Ubuntu
ntp package

lp:ubuntu/precise-updates/ntp

  1. Precise (12.04)
  2. precise-updates
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/precise-updates/ntp
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

63. By Marc Deslauriers

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

62. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

61. By Marc Deslauriers

* SECURITY UPDATE: weak default key in config_auth()
  - debian/patches/CVE-2014-9293.patch: use openssl for random key in
    ntpd/ntp_config.c, ntpd/ntpd.c.
  - CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
  seed used by ntp-keygen to generate symmetric keys
  - debian/patches/CVE-2014-9294.patch: use openssl for random key in
    include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
  - CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
  configure()
  - debian/patches/CVE-2014-9295.patch: check lengths in
    ntpd/ntp_control.c, ntpd/ntp_crypto.c.
  - CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
  - debian/patches/CVE-2015-9296.patch: add missing return in
    ntpd/ntp_proto.c.
  - CVE-2014-9296

60. By Jamie Strandboge

* debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
  profile (LP: #930266)
* debian/control: Build-Depends on dh-apparmor

59. By Jamie Strandboge

debian/apparmor-profile: adjust for IPv6 (LP: #892332)

58. By Chuck Short

* Merge from debian unstable, remaining changes are:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile (LP: #382905):
    - debian/control: add Conflicts/Replaces on apparmor-profiles <
      2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
      apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
    - debian/control: add Suggests on apparmor
    - debian/ntp.dirs: add apparmor directories
    - debian/ntp.preinst: force complain on certain upgrades
    - debian/ntp.postinst: reload apparmor profile
    - debian/ntp.postrm: remove the force-complain file
    - add debian/apparmor-profile*
    - debian/rules: install apparmor-profile and apparmor-profile.tunable
    - debian/README.Debian: add note on AppArmor
  + debian/{control,rules}: add and enable hardened build for PIE
    (Debian bug 542721).
  + debian/apparmor-profile: adjust location of drift files (LP: #456308)
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files. (LP: #83604)
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation,
    to work around the system-tools-backends part of LP #83604.
  + debian/ntpdate.ifup: Fix interaction with openntpd. (LP: #877210)
  + Dropped:
    - ntpdate-accept-same-timestamp-replies.patch: Accepted upstream

57. By Reinhard Tartler

debian/ntpdate.if-up: Fix interaction with openntpd, LP: #872210

56. By Jamie Strandboge

debian/apparmor-profile: also allow access to /var/log/ntpstats/rawstats*

55. By Jamie Strandboge

* debian/apparmor-profile: allow sys_nice for -N option to work. More
  work is needed to make ntpd start niced, so not auto-closing the bug.
  - LP: 229632

54. By Marc Deslauriers

debian/source_ntp.py: use new apport MAC function instead of parsing
and attaching AppArmor events here.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/ntp
This branch contains Public information 
Everyone can see this information.

Subscribers