Merge ~paelzer/ubuntu/+source/ntp:merge-disco-4.2.8p12-2-lp1806382 into ubuntu/+source/ntp:debian/sid

Proposed by Christian Ehrhardt  on 2018-12-03
Status: Merged
Approved by: Christian Ehrhardt  on 2018-12-05
Approved revision: ab2e6f57a79d7c53c0f85f78da099f6e3eb059ae
Merge reported by: Christian Ehrhardt 
Merged at revision: ab2e6f57a79d7c53c0f85f78da099f6e3eb059ae
Proposed branch: ~paelzer/ubuntu/+source/ntp:merge-disco-4.2.8p12-2-lp1806382
Merge into: ubuntu/+source/ntp:debian/sid
Diff against target: 1648 lines (+1363/-18)
8 files modified
debian/changelog (+1327/-0)
debian/control (+2/-1)
debian/ntp-systemd-netif.path (+8/-0)
debian/ntp-systemd-netif.service (+4/-0)
debian/ntp.conf (+12/-12)
debian/ntp.dhcp (+6/-4)
debian/ntpdate.default (+1/-1)
debian/rules (+3/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack 2018-12-03 Approve on 2018-12-05
Canonical Server Team 2018-12-03 Pending
Ubuntu Server Dev import team 2018-12-03 Pending
Review via email: mp+359994@code.launchpad.net
To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Tags to ease review:
To ssh://git.launchpad.net/~paelzer/ubuntu/+source/ntp
 * [new tag] lp1806382/deconstruct/1%4.2.8p11+dfsg-1ubuntu1 -> lp1806382/deconstruct/1%4.2.8p11+dfsg-1ubuntu1
 * [new tag] lp1806382/new/debian -> lp1806382/new/debian
 * [new tag] lp1806382/old/debian -> lp1806382/old/debian
 * [new tag] lp1806382/old/ubuntu -> lp1806382/old/ubuntu
 * [new tag] lp1806382/reconstruct/1%4.2.8p11+dfsg-1ubuntu1 -> lp1806382/reconstruct/1%4.2.8p11+dfsg-1ubuntu1
 * [new tag] lplp1806382/old/debian/logical/1%4.2.8p11+dfsg-1ubuntu1 -> lplp1806382/old/debian/logical/1%4.2.8p11+dfsg-1ubuntu1

PPA build at https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3548

Bileto ticket (pre-tests) at: https://bileto.ubuntu.com/#/ticket/3548

Andreas Hasenack (ahasenack) wrote :

795c542d8e4b2c157c4c788a39df7f777ee1f2d9 in (lp1806382/logical/1%4.2.8p11+dfsg-1ubuntu1 says:

    * d/ntp.dhcp add support for parsing systemd networkd lease files LP: #1717983

But it's actually changing more files:
debian/ntp-systemd-netif.path (add)
debian/ntp-systemd-netif.service (change)
debian/rules (change)

Maybe the commit message, and d/changelog after that, could be updated?

The rest is ok, delta carried over with the pps drop:
$ git range-diff lp1806382/old/debian..lp1806382/logical/1%4.2.8p11+dfsg-1ubuntu1 lp1806382/new/debian..HEAD
1: 6235b5dd = 1: aa39fed2 - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
2: 28aaf3db < -: -------- - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian.
3: 613a8143 < -: -------- + debian/ntp.conf: Add some PPS configuration examples from the offical documentation.
4: 795c542d = 2: 6e84caa6 * d/ntp.dhcp add support for parsing systemd networkd lease files LP: #1717983
-: -------- > 3: d7cc8eaf merge-changelogs
-: -------- > 4: fbde1da6 reconstruct-changelog
-: -------- > 5: c6168448 update-maintainer
-: -------- > 6: ab2e6f57 changelog: mention dropped changes

+1 with the updated commit message/changelog entry about the changed files

review: Approve
Christian Ehrhardt  (paelzer) wrote :

Yeah, reasonable improvement to the commit and changelog.
Will do so and then upload - thanks!

Christian Ehrhardt  (paelzer) wrote :

