Ubuntu
ntp package

lp:ubuntu/lucid-security/ntp

  1. Lucid (10.04)
  2. lucid-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/ntp
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

41. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

40. By Marc Deslauriers

* SECURITY UPDATE: weak default key in config_auth()
  - debian/patches/CVE-2014-9293.patch: use openssl for random key in
    ntpd/ntp_config.c, ntpd/ntpd.c.
  - CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
  seed used by ntp-keygen to generate symmetric keys
  - debian/patches/CVE-2014-9294.patch: use openssl for random key in
    include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
  - CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv() and ctl_putdata()
  - debian/patches/CVE-2014-9295.patch: check lengths in
    ntpd/ntp_control.c, ntpd/ntp_crypto.c.
  - CVE-2014-9295

39. By Jamie Strandboge

debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
(LP: #517701)

38. By Chuck Short

* Merge from debian testing, remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards.
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile (LP: #382905):
    - debian/control: add Conflicts/Replaces on apparmor-profiles <
      2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
      apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping tunables/ntpd)
    - debian/control: add Suggests on apparmor
    - debian/ntp.dirs: add apparmor directories
    - debian/ntp.preinst: force complain on certain upgrades
    - debian/ntp.postinst: reload apparmor profile
    - debian/ntp.postrm: remove the force-complain file
    - add debian/apparmor-profile*
    - debian/rules: install apparmor-profile and apparmor-profile.tunable
    - debian/README.Debian: add note on AppArmor
  + debian/{control,rules}: add and enable hardened build for PIE
    (Debian bug 542721).
  + debian/apparmor-profile: adjust location of drift files (LP: #456308)
  + Dropped changes, merged in debian:
    - fix-nano.patch: Use mod_nano.patch from debian.
  + Dropped changes, superseded upstream/in Debian:
    - debian/patches/CVE-2009-1252.patch: No longer needed.
    - debian/patches/debian/patches/CVE-2009-0159.patch: No longer needed.

 [Chuck Short]
 + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport
   hook, apart of the server-lucid-apport-hooks specification.

37. By Kees Cook

debian/rules: install symlink for early loading of per-interface
triggered ntp AppArmor profile.

36. By Jamie Strandboge

* SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets
  - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to
    not send a response packet for and rate limit logging of invalid mode 7
    requests and responses
  - CVE-2009-3563

35. By Chuck Short

* debian/rules: enable debugging (LP: #47683)
* debian/ntpdate-if.up: Hide invoke-rc.d output. (LP: #489585)
* debian/man/ntptrace.1: Update man page removed ghost options. (LP: #351989)

34. By Chuck Short

* Merge from debian testing, remaining changes:
  + debian/ntp.conf, debian/ntpdate.default: Change default server to
    ntp.ubuntu.com.
  + debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
    comes up, then start again afterwards
  + debian/ntp.init, debian/rules: Only stop when entering single user mode.
  + Add enforcing AppArmor profile (LP: #382905)
    - debian/control: add Conflicts/Replaces on apparmor-profiles <
      2.3.1+1403-0ubuntu10 (since we are now shipping usr.sbin.ntpd) and
      apparmor < 2.3.1+1403-0ubuntu10 (since we are now shipping
      tunables/ntpd)
    - debian/control: add Suggests on apparmor
    - debian/ntp.dirs: add apparmor directories
    - debian/ntp.preinst: force complain on certain upgrades
    - debian/ntp.postinst: reload apparmor profile
    - debian/ntp.postrm: remove the force-complain file
    - add debian/apparmor-profile*
    - debian/rules: install apparmor-profile and apparmor-profile.tunable
    - debian/README.Debian: add note on AppArmor
  + debian/patches/fix-nano.patch: enable nanokernel support (LP: #412242)
  + debian/{control,rules}: add and enable hardened build for PIE
    (Debian bug 542721).
  + debian/apparmor-profile: adjust location of drift files (LP: #456308)
  + Dropped changes, merged in Debian:
    - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
      Josh Holland <email address hidden>
  + Dropped changes, superseded upstream/in Debian:
    - debian/patches/CVE-2009-0159.patch: Use Debian's version of the patch.
    - debian/patches/CVE-2009-1252.patch: Use Debian's version of the patch.

33. By Jamie Strandboge

debian/apparmor-profile: adjust location of drift files (LP: #456308)

32. By Kees Cook

debian/{control,rules}: add and enable hardened build for PIE
(Debian bug 542721).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/vivid/ntp
This branch contains Public information 
Everyone can see this information.

Subscribers