Last commit made on 2016-04-08
Get this branch:
git clone -b ubuntu/xenial https://git.launchpad.net/ubuntu/+source/ntp
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

43eeb53... by Jamie Strandboge on 2016-04-07

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 71a2b8e2f0ad1d2247cc0b572a66f881c9547d27

New changelog entries:
  * debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
    Patch thanks to Mark Shuttleworth. (LP: #1564832)

71a2b8e... by Kick In on 2016-03-17

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 3393b4bbeae7eff3b24661ddf08a07f1bafb383a

New changelog entries:
  * d/p/fix_local_sync.patch: fix local clock sync (LP: #1558125).

3393b4b... by Łukasz Zemczak on 2016-02-24

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 191352d62f142463ab2e698c502c8b07bc9db045

New changelog entries:
  * debian/patches/ntpdate-fix-lp1526264.patch:
    - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in
      the future bug (LP: #1526264)

191352d... by Jamie Strandboge on 2016-02-17

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9d061f7f93e4558cf7a80216cff06d0e99400103

New changelog entries:
  * debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream

9d061f7... by Kick In on 2016-02-05

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 20ad5f709ff0e01e1f156ec25abe85e443075efb

New changelog entries:
  * Merge from Debian testing. Remaining changes:
    + debian/rules: enable debugging. Ask debian to add this.
    + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
    + Add enforcing AppArmor profile:
      - debian/control: Add Conflicts/Replaces on apparmor-profiles.
      - debian/control: Add Suggests on apparmor.
      - debian/control: Build-Depends on dh-apparmor.
      - add debian/apparmor-profile*.
      - debian/ntp.dirs: Add apparmor directories.
      - debian/rules: Install apparmor-profile and apparmor-profile.tunable.
      - debian/source_ntp.py: Add filter on AppArmor profile names to prevent
        false positives from denials originating in other packages.
      - debian/README.Debian: Add note on AppArmor.
    + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
      running ntpdate when an interface comes up, then start again afterwards.
    + debian/ntp.init, debian/rules: Only stop when entering single user mode,
      don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can
      get stale. Patch by Simon Déziel.
    + debian/ntp.conf, debian/ntpdate.default: Change default server to
    + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
  * Includes fix for requests with source ports < 123, fixed upstream in
    4.2.8p1 (LP: #1479652).
  * Add PPS support (LP: #1512980):
    + debian/README.Debian: Add a PPS section to the README.Debian,
      removed all PPSkit one.
    + debian/ntp.conf: Add some configuration examples from the offical
    + debian/control: Add Build-Depends on pps-tools
  * Drop Changes:
    + debian/rules: Update config.{guess,sub} for AArch64, because upstream use
      dh_autoreconf now.
    + debian/{control,rules}: Add and enable hardened build for PIE.
      Upstream use fPIC. Options -fPIC and -fPIE are uncompatible, thus this is
      never applied, (cf. dpkg-buildflags manual), checked with Marc
      Deslauriers on freenode #ubuntu-hardened, 2016-01-20~13:11 UTC.
    + debian/rules: Remove update-rcd-params in dh_installinit command. When
      setting up ntp package, the following message is presented to the user
      due to deprecated use:
      "update-rc.d: warning: start and stop actions are no longer
      supported; falling back to defaults". The defaults are taken from the
      init.d script LSB comment header, which contain what we need anyway.
    + debian/rules: Remove ntp/ntp_parser.{c,h} or they don't get properly
      regenerated for some reason. Seems to have been due to ntpd/ntp_parser.y
      patches from CVE-2015-5194 and CVE-2015-5196, already upstreamed.
    + debian/ntpdate.if-up: Drop lockfile mechanism as upstream is using flock
    + Remove natty timeframe old deltas (transitional code not needed since
      Trusty): Those patches were for an incorrect behaviour of
      system-tools-backend, around natty time
      - debian/ntpdate-debian: Disregard empty ntp.conf files.
      - debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
    + debian/ntp.dhcp: Rewrite sed rules. This was done incorrectly as pointed
      out in LP 575458. This decision is explained in detail there.
  * All previous ubuntu security patches/fixes have been upstreamed:
    + CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,
      CVE-2015-7703, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691,
      CVE-2015-7692, CVE-2015-7702, CVE-2015-7701, CVE-2015-7704,
      CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,
      CVE-2015-7855, CVE-2015-7871, CVE-2015-1798, CVE-2015-1799,
      CVE-2014-9297, CVE-2014-9298, CVE-2014-9293, CVE-2014-9294,
      CVE-2014-9295, CVE-2014-9296
    + Fix to ignore ENOBUFS on routing netlink socket
    + Fix use-after-free in routing socket code
    + ntp-keygen infinite loop or lack of randonmess on big endian platforms