With the changelog and commit wording improvements tagged and uploaded

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e18dbb4..185ba0b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,14 @@
6+ntp (1:4.2.8p12+dfsg-3ubuntu1) disco; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #1806382). Remaining changes:
9+ - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
10+ - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
11+ * Dropped Changes (accepted in Debian)
12+ - Add PPS support (this is accepted in Debian and only had some readme
13+ and example entries left):
14+
15+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Dec 2018 13:05:00 +0100
16+
17 ntp (1:4.2.8p12+dfsg-3) unstable; urgency=low
18
19 * Treat testsuite errors as non-fatal on some architectures
20@@ -31,6 +42,25 @@ ntp (1:4.2.8p12+dfsg-1) unstable; urgency=medium
21
22 -- Bernhard Schmidt <berni@debian.org> Thu, 16 Aug 2018 22:20:29 +0200
23
24+ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium
25+
26+ * Merge with Debian unstable (LP: #1773921). Remaining changes:
27+ - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
28+ - Add PPS support (LP 1512980):
29+ + debian/README.Debian: Add a PPS section to the README.Debian
30+ + debian/ntp.conf: Add some PPS configuration examples from the offical
31+ documentation.
32+ - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
33+ * Dropped Changes (accepted in Debian)
34+ - d/ntp-systemd-wrapper protect systemd service startup from concurrent
35+ ntpdate processes the same way it was protected on sysv-init (LP 1706818)
36+ - debian/apparmor-profile: add attach_disconnected which is needed in some
37+ cases to let ntp report its log messages (LP 1727202).
38+ - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
39+ - fix apparmor denial when checking for running ntpdate (LP 1749389)
40+
41+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 29 May 2018 10:34:11 +0200
42+
43 ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
44
45 * New upstream version 4.2.8p11+dfsg (Closes: #851096)
46@@ -75,6 +105,65 @@ ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium
47
48 -- Bernhard Schmidt <berni@debian.org> Wed, 24 Jan 2018 22:42:13 +0100
49
50+ntp (1:4.2.8p10+dfsg-5ubuntu7) bionic; urgency=medium
51+
52+ * fix apparmor denial when checking for running ntpdate (LP: 1749389)
53+
54+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Feb 2018 09:23:36 +0100
55+
56+ntp (1:4.2.8p10+dfsg-5ubuntu6) bionic; urgency=high
57+
58+ * No change rebuild against openssl1.1.
59+
60+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 05 Feb 2018 16:51:21 +0000
61+
62+ntp (1:4.2.8p10+dfsg-5ubuntu5) bionic; urgency=medium
63+
64+ * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227)
65+
66+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 Jan 2018 14:20:53 +0100
67+
68+ntp (1:4.2.8p10+dfsg-5ubuntu4) bionic; urgency=medium
69+
70+ * debian/apparmor-profile: add attach_disconnected which is needed in some
71+ cases to let ntp report its log messages (LP: #1727202).
72+
73+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 13 Dec 2017 16:31:30 +0100
74+
75+ntp (1:4.2.8p10+dfsg-5ubuntu3) artful; urgency=medium
76+
77+ * d/ntp.dhcp add support for parsing systemd networkd lease files LP:
78+ #1717983
79+
80+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 03 Oct 2017 01:54:33 +0100
81+
82+ntp (1:4.2.8p10+dfsg-5ubuntu2) artful; urgency=medium
83+
84+ * d/ntp-systemd-wrapper protect systemd service startup from concurrent
85+ ntpdate processes the same way it was protected on sysv-init (LP: #1706818)
86+
87+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 05 Sep 2017 15:09:08 +0200
88+
89+ntp (1:4.2.8p10+dfsg-5ubuntu1) artful; urgency=medium
90+
91+ * Merge with Debian unstable (LP: #1604010). Remaining changes:
92+ - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
93+ - Add PPS support (LP 1512980):
94+ + debian/README.Debian: Add a PPS section to the README.Debian,
95+ removed all PPSkit one.
96+ + debian/ntp.conf: Add some configuration examples from the offical
97+ documentation.
98+ * Drop Changes (contribs accepted in Debian):
99+ - Apparmor bits not yet accepted in Debian
100+ + d/apparmor-profile add samba winbindd pipe (LP 1582767)
101+ - Fix ntpdate-debian to be able to parse new config of ntp (LP 1576698)
102+ - d/rules: enable debugging
103+ - d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
104+ + d/source_ntp.py: includes a filter on AppArmor profile names to prevent
105+ false positives from denials originating in other packages
106+
107+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Jun 2017 16:17:38 +0200
108+
109 ntp (1:4.2.8p10+dfsg-5) unstable; urgency=medium
110
111 * Fix arch:all FTBFS due to improper moving of sntp manpage (Closes: #865227)
112@@ -126,6 +215,43 @@ ntp (1:4.2.8p10+dfsg-2) unstable; urgency=medium
113
114 -- Bernhard Schmidt <berni@debian.org> Sun, 07 May 2017 14:49:22 +0200
115
116+ntp (1:4.2.8p10+dfsg-1ubuntu1) artful; urgency=medium
117+
118+ * Merge from Debian testing. Remaining changes:
119+ + d/rules: enable debugging
120+ + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
121+ - d/source_ntp.py: includes a filter on AppArmor profile names to prevent
122+ false positives from denials originating in other packages
123+ + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
124+ + Fix ntpdate-debian to be able to parse new config of ntp
125+ + PPS Documentation:
126+ - d/README.Debian: Add a PPS section to the README.Debian,
127+ removed all PPSkit one.
128+ - d/ntp.conf: Add some configuration examples from the offical
129+ documentation.
130+ + Apparmor bits not yet accepted in Debian
131+ - d/apparmor-profile add samba winbindd pipe
132+ * Drop Changes:
133+ + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y); dropped
134+ as this was only needed while CVE delta was in place that needed
135+ ntpd/ntp_parser.[ch] regenerated from ntpd/ntp_parser.y
136+ + d/control: Add Suggests on apparmor; drop delta as this is not strictly
137+ needed.
138+ + Create etc/apparmor.d/{force-complain,tunables}/; force-complain is not
139+ used and tunables is handled by the install -D in debian/rules
140+ + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
141+ running ntpdate when an interface comes up, then start again afterwards;
142+ dropping because this actually was a bad workaround to restart ntpd often
143+ in case it didn't find its peers when starting initially with many follow
144+ on fixes and follow on bugs around.
145+ + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
146+ newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to
147+ new path /run/ntp.conf.dhcp); fixed in Debian by bug 600661
148+ + d/ntp.init: Only stop when entering single user mode; that change is a
149+ no-op in systemd environments so it can be dropped
150+
151+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 May 2017 16:24:56 +0200
152+
153 ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high
154
155 * New upstream version
156@@ -141,6 +267,39 @@ ntp (1:4.2.8p9+dfsg-2.1) unstable; urgency=medium
157
158 -- Daniel Silverstone <dsilvers@digital-scurf.org> Sat, 28 Jan 2017 11:58:18 +0000
159
160+ntp (1:4.2.8p9+dfsg-2ubuntu1) zesty; urgency=medium
161+
162+ * Merge from Debian testing. Remaining changes (LP: #427775):
163+ + d/rules: enable debugging
164+ + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
165+ + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
166+ running ntpdate when an interface comes up, then start again afterwards.
167+ + d/ntp.init: Only stop when entering single user mode
168+ + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
169+ newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to
170+ new path /run/ntp.conf.dhcp)
171+ + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
172+ + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
173+ + Fix ntpdate-debian to be able to parse new config of ntp
174+ + Add PPS support:
175+ - d/README.Debian: Add a PPS section to the README.Debian,
176+ removed all PPSkit one.
177+ - d/ntp.conf: Add some configuration examples from the offical
178+ documentation.
179+ + Add Apparmor bits not yet accepted in Debian
180+ - d/control: Add Suggests on apparmor.
181+ - d/source_ntp.py: Add filter on AppArmor profile names to prevent
182+ false positives from denials originating in other packages
183+ - d/apparmor-profile add samba winbindd pipe
184+ - Create etc/apparmor.d/{force-complain,tunables}/
185+ * Drop Changes:
186+ + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure
187+ (was accepted in Debian).
188+ + d/control: different conflicts/replaces versions on apparmor (was a
189+ dependency on a higher apparmor version, but today all releases are newer)
190+
191+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 01 Dec 2016 15:40:22 +0100
192+
193 ntp (1:4.2.8p9+dfsg-2) unstable; urgency=medium
194
195 * CVE-2016-0727: NTP statsdir cleanup cronjob insecure (Closes: #839998)
196@@ -173,6 +332,72 @@ ntp (1:4.2.8p9+dfsg-1) unstable; urgency=medium
197
198 -- Kurt Roeckx <kurt@roeckx.be> Mon, 21 Nov 2016 19:30:02 +0100
199
200+ntp (1:4.2.8p8+dfsg-1ubuntu2) yakkety; urgency=medium
201+
202+ * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698)
203+
204+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 26 Aug 2016 15:11:15 +0200
205+
206+ntp (1:4.2.8p8+dfsg-1ubuntu1) yakkety; urgency=medium
207+
208+ [ Christian Ehrhardt ]
209+ * Merge from Debian testing. Remaining changes:
210+ + debian/rules: enable debugging. Asked debian to add this in bug #643954.
211+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
212+ + debian/control: Add Suggests on apparmor.
213+ + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
214+ false positives from denials originating in other packages
215+ + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
216+ running ntpdate when an interface comes up, then start again afterwards.
217+ + debian/ntp.init, debian/rules: Only stop when entering single user mode,
