfsg-1ubuntu3) precise; urgency=low |
| 483 | + |
| 484 | + * debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor |
| 485 | + profile (LP: #930266) |
| 486 | + * debian/control: Build-Depends on dh-apparmor |
| 487 | + |
| 488 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Mar 2012 08:06:06 -0600 |
| 489 | + |
| 490 | +ntp (1:4.2.6.p3+dfsg-1ubuntu2) precise; urgency=low |
| 491 | + |
| 492 | + * debian/apparmor-profile: adjust for IPv6 (LP: #892332) |
| 493 | + |
| 494 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 03 Jan 2012 17:03:44 -0600 |
| 495 | + |
| 496 | +ntp (1:4.2.6.p3+dfsg-1ubuntu1) precise; urgency=low |
| 497 | + |
| 498 | + * Merge from debian unstable, remaining changes are: |
| 499 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 500 | + ntp.ubuntu.com. |
| 501 | + + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 502 | + comes up, then start again afterwards. |
| 503 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 504 | + + Add enforcing AppArmor profile (LP: #382905): |
| 505 | + - debian/control: add Conflicts/Replaces on apparmor-profiles < |
| 506 | + 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and |
| 507 | + apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) |
| 508 | + - debian/control: add Suggests on apparmor |
| 509 | + - debian/ntp.dirs: add apparmor directories |
| 510 | + - debian/ntp.preinst: force complain on certain upgrades |
| 511 | + - debian/ntp.postinst: reload apparmor profile |
| 512 | + - debian/ntp.postrm: remove the force-complain file |
| 513 | + - add debian/apparmor-profile* |
| 514 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable |
| 515 | + - debian/README.Debian: add note on AppArmor |
| 516 | + + debian/{control,rules}: add and enable hardened build for PIE |
| 517 | + (Debian bug 542721). |
| 518 | + + debian/apparmor-profile: adjust location of drift files (LP: #456308) |
| 519 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. |
| 520 | + + debian/ntpdate-debian: Disregard empty ntp.conf files. (LP: #83604) |
| 521 | + + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation, |
| 522 | + to work around the system-tools-backends part of LP #83604. |
| 523 | + + debian/ntpdate.ifup: Fix interaction with openntpd. (LP: #877210) |
| 524 | + + Dropped: |
| 525 | + - ntpdate-accept-same-timestamp-replies.patch: Accepted upstream |
| 526 | + |
| 527 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 26 Oct 2011 10:24:21 -0400 |
| 528 | + |
| 529 | ntp (1:4.2.6.p3+dfsg-1) unstable; urgency=low |
| 530 | |
| 531 | * New upstream version |
| 532 | @@ -182,6 +539,117 @@ ntp (1:4.2.6.p3+dfsg-1) unstable; urgency=low |
| 533 | |
| 534 | -- Kurt Roeckx <kurt@roeckx.be> Fri, 03 Jun 2011 16:39:02 +0200 |
| 535 | |
| 536 | +ntp (1:4.2.6.p2+dfsg-1ubuntu13) precise; urgency=low |
| 537 | + |
| 538 | + * debian/ntpdate.if-up: Fix interaction with openntpd, LP: #872210 |
| 539 | + |
| 540 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 11 Oct 2011 12:33:01 +0200 |
| 541 | + |
| 542 | +ntp (1:4.2.6.p2+dfsg-1ubuntu12) oneiric; urgency=low |
| 543 | + |
| 544 | + * debian/apparmor-profile: also allow access to /var/log/ntpstats/rawstats* |
| 545 | + |
| 546 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 02 Sep 2011 12:35:08 -0500 |
| 547 | + |
| 548 | +ntp (1:4.2.6.p2+dfsg-1ubuntu11) oneiric; urgency=low |
| 549 | + |
| 550 | + * debian/apparmor-profile: allow sys_nice for -N option to work. More |
| 551 | + work is needed to make ntpd start niced, so not auto-closing the bug. |
| 552 | + - LP: 229632 |
| 553 | + |
| 554 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 19 Aug 2011 07:39:20 -0500 |
| 555 | + |
| 556 | +ntp (1:4.2.6.p2+dfsg-1ubuntu10) oneiric; urgency=low |
| 557 | + |
| 558 | + * debian/source_ntp.py: use new apport MAC function instead of parsing |
| 559 | + and attaching AppArmor events here. |
| 560 | + |
| 561 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Jul 2011 08:33:08 -0400 |
| 562 | + |
| 563 | +ntp (1:4.2.6.p2+dfsg-1ubuntu9) oneiric; urgency=low |
| 564 | + |
| 565 | + * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) |
| 566 | + |
| 567 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:12:09 +0200 |
| 568 | + |
| 569 | +ntp (1:4.2.6.p2+dfsg-1ubuntu8) oneiric; urgency=low |
| 570 | + |
| 571 | + * debian/patches/ntpdate-accept-same-timestamp-replies.patch: |
| 572 | + Resolving regression where ntpdate ignores replies from some |
| 573 | + ntp servers where recieve and transmit timestamps are equal. |
| 574 | + Patch cherry picked from upstream commit. (LP: #787551) |
| 575 | + |
| 576 | + -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Mon, 13 Jun 2011 15:22:29 +0100 |
| 577 | + |
| 578 | +ntp (1:4.2.6.p2+dfsg-1ubuntu7) oneiric; urgency=low |
| 579 | + |
| 580 | + * Fix a number of -Wformat-security warnings. |
| 581 | + |
| 582 | + -- Colin Watson <cjwatson@ubuntu.com> Fri, 20 May 2011 12:20:07 +0100 |
| 583 | + |
| 584 | +ntp (1:4.2.6.p2+dfsg-1ubuntu6) oneiric; urgency=low |
| 585 | + |
| 586 | + * Rebuild for OpenSSL 1.0.0. |
| 587 | + |
| 588 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 17 May 2011 17:24:01 +0100 |
| 589 | + |
| 590 | +ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low |
| 591 | + |
| 592 | + * debian/apparmor-profile: add note about using shared memory for |
| 593 | + a clock source (LP: #722815). |
| 594 | + |
| 595 | + -- Kees Cook <kees@ubuntu.com> Thu, 10 Mar 2011 12:54:59 -0800 |
| 596 | + |
| 597 | +ntp (1:4.2.6.p2+dfsg-1ubuntu4) natty; urgency=low |
| 598 | + |
| 599 | + * debian/ntp.conf: adjust to use X.ubuntu.pool.ntp.org in addition to |
| 600 | + ntp.ubuntu.com (LP: #104525) |
| 601 | + |
| 602 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 08 Feb 2011 10:03:19 -0600 |
| 603 | + |
| 604 | +ntp (1:4.2.6.p2+dfsg-1ubuntu3) natty; urgency=low |
| 605 | + |
| 606 | + * debian/apparmor-profile: allow access to clockstats too (LP: #701896) |
| 607 | + |
| 608 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 12 Jan 2011 10:05:41 -0600 |
| 609 | + |
| 610 | +ntp (1:4.2.6.p2+dfsg-1ubuntu2) natty; urgency=low |
| 611 | + |
| 612 | + * debian/ntpdate-debian: Disregard empty ntp.conf files (thanks, Mika |
| 613 | + Wahlroos; LP: #83604). |
| 614 | + * debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh installation, to |
| 615 | + work around the system-tools-backends part of LP #83604. |
| 616 | + |
| 617 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 06 Dec 2010 11:13:04 +0000 |
| 618 | + |
| 619 | +ntp (1:4.2.6.p2+dfsg-1ubuntu1) natty; urgency=low |
| 620 | + |
| 621 | + * Merge from debian unstable, remaining changes are: |
