ubuntu/+source/ntp:ubuntu/xenial-updates

Last commit made on 2018-07-09
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/ntp
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-updates
Repository:
lp:ubuntu/+source/ntp

Recent commits

d89e9b7... by Marc Deslauriers on 2018-07-06

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.9 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 3068102155edf7b78dfd5f24aa9ef5aab07d2774

New changelog entries:
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

3068102... by Christian Ehrhardt  on 2018-02-14

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.8 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: fce06e4f9b9fa4c8b9fc52cdbc879054a94d75a3

New changelog entries:
  * d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389)

fce06e4... by Christian Ehrhardt  on 2017-09-05

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.7 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 597e8f462e04d44a07a644e41ca3ea6c508b9993

New changelog entries:
  * d/ntp.init: fix lock path to match the ntpdate ifup hook. Furthermore
    drop the usage of lockfile-progs calls and instead use flock directly.
    This is a backport of changes made in 1:4.2.8p7+dfsg-1 (LP: #1706818)

597e8f4... by Christian Ehrhardt  on 2017-07-07

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.6 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9174ca052b2d8ec5b19da3ae6020b3b656fb2f57

New changelog entries:
  * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
    updates - fixes ntp restart storms due to network changes, fixes
    accidential start of ntp, avoids issues of ntpdate jumping too far while
    running ntp was supposed to drift (LP: #1593907)

9174ca0... by Marc Deslauriers on 2017-06-28

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.5 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 26c377b3f84034a3aed323942b73dae7563c812c

New changelog entries:
  * SECURITY UPDATE: DoS via large request data value
    - debian/patches/CVE-2016-2519.patch: check packet in
      ntpd/ntp_control.c.
    - CVE-2016-2519
  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: DoS via response for a source to an interface the
    source does not use
    - debian/patches/CVE-2016-7429-1.patch: add extra checks to
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
      in ntpd/ntp_peer.c.
    - CVE-2016-7429
  * SECURITY UPDATE: incorrect initial sync calculations
    - debian/patches/CVE-2016-7433.patch: use peer dispersion in
      ntpd/ntp_proto.c.
    - CVE-2016-7433
  * SECURITY UPDATE: DoS via crafted mrulist query
    - debian/patches/CVE-2016-7434.patch: added missing parameter
      validation to ntpd/ntp_control.c.
    - CVE-2016-7434
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: overflow via long flagstr variable
    - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
    - CVE-2017-6460
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

26c377b... by Philip Roche on 2017-01-19

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4ffc9d1443e31a8606330ee4f1b0027f998902ae

New changelog entries:
  * Fix ntp.dhcp to also check for pool and better handle spaces and tabs.
    (LP: #1656801)

4ffc9d1... by Marc Deslauriers on 2016-10-05

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1a3de5268c161cd90020c3036ee2e1e25baa1f69

New changelog entries:
  * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
    - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
      include/ntp.h, ntpd/ntp_proto.c.
    - CVE-2015-7973
  * SECURITY UPDATE: impersonation between authenticated peers
    - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
    - CVE-2015-7974
  * SECURITY UPDATE: ntpq buffer overflow
    - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
    - CVE-2015-7975
  * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
    filenames
    - debian/patches/CVE-2015-7976.patch: check filename in
      ntpd/ntp_control.c.
    - CVE-2015-7976
  * SECURITY UPDATE: restrict list denial of service
    - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
      processing in ntpd/ntp_request.c.
    - CVE-2015-7977
    - CVE-2015-7978
  * SECURITY UPDATE: authenticated broadcast mode off-path denial of
    service
    - debian/patches/CVE-2015-7979.patch: add more checks to
      ntpd/ntp_proto.c.
    - CVE-2015-7979
    - CVE-2016-1547
  * SECURITY UPDATE: Zero Origin Timestamp Bypass
    - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
    - CVE-2015-8138
  * SECURITY UPDATE: potential infinite loop in ntpq
    - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
      ntpq/ntpq.c.
    - CVE-2015-8158
  * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
    - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
    - CVE-2016-0727
  * SECURITY UPDATE: time spoofing via interleaved symmetric mode
    - debian/patches/CVE-2016-1548.patch: check for bogus packets in
      ntpd/ntp_proto.c.
    - CVE-2016-1548
  * SECURITY UPDATE: buffer comparison timing attacks
    - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
      libntp/a_md5encrypt.c, sntp/crypto.c.
    - CVE-2016-1550
  * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
    - debian/patches/CVE-2016-2516.patch: improve logic in
      ntpd/ntp_request.c.
    - CVE-2016-2516
  * SECURITY UPDATE: denial of service via crafted addpeer
    - debian/patches/CVE-2016-2518.patch: check mode value in
      ntpd/ntp_request.c.
    - CVE-2016-2518
  * SECURITY UPDATE: denial of service via spoofed packets
    - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
      in ntpd/ntp_proto.c.
    - CVE-2016-4954
  * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
    MAC
    - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
    - CVE-2016-4955
  * SECURITY UPDATE: denial of service via spoofed broadcast packet
    - debian/patches/CVE-2016-4956.patch: properly handle switch in
      broadcast interleaved mode in ntpd/ntp_proto.c.
    - CVE-2016-4956

1a3de52... by Christian Ehrhardt  on 2016-09-20

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: aeb4bb8e773ca7dfc1a29a3e476c4c6345202217

New changelog entries:
  * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698)

aeb4bb8... by Christian Ehrhardt  on 2016-08-01

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5.1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 43eeb53181428c2a83ddae9d7e848e2c6ac5945a

New changelog entries:
  * d/p/ntp-4.2.8p4-segfaults-[1-3]-3.patch fix startup crashes by
    including Juergen Perlinger's work on upstream bugs 2954 and 2831 to
    fix those (LP: #1567540).

43eeb53... by Jamie Strandboge on 2016-04-07

Import patches-unapplied version 1:4.2.8p4+dfsg-3ubuntu5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 71a2b8e2f0ad1d2247cc0b572a66f881c9547d27

New changelog entries:
  * debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
    Patch thanks to Mark Shuttleworth. (LP: #1564832)