218+ don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can
219+ get stale. Patch by Simon Déziel.
220+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
221+ ntp.ubuntu.com.
222+ + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
223+ + Extend PPS support
224+ - debian/README.Debian: Add a PPS section to the README.Debian
225+ - debian/ntp.conf: Add some configuration examples from the offical
226+ documentation.
227+ + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
228+ - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
229+ - CVE-2016-0727
230+ + Merge also contains an upstream fix that solves (LP: #1567540)
231+ * Added changes
232+ + match Ubuntu packages now that Debian has ntp apparmor accepted in
233+ d/control for Apparmor conflicts/replaces
234+ + d/apparmor-profile add samba winbindd pipe (LP: #1582767)
235+ * Drop Changes:
236+ + Add enforcing AppArmor profile (accepted in Debian):
237+ - debian/control: Add Conflicts/Replaces on apparmor-profiles.
238+ - debian/control: Add Suggests on apparmor.
239+ - debian/control: Build-Depends on dh-apparmor.
240+ - add debian/apparmor-profile*.
241+ - debian/ntp.dirs: Add apparmor directories.
242+ - debian/rules: Install apparmor-profile and apparmor-profile.tunable.
243+ - debian/source_ntp.py: Add filter on AppArmor profile names to prevent
244+ false positives from denials originating in other packages.
245+ - debian/README.Debian: Add note on AppArmor.
246+ + Add PPS support (accepted in Debian)
247+ - debian/control: Add Build-Depends on pps-tools
248+ + debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
249+ + d/p/fix_local_sync.patch: fix local clock sync (fixed upstream)
250+ + debian/patches/ntpdate-fix-lp1526264.patch (fixed upstream):
251+ - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in
252+ the future bug
253+ + debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream
254+ + dropping previous ubuntu security patches/fixes that have been upstreamed
255+ in 4.2.8p6: CVE-2015-7973, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977,
256+ CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
257+ + dropping previous ubuntu security patches/fixes that have been upstreamed
258+ in 4.2.8p7: CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518,
259+ CVE-2015-7974, CVE-2016-1547
260+
261+ [ Robie Basak ]
262+ * Restore AppArmor entries in debian/ntp.dirs.
263+
264+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 29 Jul 2016 12:42:43 +0200
265+
266 ntp (1:4.2.8p8+dfsg-1) unstable; urgency=high
267
268 * New usptream version
269@@ -233,6 +458,161 @@ ntp (1:4.2.8p7+dfsg-1) unstable; urgency=medium
270
271 -- Kurt Roeckx <kurt@roeckx.be> Sun, 24 Jan 2016 22:57:40 +0100
272
273+ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
274+
275+ * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
276+ - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
277+ include/ntp.h, ntpd/ntp_proto.c.
278+ - CVE-2015-7973
279+ * SECURITY UPDATE: impersonation between authenticated peers
280+ - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
281+ - CVE-2015-7974
282+ * SECURITY UPDATE: ntpq buffer overflow
283+ - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
284+ - CVE-2015-7975
285+ * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
286+ filenames
287+ - debian/patches/CVE-2015-7976.patch: check filename in
288+ ntpd/ntp_control.c.
289+ - CVE-2015-7976
290+ * SECURITY UPDATE: restrict list denial of service
291+ - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
292+ processing in ntpd/ntp_request.c.
293+ - CVE-2015-7977
294+ - CVE-2015-7978
295+ * SECURITY UPDATE: authenticated broadcast mode off-path denial of
296+ service
297+ - debian/patches/CVE-2015-7979.patch: add more checks to
298+ ntpd/ntp_proto.c.
299+ - CVE-2015-7979
300+ - CVE-2016-1547
301+ * SECURITY UPDATE: Zero Origin Timestamp Bypass
302+ - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
303+ - CVE-2015-8138
304+ * SECURITY UPDATE: potential infinite loop in ntpq
305+ - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
306+ ntpq/ntpq.c.
307+ - CVE-2015-8158
308+ * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
309+ - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
310+ - CVE-2016-0727
311+ * SECURITY UPDATE: time spoofing via interleaved symmetric mode
312+ - debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in
313+ ntpd/ntp_proto.c.
314+ - CVE-2016-1548
315+ * SECURITY UPDATE: buffer comparison timing attacks
316+ - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
317+ libntp/a_md5encrypt.c, sntp/crypto.c.
318+ - CVE-2016-1550
319+ * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
320+ - debian/patches/CVE-2016-2516.patch: improve logic in
321+ ntpd/ntp_request.c.
322+ - CVE-2016-2516
323+ * SECURITY UPDATE: denial of service via crafted addpeer
324+ - debian/patches/CVE-2016-2518.patch: check mode value in
325+ ntpd/ntp_request.c.
326+ - CVE-2016-2518
327+
328+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 01 Jun 2016 08:38:07 -0400
329+
330+ntp (1:4.2.8p4+dfsg-3ubuntu5) xenial; urgency=medium
331+
332+ * debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
333+ Patch thanks to Mark Shuttleworth. (LP: #1564832)
334+
335+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2016 15:12:41 -0500
336+
337+ntp (1:4.2.8p4+dfsg-3ubuntu4) xenial; urgency=medium
338+
339+ * d/p/fix_local_sync.patch: fix local clock sync (LP: #1558125).
340+
341+ -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Thu, 17 Mar 2016 10:42:44 +0100
342+
343+ntp (1:4.2.8p4+dfsg-3ubuntu3) xenial; urgency=medium
344+
345+ * debian/patches/ntpdate-fix-lp1526264.patch:
346+ - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in
347+ the future bug (LP: #1526264)
348+
349+ -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 24 Feb 2016 12:29:32 +0100
350+
351+ntp (1:4.2.8p4+dfsg-3ubuntu2) xenial; urgency=medium
352+
353+ * debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream
354+
355+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 17 Feb 2016 10:41:20 -0600
356+
357+ntp (1:4.2.8p4+dfsg-3ubuntu1) xenial; urgency=medium
358+
359+ * Merge from Debian testing. Remaining changes:
360+ + debian/rules: enable debugging. Ask debian to add this.
361+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
362+ + Add enforcing AppArmor profile:
363+ - debian/control: Add Conflicts/Replaces on apparmor-profiles.
364+ - debian/control: Add Suggests on apparmor.
365+ - debian/control: Build-Depends on dh-apparmor.
366+ - add debian/apparmor-profile*.
367+ - debian/ntp.dirs: Add apparmor directories.
368+ - debian/rules: Install apparmor-profile and apparmor-profile.tunable.
369+ - debian/source_ntp.py: Add filter on AppArmor profile names to prevent
370+ false positives from denials originating in other packages.
371+ - debian/README.Debian: Add note on AppArmor.
372+ + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
373+ running ntpdate when an interface comes up, then start again afterwards.
374+ + debian/ntp.init, debian/rules: Only stop when entering single user mode,
375+ don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can
376+ get stale. Patch by Simon Déziel.
377+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
378+ ntp.ubuntu.com.
379+ + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
380+ * Includes fix for requests with source ports < 123, fixed upstream in
381+ 4.2.8p1 (LP: #1479652).
382+ * Add PPS support (LP: #1512980):
383+ + debian/README.Debian: Add a PPS section to the README.Debian,
384+ removed all PPSkit one.
385+ + debian/ntp.conf: Add some configuration examples from the offical
386+ documentation.
387+ + debian/control: Add Build-Depends on pps-tools
388+ * Drop Changes:
389+ + debian/rules: Update config.{guess,sub} for AArch64, because upstream use
390+ dh_autoreconf now.
391+ + debian/{control,rules}: Add and enable hardened build for PIE.
392+ Upstream use fPIC. Options -fPIC and -fPIE are uncompatible, thus this is
393+ never applied, (cf. dpkg-buildflags manual), checked with Marc
394+ Deslauriers on freenode #ubuntu-hardened, 2016-01-20~13:11 UTC.
395+ + debian/rules: Remove update-rcd-params in dh_installinit command. When
396+ setting up ntp package, the following message is presented to the user
397+ due to deprecated use:
398+ "update-rc.d: warning: start and stop actions are no longer
399+ supported; falling back to defaults". The defaults are taken from the
400+ init.d script LSB comment header, which contain what we need anyway.
401+ + debian/rules: Remove ntp/ntp_parser.{c,h} or they don't get properly
402+ regenerated for some reason. Seems to have been due to ntpd/ntp_parser.y
403+ patches from CVE-2015-5194 and CVE-2015-5196, already upstreamed.
404+ + debian/ntpdate.if-up: Drop lockfile mechanism as upstream is using flock
405+ now.
406+ + Remove natty timeframe old deltas (transitional code not needed since
407+ Trusty): Those patches were for an incorrect behaviour of
408+ system-tools-backend, around natty time
409+ (https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/83604/comments/23)
410+ - debian/ntpdate-debian: Disregard empty ntp.conf files.
411+ - debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
412+ + debian/ntp.dhcp: Rewrite sed rules. This was done incorrectly as pointed
413+ out in LP 575458. This decision is explained in detail there.
414+ * All previous ubuntu security patches/fixes have been upstreamed:
415+ + CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,
416+ CVE-2015-7703, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691,
417+ CVE-2015-7692, CVE-2015-7702, CVE-2015-7701, CVE-2015-7704,
418+ CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,
419+ CVE-2015-7855, CVE-2015-7871, CVE-2015-1798, CVE-2015-1799,
420+ CVE-2014-9297, CVE-2014-9298, CVE-2014-9293, CVE-2014-9294,
421+ CVE-2014-9295, CVE-2014-9296
422+ + Fix to ignore ENOBUFS on routing netlink socket
423+ + Fix use-after-free in routing socket code
424+ + ntp-keygen infinite loop or lack of randonmess on big endian platforms