| 622 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 623 | + ntp.ubuntu.com. |
| 624 | + + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 625 | + comes up, then start again afterwards. |
| 626 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 627 | + + Add enforcing AppArmor profile (LP: #382905): |
| 628 | + - debian/control: add Conflicts/Replaces on apparmor-profiles < |
| 629 | + 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and |
| 630 | + apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) |
| 631 | + - debian/control: add Suggests on apparmor |
| 632 | + - debian/ntp.dirs: add apparmor directories |
| 633 | + - debian/ntp.preinst: force complain on certain upgrades |
| 634 | + - debian/ntp.postinst: reload apparmor profile |
| 635 | + - debian/ntp.postrm: remove the force-complain file |
| 636 | + - add debian/apparmor-profile* |
| 637 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable |
| 638 | + - debian/README.Debian: add note on AppArmor |
| 639 | + + debian/{control,rules}: add and enable hardened build for PIE |
| 640 | + (Debian bug 542721). |
| 641 | + + debian/apparmor-profile: adjust location of drift files (LP: #456308) |
| 642 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. |
| 643 | + |
| 644 | + |
| 645 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Nov 2010 11:14:31 -0500 |
| 646 | + |
| 647 | ntp (1:4.2.6.p2+dfsg-1) unstable; urgency=low |
| 648 | |
| 649 | [ Peter Eisentraut ] |
| 650 | @@ -265,6 +733,80 @@ ntp (1:4.2.6+dfsg-1) unstable; urgency=low |
| 651 | |
| 652 | -- Kurt Roeckx <kurt@roeckx.be> Sat, 26 Dec 2009 14:12:22 +0100 |
| 653 | |
| 654 | +ntp (1:4.2.4p8+dfsg-1ubuntu6) maverick; urgency=low |
| 655 | + |
| 656 | + * debian/rules: move dh_apparmor before dh_installinit |
| 657 | + |
| 658 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:40:04 -0500 |
| 659 | + |
| 660 | +ntp (1:4.2.4p8+dfsg-1ubuntu5) maverick; urgency=low |
| 661 | + |
| 662 | + * convert to dh_apparmor: |
| 663 | + - debian/rules, debian/ntp.postrm, debian/ntp.postinst: use dh_apparmor |
| 664 | + - control: Build-Depends on debhelper >= 7.4.20ubuntu5 |
| 665 | + * debian/apparmor-profile: include local override |
| 666 | + * remove now unneeded debian/ntp.preinst |
| 667 | + |
| 668 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 13:55:12 -0500 |
| 669 | + |
| 670 | +ntp (1:4.2.4p8+dfsg-1ubuntu4) maverick; urgency=low |
| 671 | + |
| 672 | + * debian/dhcp.ntp: Dont remove *all* ntp server from ntp.conf. |
| 673 | + (LP: #575458) |
| 674 | + * debian/apparmor-profile: Allow access to /dev/ttyS* |
| 675 | + (LP: #596859) |
| 676 | + |
| 677 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Jun 2010 09:24:02 -0400 |
| 678 | + |
| 679 | +ntp (1:4.2.4p8+dfsg-1ubuntu3) maverick; urgency=low |
| 680 | + |
| 681 | + * debian/apparmor-profile: allow access to /var/log/ntpstats/sysstats* |
| 682 | + (LP: #574343) |
| 683 | + |
| 684 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 18 Jun 2010 07:54:24 -0500 |
| 685 | + |
| 686 | +ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low |
| 687 | + |
| 688 | + * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp |
| 689 | + (LP: #517701) |
| 690 | + |
| 691 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 08 Apr 2010 16:24:42 -0500 |
| 692 | + |
| 693 | +ntp (1:4.2.4p8+dfsg-1ubuntu1) lucid; urgency=low |
| 694 | + |
| 695 | + * Merge from debian testing, remaining changes: |
| 696 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 697 | + ntp.ubuntu.com. |
| 698 | + + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 699 | + comes up, then start again afterwards. |
| 700 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 701 | + + Add enforcing AppArmor profile (LP: #382905): |
| 702 | + - debian/control: add Conflicts/Replaces on apparmor-profiles < |
| 703 | + 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and |
| 704 | + apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd) |
| 705 | + - debian/control: add Suggests on apparmor |
| 706 | + - debian/ntp.dirs: add apparmor directories |
| 707 | + - debian/ntp.preinst: force complain on certain upgrades |
| 708 | + - debian/ntp.postinst: reload apparmor profile |
| 709 | + - debian/ntp.postrm: remove the force-complain file |
| 710 | + - add debian/apparmor-profile* |
| 711 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable |
| 712 | + - debian/README.Debian: add note on AppArmor |
| 713 | + + debian/{control,rules}: add and enable hardened build for PIE |
| 714 | + (Debian bug 542721). |
| 715 | + + debian/apparmor-profile: adjust location of drift files (LP: #456308) |
| 716 | + + Dropped changes, merged in debian: |
| 717 | + - fix-nano.patch: Use mod_nano.patch from debian. |
| 718 | + + Dropped changes, superseded upstream/in Debian: |
| 719 | + - debian/patches/CVE-2009-1252.patch: No longer needed. |
| 720 | + - debian/patches/debian/patches/CVE-2009-0159.patch: No longer needed. |
| 721 | + |
| 722 | + [Chuck Short] |
| 723 | + + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport |
| 724 | + hook, apart of the server-lucid-apport-hooks specification. |
| 725 | + |
| 726 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Feb 2010 18:36:29 -0500 |
| 727 | + |
| 728 | ntp (1:4.2.4p8+dfsg-1) unstable; urgency=high |
| 729 | |
| 730 | * New upstream release. |
| 731 | @@ -315,6 +857,65 @@ ntp (1:4.2.4p7+dfsg-1) unstable; urgency=low |
| 732 | |
| 733 | -- Kurt Roeckx <kurt@roeckx.be> Sat, 21 Nov 2009 17:27:11 +0100 |
| 734 | |
| 735 | +ntp (1:4.2.4p6+dfsg-2ubuntu4) lucid; urgency=low |
| 736 | + |
| 737 | + * debian/rules: install symlink for early loading of per-interface |
| 738 | + triggered ntp AppArmor profile. |
| 739 | + |
| 740 | + -- Kees Cook <kees@ubuntu.com> Tue, 15 Dec 2009 11:35:33 -0800 |
| 741 | + |
| 742 | +ntp (1:4.2.4p6+dfsg-2ubuntu3) lucid; urgency=low |
| 743 | + |
| 744 | + * SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets |
| 745 | + - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to |
| 746 | + not send a response packet for and rate limit logging of invalid mode 7 |
| 747 | + requests and responses |
| 748 | + - CVE-2009-3563 |
| 749 | + |
| 750 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 08 Dec 2009 13:52:12 -0600 |
| 751 | + |
| 752 | +ntp (1:4.2.4p6+dfsg-2ubuntu2) lucid; urgency=low |
| 753 | + |
| 754 | + * debian/rules: enable debugging (LP: #47683) |
| 755 | + * debian/ntpdate-if.up: Hide invoke-rc.d output. (LP: #489585) |
| 756 | + * debian/man/ntptrace.1: Update man page removed ghost options. (LP: #351989) |
| 757 | + |
