lp://staging/ubuntu/trusty-updates/ntp

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

70. By Marc Deslauriers on 2015-04-13

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

69. By Marc Deslauriers on 2015-02-06

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

68. By Marc Deslauriers on 2014-12-20

* SECURITY UPDATE: weak default key in config_auth()
  - debian/patches/CVE-2014-9293.patch: use openssl for random key in
    ntpd/ntp_config.c, ntpd/ntpd.c.
  - CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
  seed used by ntp-keygen to generate symmetric keys
  - debian/patches/CVE-2014-9294.patch: use openssl for random key in
    include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
  - CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
  configure()
  - debian/patches/CVE-2014-9295.patch: check lengths in
    ntpd/ntp_control.c, ntpd/ntp_crypto.c.
  - CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
  - debian/patches/CVE-2015-9296.patch: add missing return in
    ntpd/ntp_proto.c.
  - CVE-2014-9296

67. By Jamie Strandboge on 2013-10-09

debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)

66. By Tyler Hicks on 2013-10-06

* Merge from Debian testing to regain crypto support (LP: #1236065). Remaining
  changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.if-up: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.if-up: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/rules: Update config.{guess,sub} for AArch64.

65. By Matthias Klose on 2013-08-05

Update config.{guess,sub} for AArch64.

64. By Jamie Strandboge on 2013-07-05

debian/apparmor-profile: Add /var/log/ntpstats/protostats* (LP: #1195898)

63. By Matthias Klose on 2013-04-03

* New upstream version, fixing build failure in raring.
* Merge with Debian; remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile:
    - debian/control: Add Conflicts/Replaces on apparmor-profiles.
    - debian/control: Add Suggests on apparmor.
    - debian/ntp.dirs: Add apparmor directories.
    - debian/ntp.preinst: Force complain on certain upgrades.
    - debian/ntp.postinst: Reload apparmor profile.
    - debian/ntp.postrm: Remove the force-complain file.
    - add debian/apparmor-profile*.
    - debian/rules: install apparmor-profile and apparmor-profile.tunable.
    - debian/README.Debian: Add note on AppArmor.
  + debian/{control,rules}: Add and enable hardened build for PIE.
  + debian/apparmor-profile: Adjust location of drift files.
  + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
  + debian/ntpdate-debian: Disregard empty ntp.conf files.
  + debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation.
  + debian/ntpdate.ifup: Fix interaction with openntpd.
  + debian/source_ntp.py: Add filter on AppArmor profile names to prevent
    false positives from denials originating in other packages.
  + debian/apparmor-profile: Add samba4 ntp signing socket to ntpd apparmor
    profile.
  + debian/apparmor-profile: adjust for IPv6.

62. By Marc Deslauriers on 2012-08-20

debian/source_ntp.py: add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.

61. By Sebastien Bacher on 2012-06-04

Re-enable crypto support by pointing openssl libdir to multiarch dir,
change backported from Debian, thanks Yves-Alexis Perez (lp: #998403)