425+
426+ -- Pierre-André MOREY <pierre-andre.morey@canonical.com> Fri, 5 Feb 2016 18:28:52 +0100
427+
428 ntp (1:4.2.8p4+dfsg-3) unstable; urgency=medium
429
430 * Remove rlimit memlock from default config file, the default is now
431@@ -340,6 +720,200 @@ ntp (1:4.2.6.p5+dfsg-3.1) unstable; urgency=low
432
433 -- Wookey <wookey@debian.org> Tue, 15 Jul 2014 11:54:21 +0800
434
435+ntp (1:4.2.6.p5+dfsg-3ubuntu9) xenial; urgency=medium
436+
437+ [ Cam Cope ]
438+ * Use a single lockfile again - instead unlock the file before starting the
439+ init script. The lock sho uld be shared - both services can't run at the
440+ same time. (LP: #1125726)
441+
442+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 07 Dec 2015 13:38:16 +0000
443+
444+ntp (1:4.2.6.p5+dfsg-3ubuntu8.1) wily-security; urgency=medium
445+
446+ * SECURITY UPDATE: denial of service via crafted NUL-byte in
447+ configuration directive
448+ - debian/patches/CVE-2015-5146.patch: properly validate command in
449+ ntpd/ntp_control.c.
450+ - CVE-2015-5146
451+ * SECURITY UPDATE: denial of service via malformed logconfig commands
452+ - debian/patches/CVE-2015-5194.patch: fix logconfig logic in
453+ ntpd/ntp_parser.y.
454+ - CVE-2015-5194
455+ * SECURITY UPDATE: denial of service via disabled statistics type
456+ - debian/patches/CVE-2015-5195.patch: handle unrecognized types in
457+ ntpd/ntp_config.c.
458+ - CVE-2015-5195
459+ * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
460+ configuration directives
461+ - debian/patches/CVE-2015-5196.patch: disable remote configuration in
462+ ntpd/ntp_parser.y.
463+ - CVE-2015-5196
464+ - CVE-2015-7703
465+ * SECURITY UPDATE: denial of service via precision value conversion
466+ - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
467+ include/ntp.h.
468+ - CVE-2015-5219
469+ * SECURITY UPDATE: timeshifting by reboot issue
470+ - debian/patches/CVE-2015-5300.patch: disable panic in
471+ ntpd/ntp_loopfilter.c.
472+ - CVE-2015-5300
473+ * SECURITY UPDATE: incomplete autokey data packet length checks
474+ - debian/patches/CVE-2015-7691.patch: add length and size checks to
475+ ntpd/ntp_crypto.c.
476+ - CVE-2015-7691
477+ - CVE-2015-7692
478+ - CVE-2015-7702
479+ * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
480+ - debian/patches/CVE-2015-7701.patch: add missing free in
481+ ntpd/ntp_crypto.c.
482+ - CVE-2015-7701
483+ * SECURITY UPDATE: denial of service by spoofed KoD
484+ - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
485+ - CVE-2015-7704
486+ - CVE-2015-7705
487+ * SECURITY UPDATE: denial of service via same logfile and keyfile
488+ - debian/patches/CVE-2015-7850.patch: rate limit errors in
489+ include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
490+ libntp/msyslog.c.
491+ - CVE-2015-7850
492+ * SECURITY UPDATE: ntpq atoascii memory corruption
493+ - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
494+ ntpq/ntpq.c.
495+ - CVE-2015-7852
496+ * SECURITY UPDATE: buffer overflow via custom refclock driver
497+ - debian/patches/CVE-2015-7853.patch: properly calculate length in
498+ ntpd/ntp_io.c.
499+ - CVE-2015-7853
500+ * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
501+ - debian/patches/CVE-2015-7855.patch: simply return fail in
502+ libntp/decodenetnum.c.
503+ - CVE-2015-7855
504+ * SECURITY UPDATE: symmetric association authentication bypass via
505+ crypto-NAK
506+ - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
507+ ntpd/ntp_proto.c.
508+ - CVE-2015-7871
509+ * debian/control: add bison to Build-Depends.
510+ * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
511+ regenerated for some reason.
512+
513+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 22 Oct 2015 16:38:14 -0400
514+
515+ntp (1:4.2.6.p5+dfsg-3ubuntu8) wily; urgency=medium
516+
517+ * debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
518+ newer - it can get stale. Patch by Simon Déziel. (LP: #1472056)
519+
520+ -- Iain Lane <iain@orangesquash.org.uk> Fri, 02 Oct 2015 10:45:41 +0100
521+
522+ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium
523+
524+ * Fix use-after-free in routing socket code (LP: #1481388)
525+ - debian/patches/use-after-free-in-routing-socket.patch
526+ fix logic in ntpd/ntp_io.c
527+ * Fix to ignore ENOBUFS on routing netlink socket
528+ - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
529+ fix logic in ntpd/ntp_io.c
530+
531+ -- Eric Desrochers <eric.desrochers@canonical.com> Wed, 02 Sep 2015 09:57:16 -0400
532+
533+ntp (1:4.2.6.p5+dfsg-3ubuntu6) vivid; urgency=medium
534+
535+ * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
536+ endian platforms
537+ - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
538+ util/ntp-keygen.c.
539+ - CVE number pending
540+
541+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Apr 2015 08:58:57 -0400
542+
543+ntp (1:4.2.6.p5+dfsg-3ubuntu5) vivid; urgency=medium
544+
545+ * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
546+ - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
547+ ntpd/ntp_proto.c.
548+ - CVE-2015-1798
549+ * SECURITY UPDATE: symmetric association DoS attack
550+ - debian/patches/CVE-2015-1799.patch: don't update state variables when
551+ authentication fails in ntpd/ntp_proto.c.
552+ - CVE-2015-1799
553+
554+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 07 Apr 2015 12:48:31 -0400
555+
556+ntp (1:4.2.6.p5+dfsg-3ubuntu4) vivid; urgency=medium
557+
558+ * SECURITY UPDATE: denial of service and possible info leakage via
559+ extension fields
560+ - debian/patches/CVE-2014-9297.patch: properly check lengths in
561+ ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
562+ - CVE-2014-9297
563+ * SECURITY UPDATE: IPv6 ACL bypass
564+ - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
565+ ntpd/ntp_io.c.
566+ - CVE-2014-9298
567+
568+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Feb 2015 13:03:44 -0500
569+
570+ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium
571+
572+ * SECURITY UPDATE: weak default key in config_auth()
573+ - debian/patches/CVE-2014-9293.patch: use openssl for random key in
574+ ntpd/ntp_config.c, ntpd/ntpd.c.
575+ - CVE-2014-9293
576+ * SECURITY UPDATE: non-cryptographic random number generator with weak
577+ seed used by ntp-keygen to generate symmetric keys
578+ - debian/patches/CVE-2014-9294.patch: use openssl for random key in
579+ include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
580+ - CVE-2014-9294
581+ * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
582+ configure()
583+ - debian/patches/CVE-2014-9295.patch: check lengths in
584+ ntpd/ntp_control.c, ntpd/ntp_crypto.c.
585+ - CVE-2014-9295
586+ * SECURITY UPDATE: missing return on error in receive()
587+ - debian/patches/CVE-2015-9296.patch: add missing return in
588+ ntpd/ntp_proto.c.
589+ - CVE-2014-9296
590+
591+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sat, 20 Dec 2014 05:47:10 -0500
592+
593+ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low
594+
595+ * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)
596+
597+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 09 Oct 2013 12:28:02 -0500
598+
599+ntp (1:4.2.6.p5+dfsg-3ubuntu1) saucy; urgency=low
600+
601+ * Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
602+ changes:
603+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
604+ ntp.ubuntu.com.
605+ + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface
606+ comes up, then start again afterwards.
607+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
608+ + Add enforcing AppArmor profile:
609+ - debian/control: Add Conflicts/Replaces on apparmor-profiles.
610+ - debian/control: Add Suggests on apparmor.
611+ - debian/ntp.dirs: Add apparmor directories.
612+ - debian/ntp.preinst: Force complain on certain upgrades.
613+ - debian/ntp.postinst: Reload apparmor profile.
614+ - debian/ntp.postrm: Remove the force-complain file.
615+ - add debian/apparmor-profile*.
616+ - debian/rules: install apparmor-profile and apparmor-profile.tunable.
617+ - debian/README.Debian: Add note on AppArmor.
618+ + debian/{control,rules}: Add and enable hardened build for PIE.
619+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
620+ + debian/ntpdate-debian: Disregard empty ntp.conf files.
621+ + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
622+ + debian/ntpdate.if-up: Fix interaction with openntpd.
623+ + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
624+ false positives from denials originating in other packages.
625+ + debian/rules: Update config.{guess,sub} for AArch64.
626+
627+ -- Tyler Hicks <tyhicks@canonical.com> Sun, 06 Oct 2013 12:34:00 -0700
628+
629 ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low
630
631 * Look for <openssl/opensslv.h> rather than <openssl/opensslconf.h>, which
632@@ -348,6 +922,51 @@ ntp (1:4.2.6.p5+dfsg-3) unstable; urgency=low
633
634 -- Kurt Roeckx <kurt@roeckx.be> Mon, 20 May 2013 16:14:07 +0200
635
636+ntp (1:4.2.6.p5+dfsg-2ubuntu3) saucy; urgency=low
637+
638+ * Update config.{guess,sub} for AArch64.
639+
640+ -- Matthias Klose <doko@ubuntu.com> Mon, 05 Aug 2013 18:51:48 +0200
641+
642+ntp (1:4.2.6.p5+dfsg-2ubuntu2) saucy; urgency=low
643+
644+ * debian/apparmor-profile: Add /var/log/ntpstats/protostats* (LP: #1195898)
645+
646+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 05 Jul 2013 10:06:47 -0500
647+
648+ntp (1:4.2.6.p5+dfsg-2ubuntu1) raring; urgency=low
649+
650+ * New upstream version, fixing build failure in raring.
651+ * Merge with Debian; remaining changes:
652+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
653+ ntp.ubuntu.com.
654+ + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
655+ comes up, then start again afterwards.
656+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
657+ + Add enforcing AppArmor profile:
658+ - debian/control: Add Conflicts/Replaces on apparmor-profiles.
659+ - debian/control: Add Suggests on apparmor.
660+ - debian/ntp.dirs: Add apparmor directories.
661+ - debian/ntp.preinst: Force complain on certain upgrades.
662+ - debian/ntp.postinst: Reload apparmor profile.