| 758 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 07 Dec 2009 14:59:28 -0500 |
| 759 | + |
| 760 | +ntp (1:4.2.4p6+dfsg-2ubuntu1) lucid; urgency=low |
| 761 | + |
| 762 | + * Merge from debian testing, remaining changes: |
| 763 | + + debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 764 | + ntp.ubuntu.com. |
| 765 | + + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 766 | + comes up, then start again afterwards |
| 767 | + + debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 768 | + + Add enforcing AppArmor profile (LP: #382905) |
| 769 | + - debian/control: add Conflicts/Replaces on apparmor-profiles < |
| 770 | + 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and |
| 771 | + apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping |
| 772 | + tunables/ntpd) |
| 773 | + - debian/control: add Suggests on apparmor |
| 774 | + - debian/ntp.dirs: add apparmor directories |
| 775 | + - debian/ntp.preinst: force complain on certain upgrades |
| 776 | + - debian/ntp.postinst: reload apparmor profile |
| 777 | + - debian/ntp.postrm: remove the force-complain file |
| 778 | + - add debian/apparmor-profile* |
| 779 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable |
| 780 | + - debian/README.Debian: add note on AppArmor |
| 781 | + + debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242) |
| 782 | + + debian/{control,rules}: add and enable hardened build for PIE |
| 783 | + (Debian bug 542721). |
| 784 | + + debian/apparmor-profile: adjust location of drift files (LP: #456308) |
| 785 | + + Dropped changes, merged in Debian: |
| 786 | + - debian/man/ntpdate.8 - fix debian shipped manpage; patch by |
| 787 | + Josh Holland <jrh@joshh.co.uk> |
| 788 | + + Dropped changes, superseded upstream/in Debian: |
| 789 | + - debian/patches/CVE-2009-0159.patch: Use Debian's version of the patch. |
| 790 | + - debian/patches/CVE-2009-1252.patch: Use Debian's version of the patch. |
| 791 | + |
| 792 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 01:34:35 +0000 |
| 793 | + |
| 794 | ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium |
| 795 | |
| 796 | * Fixed typo in ntpdate man page (closes: #526086) |
| 797 | @@ -331,6 +932,75 @@ ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium |
| 798 | |
| 799 | -- Peter Eisentraut <petere@debian.org> Fri, 12 Jun 2009 17:24:22 +0300 |
| 800 | |
| 801 | +ntp (1:4.2.4p6+dfsg-1ubuntu5) karmic; urgency=low |
| 802 | + |
| 803 | + * debian/apparmor-profile: adjust location of drift files (LP: #456308) |
| 804 | + |
| 805 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 21 Oct 2009 07:07:31 -0500 |
| 806 | + |
| 807 | +ntp (1:4.2.4p6+dfsg-1ubuntu4) karmic; urgency=low |
| 808 | + |
| 809 | + * debian/{control,rules}: add and enable hardened build for PIE |
| 810 | + (Debian bug 542721). |
| 811 | + |
| 812 | + -- Kees Cook <kees@ubuntu.com> Thu, 20 Aug 2009 17:12:44 -0700 |
| 813 | + |
| 814 | +ntp (1:4.2.4p6+dfsg-1ubuntu3) karmic; urgency=low |
| 815 | + |
| 816 | + * Add enforcing AppArmor profile (LP: #382905) |
| 817 | + - debian/control: add Conflicts/Replaces on apparmor-profiles < |
| 818 | + 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and |
| 819 | + apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping |
| 820 | + tunables/ntpd) |
| 821 | + - debian/control: add Suggests on apparmor |
| 822 | + - debian/ntp.dirs: add apparmor directories |
| 823 | + - debian/ntp.preinst: force complain on certain upgrades |
| 824 | + - debian/ntp.postinst: reload apparmor profile |
| 825 | + - debian/ntp.postrm: remove the force-complain file |
| 826 | + - add debian/apparmor-profile* |
| 827 | + - debian/rules: install apparmor-profile and apparmor-profile.tunable |
| 828 | + - debian/README.Debian: add note on AppArmor |
| 829 | + * debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242) |
| 830 | + |
| 831 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 11 Aug 2009 18:25:50 -0500 |
| 832 | + |
| 833 | +ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low |
| 834 | + |
| 835 | + * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled |
| 836 | + - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use |
| 837 | + snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively |
| 838 | + adjust ntp_peer.c and ntp_timer.c to do the same. |
| 839 | + - CVE-2009-1252 |
| 840 | + * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp |
| 841 | + server |
| 842 | + - debian/patches/CVE-2009-0159.patch: increase size of buffer in |
| 843 | + cookedprint() in ntpq/ntpq.c and adjust to use snprintf() |
| 844 | + - CVE-2009-0159 |
| 845 | + |
| 846 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 19 May 2009 15:26:41 -0500 |
| 847 | + |
| 848 | +ntp (1:4.2.4p6+dfsg-1ubuntu1) karmic; urgency=low |
| 849 | + |
| 850 | + * Merge from Debian unstable, remaining changes: |
| 851 | + - debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 852 | + ntp.ubuntu.com. |
| 853 | + - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 854 | + comes up, then start again afterwards |
| 855 | + - debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 856 | + - debian/man/ntpdate.8 - fix debian shipped manpage; patch by |
| 857 | + Josh Holland <jrh@joshh.co.uk> |
| 858 | + * Dropped changes, merged in Debian: |
| 859 | + - Build against libcap2 instead of libcap1, fixing a kernel warning |
| 860 | + about using an old interface. |
| 861 | + * Dropped changes, superseded upstream/in Debian: |
| 862 | + - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly |
| 863 | + check the return code of EVP_VerifyFinal() |
| 864 | + - debian/patches/ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 |
| 865 | + work. |
| 866 | + * Fixes LP: #217699 |
| 867 | + |
| 868 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 29 Apr 2009 06:08:19 +0000 |
| 869 | + |
| 870 | ntp (1:4.2.4p6+dfsg-1) unstable; urgency=low |
| 871 | |
| 872 | * New upstream release |
| 873 | @@ -352,6 +1022,49 @@ ntp (1:4.2.4p4+dfsg-8) unstable; urgency=low |
| 874 | |
| 875 | -- Kurt Roeckx <kurt@roeckx.be> Mon, 05 Jan 2009 21:10:03 +0100 |
| 876 | |
| 877 | +ntp (1:4.2.4p4+dfsg-7ubuntu5) jaunty; urgency=low |
| 878 | + |
| 879 | + * Build against libcap2 instead of libcap1, fixing a kernel warning |
| 880 | + about using an old interface. LP: #328376. |
| 881 | + |
| 882 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 20 Mar 2009 19:53:25 +0000 |
| 883 | + |
| 884 | +ntp (1:4.2.4p4+dfsg-7ubuntu4) jaunty; urgency=low |
| 885 | + |
| 886 | + * LP: #314810 - ntpdate typo in manpage |
| 887 | + - debian/man/ntpdate.8 - fix debian shipped manpage; patch by |
| 888 | + Josh Holland <jrh@joshh.co.uk> |
