ubuntu/+source/ntp:ubuntu/wily-devel

Last commit made on 2016-02-11
Get this branch:
git clone -b ubuntu/wily-devel https://git.launchpad.net/ubuntu/+source/ntp
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/wily-devel
Repository:
lp:ubuntu/+source/ntp

Recent commits

4bad9b6... by Eric Desrochers on 2016-01-25

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu8.2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 6780cb6bcd86c5c040a026c8084f51cebc7103be

New changelog entries:
  * ntpd rejects source UDP ports less than 123 as bogus (closes: #691412)
    - d/p/reject-UDP-ports-less-than-123-as-bogus.patch (LP: #1479652)

6780cb6... by Marc Deslauriers on 2015-10-22

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu8.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 3c28fc13423fec87debc8a5b57394d12b175163f

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted NUL-byte in
    configuration directive
    - debian/patches/CVE-2015-5146.patch: properly validate command in
      ntpd/ntp_control.c.
    - CVE-2015-5146
  * SECURITY UPDATE: denial of service via malformed logconfig commands
    - debian/patches/CVE-2015-5194.patch: fix logconfig logic in
      ntpd/ntp_parser.y.
    - CVE-2015-5194
  * SECURITY UPDATE: denial of service via disabled statistics type
    - debian/patches/CVE-2015-5195.patch: handle unrecognized types in
      ntpd/ntp_config.c.
    - CVE-2015-5195
  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
    configuration directives
    - debian/patches/CVE-2015-5196.patch: disable remote configuration in
      ntpd/ntp_parser.y.
    - CVE-2015-5196
    - CVE-2015-7703
  * SECURITY UPDATE: denial of service via precision value conversion
    - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
      include/ntp.h.
    - CVE-2015-5219
  * SECURITY UPDATE: timeshifting by reboot issue
    - debian/patches/CVE-2015-5300.patch: disable panic in
      ntpd/ntp_loopfilter.c.
    - CVE-2015-5300
  * SECURITY UPDATE: incomplete autokey data packet length checks
    - debian/patches/CVE-2015-7691.patch: add length and size checks to
      ntpd/ntp_crypto.c.
    - CVE-2015-7691
    - CVE-2015-7692
    - CVE-2015-7702
  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
    - debian/patches/CVE-2015-7701.patch: add missing free in
      ntpd/ntp_crypto.c.
    - CVE-2015-7701
  * SECURITY UPDATE: denial of service by spoofed KoD
    - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
    - CVE-2015-7704
    - CVE-2015-7705
  * SECURITY UPDATE: denial of service via same logfile and keyfile
    - debian/patches/CVE-2015-7850.patch: rate limit errors in
      include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
      libntp/msyslog.c.
    - CVE-2015-7850
  * SECURITY UPDATE: ntpq atoascii memory corruption
    - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
      ntpq/ntpq.c.
    - CVE-2015-7852
  * SECURITY UPDATE: buffer overflow via custom refclock driver
    - debian/patches/CVE-2015-7853.patch: properly calculate length in
      ntpd/ntp_io.c.
    - CVE-2015-7853
  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
    - debian/patches/CVE-2015-7855.patch: simply return fail in
      libntp/decodenetnum.c.
    - CVE-2015-7855
  * SECURITY UPDATE: symmetric association authentication bypass via
    crypto-NAK
    - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
      ntpd/ntp_proto.c.
    - CVE-2015-7871
  * debian/control: add bison to Build-Depends.
  * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
    regenerated for some reason.