20ad5f7... by Kurt Roeckx on 2015-10-22

Import patches-unapplied version 1:4.2.8p4+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7bc00668445065727499e00a9b664b7d6782d482

New changelog entries:
  * Remove rlimit memlock from default config file, the default is now
    to no longer lock. (Closes: #793745)
  * Really properly fix CVE-2015-7704, thanks to Miroslav Lichvar
    <email address hidden>

7bc0066... by Kurt Roeckx on 2015-10-22

Import patches-unapplied version 1:4.2.8p4+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b72bcab04a11e28f82f2cb0a184ed66ef0050879

New changelog entries:
  * Change rlimit memlock default to -1. (Closes: #802638)
  * Fix CVE-2015-5300
  * Properly fix CVE-2015-7704

b72bcab... by Kurt Roeckx on 2015-10-21

Import patches-unapplied version 1:4.2.8p4+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 16e47ce08e453f43f8beb89965cada3ab9bbecb2

New changelog entries:
  * New upstream release.
    - Fixes CVE-2015-7850 CVE-2015-7704 CVE-2015-7701 CVE-2015-5196
      CVE-2015-7848 CVE-2015-7849 CVE-2015-7854 CVE-2015-7852 CVE-2015-7853
      CVE-2015-7851 CVE-2015-7705 CVE-2015-7855 CVE-2015-7871
    - Drop format-security.patch, applied upstream.

16e47ce... by Kurt Roeckx on 2015-07-25

Import patches-unapplied version 1:4.2.8p3+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 869c5c4ace0fbf42f967a093087997138dc6c70d

New changelog entries:
  * New upstream version
   - Patches applied upstream: ntpd-linux-caps-inheritable.patch,
     ntp-4.2.6p5-cve-2014-9293.patch, ntp-4.2.6p5-cve-2014-9294.patch,
     ntp-4.2.6p5-cve-2014-9295.patch, ntp-4.2.6p5-cve-2014-9296.patch,
     CVE-2014-9297.patch, CVE-2014-9298.patch, CVE-2015-1798.patch,
     CVE-2015-1799.patch, bug-2797.patch, ntpd-ni-maxhost.patch,
     format-security.patch, sntp-manpage.patch, openssl-headers.patch
  * Remove autotools.patch since we run dh_autoreconf
  * Fix a new issue reported by -Werror=format-security
  * Adjust location in source file for ntpsweep
  * Upstream doesn't ship ntpsnmpd.1 anymore, so don't remove it
  * Update the default config to use the new pool method:
    - Use pool instead of server
    - Add restrict source line so servers can be added and removed
    - Add an rlimit memlock so that ntpd actually starts
  * Change the default restrict line to have a rate limit
  * Remove empty directory /usr/libexec
  * Prevent rpaths being set for all binaries
  * Install files to debian/tmp and use dh_install instead of dh_movefiles
  * Fix Lintian warning vcs-field-not-canonical
  * Update standards version
  * Remove obsolete "start" option to update-rc.d (closes: #755936)
  * Use flock instead of lockfile-progs for ntpdate.if-up (closes:
    #731976); change lock file location to /run/lock
  * Allow for multiple spaces or tabs for statsdir in /etc/ntp.conf
    (closes: #749761)

869c5c4... by Kurt Roeckx on 2015-04-10

Import patches-unapplied version 1:4.2.6.p5+dfsg-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 179e9bc847f967088de509bb4af8d1ca516714a6

New changelog entries:
  * Fix endless loop and non-random key generation using
    ntp-keygen on big endian machines.