| 889 | + |
| 890 | + -- Alexander Sack <asac@ubuntu.com> Mon, 23 Feb 2009 11:57:32 +0100 |
| 891 | + |
| 892 | +ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low |
| 893 | + |
| 894 | + * SECURITY UPDATE: clients treat malformed signatures as good when verifying |
| 895 | + server DSA and ECDSA certificates. |
| 896 | + - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly |
| 897 | + check the return code of EVP_VerifyFinal() |
| 898 | + - CVE-2009-0021 |
| 899 | + |
| 900 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Jan 2009 01:19:55 -0600 |
| 901 | + |
| 902 | +ntp (1:4.2.4p4+dfsg-7ubuntu2) jaunty; urgency=low |
| 903 | + |
| 904 | + * Add ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 work. |
| 905 | + (LP: #305043) |
| 906 | + |
| 907 | + -- Matt LaPlante <mattl@google.com> Thu, 04 Dec 2008 00:39:51 -0600 |
| 908 | + |
| 909 | +ntp (1:4.2.4p4+dfsg-7ubuntu1) jaunty; urgency=low |
| 910 | + |
| 911 | + * Merge from debian unstable, remaining changes: |
| 912 | + - debian/ntp.conf, debian/ntpdate.default: Change default server to |
| 913 | + ntp.ubuntu.com. |
| 914 | + - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface |
| 915 | + comes up, then start again afterwards (LP: #114505) |
| 916 | + - debian/ntp.init, debian/rules: Only stop when entering single user mode. |
| 917 | + |
| 918 | + -- Scott James Remnant <scott@ubuntu.com> Tue, 11 Nov 2008 17:18:15 +0000 |
| 919 | + |
| 920 | ntp (1:4.2.4p4+dfsg-7) unstable; urgency=low |
| 921 | |
| 922 | * Added support for numeric IPv6 address in ntpdate-debian (closes: #489712) |
| 923 | @@ -360,6 +1073,39 @@ ntp (1:4.2.4p4+dfsg-7) unstable; urgency=low |
| 924 | |
| 925 | -- Peter Eisentraut <petere@debian.org> Wed, 16 Jul 2008 14:09:41 +0200 |
| 926 | |
| 927 | +ntp (1:4.2.4p4+dfsg-6ubuntu2) intrepid; urgency=low |
| 928 | + |
| 929 | + * debian/ntpdate.ifup: use a different lockfile to avoid dead-locks |
| 930 | + when restarting ntpd (LP: #246203). |
| 931 | + |
| 932 | + -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 09:48:33 -0700 |
| 933 | + |
| 934 | +ntp (1:4.2.4p4+dfsg-6ubuntu1) intrepid; urgency=low |
| 935 | + |
| 936 | + * Merge from debian unstable, remaining changes: |
| 937 | + - debian/ntp.conf, debian/ntpdate.default: |
| 938 | + - Change default server to ntp.ubuntu.com. |
| 939 | + - debian/control: |
| 940 | + - Set Ubuntu maintainer address. |
| 941 | + - debian/ntpdate.ifup: |
| 942 | + Stop ntp before running ntpdate when an interface |
| 943 | + comes up, then start again afterwards (LP: #114505) |
| 944 | + * debian/rules: |
| 945 | + - Call update-rcd-params with manual arguments instead of defaults. |
| 946 | + * debian/ntp.init: |
| 947 | + - Update LSB Default-Stop header. |
| 948 | + * Dropped: |
| 949 | + - Update TearDown spec implementation: |
| 950 | + - Update version in conflicts/replaces to that which was shipped in |
| 951 | + edgy, which was later than that in Debian (due to the ubuntuX). |
| 952 | + - Add sysv-rc dependency. |
| 953 | + - debian/rules: |
| 954 | + - Call update-rcd-params with multiuser instead defaults. |
| 955 | + - debian/ntp-server.postinst (dapper upgrade): |
| 956 | + - Remove stop script symlinks from rc0 and rc6. |
| 957 | + |
| 958 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Jun 2008 22:28:16 -0400 |
| 959 | + |
| 960 | ntp (1:4.2.4p4+dfsg-6) unstable; urgency=low |
| 961 | |
| 962 | * Put back accidentally removed /etc/defaults/ntpdate (closes: #482605) |
| 963 | @@ -406,6 +1152,30 @@ ntp (1:4.2.4p4+dfsg-4) unstable; urgency=low |
| 964 | |
| 965 | -- Peter Eisentraut <petere@debian.org> Tue, 29 Apr 2008 11:19:54 +0200 |
| 966 | |
| 967 | +ntp (1:4.2.4p4+dfsg-3ubuntu2) hardy; urgency=low |
| 968 | + |
| 969 | + * Stop ntp before running ntpdate when an interface |
| 970 | + comes up, then start again afterwards (LP: #114505) |
| 971 | + |
| 972 | + -- Onno Benschop <onno@itmaze.com.au> Thu, 6 Mar 2008 14:00:42 +0900 |
| 973 | + |
| 974 | +ntp (1:4.2.4p4+dfsg-3ubuntu1) hardy; urgency=low |
| 975 | + |
| 976 | + * Merge from debian unstable, remaining changes: |
| 977 | + - debian/ntp.conf, debian/ntpdate.default: |
| 978 | + - Change default server to ntp.ubuntu.com. |
| 979 | + - debian/rules: |
| 980 | + - Call update-rcd-params with multiuser instead defaults. |
| 981 | + - debian/control: |
| 982 | + - Set Ubuntu maintainer address. |
| 983 | + - Update version in conflicts/replaces to that which was shipped in |
| 984 | + edgy, which was later than that in Debian (due to the ubuntuX). |
| 985 | + - Add sysv-rc dependency. |
| 986 | + - debian/ntp-server.postinst: |
| 987 | + - Remove stop script symlinks from rc0 and rc6. |
| 988 | + |
| 989 | + -- Scott Kitterman <scott@kitterman.com> Mon, 25 Feb 2008 19:36:36 -0500 |
| 990 | + |
| 991 | ntp (1:4.2.4p4+dfsg-3) unstable; urgency=low |
| 992 | |
| 993 | * Various man page and NEWS fixes (patches by Justin Pryzby and Vincent |
| 994 | @@ -428,6 +1198,23 @@ ntp (1:4.2.4p4+dfsg-3) unstable; urgency=low |
| 995 | |
| 996 | -- Peter Eisentraut <petere@debian.org> Sun, 13 Jan 2008 12:18:13 +0100 |
| 997 | |
| 998 | +ntp (1:4.2.4p4+dfsg-2ubuntu1) hardy; urgency=low |
| 999 | + |
| 1000 | + * Merge from debian unstable, remaining changes: |
| 1001 | + - debian/ntp.conf, debian/ntpdate.default: |
| 1002 | + - Change default server to ntp.ubuntu.com. |
| 1003 | + - debian/rules: |
| 1004 | + - Call update-rcd-params with multiuser instead defaults. |
| 1005 | + - debian/control: |
| 1006 | + - Set Ubuntu maintainer address. |
| 1007 | + - Update version in conflicts/replaces to that which was shipped in edgy, |
| 1008 | + which was later than that in Debian (due to the ubuntuX). |
| 1009 | + - Add sysv-rc dependency. |
| 1010 | + - debian/ntp-server.postinst: |
| 1011 | + - Remove stop script symlinks from rc0 and rc6. |
| 1012 | + |
| 1013 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 26 Nov 2007 15:42:41 -0500 |
| 1014 | + |
| 1015 | ntp (1:4.2.4p4+dfsg-2) unstable; urgency=low |
| 1016 | |
| 1017 | * Disable checking of openssl library version. |
| 1018 | @@ -462,6 +1249,25 @@ ntp (1:4.2.4p3+dfsg-1) unstable; urgency=low |
| 1019 | |
| 1020 | -- Kurt Roeckx <kurt@roeckx.be> Mon, 13 Aug 2007 15:58:08 +0000 |
| 1021 | |
| 1022 | +ntp (1:4.2.4p0+dfsg-1ubuntu2) gutsy; urgency=low |
| 1023 | + |
| 1024 | + * Trigger rebuild for hppa |
| 1025 | + |
| 1026 | + -- LaMont Jones <lamont@ubuntu.com> Thu, 04 Oct 2007 12:15:33 -0600 |
| 1027 | + |
| 1028 | +ntp (1:4.2.4p0+dfsg-1ubuntu1) gutsy; urgency=low |
| 1029 | + |
| 1030 | + * Merge from Debian unstable. |
| 1031 | + * Remaining Ubuntu changes: |