663+ - debian/ntp.postrm: Remove the force-complain file.
664+ - add debian/apparmor-profile*.
665+ - debian/rules: install apparmor-profile and apparmor-profile.tunable.
666+ - debian/README.Debian: Add note on AppArmor.
667+ + debian/{control,rules}: Add and enable hardened build for PIE.
668+ + debian/apparmor-profile: Adjust location of drift files.
669+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
670+ + debian/ntpdate-debian: Disregard empty ntp.conf files.
671+ + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
672+ + debian/ntpdate.ifup: Fix interaction with openntpd.
673+ + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
674+ false positives from denials originating in other packages.
675+ + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
676+ profile.
677+ + debian/apparmor-profile: adjust for IPv6.
678+
679+ -- Matthias Klose <doko@ubuntu.com> Wed, 03 Apr 2013 07:21:01 +0200
680+
681 ntp (1:4.2.6.p5+dfsg-2) unstable; urgency=medium
682
683 * Re-enable crypto support by pointing openssl libdir to multiarch dir.
684@@ -402,6 +1021,67 @@ ntp (1:4.2.6.p3+dfsg-2) unstable; urgency=low
685
686 -- Peter Eisentraut <petere@debian.org> Sat, 17 Dec 2011 19:00:10 +0200
687
688+ntp (1:4.2.6.p3+dfsg-1dbuntu5) quantal; urgency=low
689+
690+ * debian/source_ntp.py: add filter on AppArmor profile names to prevent
691+ false positives from denials originating in other packages.
692+
693+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 10:13:30 -0400
694+
695+ntp (1:4.2.6.p3+dfsg-1ubuntu4) quantal; urgency=low
696+
697+ * Re-enable crypto support by pointing openssl libdir to multiarch dir,
698+ change backported from Debian, thanks Yves-Alexis Perez (lp: #998403)
699+
700+ -- Sebastien Bacher <seb128@ubuntu.com> Mon, 04 Jun 2012 16:35:25 +0200
701+
702+ntp (1:4.2.6.p3+dfsg-1ubuntu3) precise; urgency=low
703+
704+ * debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
705+ profile (LP: #930266)
706+ * debian/control: Build-Depends on dh-apparmor
707+
708+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Mar 2012 08:06:06 -0600
709+
710+ntp (1:4.2.6.p3+dfsg-1ubuntu2) precise; urgency=low
711+
712+ * debian/apparmor-profile: adjust for IPv6 (LP: #892332)
713+
714+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 03 Jan 2012 17:03:44 -0600
715+
716+ntp (1:4.2.6.p3+dfsg-1ubuntu1) precise; urgency=low
717+
718+ * Merge from debian unstable, remaining changes are:
719+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
720+ ntp.ubuntu.com.
721+ + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
722+ comes up, then start again afterwards.
723+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
724+ + Add enforcing AppArmor profile (LP: #382905):
725+ - debian/control: add Conflicts/Replaces on apparmor-profiles <
726+ 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
727+ apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
728+ - debian/control: add Suggests on apparmor
729+ - debian/ntp.dirs: add apparmor directories
730+ - debian/ntp.preinst: force complain on certain upgrades
731+ - debian/ntp.postinst: reload apparmor profile
732+ - debian/ntp.postrm: remove the force-complain file
733+ - add debian/apparmor-profile*
734+ - debian/rules: install apparmor-profile and apparmor-profile.tunable
735+ - debian/README.Debian: add note on AppArmor
736+ + debian/{control,rules}: add and enable hardened build for PIE
737+ (Debian bug 542721).
738+ + debian/apparmor-profile: adjust location of drift files (LP: #456308)
739+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
740+ + debian/ntpdate-debian: Disregard empty ntp.conf files. (LP: #83604)
741+ + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation,
742+ to work around the system-tools-backends part of LP #83604.
743+ + debian/ntpdate.ifup: Fix interaction with openntpd. (LP: #877210)
744+ + Dropped:
745+ - ntpdate-accept-same-timestamp-replies.patch: Accepted upstream
746+
747+ -- Chuck Short <zulcss@ubuntu.com> Wed, 26 Oct 2011 10:24:21 -0400
748+
749 ntp (1:4.2.6.p3+dfsg-1) unstable; urgency=low
750
751 * New upstream version
752@@ -417,6 +1097,117 @@ ntp (1:4.2.6.p3+dfsg-1) unstable; urgency=low
753
754 -- Kurt Roeckx <kurt@roeckx.be> Fri, 03 Jun 2011 16:39:02 +0200
755
756+ntp (1:4.2.6.p2+dfsg-1ubuntu13) precise; urgency=low
757+
758+ * debian/ntpdate.if-up: Fix interaction with openntpd, LP: #872210
759+
760+ -- Reinhard Tartler <siretart@tauware.de> Tue, 11 Oct 2011 12:33:01 +0200
761+
762+ntp (1:4.2.6.p2+dfsg-1ubuntu12) oneiric; urgency=low
763+
764+ * debian/apparmor-profile: also allow access to /var/log/ntpstats/rawstats*
765+
766+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 02 Sep 2011 12:35:08 -0500
767+
768+ntp (1:4.2.6.p2+dfsg-1ubuntu11) oneiric; urgency=low
769+
770+ * debian/apparmor-profile: allow sys_nice for -N option to work. More
771+ work is needed to make ntpd start niced, so not auto-closing the bug.
772+ - LP: 229632
773+
774+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 19 Aug 2011 07:39:20 -0500
775+
776+ntp (1:4.2.6.p2+dfsg-1ubuntu10) oneiric; urgency=low
777+
778+ * debian/source_ntp.py: use new apport MAC function instead of parsing
779+ and attaching AppArmor events here.
780+
781+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Jul 2011 08:33:08 -0400
782+
783+ntp (1:4.2.6.p2+dfsg-1ubuntu9) oneiric; urgency=low
784+
785+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
786+
787+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:12:09 +0200
788+
789+ntp (1:4.2.6.p2+dfsg-1ubuntu8) oneiric; urgency=low
790+
791+ * debian/patches/ntpdate-accept-same-timestamp-replies.patch:
792+ Resolving regression where ntpdate ignores replies from some
793+ ntp servers where recieve and transmit timestamps are equal.
794+ Patch cherry picked from upstream commit. (LP: #787551)
795+
796+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Mon, 13 Jun 2011 15:22:29 +0100
797+
798+ntp (1:4.2.6.p2+dfsg-1ubuntu7) oneiric; urgency=low
799+
800+ * Fix a number of -Wformat-security warnings.
801+
802+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 20 May 2011 12:20:07 +0100
803+
804+ntp (1:4.2.6.p2+dfsg-1ubuntu6) oneiric; urgency=low
805+
806+ * Rebuild for OpenSSL 1.0.0.
807+
808+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 17 May 2011 17:24:01 +0100
809+
810+ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low
811+
812+ * debian/apparmor-profile: add note about using shared memory for
813+ a clock source (LP: #722815).
814+
815+ -- Kees Cook <kees@ubuntu.com> Thu, 10 Mar 2011 12:54:59 -0800
816+
817+ntp (1:4.2.6.p2+dfsg-1ubuntu4) natty; urgency=low
818+
819+ * debian/ntp.conf: adjust to use X.ubuntu.pool.ntp.org in addition to
820+ ntp.ubuntu.com (LP: #104525)
821+
822+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 08 Feb 2011 10:03:19 -0600
823+
824+ntp (1:4.2.6.p2+dfsg-1ubuntu3) natty; urgency=low
825+
826+ * debian/apparmor-profile: allow access to clockstats too (LP: #701896)
827+
828+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 12 Jan 2011 10:05:41 -0600
829+
830+ntp (1:4.2.6.p2+dfsg-1ubuntu2) natty; urgency=low
831+
832+ * debian/ntpdate-debian: Disregard empty ntp.conf files (thanks, Mika
833+ Wahlroos; LP: #83604).
834+ * debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh installation, to
835+ work around the system-tools-backends part of LP #83604.
836+
837+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 06 Dec 2010 11:13:04 +0000
838+
839+ntp (1:4.2.6.p2+dfsg-1ubuntu1) natty; urgency=low
840+
841+ * Merge from debian unstable, remaining changes are:
842+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
843+ ntp.ubuntu.com.
844+ + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
845+ comes up, then start again afterwards.
846+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
847+ + Add enforcing AppArmor profile (LP: #382905):
848+ - debian/control: add Conflicts/Replaces on apparmor-profiles <
849+ 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
850+ apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
851+ - debian/control: add Suggests on apparmor
852+ - debian/ntp.dirs: add apparmor directories
853+ - debian/ntp.preinst: force complain on certain upgrades
854+ - debian/ntp.postinst: reload apparmor profile
855+ - debian/ntp.postrm: remove the force-complain file
856+ - add debian/apparmor-profile*
857+ - debian/rules: install apparmor-profile and apparmor-profile.tunable
858+ - debian/README.Debian: add note on AppArmor
859+ + debian/{control,rules}: add and enable hardened build for PIE
860+ (Debian bug 542721).
861+ + debian/apparmor-profile: adjust location of drift files (LP: #456308)
862+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
863+
864+
865+ -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Nov 2010 11:14:31 -0500
866+
867 ntp (1:4.2.6.p2+dfsg-1) unstable; urgency=low
868
869 [ Peter Eisentraut ]
870@@ -500,6 +1291,80 @@ ntp (1:4.2.6+dfsg-1) unstable; urgency=low
871
872 -- Kurt Roeckx <kurt@roeckx.be> Sat, 26 Dec 2009 14:12:22 +0100
873
874+ntp (1:4.2.4p8+dfsg-1ubuntu6) maverick; urgency=low
875+
876+ * debian/rules: move dh_apparmor before dh_installinit
877+
878+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:40:04 -0500
879+
880+ntp (1:4.2.4p8+dfsg-1ubuntu5) maverick; urgency=low
881+
882+ * convert to dh_apparmor:
883+ - debian/rules, debian/ntp.postrm, debian/ntp.postinst: use dh_apparmor
884+ - control: Build-Depends on debhelper >= 7.4.20ubuntu5
885+ * debian/apparmor-profile: include local override
886+ * remove now unneeded debian/ntp.preinst
887+
888+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 13:55:12 -0500
889+
890+ntp (1:4.2.4p8+dfsg-1ubuntu4) maverick; urgency=low
891+
892+ * debian/dhcp.ntp: Dont remove *all* ntp server from ntp.conf.
893+ (LP: #575458)
894+ * debian/apparmor-profile: Allow access to /dev/ttyS*
895+ (LP: #596859)
896+
897+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Jun 2010 09:24:02 -0400
898+
899+ntp (1:4.2.4p8+dfsg-1ubuntu3) maverick; urgency=low
900+
901+ * debian/apparmor-profile: allow access to /var/log/ntpstats/sysstats*
