Change logs for ntp source package in Lucid

  • ntp (1:4.2.4p8+dfsg-1ubuntu2.3) lucid-security; urgency=medium
    
      * SECURITY UPDATE: denial of service and possible info leakage via
        extension fields
        - debian/patches/CVE-2014-9297.patch: properly check lengths in
          ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
        - CVE-2014-9297
      * SECURITY UPDATE: IPv6 ACL bypass
        - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
          ntpd/ntp_io.c.
        - CVE-2014-9298
     -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 09:32:14 -0500
  • ntp (1:4.2.4p8+dfsg-1ubuntu2.2) lucid-security; urgency=medium
    
      * SECURITY UPDATE: weak default key in config_auth()
        - debian/patches/CVE-2014-9293.patch: use openssl for random key in
          ntpd/ntp_config.c, ntpd/ntpd.c.
        - CVE-2014-9293
      * SECURITY UPDATE: non-cryptographic random number generator with weak
        seed used by ntp-keygen to generate symmetric keys
        - debian/patches/CVE-2014-9294.patch: use openssl for random key in
          include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
        - CVE-2014-9294
      * SECURITY UPDATE: buffer overflows in crypto_recv() and ctl_putdata()
        - debian/patches/CVE-2014-9295.patch: check lengths in
          ntpd/ntp_control.c, ntpd/ntp_crypto.c.
        - CVE-2014-9295
     -- Marc Deslauriers <email address hidden>   Sat, 20 Dec 2014 06:31:53 -0500
  • ntp (1:4.2.4p8+dfsg-1ubuntu2.1) lucid-proposed; urgency=low
    
      * debian/patches/fix-noipv4.patch: support running in IPv6 only
        environments (LP: #715152).
     -- James Page <email address hidden>   Mon, 11 Apr 2011 11:27:28 +0100
  • ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low
    
      * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
        (LP: #517701)
     -- Jamie Strandboge <email address hidden>   Thu, 08 Apr 2010 16:24:42 -0500
  • ntp (1:4.2.4p8+dfsg-1ubuntu1) lucid; urgency=low
    
      * Merge from debian testing, remaining changes:
        + debian/ntp.conf, debian/ntpdate.default: Change default server to
          ntp.ubuntu.com.
        + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
          comes up, then start again afterwards.
        + debian/ntp.init, debian/rules: Only stop when entering single user mode.
        + Add enforcing AppArmor profile (LP: #382905):
          - debian/control: add Conflicts/Replaces on apparmor-profiles <
            2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
            apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
          - debian/control: add Suggests on apparmor
          - debian/ntp.dirs: add apparmor directories
          - debian/ntp.preinst: force complain on certain upgrades
          - debian/ntp.postinst: reload apparmor profile
          - debian/ntp.postrm: remove the force-complain file
          - add debian/apparmor-profile*
          - debian/rules: install apparmor-profile and apparmor-profile.tunable
          - debian/README.Debian: add note on AppArmor
        + debian/{control,rules}: add and enable hardened build for PIE
          (Debian bug 542721).
        + debian/apparmor-profile: adjust location of drift files (LP: #456308)
        + Dropped changes, merged in debian:
          - fix-nano.patch: Use mod_nano.patch from debian.
        + Dropped changes, superseded upstream/in Debian:
          - debian/patches/CVE-2009-1252.patch: No longer needed.
          - debian/patches/debian/patches/CVE-2009-0159.patch: No longer needed.
    
       [Chuck Short]
       + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport
         hook, apart of the server-lucid-apport-hooks specification.
     -- Chuck Short <email address hidden>   Tue, 02 Feb 2010 18:36:29 -0500
  • ntp (1:4.2.4p6+dfsg-2ubuntu4) lucid; urgency=low
    
      * debian/rules: install symlink for early loading of per-interface
        triggered ntp AppArmor profile.
     -- Kees Cook <email address hidden>   Tue, 15 Dec 2009 11:35:33 -0800
  • ntp (1:4.2.4p6+dfsg-2ubuntu3) lucid; urgency=low
    
      * SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
        - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
          not send a response packet for and rate limit logging of invalid mode 7
          requests and responses
        - CVE-2009-3563
     -- Jamie Strandboge <email address hidden>   Tue, 08 Dec 2009 13:52:12 -0600
  • ntp (1:4.2.4p6+dfsg-2ubuntu2) lucid; urgency=low
    
      * debian/rules: enable debugging (LP: #47683)
      * debian/ntpdate-if.up: Hide invoke-rc.d output. (LP: #489585)
      * debian/man/ntptrace.1:  Update man page removed ghost options. (LP: #351989)
     -- Chuck Short <email address hidden>   Mon, 07 Dec 2009 14:59:28 -0500
  • ntp (1:4.2.4p6+dfsg-2ubuntu1) lucid; urgency=low
    
      * Merge from debian testing, remaining changes:
        + debian/ntp.conf, debian/ntpdate.default: Change default server to
          ntp.ubuntu.com.
        + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
          comes up, then start again afterwards
        + debian/ntp.init, debian/rules: Only stop when entering single user mode.
        + Add enforcing AppArmor profile (LP: #382905)
          - debian/control: add Conflicts/Replaces on apparmor-profiles <
            2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
            apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
            tunables/ntpd)
          - debian/control: add Suggests on apparmor
          - debian/ntp.dirs: add apparmor directories
          - debian/ntp.preinst: force complain on certain upgrades
          - debian/ntp.postinst: reload apparmor profile
          - debian/ntp.postrm: remove the force-complain file
          - add debian/apparmor-profile*
          - debian/rules: install apparmor-profile and apparmor-profile.tunable
          - debian/README.Debian: add note on AppArmor
        + debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242)
        + debian/{control,rules}: add and enable hardened build for PIE
          (Debian bug 542721).
        + debian/apparmor-profile: adjust location of drift files (LP: #456308)
        + Dropped changes, merged in Debian:
          - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
            Josh Holland <email address hidden>
        + Dropped changes, superseded upstream/in Debian:
          - debian/patches/CVE-2009-0159.patch: Use Debian's version of the patch.
          - debian/patches/CVE-2009-1252.patch: Use Debian's version of the patch.
    
    ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium
    
      * Fixed typo in ntpdate man page (closes: #526086)
      * Updated standards version
      * Moved .dhcp version of configuration files to /var/lib/ntp and
        /var/lib/ntpdate (closes: #524035)
      * Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign
        complaint
      * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
      * Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373)
      * Use new status_of_proc function to report status in ntp init script
      * Updated the config.guess/sub handling as recommended by autotools-dev to
        not clutter the diff, added autotools-dev to build dependencies
     -- Chuck Short <email address hidden>   Fri, 06 Nov 2009 01:34:35 +0000
  • ntp (1:4.2.4p6+dfsg-1ubuntu5) karmic; urgency=low
    
      * debian/apparmor-profile: adjust location of drift files (LP: #456308)
    
     -- Jamie Strandboge <email address hidden>   Wed, 21 Oct 2009 07:07:31 -0500