| 1032 | + - Update version in conflicts/replaces to that which was shipped in edgy, |
| 1033 | + which was later than that in Debian (due to the ubuntuX). |
| 1034 | + - Change default server to ntp.ubuntu.com. |
| 1035 | + - Remove stop links from rc0 and rc6 |
| 1036 | + - Call dh_installinit with --error-handler |
| 1037 | + - Set Ubuntu maintainer address. |
| 1038 | + |
| 1039 | + -- Steve Kowalik <stevenk@ubuntu.com> Fri, 18 May 2007 22:41:56 +1000 |
| 1040 | + |
| 1041 | ntp (1:4.2.4p0+dfsg-1) unstable; urgency=low |
| 1042 | |
| 1043 | [ Peter Eisentraut ] |
| 1044 | @@ -507,6 +1313,28 @@ ntp (1:4.2.2.p4+dfsg-2) unstable; urgency=low |
| 1045 | |
| 1046 | -- Kurt Roeckx <kurt@roeckx.be> Sun, 4 Mar 2007 13:01:11 +0000 |
| 1047 | |
| 1048 | +ntp (1:4.2.2.p4+dfsg-1ubuntu3) feisty; urgency=low |
| 1049 | + |
| 1050 | + * Rebuild for changes in the amd64 toolchain. |
| 1051 | + * Set Ubuntu maintainer address. |
| 1052 | + |
| 1053 | + -- Matthias Klose <doko@ubuntu.com> Mon, 5 Mar 2007 01:23:22 +0000 |
| 1054 | + |
| 1055 | +ntp (1:4.2.2.p4+dfsg-1ubuntu2) feisty; urgency=low |
| 1056 | + |
| 1057 | + * Update version in conflicts/replaces to that which was shipped in edgy, |
| 1058 | + which was later than that in Debian (due to the ubuntuX). LP: #73506. |
| 1059 | + |
| 1060 | + -- Scott James Remnant <scott@ubuntu.com> Tue, 28 Nov 2006 10:27:08 +0000 |
| 1061 | + |
| 1062 | +ntp (1:4.2.2.p4+dfsg-1ubuntu1) feisty; urgency=low |
| 1063 | + |
| 1064 | + * Merge from debian unstable, remaining changes: |
| 1065 | + - change default server to ntp.ubuntu.com |
| 1066 | + - remove stop links from rc0 and rc6 |
| 1067 | + |
| 1068 | + -- Scott James Remnant <scott@ubuntu.com> Mon, 27 Nov 2006 13:51:15 +0000 |
| 1069 | + |
| 1070 | ntp (1:4.2.2.p4+dfsg-1) unstable; urgency=low |
| 1071 | |
| 1072 | * New upstream release |
| 1073 | @@ -666,6 +1494,18 @@ ntp (1:4.2.2+dfsg-1) unstable; urgency=low |
| 1074 | |
| 1075 | -- Peter Eisentraut <petere@debian.org> Fri, 14 Jul 2006 22:55:36 +0200 |
| 1076 | |
| 1077 | +ntp (1:4.2.0a+stable-9ubuntu2) edgy; urgency=low |
| 1078 | + |
| 1079 | + * Remove stop script symlinks from rc0 and rc6. |
| 1080 | + |
| 1081 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 15 Sep 2006 17:47:40 +0100 |
| 1082 | + |
| 1083 | +ntp (1:4.2.0a+stable-9ubuntu1) edgy; urgency=low |
| 1084 | + |
| 1085 | + * Resynchronise with Debian. |
| 1086 | + |
| 1087 | + -- Tollef Fog Heen <tfheen@ubuntu.com> Fri, 30 Jun 2006 16:02:07 +0200 |
| 1088 | + |
| 1089 | ntp (1:4.2.0a+stable-9) unstable; urgency=low |
| 1090 | |
| 1091 | [ Peter Eisentraut ] |
| 1092 | @@ -699,6 +1539,51 @@ ntp (1:4.2.0a+stable-8.2) unstable; urgency=high |
| 1093 | |
| 1094 | -- Peter Eisentraut <petere@debian.org> Tue, 6 Jun 2006 02:27:42 +0200 |
| 1095 | |
| 1096 | +ntp (1:4.2.0a+stable-8.1ubuntu6) dapper; urgency=low |
| 1097 | + |
| 1098 | + * Call dh_installinit with --error-handler=true, which will prevent |
| 1099 | + ntp-server's prerm and postinst from bombing out on upgrades from |
| 1100 | + previous broken versions. ntp-{simple,refclock} still try to |
| 1101 | + restart the server in their postinst, so it won't be left dead. |
| 1102 | + |
| 1103 | + -- Adam Conrad <adconrad@ubuntu.com> Mon, 29 May 2006 10:25:43 +1000 |
| 1104 | + |
| 1105 | +ntp (1:4.2.0a+stable-8.1ubuntu5) dapper; urgency=low |
| 1106 | + |
| 1107 | + * Attempt to create the ntp user in ntp-server's postinst, as the |
| 1108 | + dependency loops between ntp-server and ntp-* means we have no |
| 1109 | + way of knowing which gets configured first (launchpad.net/33351) |
| 1110 | + |
| 1111 | + -- Adam Conrad <adconrad@ubuntu.com> Sun, 28 May 2006 02:20:57 +1000 |
| 1112 | + |
| 1113 | +ntp (1:4.2.0a+stable-8.1ubuntu4) dapper; urgency=low |
| 1114 | + |
| 1115 | + * Hide output from ntpdate unless ifup is run with -v. |
| 1116 | + |
| 1117 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 17 May 2006 22:45:19 +0100 |
| 1118 | + |
| 1119 | +ntp (1:4.2.0a+stable-8.1ubuntu3) dapper; urgency=low |
| 1120 | + |
| 1121 | + * Ignore errors from ntpdate, otherwise the interface might not come |
| 1122 | + fully up. |
| 1123 | + |
| 1124 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 8 Feb 2006 15:48:19 +0000 |
| 1125 | + |
| 1126 | +ntp (1:4.2.0a+stable-8.1ubuntu2) dapper; urgency=low |
| 1127 | + |
| 1128 | + * Remove ntpdate init script, instead install a script in |
| 1129 | + /etc/network/if-up.d that sets the clock whenever we bring up a network |
| 1130 | + interface. |
| 1131 | + |
| 1132 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 4 Jan 2006 15:56:23 +0000 |
| 1133 | + |
| 1134 | +ntp (1:4.2.0a+stable-8.1ubuntu1) dapper; urgency=low |
| 1135 | + |
| 1136 | + * Resynchronise with Debian. |
| 1137 | + * Use ntp.ubuntu.com rather than ntp.ubuntulinux.org. |
| 1138 | + |
| 1139 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 1 Nov 2005 23:06:49 -0500 |
| 1140 | + |
| 1141 | ntp (1:4.2.0a+stable-8.1) unstable; urgency=low |
| 1142 | |
| 1143 | * 0-day BSP NMU. |
| 1144 | @@ -707,6 +1592,20 @@ ntp (1:4.2.0a+stable-8.1) unstable; urgency=low |
| 1145 | |
| 1146 | -- Christoph Berg <myon@debian.org> Fri, 28 Oct 2005 15:33:37 +0200 |
| 1147 | |
| 1148 | +ntp (1:4.2.0a+stable-8ubuntu2) breezy; urgency=low |
| 1149 | + |
| 1150 | + * Fix error message in ntp-server init script. |
| 1151 | + (Closes: #14726) |
| 1152 | + |
| 1153 | + -- Fabio M. Di Nitto <fabbione@ubuntu.com> Fri, 09 Sep 2005 06:35:08 +0200 |
| 1154 | + |
| 1155 | +ntp (1:4.2.0a+stable-8ubuntu1) breezy; urgency=low |
| 1156 | + |
| 1157 | + * Resynchronise with Debian, resolving merge conflicts brought |
| 1158 | + on by Debian incorporating some of our changes upstream. |
| 1159 | + |
| 1160 | + -- Adam Conrad <adconrad@0c3.net> Wed, 20 Apr 2005 04:18:50 +0000 |
| 1161 | + |
| 1162 | ntp (1:4.2.0a+stable-8) unstable; urgency=medium |
| 1163 | |
| 1164 | * The "Well, I certainly could have done that better" version, |
| 1165 | @@ -737,22 +1636,6 @@ ntp (1:4.2.0a+stable-5) unstable; urgency=low |
| 1166 | |
| 1167 | -- Matthias Urlichs <smurf@debian.org> Mon, 14 Mar 2005 15:25:03 +0100 |
| 1168 | |
| 1169 | -ntp (1:4.2.0a-11ubuntu3) hoary; urgency=low |
| 1170 | - |
| 1171 | - * ntpd/ntpd.c: |
| 1172 | - - Revert the hardcoded root dropping parameters from previous version. |
| 1173 | - This is now done in init script. |
| 1174 | - - Bugfix: If group was specified as name, previous versions erroneously |
| 1175 | - used the uid as gid. |
| 1176 | - * debian/ntp-server.init.d: |
| 1177 | - - Run as user/group ntp by default (previously hardcoded in ntpd.c). |
| 1178 | - - Already determine the uid/gid of 'ntp' instead of doing it in ntpd.c |
