lp://staging/ubuntu/lucid-updates/ntp
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-updates/ntp
Branch merges
Branch information
Recent revisions
- 42. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible info leakage via
extension fields
- debian/patches/ CVE-2014- 9297.patch: properly check lengths in
ntpd/ntp_crypto. c, ntpd/ntp_proto.c.
- CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
- debian/patches/ CVE-2014- 9298.patch: check for spoofed ::1 in
ntpd/ntp_io.c.
- CVE-2014-9298 - 41. By Marc Deslauriers
-
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/ CVE-2014- 9293.patch: use openssl for random key in
ntpd/ntp_config. c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/ CVE-2014- 9294.patch: use openssl for random key in
include/ntp_random. h, libntp/ ntp_random. c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv() and ctl_putdata()
- debian/patches/ CVE-2014- 9295.patch: check lengths in
ntpd/ntp_control. c, ntpd/ntp_crypto.c.
- CVE-2014-9295 - 40. By James Page
-
debian/
patches/ fix-noipv4. patch: support running in IPv6 only
environments (LP: #715152). - 39. By Jamie Strandboge
-
debian/
apparmor- profile: allow reading of /var/lib/ ntp/ntp. conf.dhcp
(LP: #517701) - 38. By Chuck Short
-
* Merge from debian testing, remaining changes:
+ debian/ntp.conf, debian/ntpdate. default: Change default server to
ntp.ubuntu.com.
+ debian/ntpdate. ifup: Stop ntp before running ntpdate when an interface
comes up, then start again afterwards.
+ debian/ntp.init, debian/rules: Only stop when entering single user mode.
+ Add enforcing AppArmor profile (LP: #382905):
- debian/control: add Conflicts/Replaces on apparmor-profiles <
2.3.1+1403- 0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
- debian/control: add Suggests on apparmor
- debian/ntp.dirs: add apparmor directories
- debian/ntp.preinst: force complain on certain upgrades
- debian/ntp.postinst: reload apparmor profile
- debian/ntp.postrm: remove the force-complain file
- add debian/apparmor- profile*
- debian/rules: install apparmor-profile and apparmor-profile. tunable
- debian/README. Debian: add note on AppArmor
+ debian/{control, rules}: add and enable hardened build for PIE
(Debian bug 542721).
+ debian/apparmor- profile: adjust location of drift files (LP: #456308)
+ Dropped changes, merged in debian:
- fix-nano.patch: Use mod_nano.patch from debian.
+ Dropped changes, superseded upstream/in Debian:
- debian/patches/ CVE-2009- 1252.patch: No longer needed.
- debian/patches/ debian/ patches/ CVE-2009- 0159.patch: No longer needed. [Chuck Short]
+ debian/rules, debian/ntp.dirs, debian/source_ ntp.py: Add apport
hook, apart of the server-lucid-apport- hooks specification. - 37. By Kees Cook
-
debian/rules: install symlink for early loading of per-interface
triggered ntp AppArmor profile. - 36. By Jamie Strandboge
-
* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
- debian/patches/ CVE-2009- 3563.patch: update ntpd/ntp_request.c to
not send a response packet for and rate limit logging of invalid mode 7
requests and responses
- CVE-2009-3563 - 35. By Chuck Short
-
* debian/rules: enable debugging (LP: #47683)
* debian/ntpdate- if.up: Hide invoke-rc.d output. (LP: #489585)
* debian/man/ntptrace. 1: Update man page removed ghost options. (LP: #351989) - 34. By Chuck Short
-
* Merge from debian testing, remaining changes:
+ debian/ntp.conf, debian/ntpdate. default: Change default server to
ntp.ubuntu.com.
+ debian/ntpdate. ifup: Stop ntp before running ntpdate when an interface
comes up, then start again afterwards
+ debian/ntp.init, debian/rules: Only stop when entering single user mode.
+ Add enforcing AppArmor profile (LP: #382905)
- debian/control: add Conflicts/Replaces on apparmor-profiles <
2.3.1+1403- 0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
tunables/ntpd)
- debian/control: add Suggests on apparmor
- debian/ntp.dirs: add apparmor directories
- debian/ntp.preinst: force complain on certain upgrades
- debian/ntp.postinst: reload apparmor profile
- debian/ntp.postrm: remove the force-complain file
- add debian/apparmor- profile*
- debian/rules: install apparmor-profile and apparmor-profile. tunable
- debian/README. Debian: add note on AppArmor
+ debian/patches/ fix-nano. patch: enable nanokernel support (LP: #412242)
+ debian/{control, rules}: add and enable hardened build for PIE
(Debian bug 542721).
+ debian/apparmor- profile: adjust location of drift files (LP: #456308)
+ Dropped changes, merged in Debian:
- debian/man/ntpdate. 8 - fix debian shipped manpage; patch by
Josh Holland <email address hidden>
+ Dropped changes, superseded upstream/in Debian:
- debian/patches/ CVE-2009- 0159.patch: Use Debian's version of the patch.
- debian/patches/ CVE-2009- 1252.patch: Use Debian's version of the patch.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/natty/ntp