lp:~ubuntu-branches/ubuntu/lucid/ntp/lucid-201010051548
- Get this branch:
- bzr branch lp:~ubuntu-branches/ubuntu/lucid/ntp/lucid-201010051548
Branch merges
- No reviews requested
-
Diff: 77 lines (+39/-0) (has conflicts)3 files modifieddebian/changelog (+28/-0)
debian/patches/series (+7/-0)
debian/rules (+4/-0)
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 39. By Chuck Short
-
* debian/rules: install symlink for early loading of per-interface
triggered ntp AppArmor profile.
* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
- debian/patches/ CVE-2009- 3563.patch: update ntpd/ntp_request.c to
not send a response packet for and rate limit logging of invalid mode 7
requests and responses
- CVE-2009-3563 - 34. By Chuck Short
-
* Merge from debian testing, remaining changes:
+ debian/ntp.conf, debian/ntpdate. default: Change default server to
ntp.ubuntu.com.
+ debian/ntpdate. ifup: Stop ntp before running ntpdate when an interface
comes up, then start again afterwards
+ debian/ntp.init, debian/rules: Only stop when entering single user mode.
+ Add enforcing AppArmor profile (LP: #382905)
- debian/control: add Conflicts/Replaces on apparmor-profiles <
2.3.1+1403- 0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
tunables/ntpd)
- debian/control: add Suggests on apparmor
- debian/ntp.dirs: add apparmor directories
- debian/ntp.preinst: force complain on certain upgrades
- debian/ntp.postinst: reload apparmor profile
- debian/ntp.postrm: remove the force-complain file
- add debian/apparmor- profile*
- debian/rules: install apparmor-profile and apparmor-profile. tunable
- debian/README. Debian: add note on AppArmor
+ debian/patches/ fix-nano. patch: enable nanokernel support (LP: #412242)
+ debian/{control, rules}: add and enable hardened build for PIE
(Debian bug 542721).
+ debian/apparmor- profile: adjust location of drift files (LP: #456308)
+ Dropped changes, merged in Debian:
- debian/man/ntpdate. 8 - fix debian shipped manpage; patch by
Josh Holland <email address hidden>
+ Dropped changes, superseded upstream/in Debian:
- debian/patches/ CVE-2009- 0159.patch: Use Debian's version of the patch.
- debian/patches/ CVE-2009- 1252.patch: Use Debian's version of the patch. - 31. By Jamie Strandboge
-
* Add enforcing AppArmor profile (LP: #382905)
- debian/control: add Conflicts/Replaces on apparmor-profiles <
2.3.1+1403- 0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
tunables/ntpd)
- debian/control: add Suggests on apparmor
- debian/ntp.dirs: add apparmor directories
- debian/ntp.preinst: force complain on certain upgrades
- debian/ntp.postinst: reload apparmor profile
- debian/ntp.postrm: remove the force-complain file
- add debian/apparmor- profile*
- debian/rules: install apparmor-profile and apparmor-profile. tunable
- debian/README. Debian: add note on AppArmor
* debian/patches/ fix-nano. patch: enable nanokernel support (LP: #412242) - 30. By Jamie Strandboge
-
* SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
- debian/patches/ CVE-2009- 1252.patch: update ntpd/ntp_crypto.c to use
snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
adjust ntp_peer.c and ntp_timer.c to do the same.
- CVE-2009-1252
* SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
server
- debian/patches/ CVE-2009- 0159.patch: increase size of buffer in
cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
- CVE-2009-0159
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/ntp