| 1179 | - (for some reason this fails directly after boot). (Ubuntu #5399) |
| 1180 | - - Add -e to interpreter to stop on errors. |
| 1181 | - - append "/usr/bin/" to PATH setting (for getent and cut). |
| 1182 | - |
| 1183 | - -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 14 Mar 2005 13:24:46 +0100 |
| 1184 | - |
| 1185 | ntp (1:4.2.0a+stable-4) unstable; urgency=low |
| 1186 | |
| 1187 | * Merged Upstream fix for ntpdate IPv4/IPv6 problems. |
| 1188 | @@ -775,29 +1658,6 @@ ntp (1:4.2.0a+stable-4) unstable; urgency=low |
| 1189 | |
| 1190 | -- Matthias Urlichs <smurf@debian.org> Sat, 12 Mar 2005 06:16:39 +0100 |
| 1191 | |
| 1192 | -ntp (1:4.2.0a-11ubuntu2) hoary; urgency=low |
| 1193 | - |
| 1194 | - * Run ntpd as normal user (with CAP_SYS_TIME) instead of root |
| 1195 | - * ntpd/ntpd.c: |
| 1196 | - - activate root dropping to user and group "ntp" |
| 1197 | - - add runtime check whether the kernel really supports capabilities; do |
| 1198 | - not drop root privileges if not |
| 1199 | - - do not set CAP_SYS_TIME as inheritable |
| 1200 | - * debian/rules: |
| 1201 | - - configure with --enable-linuxcaps |
| 1202 | - * debian/control, packages ntp-simple/ntp-refclock: |
| 1203 | - - add "adduser" dependency |
| 1204 | - * debian/ntp-{simple,refclock}.postinst: |
| 1205 | - - create system user and group "ntp" |
| 1206 | - - chown /var/lib/ntp and /var/log/ntpstats to ntp:ntp to allow ntpd to |
| 1207 | - write into them |
| 1208 | - - restart the server (for the case that ntp-server's postinst ran before |
| 1209 | - ntp-{simple,refclock}'s) |
| 1210 | - * debian/ntp-{simple,refclock}.postrm: |
| 1211 | - - remove user and group ntp on package purge |
| 1212 | - |
| 1213 | - -- Martin Pitt <martin.pitt@canonical.com> Thu, 25 Nov 2004 15:23:53 +0100 |
| 1214 | - |
| 1215 | ntp (1:4.2.0a+stable-3) unstable; urgency=low |
| 1216 | |
| 1217 | * Re-upload due to Debian FTP archive problems. |
| 1218 | @@ -849,6 +1709,12 @@ ntp (1:4.2.0a+bk20040620-2) experimental; urgency=low |
| 1219 | |
| 1220 | -- Matthias Urlichs <smurf@debian.org> Sat, 25 Sep 2004 11:43:37 +0200 |
| 1221 | |
| 1222 | +ntp (1:4.2.0a+bk20040620-1) experimental; urgency=low |
| 1223 | + |
| 1224 | + * Merge current stable Upstream |
| 1225 | + |
| 1226 | + -- Matthias Urlichs <smurf@debian.org> Mon, 21 Jun 2004 10:17:28 +0200 |
| 1227 | + |
| 1228 | ntp (1:4.2.0a-12) unstable; urgency=low |
| 1229 | |
| 1230 | * Doc how to use multiple servers in ntp.default. |
| 1231 | @@ -856,6 +1722,51 @@ ntp (1:4.2.0a-12) unstable; urgency=low |
| 1232 | |
| 1233 | -- Matthias Urlichs <smurf@debian.org> Mon, 9 Aug 2004 19:57:58 +0200 |
| 1234 | |
| 1235 | +ntp (1:4.2.0a-11ubuntu3) hoary; urgency=low |
| 1236 | + |
| 1237 | + * ntpd/ntpd.c: |
| 1238 | + - Revert the hardcoded root dropping parameters from previous version. |
| 1239 | + This is now done in init script. |
| 1240 | + - Bugfix: If group was specified as name, previous versions erroneously |
| 1241 | + used the uid as gid. |
| 1242 | + * debian/ntp-server.init.d: |
| 1243 | + - Run as user/group ntp by default (previously hardcoded in ntpd.c). |
| 1244 | + - Already determine the uid/gid of 'ntp' instead of doing it in ntpd.c |
| 1245 | + (for some reason this fails directly after boot). (Ubuntu #5399) |
| 1246 | + - Add -e to interpreter to stop on errors. |
| 1247 | + - append "/usr/bin/" to PATH setting (for getent and cut). |
| 1248 | + |
| 1249 | + -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 14 Mar 2005 13:24:46 +0100 |
| 1250 | + |
| 1251 | +ntp (1:4.2.0a-11ubuntu2) hoary; urgency=low |
| 1252 | + |
| 1253 | + * Run ntpd as normal user (with CAP_SYS_TIME) instead of root |
| 1254 | + * ntpd/ntpd.c: |
| 1255 | + - activate root dropping to user and group "ntp" |
| 1256 | + - add runtime check whether the kernel really supports capabilities; do |
| 1257 | + not drop root privileges if not |
| 1258 | + - do not set CAP_SYS_TIME as inheritable |
| 1259 | + * debian/rules: |
| 1260 | + - configure with --enable-linuxcaps |
| 1261 | + * debian/control, packages ntp-simple/ntp-refclock: |
| 1262 | + - add "adduser" dependency |
| 1263 | + * debian/ntp-{simple,refclock}.postinst: |
| 1264 | + - create system user and group "ntp" |
| 1265 | + - chown /var/lib/ntp and /var/log/ntpstats to ntp:ntp to allow ntpd to |
| 1266 | + write into them |
| 1267 | + - restart the server (for the case that ntp-server's postinst ran before |
| 1268 | + ntp-{simple,refclock}'s) |
| 1269 | + * debian/ntp-{simple,refclock}.postrm: |
| 1270 | + - remove user and group ntp on package purge |
| 1271 | + |
| 1272 | + -- Martin Pitt <martin.pitt@canonical.com> Thu, 25 Nov 2004 15:23:53 +0100 |
| 1273 | + |
| 1274 | +ntp (1:4.2.0a-11ubuntu1) hoary; urgency=low |
| 1275 | + |
| 1276 | + * Resynchronise with Debian. |
| 1277 | + |
| 1278 | + -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 13:54:06 +0100 |
| 1279 | + |
| 1280 | ntp (1:4.2.0a-11) unstable; urgency=low |
| 1281 | |
| 1282 | * Fix building on non-Linux Debian systems. |
| 1283 | @@ -866,6 +1777,19 @@ ntp (1:4.2.0a-11) unstable; urgency=low |
| 1284 | |
| 1285 | -- Matthias Urlichs <smurf@debian.org> Tue, 6 Jul 2004 05:26:07 +0200 |
| 1286 | |
| 1287 | +ntp (1:4.2.0a-10ubuntu2) warty; urgency=low |
| 1288 | + |
| 1289 | + * Use ntp.ubuntulinux.org instead of pool.ntp.org |
| 1290 | + |
| 1291 | + -- Matt Zimmerman <mdz@canonical.com> Mon, 11 Oct 2004 16:10:27 -0700 |
| 1292 | + |
| 1293 | +ntp (1:4.2.0a-10ubuntu1) warty; urgency=low |
| 1294 | + |
| 1295 | + * Added versioned depend on lsb-base |
| 1296 | + * debian/ntpdate.init.d,ntp-server.init.d: pretty initscripts |
| 1297 | + |
| 1298 | + -- Nathaniel McCallum <npmccallum@canonical.com> Fri, 3 Sep 2004 15:12:27 -0400 |
| 1299 | + |
| 1300 | ntp (1:4.2.0a-10) unstable; urgency=medium |
| 1301 | |
| 1302 | * Kill spuriously-running servers when updating. |
| 1303 | diff --git a/debian/control b/debian/control |
| 1304 | index 9d77642..64fd237 100644 |
| 1305 | --- a/debian/control |
| 1306 | +++ b/debian/control |
| 1307 | @@ -1,9 +1,10 @@ |
| 1308 | Source: ntp |
| 1309 | Section: net |
| 1310 | Priority: optional |
| 1311 | -Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org> |
| 1312 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
| 1313 | +XSBC-Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org> |
| 1314 | Uploaders: Bdale Garbee <bdale@gag.com>, Peter Eisentraut <petere@debian.org>, Kurt Roeckx <kurt@roeckx.be> |
| 1315 | -Build-Depends: dh-autoreconf, debhelper (>= 6), libedit-dev, libcap2-dev [linux-any], libssl-dev (>= 1.0.0e-1), autogen (>= 1:5.11) |
