lp:ubuntu/wily/ntp
- Get this branch:
- bzr branch lp:ubuntu/wily/ntp
Branch merges
Related source package recipes
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 73. By Iain Lane
-
debian/ntp.init: Don't use /var/lib/
ntp/ntp. conf.dhcp if /etc/ntp.conf is
newerit can get stale. Patch by Simon Déziel. (LP: #1472056) - 72. By Eric Desrochers
-
* Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/ use-after- free-in- routing- socket. patch
fix logic in ntpd/ntp_io.c
* Fix to ignore ENOBUFS on routing netlink socket
- debian/patches/ ignore- ENOBUFS- on-routing- netlink- socket. patch
fix logic in ntpd/ntp_io.c - 71. By Marc Deslauriers
-
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ ntp-keygen- endless- loop.patch: fix logic in
util/ntp-keygen. c.
- CVE number pending - 70. By Marc Deslauriers
-
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/ CVE-2015- 1798.patch: reject packets without MAC in
ntpd/ntp_proto. c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/ CVE-2015- 1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799 - 69. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible info leakage via
extension fields
- debian/patches/ CVE-2014- 9297.patch: properly check lengths in
ntpd/ntp_crypto. c, ntpd/ntp_proto.c.
- CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
- debian/patches/ CVE-2014- 9298.patch: check for spoofed ::1 in
ntpd/ntp_io.c.
- CVE-2014-9298 - 68. By Marc Deslauriers
-
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/ CVE-2014- 9293.patch: use openssl for random key in
ntpd/ntp_config. c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/ CVE-2014- 9294.patch: use openssl for random key in
include/ntp_random. h, libntp/ ntp_random. c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
configure()
- debian/patches/ CVE-2014- 9295.patch: check lengths in
ntpd/ntp_control. c, ntpd/ntp_crypto.c.
- CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
- debian/patches/ CVE-2015- 9296.patch: add missing return in
ntpd/ntp_proto. c.
- CVE-2014-9296 - 66. By Tyler Hicks
-
* Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
changes:
+ debian/ntp.conf, debian/ntpdate. default: Change default server to
ntp.ubuntu.com.
+ debian/ntpdate. if-up: Stop ntp before running ntpdate when an interface
comes up, then start again afterwards.
+ debian/ntp.init, debian/rules: Only stop when entering single user mode.
+ Add enforcing AppArmor profile:
- debian/control: Add Conflicts/Replaces on apparmor-profiles.
- debian/control: Add Suggests on apparmor.
- debian/ntp.dirs: Add apparmor directories.
- debian/ntp.preinst: Force complain on certain upgrades.
- debian/ntp.postinst: Reload apparmor profile.
- debian/ntp.postrm: Remove the force-complain file.
- add debian/apparmor- profile* .
- debian/rules: install apparmor-profile and apparmor-profile. tunable.
- debian/README. Debian: Add note on AppArmor.
+ debian/{control, rules}: Add and enable hardened build for PIE.
+ debian/rules, debian/ntp.dirs, debian/source_ ntp.py: Add apport hook.
+ debian/ntpdate- debian: Disregard empty ntp.conf files.
+ debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
+ debian/ntpdate. if-up: Fix interaction with openntpd.
+ debian/source_ ntp.py: Add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.
+ debian/rules: Update config.{guess,sub} for AArch64.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