902+ (LP: #574343)
903+
904+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 18 Jun 2010 07:54:24 -0500
905+
906+ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low
907+
908+ * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
909+ (LP: #517701)
910+
911+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 08 Apr 2010 16:24:42 -0500
912+
913+ntp (1:4.2.4p8+dfsg-1ubuntu1) lucid; urgency=low
914+
915+ * Merge from debian testing, remaining changes:
916+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
917+ ntp.ubuntu.com.
918+ + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
919+ comes up, then start again afterwards.
920+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
921+ + Add enforcing AppArmor profile (LP: #382905):
922+ - debian/control: add Conflicts/Replaces on apparmor-profiles <
923+ 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
924+ apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
925+ - debian/control: add Suggests on apparmor
926+ - debian/ntp.dirs: add apparmor directories
927+ - debian/ntp.preinst: force complain on certain upgrades
928+ - debian/ntp.postinst: reload apparmor profile
929+ - debian/ntp.postrm: remove the force-complain file
930+ - add debian/apparmor-profile*
931+ - debian/rules: install apparmor-profile and apparmor-profile.tunable
932+ - debian/README.Debian: add note on AppArmor
933+ + debian/{control,rules}: add and enable hardened build for PIE
934+ (Debian bug 542721).
935+ + debian/apparmor-profile: adjust location of drift files (LP: #456308)
936+ + Dropped changes, merged in debian:
937+ - fix-nano.patch: Use mod_nano.patch from debian.
938+ + Dropped changes, superseded upstream/in Debian:
939+ - debian/patches/CVE-2009-1252.patch: No longer needed.
940+ - debian/patches/debian/patches/CVE-2009-0159.patch: No longer needed.
941+
942+ [Chuck Short]
943+ + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport
944+ hook, apart of the server-lucid-apport-hooks specification.
945+
946+ -- Chuck Short <zulcss@ubuntu.com> Tue, 02 Feb 2010 18:36:29 -0500
947+
948 ntp (1:4.2.4p8+dfsg-1) unstable; urgency=high
949
950 * New upstream release.
951@@ -550,6 +1415,65 @@ ntp (1:4.2.4p7+dfsg-1) unstable; urgency=low
952
953 -- Kurt Roeckx <kurt@roeckx.be> Sat, 21 Nov 2009 17:27:11 +0100
954
955+ntp (1:4.2.4p6+dfsg-2ubuntu4) lucid; urgency=low
956+
957+ * debian/rules: install symlink for early loading of per-interface
958+ triggered ntp AppArmor profile.
959+
960+ -- Kees Cook <kees@ubuntu.com> Tue, 15 Dec 2009 11:35:33 -0800
961+
962+ntp (1:4.2.4p6+dfsg-2ubuntu3) lucid; urgency=low
963+
964+ * SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
965+ - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
966+ not send a response packet for and rate limit logging of invalid mode 7
967+ requests and responses
968+ - CVE-2009-3563
969+
970+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 08 Dec 2009 13:52:12 -0600
971+
972+ntp (1:4.2.4p6+dfsg-2ubuntu2) lucid; urgency=low
973+
974+ * debian/rules: enable debugging (LP: #47683)
975+ * debian/ntpdate-if.up: Hide invoke-rc.d output. (LP: #489585)
976+ * debian/man/ntptrace.1: Update man page removed ghost options. (LP: #351989)
977+
978+ -- Chuck Short <zulcss@ubuntu.com> Mon, 07 Dec 2009 14:59:28 -0500
979+
980+ntp (1:4.2.4p6+dfsg-2ubuntu1) lucid; urgency=low
981+
982+ * Merge from debian testing, remaining changes:
983+ + debian/ntp.conf, debian/ntpdate.default: Change default server to
984+ ntp.ubuntu.com.
985+ + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
986+ comes up, then start again afterwards
987+ + debian/ntp.init, debian/rules: Only stop when entering single user mode.
988+ + Add enforcing AppArmor profile (LP: #382905)
989+ - debian/control: add Conflicts/Replaces on apparmor-profiles <
990+ 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
991+ apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
992+ tunables/ntpd)
993+ - debian/control: add Suggests on apparmor
994+ - debian/ntp.dirs: add apparmor directories
995+ - debian/ntp.preinst: force complain on certain upgrades
996+ - debian/ntp.postinst: reload apparmor profile
997+ - debian/ntp.postrm: remove the force-complain file
998+ - add debian/apparmor-profile*
999+ - debian/rules: install apparmor-profile and apparmor-profile.tunable
1000+ - debian/README.Debian: add note on AppArmor
1001+ + debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242)
1002+ + debian/{control,rules}: add and enable hardened build for PIE
1003+ (Debian bug 542721).
1004+ + debian/apparmor-profile: adjust location of drift files (LP: #456308)
1005+ + Dropped changes, merged in Debian:
1006+ - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
1007+ Josh Holland <jrh@joshh.co.uk>
1008+ + Dropped changes, superseded upstream/in Debian:
1009+ - debian/patches/CVE-2009-0159.patch: Use Debian's version of the patch.
1010+ - debian/patches/CVE-2009-1252.patch: Use Debian's version of the patch.
1011+
1012+ -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 01:34:35 +0000
1013+
1014 ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium
1015
1016 * Fixed typo in ntpdate man page (closes: #526086)
1017@@ -566,6 +1490,75 @@ ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium
1018
1019 -- Peter Eisentraut <petere@debian.org> Fri, 12 Jun 2009 17:24:22 +0300
1020
1021+ntp (1:4.2.4p6+dfsg-1ubuntu5) karmic; urgency=low
1022+
1023+ * debian/apparmor-profile: adjust location of drift files (LP: #456308)
1024+
1025+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 21 Oct 2009 07:07:31 -0500
1026+
1027+ntp (1:4.2.4p6+dfsg-1ubuntu4) karmic; urgency=low
1028+
1029+ * debian/{control,rules}: add and enable hardened build for PIE
1030+ (Debian bug 542721).
1031+
1032+ -- Kees Cook <kees@ubuntu.com> Thu, 20 Aug 2009 17:12:44 -0700
1033+
1034+ntp (1:4.2.4p6+dfsg-1ubuntu3) karmic; urgency=low
1035+
1036+ * Add enforcing AppArmor profile (LP: #382905)
1037+ - debian/control: add Conflicts/Replaces on apparmor-profiles <
1038+ 2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
1039+ apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
1040+ tunables/ntpd)
1041+ - debian/control: add Suggests on apparmor
1042+ - debian/ntp.dirs: add apparmor directories
1043+ - debian/ntp.preinst: force complain on certain upgrades
1044+ - debian/ntp.postinst: reload apparmor profile
1045+ - debian/ntp.postrm: remove the force-complain file
1046+ - add debian/apparmor-profile*
1047+ - debian/rules: install apparmor-profile and apparmor-profile.tunable
1048+ - debian/README.Debian: add note on AppArmor
1049+ * debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242)
1050+
1051+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 11 Aug 2009 18:25:50 -0500
1052+
1053+ntp (1:4.2.4p6+dfsg-1ubuntu2) karmic; urgency=low
1054+
1055+ * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
1056+ - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
1057+ snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
1058+ adjust ntp_peer.c and ntp_timer.c to do the same.
1059+ - CVE-2009-1252
1060+ * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
1061+ server
1062+ - debian/patches/CVE-2009-0159.patch: increase size of buffer in
1063+ cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
1064+ - CVE-2009-0159
1065+
1066+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 19 May 2009 15:26:41 -0500
1067+
1068+ntp (1:4.2.4p6+dfsg-1ubuntu1) karmic; urgency=low
1069+
1070+ * Merge from Debian unstable, remaining changes:
1071+ - debian/ntp.conf, debian/ntpdate.default: Change default server to
1072+ ntp.ubuntu.com.
1073+ - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
1074+ comes up, then start again afterwards
1075+ - debian/ntp.init, debian/rules: Only stop when entering single user mode.
1076+ - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
1077+ Josh Holland <jrh@joshh.co.uk>
1078+ * Dropped changes, merged in Debian:
1079+ - Build against libcap2 instead of libcap1, fixing a kernel warning
1080+ about using an old interface.
1081+ * Dropped changes, superseded upstream/in Debian:
1082+ - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
1083+ check the return code of EVP_VerifyFinal()
1084+ - debian/patches/ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6
1085+ work.
1086+ * Fixes LP: #217699
1087+
1088+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 29 Apr 2009 06:08:19 +0000
1089+
1090 ntp (1:4.2.4p6+dfsg-1) unstable; urgency=low
1091
1092 * New upstream release
1093@@ -587,6 +1580,49 @@ ntp (1:4.2.4p4+dfsg-8) unstable; urgency=low
1094
1095 -- Kurt Roeckx <kurt@roeckx.be> Mon, 05 Jan 2009 21:10:03 +0100
1096
1097+ntp (1:4.2.4p4+dfsg-7ubuntu5) jaunty; urgency=low
1098+
1099+ * Build against libcap2 instead of libcap1, fixing a kernel warning
1100+ about using an old interface. LP: #328376.
1101+
1102+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 20 Mar 2009 19:53:25 +0000
1103+
1104+ntp (1:4.2.4p4+dfsg-7ubuntu4) jaunty; urgency=low
1105+
1106+ * LP: #314810 - ntpdate typo in manpage
1107+ - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
1108+ Josh Holland <jrh@joshh.co.uk>
1109+
1110+ -- Alexander Sack <asac@ubuntu.com> Mon, 23 Feb 2009 11:57:32 +0100
1111+
1112+ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low
1113+
1114+ * SECURITY UPDATE: clients treat malformed signatures as good when verifying
1115+ server DSA and ECDSA certificates.
1116+ - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
1117+ check the return code of EVP_VerifyFinal()
1118+ - CVE-2009-0021
1119+
1120+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 06 Jan 2009 01:19:55 -0600
1121+
1122+ntp (1:4.2.4p4+dfsg-7ubuntu2) jaunty; urgency=low
1123+
1124+ * Add ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6 work.
1125+ (LP: #305043)
1126+
1127+ -- Matt LaPlante <mattl@google.com> Thu, 04 Dec 2008 00:39:51 -0600
1128+
1129+ntp (1:4.2.4p4+dfsg-7ubuntu1) jaunty; urgency=low
1130+
1131+ * Merge from debian unstable, remaining changes:
1132+ - debian/ntp.conf, debian/ntpdate.default: Change default server to
1133+ ntp.ubuntu.com.
1134+ - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
1135+ comes up, then start again afterwards (LP: #114505)
1136+ - debian/ntp.init, debian/rules: Only stop when entering single user mode.
1137+
1138+ -- Scott James Remnant <scott@ubuntu.com> Tue, 11 Nov 2008 17:18:15 +0000
1139+
1140 ntp (1:4.2.4p4+dfsg-7) unstable; urgency=low
1141
1142 * Added support for numeric IPv6 address in ntpdate-debian (closes: #489712)
1143@@ -595,6 +1631,39 @@ ntp (1:4.2.4p4+dfsg-7) unstable; urgency=low
1144
1145 -- Peter Eisentraut <petere@debian.org> Wed, 16 Jul 2008 14:09:41 +0200
1146
1147+ntp (1:4.2.4p4+dfsg-6ubuntu2) intrepid; urgency=low
1148+
1149+ * debian/ntpdate.ifup: use a different lockfile to avoid dead-locks
1150+ when restarting ntpd (LP: #246203).
1151+
1152+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 09:48:33 -0700
1153+
1154+ntp (1:4.2.4p4+dfsg-6ubuntu1) intrepid; urgency=low
1155+
1156+ * Merge from debian unstable, remaining changes:
1157+ - debian/ntp.conf, debian/ntpdate.default:
1158+ - Change default server to ntp.ubuntu.com.
1159+ - debian/control:
1160+ - Set Ubuntu maintainer address.
1161+ - debian/ntpdate.ifup:
1162+ Stop ntp before running ntpdate when an interface
1163+ comes up, then start again afterwards (LP: #114505)
1164+ * debian/rules:
1165+ - Call update-rcd-params with manual arguments instead of defaults.
1166+ * debian/ntp.init:
1167+ - Update LSB Default-Stop header.
1168+ * Dropped:
1169+ - Update TearDown spec implementation:
1170+ - Update version in conflicts/replaces to that which was shipped in
1171+ edgy, which was later than that in Debian (due to the ubuntuX).
1172+ - Add sysv-rc dependency.
1173+ - debian/rules:
1174+ - Call update-rcd-params with multiuser instead defaults.
1175+ - debian/ntp-server.postinst (dapper upgrade):
1176+ - Remove stop script symlinks from rc0 and rc6.
1177+
1178+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Jun 2008 22:28:16 -0400
1179+
1180 ntp (1:4.2.4p4+dfsg-6) unstable; urgency=low
1181
1182 * Put back accidentally removed /etc/defaults/ntpdate (closes: #482605)
1183@@ -641,6 +1710,30 @@ ntp (1:4.2.4p4+dfsg-4) unstable; urgency=low
1184
1185 -- Peter Eisentraut <petere@debian.org> Tue, 29 Apr 2008 11:19:54 +0200
1186
1187+ntp (1:4.2.4p4+dfsg-3ubuntu2) hardy; urgency=low
1188+
1189+ * Stop ntp before running ntpdate when an interface
1190+ comes up, then start again afterwards (LP: #114505)
1191+
1192+ -- Onno Benschop <onno@itmaze.com.au> Thu, 6 Mar 2008 14:00:42 +0900
1193+
1194+ntp (1:4.2.4p4+dfsg-3ubuntu1) hardy; urgency=low
1195+
1196+ * Merge from debian unstable, remaining changes:
1197+ - debian/ntp.conf, debian/ntpdate.default:
1198+ - Change default server to ntp.ubuntu.com.
1199+ - debian/rules:
1200+ - Call update-rcd-params with multiuser instead defaults.
1201+ - debian/control:
1202+ - Set Ubuntu maintainer address.
1203+ - Update version in conflicts/replaces to that which was shipped in
1204+ edgy, which was later than that in Debian (due to the ubuntuX).
1205+ - Add sysv-rc dependency.
1206+ - debian/ntp-server.postinst:
1207+ - Remove stop script symlinks from rc0 and rc6.
1208+
1209+ -- Scott Kitterman <scott@kitterman.com> Mon, 25 Feb 2008 19:36:36 -0500
1210+
1211 ntp (1:4.2.4p4+dfsg-3) unstable; urgency=low
1212
1213 * Various man page and NEWS fixes (patches by Justin Pryzby and Vincent
1214@@ -663,6 +1756,23 @@ ntp (1:4.2.4p4+dfsg-3) unstable; urgency=low
1215
1216 -- Peter Eisentraut <petere@debian.org> Sun, 13 Jan 2008 12:18:13 +0100
1217
1218+ntp (1:4.2.4p4+dfsg-2ubuntu1) hardy; urgency=low
1219+
1220+ * Merge from debian unstable, remaining changes:
1221+ - debian/ntp.conf, debian/ntpdate.default:
1222+ - Change default server to ntp.ubuntu.com.
1223+ - debian/rules:
1224+ - Call update-rcd-params with multiuser instead defaults.
1225+ - debian/control:
1226+ - Set Ubuntu maintainer address.
1227+ - Update version in conflicts/replaces to that which was shipped in edgy,
1228+ which was later than that in Debian (due to the ubuntuX).
1229+ - Add sysv-rc dependency.
1230+ - debian/ntp-server.postinst:
1231+ - Remove stop script symlinks from rc0 and rc6.
1232+
1233+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 26 Nov 2007 15:42:41 -0500
1234+
1235 ntp (1:4.2.4p4+dfsg-2) unstable; urgency=low
1236
1237 * Disable checking of openssl library version.
1238@@ -697,6 +1807,25 @@ ntp (1:4.2.4p3+dfsg-1) unstable; urgency=low
1239
1240 -- Kurt Roeckx <kurt@roeckx.be> Mon, 13 Aug 2007 15:58:08 +0000
1241
1242+ntp (1:4.2.4p0+dfsg-1ubuntu2) gutsy; urgency=low
1243+
1244+ * Trigger rebuild for hppa
1245+
1246+ -- LaMont Jones <lamont@ubuntu.com> Thu, 04 Oct 2007 12:15:33 -0600
1247+
1248+ntp (1:4.2.4p0+dfsg-1ubuntu1) gutsy; urgency=low
1249+
1250+ * Merge from Debian unstable.
1251+ * Remaining Ubuntu changes:
1252+ - Update version in conflicts/replaces to that which was shipped in edgy,
1253+ which was later than that in Debian (due to the ubuntuX).
1254+ - Change default server to ntp.ubuntu.com.
1255+ - Remove stop links from rc0 and rc6
1256+ - Call dh_installinit with --error-handler
1257+ - Set Ubuntu maintainer address.
1258+
1259+ -- Steve Kowalik <stevenk@ubuntu.com> Fri, 18 May 2007 22:41:56 +1000
1260+
1261 ntp (1:4.2.4p0+dfsg-1) unstable; urgency=low
1262
1263 [ Peter Eisentraut ]
1264@@ -742,6 +1871,28 @@ ntp (1:4.2.2.p4+dfsg-2) unstable; urgency=low
1265
1266 -- Kurt Roeckx <kurt@roeckx.be> Sun, 4 Mar 2007 13:01:11 +0000
1267
1268+ntp (1:4.2.2.p4+dfsg-1ubuntu3) feisty; urgency=low
1269+
1270+ * Rebuild for changes in the amd64 toolchain.
1271+ * Set Ubuntu maintainer address.
1272+
1273+ -- Matthias Klose <doko@ubuntu.com> Mon, 5 Mar 2007 01:23:22 +0000
1274+
1275+ntp (1:4.2.2.p4+dfsg-1ubuntu2) feisty; urgency=low
1276+
1277+ * Update version in conflicts/replaces to that which was shipped in edgy,
1278+ which was later than that in Debian (due to the ubuntuX). LP: #73506.
1279+
1280+ -- Scott James Remnant <scott@ubuntu.com> Tue, 28 Nov 2006 10:27:08 +0000
1281+
1282+ntp (1:4.2.2.p4+dfsg-1ubuntu1) feisty; urgency=low
1283+
1284+ * Merge from debian unstable, remaining changes:
1285+ - change default server to ntp.ubuntu.com
1286+ - remove stop links from rc0 and rc6
1287+
1288+ -- Scott James Remnant <scott@ubuntu.com> Mon, 27 Nov 2006 13:51:15 +0000
1289+
1290 ntp (1:4.2.2.p4+dfsg-1) unstable; urgency=low
1291
1292 * New upstream release
1293@@ -901,6 +2052,18 @@ ntp (1:4.2.2+dfsg-1) unstable; urgency=low
1294
1295 -- Peter Eisentraut <petere@debian.org> Fri, 14 Jul 2006 22:55:36 +0200
1296
1297+ntp (1:4.2.0a+stable-9ubuntu2) edgy; urgency=low
1298+
1299+ * Remove stop script symlinks from rc0 and rc6.
1300+
1301+ -- Scott James Remnant <scott@ubuntu.com> Fri, 15 Sep 2006 17:47:40 +0100
1302+
1303+ntp (1:4.2.0a+stable-9ubuntu1) edgy; urgency=low
1304+
1305+ * Resynchronise with Debian.
1306+
1307+ -- Tollef Fog Heen <tfheen@ubuntu.com> Fri, 30 Jun 2006 16:02:07 +0200
1308+
1309 ntp (1:4.2.0a+stable-9) unstable; urgency=low
1310
1311 [ Peter Eisentraut ]
1312@@ -934,6 +2097,51 @@ ntp (1:4.2.0a+stable-8.2) unstable; urgency=high
1313
1314 -- Peter Eisentraut <petere@debian.org> Tue, 6 Jun 2006 02:27:42 +0200
1315
1316+ntp (1:4.2.0a+stable-8.1ubuntu6) dapper; urgency=low
1317+
1318+ * Call dh_installinit with --error-handler=true, which will prevent
1319+ ntp-server's prerm and postinst from bombing out on upgrades from
1320+ previous broken versions. ntp-{simple,refclock} still try to
1321+ restart the server in their postinst, so it won't be left dead.
1322+
1323+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 29 May 2006 10:25:43 +1000
1324+
1325+ntp (1:4.2.0a+stable-8.1ubuntu5) dapper; urgency=low
1326+
1327+ * Attempt to create the ntp user in ntp-server's postinst, as the
1328+ dependency loops between ntp-server and ntp-* means we have no
1329+ way of knowing which gets configured first (launchpad.net/33351)
1330+
1331+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 28 May 2006 02:20:57 +1000
1332+
1333+ntp (1:4.2.0a+stable-8.1ubuntu4) dapper; urgency=low
1334+
1335+ * Hide output from ntpdate unless ifup is run with -v.
1336+
1337+ -- Scott James Remnant <scott@ubuntu.com> Wed, 17 May 2006 22:45:19 +0100
1338+
1339+ntp (1:4.2.0a+stable-8.1ubuntu3) dapper; urgency=low
1340+
1341+ * Ignore errors from ntpdate, otherwise the interface might not come
1342+ fully up.
1343+
1344+ -- Scott James Remnant <scott@ubuntu.com> Wed, 8 Feb 2006 15:48:19 +0000
1345+
1346+ntp (1:4.2.0a+stable-8.1ubuntu2) dapper; urgency=low
1347+
1348+ * Remove ntpdate init script, instead install a script in
1349+ /etc/network/if-up.d that sets the clock whenever we bring up a network
1350+ interface.
1351+
1352+ -- Scott James Remnant <scott@ubuntu.com> Wed, 4 Jan 2006 15:56:23 +0000
1353+
1354+ntp (1:4.2.0a+stable-8.1ubuntu1) dapper; urgency=low
1355+
1356+ * Resynchronise with Debian.
1357+ * Use ntp.ubuntu.com rather than ntp.ubuntulinux.org.
1358+
1359+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 1 Nov 2005 23:06:49 -0500
1360+
1361 ntp (1:4.2.0a+stable-8.1) unstable; urgency=low
1362
1363 * 0-day BSP NMU.
1364@@ -942,6 +2150,20 @@ ntp (1:4.2.0a+stable-8.1) unstable; urgency=low
1365
1366 -- Christoph Berg <myon@debian.org> Fri, 28 Oct 2005 15:33:37 +0200
1367
1368+ntp (1:4.2.0a+stable-8ubuntu2) breezy; urgency=low
1369+
1370+ * Fix error message in ntp-server init script.
1371+ (Closes: #14726)
1372+
1373+ -- Fabio M. Di Nitto <fabbione@ubuntu.com> Fri, 09 Sep 2005 06:35:08 +0200
1374+
1375+ntp (1:4.2.0a+stable-8ubuntu1) breezy; urgency=low
1376+
1377+ * Resynchronise with Debian, resolving merge conflicts brought
1378+ on by Debian incorporating some of our changes upstream.
1379+
1380+ -- Adam Conrad <adconrad@0c3.net> Wed, 20 Apr 2005 04:18:50 +0000
1381+
1382 ntp (1:4.2.0a+stable-8) unstable; urgency=medium
1383
1384 * The "Well, I certainly could have done that better" version,
1385@@ -972,6 +2194,92 @@ ntp (1:4.2.0a+stable-5) unstable; urgency=low
1386