| 1316 | +Build-Depends: dh-autoreconf, debhelper (>= 6), libedit-dev, libcap2-dev [linux-any], libssl-dev (>= 1.0.0e-1), autogen (>= 1:5.11), dh-apparmor, bison, pps-tools |
| 1317 | Build-Conflicts: libavahi-compat-libdnssd-dev, libwww-dev, libwww-ssl-dev |
| 1318 | Standards-Version: 3.9.5 |
| 1319 | Homepage: http://support.ntp.org/ |
| 1320 | @@ -15,7 +16,9 @@ Architecture: any |
| 1321 | Depends: adduser, lsb-base (>= 3.2-13), netbase, ${misc:Depends}, ${shlibs:Depends} |
| 1322 | Pre-Depends: dpkg (>= 1.15.7.2) |
| 1323 | Recommends: ${perl:Depends} |
| 1324 | -Suggests: ntp-doc |
| 1325 | +Suggests: ntp-doc, apparmor (>= 2.1+1075-0ubuntu6) |
| 1326 | +Conflicts: apparmor-profiles (<< 2.3.1+1403-0ubuntu10), apparmor (<< 2.3.1+1403-0ubuntu10) |
| 1327 | +Replaces: apparmor-profiles (<< 2.3.1+1403-0ubuntu10), apparmor (<< 2.3.1+1403-0ubuntu10) |
| 1328 | Breaks: dhcp3-client (<< 4.1.0-1) |
| 1329 | Description: Network Time Protocol daemon and utility programs |
| 1330 | NTP, the Network Time Protocol, is used to keep computer clocks |
| 1331 | diff --git a/debian/ntp.conf b/debian/ntp.conf |
| 1332 | index b51b4f9..c84d0f6 100644 |
| 1333 | --- a/debian/ntp.conf |
| 1334 | +++ b/debian/ntp.conf |
| 1335 | @@ -10,18 +10,18 @@ filegen loopstats file loopstats type day enable |
| 1336 | filegen peerstats file peerstats type day enable |
| 1337 | filegen clockstats file clockstats type day enable |
| 1338 | |
| 1339 | +# Specify one or more NTP servers. |
| 1340 | |
| 1341 | -# You do need to talk to an NTP server or two (or three). |
| 1342 | -#server ntp.your-provider.example |
| 1343 | - |
| 1344 | -# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will |
| 1345 | -# pick a different set every time it starts up. Please consider joining the |
| 1346 | -# pool: <http://www.pool.ntp.org/join.html> |
| 1347 | -pool 0.debian.pool.ntp.org iburst |
| 1348 | -pool 1.debian.pool.ntp.org iburst |
| 1349 | -pool 2.debian.pool.ntp.org iburst |
| 1350 | -pool 3.debian.pool.ntp.org iburst |
| 1351 | +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board |
| 1352 | +# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for |
| 1353 | +# more information. |
| 1354 | +server 0.ubuntu.pool.ntp.org iburst |
| 1355 | +server 1.ubuntu.pool.ntp.org iburst |
| 1356 | +server 2.ubuntu.pool.ntp.org iburst |
| 1357 | +server 3.ubuntu.pool.ntp.org iburst |
| 1358 | |
| 1359 | +# Use Ubuntu's ntp server as a fallback. |
| 1360 | +server ntp.ubuntu.com |
| 1361 | |
| 1362 | # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for |
| 1363 | # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> |
| 1364 | @@ -55,3 +55,12 @@ restrict source notrap nomodify noquery |
| 1365 | # next lines. Please do this only if you trust everybody on the network! |
| 1366 | #disable auth |
| 1367 | #broadcastclient |
| 1368 | + |
| 1369 | +#Changes recquired to use pps synchonisation as explained in documentation: |
| 1370 | +#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918 |
| 1371 | + |
| 1372 | +#server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS |
| 1373 | +#fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware |
| 1374 | + |
| 1375 | +#server 127.127.22.1 # ATOM(PPS) |
| 1376 | +#fudge 127.127.22.1 flag3 1 # enable PPS API |
| 1377 | diff --git a/debian/ntp.cron.daily b/debian/ntp.cron.daily |
| 1378 | index 65e11d4..8b77b73 100644 |
| 1379 | --- a/debian/ntp.cron.daily |
| 1380 | +++ b/debian/ntp.cron.daily |
| 1381 | @@ -9,19 +9,29 @@ |
| 1382 | statsdir=$(cat /etc/ntp.conf | grep -v '^#' | sed -nr 's/^statsdir[[:space:]]+([^[:space:]]+).*$/\1/p') |
| 1383 | |
| 1384 | if [ -n "$statsdir" ] && [ -d "$statsdir" ]; then |
| 1385 | - # only keep a week's depth of these |
| 1386 | - find "$statsdir" -type f -mtime +7 -exec rm {} \; |
| 1387 | + if [ "$(id -u)" = "0" ]; then |
| 1388 | + # For security reasons, do not run this script as root. |
| 1389 | + exec su -c "exec \"$0\"" ntp |
| 1390 | + exit 1 |
| 1391 | + fi |
| 1392 | + |
| 1393 | + # only keep a week's depth of these. Delete only files exactly |
| 1394 | + # within the directory and do not descend into subdirectories |
| 1395 | + # to avoid security risks on platforms where find is not using |
| 1396 | + # fts-library. |
| 1397 | + find "$statsdir" -maxdepth 1 -type f -mtime +7 -delete |
| 1398 | |
| 1399 | - # compress whatever is left to save space |
| 1400 | - cd "$statsdir" |
| 1401 | - ls *stats.???????? > /dev/null 2>&1 |
| 1402 | + # compress whatever is left to save space but make sure to really |
| 1403 | + # do it only in the expected directory. |
| 1404 | + cd "$statsdir" || exit 1 |
| 1405 | + ls -d -- *stats.???????? > /dev/null 2>&1 |
| 1406 | if [ $? -eq 0 ]; then |
| 1407 | # Note that gzip won't compress the file names that |
| 1408 | # are hard links to the live/current files, so this |
| 1409 | # compresses yesterday and previous, leaving the live |
| 1410 | # log alone. We supress the warnings gzip issues |
| 1411 | # about not compressing the linked file. |
| 1412 | - gzip --best --quiet *stats.???????? |
| 1413 | + gzip --best --quiet -- *stats.???????? |
| 1414 | return=$? |
| 1415 | case $return in |
| 1416 | 2) |
| 1417 | diff --git a/debian/ntp.dhcp b/debian/ntp.dhcp |
| 1418 | index a1acb21..a629d16 100644 |
| 1419 | --- a/debian/ntp.dhcp |
| 1420 | +++ b/debian/ntp.dhcp |
| 1421 | @@ -40,7 +40,7 @@ ntp_servers_setup_add() { |
| 1422 | echo "server $server iburst" |
| 1423 | done |
| 1424 | echo |
| 1425 | - sed -r -e '/^ *(server|peer).*$/d' $NTP_CONF |
| 1426 | + sed -r -e '/^ *(server *[^1][^2][^7]\.|peer).*$/d' $NTP_CONF |
| 1427 | ) >>$tmp |
| 1428 | |
| 1429 | mv $tmp $NTP_DHCP_CONF |
| 1430 | diff --git a/debian/ntp.dirs b/debian/ntp.dirs |
| 1431 | index 49d3819..314ad95 100644 |
| 1432 | --- a/debian/ntp.dirs |
| 1433 | +++ b/debian/ntp.dirs |
| 1434 | @@ -1,3 +1,6 @@ |
| 1435 | usr/sbin |
| 1436 | var/lib/ntp |
| 1437 | var/log/ntpstats |
| 1438 | +etc/apparmor.d/force-complain |
| 1439 | +etc/apparmor.d/tunables |
| 1440 | +usr/share/apport/package-hooks |
| 1441 | diff --git a/debian/ntp.init b/debian/ntp.init |
| 1442 | index 3a5ccc5..9755091 100644 |
| 1443 | --- a/debian/ntp.init |
| 1444 | +++ b/debian/ntp.init |
| 1445 | @@ -5,7 +5,7 @@ |
| 1446 | # Required-Start: $network $remote_fs $syslog |
| 1447 | # Required-Stop: $network $remote_fs $syslog |
| 1448 | # Default-Start: 2 3 4 5 |
| 1449 | -# Default-Stop: |
| 1450 | +# Default-Stop: 1 |
| 1451 | # Short-Description: Start NTP daemon |
| 1452 | ### END INIT INFO |
| 1453 | |
| 1454 | @@ -22,7 +22,7 @@ if [ -r /etc/default/ntp ]; then |
| 1455 | . /etc/default/ntp |
