-
ntp (1:4.2.8p10+dfsg-5ubuntu3.3) artful-security; urgency=medium
* SECURITY UPDATE: DoS via mode 6 packet
- debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in
ntpd/ntp_control.c.
- CVE-2018-7182
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via packet with zero-origin timestamp
- debian/patches/CVE-2018-7184.patch: recover from bad state in
ntpd/ntp_proto.c.
- CVE-2018-7184
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:23:18 -0400
-
ntp (1:4.2.8p10+dfsg-5ubuntu3.2) artful; urgency=medium
* d/apparmor-profile: avoid denies on argument checks (LP: #1741227)
* d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389)
-- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 13:14:24 +0100
-
ntp (1:4.2.8p10+dfsg-5ubuntu3.1) artful; urgency=medium
* debian/apparmor-profile: add attach_disconnected which is needed in some
cases to let ntp report its log messages (LP: #1727202).
-- Christian Ehrhardt <email address hidden> Mon, 18 Dec 2017 13:19:36 +0100
-
ntp (1:4.2.8p10+dfsg-5ubuntu3) artful; urgency=medium
* d/ntp.dhcp add support for parsing systemd networkd lease files LP:
#1717983
-- Dimitri John Ledkov <email address hidden> Tue, 03 Oct 2017 01:54:33 +0100
-
ntp (1:4.2.8p10+dfsg-5ubuntu2) artful; urgency=medium
* d/ntp-systemd-wrapper protect systemd service startup from concurrent
ntpdate processes the same way it was protected on sysv-init (LP: #1706818)
-- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 15:09:08 +0200
-
ntp (1:4.2.8p10+dfsg-5ubuntu1) artful; urgency=medium
* Merge with Debian unstable (LP: #1604010). Remaining changes:
- d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
- Add PPS support (LP 1512980):
+ debian/README.Debian: Add a PPS section to the README.Debian,
removed all PPSkit one.
+ debian/ntp.conf: Add some configuration examples from the offical
documentation.
* Drop Changes (contribs accepted in Debian):
- Apparmor bits not yet accepted in Debian
+ d/apparmor-profile add samba winbindd pipe (LP 1582767)
- Fix ntpdate-debian to be able to parse new config of ntp (LP 1576698)
- d/rules: enable debugging
- d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
+ d/source_ntp.py: includes a filter on AppArmor profile names to prevent
false positives from denials originating in other packages
-- Christian Ehrhardt <email address hidden> Wed, 21 Jun 2017 16:17:38 +0200
-
ntp (1:4.2.8p10+dfsg-1ubuntu1) artful; urgency=medium
* Merge from Debian testing. Remaining changes:
+ d/rules: enable debugging
+ d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
- d/source_ntp.py: includes a filter on AppArmor profile names to prevent
false positives from denials originating in other packages
+ d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
+ Fix ntpdate-debian to be able to parse new config of ntp
+ PPS Documentation:
- d/README.Debian: Add a PPS section to the README.Debian,
removed all PPSkit one.
- d/ntp.conf: Add some configuration examples from the offical
documentation.
+ Apparmor bits not yet accepted in Debian
- d/apparmor-profile add samba winbindd pipe
* Drop Changes:
+ d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y); dropped
as this was only needed while CVE delta was in place that needed
ntpd/ntp_parser.[ch] regenerated from ntpd/ntp_parser.y
+ d/control: Add Suggests on apparmor; drop delta as this is not strictly
needed.
+ Create etc/apparmor.d/{force-complain,tunables}/; force-complain is not
used and tunables is handled by the install -D in debian/rules
+ d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
running ntpdate when an interface comes up, then start again afterwards;
dropping because this actually was a bad workaround to restart ntpd often
in case it didn't find its peers when starting initially with many follow
on fixes and follow on bugs around.
+ d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to
new path /run/ntp.conf.dhcp); fixed in Debian by bug 600661
+ d/ntp.init: Only stop when entering single user mode; that change is a
no-op in systemd environments so it can be dropped
-- Christian Ehrhardt <email address hidden> Tue, 02 May 2017 16:24:56 +0200
-
ntp (1:4.2.8p9+dfsg-2ubuntu1) zesty; urgency=medium
* Merge from Debian testing. Remaining changes (LP: #427775):
+ d/rules: enable debugging
+ d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
+ d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
running ntpdate when an interface comes up, then start again afterwards.
+ d/ntp.init: Only stop when entering single user mode
+ d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to
new path /run/ntp.conf.dhcp)
+ d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
+ d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
+ Fix ntpdate-debian to be able to parse new config of ntp
+ Add PPS support:
- d/README.Debian: Add a PPS section to the README.Debian,
removed all PPSkit one.
- d/ntp.conf: Add some configuration examples from the offical
documentation.
+ Add Apparmor bits not yet accepted in Debian
- d/control: Add Suggests on apparmor.
- d/source_ntp.py: Add filter on AppArmor profile names to prevent
false positives from denials originating in other packages
- d/apparmor-profile add samba winbindd pipe
- Create etc/apparmor.d/{force-complain,tunables}/
* Drop Changes:
+ SECURITY UPDATE: NTP statsdir cleanup cronjob insecure
(was accepted in Debian).
+ d/control: different conflicts/replaces versions on apparmor (was a
dependency on a higher apparmor version, but today all releases are newer)
-- Christian Ehrhardt <email address hidden> Thu, 01 Dec 2016 15:40:22 +0100