3c28fc1... by Iain Lane on 2015-10-02

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu8 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 555cee52c49d78fd4aaf690d71b89466658bd082

New changelog entries:
  * debian/ntp.init: Don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
    newer - it can get stale. Patch by Simon D├ęziel. (LP: #1472056)

555cee5... by Eric Desrochers on 2015-09-02

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu7 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 0bd704e317d88803e94508bc84f82bac6be23f8b

New changelog entries:
  * Fix use-after-free in routing socket code (LP: #1481388)
    - debian/patches/use-after-free-in-routing-socket.patch
      fix logic in ntpd/ntp_io.c
  * Fix to ignore ENOBUFS on routing netlink socket
    - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
      fix logic in ntpd/ntp_io.c

0bd704e... by Marc Deslauriers on 2015-04-13

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu6 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 37746c284ec9fe844a2cec8656cecf5ffbbe6c81

New changelog entries:
  * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
    endian platforms
    - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
      util/ntp-keygen.c.
    - CVE number pending

37746c2... by Marc Deslauriers on 2015-04-07

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu5 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: bac86d6a260337a61f7c0b9dd0bf5a1f623ce993

New changelog entries:
  * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
    - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
      ntpd/ntp_proto.c.
    - CVE-2015-1798
  * SECURITY UPDATE: symmetric association DoS attack
    - debian/patches/CVE-2015-1799.patch: don't update state variables when
      authentication fails in ntpd/ntp_proto.c.
    - CVE-2015-1799

bac86d6... by Marc Deslauriers on 2015-02-09

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6b69abbe0366a098b7db8335c04ce80062aad3b6

New changelog entries:
  * SECURITY UPDATE: denial of service and possible info leakage via
    extension fields
    - debian/patches/CVE-2014-9297.patch: properly check lengths in
      ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
    - CVE-2014-9297
  * SECURITY UPDATE: IPv6 ACL bypass
    - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
      ntpd/ntp_io.c.
    - CVE-2014-9298

6b69abb... by Marc Deslauriers on 2014-12-20

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu3 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 8372ae1aed4a0c4cf367382a186fb15df8f2bf60

New changelog entries:
  * SECURITY UPDATE: weak default key in config_auth()
    - debian/patches/CVE-2014-9293.patch: use openssl for random key in
      ntpd/ntp_config.c, ntpd/ntpd.c.
    - CVE-2014-9293
  * SECURITY UPDATE: non-cryptographic random number generator with weak
    seed used by ntp-keygen to generate symmetric keys
    - debian/patches/CVE-2014-9294.patch: use openssl for random key in
      include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
    - CVE-2014-9294
  * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
    configure()
    - debian/patches/CVE-2014-9295.patch: check lengths in
      ntpd/ntp_control.c, ntpd/ntp_crypto.c.
    - CVE-2014-9295
  * SECURITY UPDATE: missing return on error in receive()
    - debian/patches/CVE-2015-9296.patch: add missing return in
      ntpd/ntp_proto.c.
    - CVE-2014-9296

8372ae1... by Jamie Strandboge on 2013-10-09

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 5c9bef1ad7a95f8367a48d2562009759263e6e9b

New changelog entries:
  * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

5c9bef1... by Tyler Hicks on 2013-10-06

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b1940c6b134a5539ebf519b6119f8f18e164cc67

New changelog entries:
  * Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
    changes:
    + debian/ntp.conf, debian/ntpdate.default: Change default server to
      ntp.ubuntu.com.
    + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface
      comes up, then start again afterwards.
    + debian/ntp.init, debian/rules: Only stop when entering single user mode.
    + Add enforcing AppArmor profile:
      - debian/control: Add Conflicts/Replaces on apparmor-profiles.
      - debian/control: Add Suggests on apparmor.
      - debian/ntp.dirs: Add apparmor directories.
      - debian/ntp.preinst: Force complain on certain upgrades.
      - debian/ntp.postinst: Reload apparmor profile.
      - debian/ntp.postrm: Remove the force-complain file.
      - add debian/apparmor-profile*.
      - debian/rules: install apparmor-profile and apparmor-profile.tunable.
      - debian/README.Debian: Add note on AppArmor.
    + debian/{control,rules}: Add and enable hardened build for PIE.
    + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
    + debian/ntpdate-debian: Disregard empty ntp.conf files.
    + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
    + debian/ntpdate.if-up: Fix interaction with openntpd.
    + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
      false positives from denials originating in other packages.
    + debian/rules: Update config.{guess,sub} for AArch64.