| 1456 | fi |
| 1457 | |
| 1458 | -if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then |
| 1459 | +if [ /var/lib/ntp/ntp.conf.dhcp -nt /etc/ntp.conf ]; then |
| 1460 | NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp" |
| 1461 | fi |
| 1462 | |
| 1463 | diff --git a/debian/ntpdate.default b/debian/ntpdate.default |
| 1464 | index 3241694..f239b18 100644 |
| 1465 | --- a/debian/ntpdate.default |
| 1466 | +++ b/debian/ntpdate.default |
| 1467 | @@ -7,7 +7,7 @@ NTPDATE_USE_NTP_CONF=yes |
| 1468 | |
| 1469 | # List of NTP servers to use (Separate multiple servers with spaces.) |
| 1470 | # Not used if NTPDATE_USE_NTP_CONF is yes. |
| 1471 | -NTPSERVERS="0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org" |
| 1472 | +NTPSERVERS="ntp.ubuntu.com" |
| 1473 | |
| 1474 | # Additional options to pass to ntpdate |
| 1475 | NTPOPTIONS="" |
| 1476 | diff --git a/debian/ntpdate.if-up b/debian/ntpdate.if-up |
| 1477 | index 078d094..6dd3673 100644 |
| 1478 | --- a/debian/ntpdate.if-up |
| 1479 | +++ b/debian/ntpdate.if-up |
| 1480 | @@ -30,7 +30,17 @@ if [ -r /lib/udev/hotplug.functions ]; then |
| 1481 | wait_for_file /usr/sbin/ntpdate-debian |
| 1482 | fi |
| 1483 | |
| 1484 | +if [ -e /usr/sbin/openntpd ]; then |
| 1485 | + service='openntpd' |
| 1486 | +else |
| 1487 | + service='ntp' |
| 1488 | +fi |
| 1489 | + |
| 1490 | +invoke-rc.d --quiet $service stop >/dev/null 2>&1 || true |
| 1491 | + |
| 1492 | # Avoid running more than one at a time |
| 1493 | flock -n /run/lock/ntpdate /usr/sbin/ntpdate-debian -s $OPTS 2>/dev/null || : |
| 1494 | |
| 1495 | +invoke-rc.d --quiet $service start >/dev/null 2>&1 || true |
| 1496 | + |
| 1497 | ) & |
| 1498 | diff --git a/debian/rules b/debian/rules |
| 1499 | index 6caa1b0..fb7da83 100755 |
| 1500 | --- a/debian/rules |
| 1501 | +++ b/debian/rules |
| 1502 | @@ -16,7 +16,7 @@ endif |
| 1503 | ./configure CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' LDFLAGS='$(LDFLAGS)' \ |
| 1504 | --prefix=/usr \ |
| 1505 | --enable-all-clocks --enable-parse-clocks --enable-SHM \ |
| 1506 | - --disable-debugging --sysconfdir=/var/lib/ntp \ |
| 1507 | + --enable-debugging --sysconfdir=/var/lib/ntp \ |
| 1508 | --with-sntp=no \ |
| 1509 | --with-lineeditlibs=edit \ |
| 1510 | --without-ntpsnmpd \ |
| 1511 | @@ -65,6 +65,14 @@ install: build-stamp |
| 1512 | |
| 1513 | install -D -m 0644 debian/ntp.conf debian/ntp/etc/ntp.conf |
| 1514 | |
| 1515 | + # install apparmor profile |
| 1516 | + install -D -m 0644 debian/apparmor-profile debian/ntp/etc/apparmor.d/usr.sbin.ntpd |
| 1517 | + install -D -m 0644 debian/apparmor-profile.tunable debian/ntp/etc/apparmor.d/tunables/ntpd |
| 1518 | + dh_link -pntp etc/apparmor.d/usr.sbin.ntpd etc/apparmor/init/network-interface-security/usr.sbin.ntpd |
| 1519 | + |
| 1520 | + # install apport hook |
| 1521 | + install -D -m 644 debian/source_ntp.py debian/ntp/usr/share/apport/package-hooks/source_ntp.py |
| 1522 | + |
| 1523 | # remove upstream man pages, which are currently not as nice as ours / ntpsnmpd we don't want |
| 1524 | rm $(addprefix debian/tmp/usr/share/man/man1/,ntpd.1 ntpdc.1 ntp-keygen.1 ntpq.1) |
| 1525 | |
| 1526 | @@ -99,6 +107,7 @@ binary-arch: build install |
| 1527 | dh_installexamples -a |
| 1528 | dh_installman -a |
| 1529 | dh_installinit -pntp --error-handler=installinit_error |
| 1530 | + dh_apparmor -pntp --profile-name=usr.sbin.ntpd |
| 1531 | dh_installinit -pntpdate |
| 1532 | dh_installcron -a |
| 1533 | dh_installlogcheck -a |
| 1534 | diff --git a/debian/source_ntp.py b/debian/source_ntp.py |
| 1535 | new file mode 100644 |
| 1536 | index 0000000..3debc68 |
| 1537 | --- /dev/null |
| 1538 | +++ b/debian/source_ntp.py |
| 1539 | @@ -0,0 +1,22 @@ |
| 1540 | +'''apport package hook for ntp |
| 1541 | + |
| 1542 | +(c) 2010-2011 Canonical Ltd. |
| 1543 | +Author: Chuck Short <zulcss@ubuntu.com> |
| 1544 | +''' |
| 1545 | + |
| 1546 | +from apport.hookutils import * |
| 1547 | +from os import path |
| 1548 | +import re |
| 1549 | + |
| 1550 | +def add_info(report): |
| 1551 | + attach_conffiles(report, 'ntp') |
| 1552 | + |
| 1553 | + # get apparmor stuff |
| 1554 | + attach_mac_events(report, '/usr/sbin/ntpd') |
| 1555 | + attach_file(report, '/etc/apparmor.d/usr.sbin.ntpd') |
| 1556 | + |
| 1557 | + # get syslog stuff |
| 1558 | + recent_syslog(re.compile(r'ntpd\[')) |
| 1559 | + |
| 1560 | + # Get debug information |
| 1561 | + report['NtpStatus'] = command_output(['ntpq', '-p']) |
For reference, we reviewed this in person. The merge mechanics were all correct, but I additionally wanted some additional changelog explanation and extra consideration for all of the delta that has been carried forward through previous merges without much thought, since it all seemed quite large and much of it didn't seem to be necessarily Ubuntu-specific.
Pierre kindly summarised our conversation with the following TODO:
After Robies's review, stuff to do:
Right now:
----------
Remove cron stuf (per mdeslaur irc comment)
Go to original bug into ubuntu regarding the sed rule, add a note in the PPS section about the need to disable the dhcp ntp stuff. (collective decision)
Explanation of pool to server delta. (better explanation in changelog)
Add fPIC confirmed with Marc Deslauriers. (add the fact that it is acknowledge by security team)
Explain the hardening-wrapper better. (deprecated message at build-package time)
Explain update-rcd-update. ( The fact that it is not supported anymore at dpkg --configure install)
Explain drop empty ntp.conf before trusty. (natty timeframe)
Ask caribou to check CVEs. (to double check with fresh eyes)
Rebase the work, and tag the actual with review. (for ease of use)
Later, after debian bug discussions:
-------
Openntp and stop / start, bug to debian. (analyse the correctness of this change, drop or initiate debian discussion accordingly)
The -nt /etc/dhcp.conf, same as above.
Enable-debugging to be dropped, bug to debian, drop later.
Depends bison to get included to debian.
What remains is (again, Pierre's summary):
.-Go to original bug into ubuntu regarding the sed rule,
.-Openntp and stop / start, bug to debian. (analyse the correctness of this change, drop or initiate debian discussion accordingly)
.-The -nt /etc/dhcp.conf, same as above.
.-Enable-debugging to be dropped, bug to debian, drop later.
.-Depends bison to get included to debian.
.-Verify dhclient.conf responsible package for eventual ntp-servers request delta. if ubuntu, change README.Debian in this ntp package, else file a bug against Debian.
I did "Go to original bug into ubuntu regarding the sed rule" since I wanted to mention that in the changelog.