1387 -- Matthias Urlichs <smurf@debian.org> Mon, 14 Mar 2005 15:25:03 +0100
1388
1389+ntp (1:4.2.0a+stable-4) unstable; urgency=low
1390+
1391+ * Merged Upstream fix for ntpdate IPv4/IPv6 problems.
1392+ - Closes: #293793, #294636
1393+ * Install if-up.d/ntp-server in the correct directory.
1394+ - Closes: #294971
1395+ * Merged ubuntu's no-root patch.
1396+ - Closes: #298059, #296595, #282941
1397+ * Don't change the date when debugging ntpdate.
1398+ - Closes: #286463
1399+ * Tell the user that "/etc/initd/ntp-server reload" is not possible.
1400+ - Sort-of-Closes: #276216
1401+ * Cleanup init.d script. Closes: #295574
1402+ * Fix doc typos. Closes: #298226
1403+ * Remove /var/run/ntpd.pid when stopping the server.
1404+ - Closes: #295553
1405+ * Document ntpdate's exit status. Closes: #298190.
1406+ * Enhance ntpdate's logcheck rule. Closes: #283386
1407+ * Built against libreadline5.
1408+
1409+ -- Matthias Urlichs <smurf@debian.org> Sat, 12 Mar 2005 06:16:39 +0100
1410+
1411+ntp (1:4.2.0a+stable-3) unstable; urgency=low
1412+
1413+ * Re-upload due to Debian FTP archive problems.
1414+
1415+ -- Matthias Urlichs <smurf@debian.org> Tue, 25 Jan 2005 22:18:34 +0100
1416+
1417+ntp (1:4.2.0a+stable-2) unstable; urgency=low
1418+
1419+ * -dbg packages have been disabled.
1420+
1421+ -- Matthias Urlichs <smurf@debian.org> Sun, 9 Jan 2005 15:56:42 +0100
1422+
1423+ntp (1:4.2.0a+stable-1) unstable; urgency=medium
1424+
1425+ * Workaround for ntpdate failing on IPv6 addresses with some kernels.
1426+ - Thanks to Dan Merillat <dmerillat@sequiam.com> for tracking this down.
1427+ - Closes: #249216.
1428+ * Changed the upstream version name. "+bkYYYYMMDD" isn't what the version of
1429+ a released program like ntpd should look like; people have been asking.
1430+
1431+ -- Matthias Urlichs <smurf@debian.org> Sat, 8 Jan 2005 12:05:56 +0100
1432+
1433+ntp (1:4.2.0a+bk20040620-4) unstable; urgency=medium
1434+
1435+ * Pushing to Unstable.
1436+ * Note: This release is based on the _stable_ Upstream version.
1437+ * Turned off OpenSSL library compatibility test, it's nonsense.
1438+ - Closes:#286913.
1439+
1440+ -- Matthias Urlichs <smurf@debian.org> Thu, 23 Dec 2004 01:47:30 +0100
1441+
1442+ntp (1:4.2.0a+bk20040620-3) experimental; urgency=low
1443+
1444+ * Depend on perl-modules (for ntptrace). Closes:#276672.
1445+ * Reworded clock interval explanation. Closes:#276213.
1446+ * Note that the actual NTP server is in package "ntp-server". Closes:#273865.
1447+ * Document dropped startup script run order. Closes:#240516.
1448+ * Fix --help in ntptrace. Closes:#242629.
1449+ * Add a (disabled) restart script to if-up.d. Closes:#247656.
1450+ * fixed SIGFPE in ntp-keygen.
1451+ * Remove superfluous {pre,post}{inst,rm} scripts
1452+
1453+ -- Matthias Urlichs <smurf@debian.org> Sun, 14 Nov 2004 17:09:17 +0100
1454+
1455+ntp (1:4.2.0a+bk20040620-2) experimental; urgency=low
1456+
1457+ * Merge stable Upstream changes.
1458+ * Add debugging symbol packages.
1459+
1460+ -- Matthias Urlichs <smurf@debian.org> Sat, 25 Sep 2004 11:43:37 +0200
1461+
1462+ntp (1:4.2.0a+bk20040620-1) experimental; urgency=low
1463+
1464+ * Merge current stable Upstream
1465+
1466+ -- Matthias Urlichs <smurf@debian.org> Mon, 21 Jun 2004 10:17:28 +0200
1467+
1468+ntp (1:4.2.0a-12) unstable; urgency=low
1469+
1470+ * Doc how to use multiple servers in ntp.default.
1471+ - Closes: #264569: please document format of NTPSERVERS option
1472+
1473+ -- Matthias Urlichs <smurf@debian.org> Mon, 9 Aug 2004 19:57:58 +0200
1474+
1475 ntp (1:4.2.0a-11ubuntu3) hoary; urgency=low
1476
1477 * ntpd/ntpd.c:
1478@@ -1091,6 +2399,12 @@ ntp (1:4.2.0a-12) unstable; urgency=low
1479
1480 -- Matthias Urlichs <smurf@debian.org> Mon, 9 Aug 2004 19:57:58 +0200
1481
1482+ntp (1:4.2.0a-11ubuntu1) hoary; urgency=low
1483+
1484+ * Resynchronise with Debian.
1485+
1486+ -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 13:54:06 +0100
1487+
1488 ntp (1:4.2.0a-11) unstable; urgency=low
1489
1490 * Fix building on non-Linux Debian systems.
1491@@ -1101,6 +2415,19 @@ ntp (1:4.2.0a-11) unstable; urgency=low
1492
1493 -- Matthias Urlichs <smurf@debian.org> Tue, 6 Jul 2004 05:26:07 +0200
1494
1495+ntp (1:4.2.0a-10ubuntu2) warty; urgency=low
1496+
1497+ * Use ntp.ubuntulinux.org instead of pool.ntp.org
1498+
1499+ -- Matt Zimmerman <mdz@canonical.com> Mon, 11 Oct 2004 16:10:27 -0700
1500+
1501+ntp (1:4.2.0a-10ubuntu1) warty; urgency=low
1502+
1503+ * Added versioned depend on lsb-base
1504+ * debian/ntpdate.init.d,ntp-server.init.d: pretty initscripts
1505+
1506+ -- Nathaniel McCallum <npmccallum@canonical.com> Fri, 3 Sep 2004 15:12:27 -0400
1507+
1508 ntp (1:4.2.0a-10) unstable; urgency=medium
1509
1510 * Kill spuriously-running servers when updating.
1511diff --git a/debian/control b/debian/control
1512index 3ab2e0d..3c0c702 100644
1513--- a/debian/control
1514+++ b/debian/control
1515@@ -1,7 +1,8 @@
1516 Source: ntp
1517 Section: net
1518 Priority: optional
1519-Maintainer: Debian NTP Team <ntp@packages.debian.org>
1520+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
1521+XSBC-Original-Maintainer: Debian NTP Team <ntp@packages.debian.org>
1522 Uploaders: Kurt Roeckx <kurt@roeckx.be>,
1523 Bernhard Schmidt <berni@debian.org>
1524 Build-Depends: autogen,
1525diff --git a/debian/ntp-systemd-netif.path b/debian/ntp-systemd-netif.path
1526new file mode 100644
1527index 0000000..2a24788
1528--- /dev/null
1529+++ b/debian/ntp-systemd-netif.path
1530@@ -0,0 +1,8 @@
1531+[Unit]
1532+DefaultDependencies=no
1533+
1534+[Path]
1535+PathChanged=/run/systemd/netif/leases
1536+
1537+[Install]
1538+WantedBy=network-pre.target
1539diff --git a/debian/ntp-systemd-netif.service b/debian/ntp-systemd-netif.service
1540new file mode 100644
1541index 0000000..27610f9
1542--- /dev/null
1543+++ b/debian/ntp-systemd-netif.service
1544@@ -0,0 +1,4 @@
1545+[Service]
1546+Environment=reason=BOUND
1547+ExecStart=/bin/sh -c '. /etc/dhcp/dhclient-exit-hooks.d/ntp'
1548+
1549diff --git a/debian/ntp.conf b/debian/ntp.conf
1550index d473b43..7702785 100644
1551--- a/debian/ntp.conf
1552+++ b/debian/ntp.conf
1553@@ -13,18 +13,18 @@ filegen loopstats file loopstats type day enable
1554 filegen peerstats file peerstats type day enable
1555 filegen clockstats file clockstats type day enable
1556
1557-
1558-# You do need to talk to an NTP server or two (or three).
1559-#server ntp.your-provider.example
1560-
1561-# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
1562-# pick a different set every time it starts up. Please consider joining the
1563-# pool: <http://www.pool.ntp.org/join.html>
1564-pool 0.debian.pool.ntp.org iburst
1565-pool 1.debian.pool.ntp.org iburst
1566-pool 2.debian.pool.ntp.org iburst
1567-pool 3.debian.pool.ntp.org iburst
1568-
1569+# Specify one or more NTP servers.
1570+
1571+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
1572+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
1573+# more information.
1574+pool 0.ubuntu.pool.ntp.org iburst
1575+pool 1.ubuntu.pool.ntp.org iburst
1576+pool 2.ubuntu.pool.ntp.org iburst
1577+pool 3.ubuntu.pool.ntp.org iburst
1578+
1579+# Use Ubuntu's ntp server as a fallback.
1580+pool ntp.ubuntu.com
1581
1582 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
1583 # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
1584diff --git a/debian/ntp.dhcp b/debian/ntp.dhcp
1585index eedf6d9..06ff760 100644
1586--- a/debian/ntp.dhcp
1587+++ b/debian/ntp.dhcp
1588@@ -17,12 +17,14 @@ ntp_servers_setup_remove() {
1589
1590
1591 ntp_servers_setup_add() {
1592- if [ -e $NTP_DHCP_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
1593+ networkd_ntp=$(sed -n 's/NTP=//p' /run/systemd/netif/leases/* 2>/dev/null)
1594+
1595+ if [ -z "$new_ntp_servers" ] && [ -z "$networkd_ntp" ]; then
1596+ ntp_servers_setup_remove
1597 return
1598 fi
1599
1600- if [ -z "$new_ntp_servers" ]; then
1601- ntp_servers_setup_remove
1602+ if [ -e $NTP_DHCP_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ] && [ -z "$networkd_ntp" ] ; then
1603 return
1604 fi
1605
1606@@ -36,7 +38,7 @@ ntp_servers_setup_add() {
1607 echo "# here will be lost at the next DHCP event. Edit $NTP_CONF instead."
1608 echo
1609 echo "# NTP server entries received from DHCP server"
1610- for server in $new_ntp_servers; do
1611+ for server in $new_ntp_servers $networkd_ntp; do
1612 echo "server $server iburst"
1613 done
1614 echo
1615diff --git a/debian/ntpdate.default b/debian/ntpdate.default
1616index 3241694..f239b18 100644
1617--- a/debian/ntpdate.default
1618+++ b/debian/ntpdate.default
1619@@ -7,7 +7,7 @@ NTPDATE_USE_NTP_CONF=yes
1620
1621 # List of NTP servers to use (Separate multiple servers with spaces.)
1622 # Not used if NTPDATE_USE_NTP_CONF is yes.
1623-NTPSERVERS="0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org"
1624+NTPSERVERS="ntp.ubuntu.com"
1625
1626 # Additional options to pass to ntpdate
1627 NTPOPTIONS=""
1628diff --git a/debian/rules b/debian/rules
1629index 81eeb31..74028a9 100755
1630--- a/debian/rules
1631+++ b/debian/rules
1632@@ -43,6 +43,8 @@ override_dh_install:
1633 install -D -m 0755 debian/ntp.networkmanager debian/ntp/etc/NetworkManager/dispatcher.d/ntp
1634 install -D -m 0644 debian/ntpdate.dhcp debian/ntpdate/etc/dhcp/dhclient-exit-hooks.d/ntpdate
1635 install -D -m 0755 debian/ntpdate-debian debian/ntpdate/usr/sbin/ntpdate-debian
1636+ install -D -m 0644 debian/ntp-systemd-netif.path debian/ntp/lib/systemd/system/ntp-systemd-netif.path
1637+ install -D -m 0644 debian/ntp-systemd-netif.service debian/ntp/lib/systemd/system/ntp-systemd-netif.service
1638
1639 install -D -m 0644 debian/ntp.conf debian/ntp/etc/ntp.conf
1640
1641@@ -63,6 +65,7 @@ override_dh_install:
1642 rm -f debian/ntp-doc/usr/share/doc/ntp-doc/html/hints/solaris*
1643
1644 override_dh_installinit:
1645+ dh_systemd_start -pntp ntp-systemd-netif.path
1646 dh_installinit -pntp --error-handler=installinit_error --no-restart-after-upgrade
1647 dh_installinit -pntpdate --no-restart-after-upgrade
1648 dh_apparmor --profile-name=usr.sbin.ntpd -pntp

Subscribers

People subscribed via source and target branches