Ubuntu
ntp package

lp:ubuntu/trusty-security/ntp

  1. Trusty (14.04)
  2. trusty-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/trusty-security/ntp
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

70. By Marc Deslauriers

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

69. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

68. By Marc Deslauriers

* SECURITY UPDATE: weak default key in config_auth()
  - debian/patches/CVE-2014-9293.patch: use openssl for random key in
    ntpd/ntp_config.c, ntpd/ntpd.c.
  - CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
  seed used by ntp-keygen to generate symmetric keys
  - debian/patches/CVE-2014-9294.patch: use openssl for random key in
    include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
  - CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
  configure()
  - debian/patches/CVE-2014-9295.patch: check lengths in
    ntpd/ntp_control.c, ntpd/ntp_crypto.c.
  - CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
  - debian/patches/CVE-2015-9296.patch: add missing return in
    ntpd/ntp_proto.c.
  - CVE-2014-9296

67. By Jamie Strandboge

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

66. By Tyler Hicks

* Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
  changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.if-up: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/rules: Update config.{guess,sub} for AArch64.

65. By Matthias Klose

Update config.{guess,sub} for AArch64.

64. By Jamie Strandboge

debian/apparmor-profile: Add /var/log/ntpstats/protostats* (LP: #1195898)

63. By Matthias Klose

* New upstream version, fixing build failure in raring.
* Merge with Debian; remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/apparmor-profile: Adjust location of drift files.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.ifup: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
    profile.
  + debian/apparmor-profile: adjust for IPv6.

62. By Marc Deslauriers

debian/source_ntp.py: add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.

61. By Sebastien Bacher

Re-enable crypto support by pointing openssl libdir to multiarch dir,
change backported from Debian, thanks Yves-Alexis Perez (lp: #998403)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/vivid/ntp
This branch contains Public information 
Everyone can see this information.

Subscribers