merge ntp 1:4.2.8p11+dfsg-1 for cosmic

Bug #1773921 reported by Christian Ehrhardt  on 2018-05-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Undecided
Unassigned

Bug Description

Debian has picked many of our Apparmor changes whcih simplifies Delta.
Also the newer Upstream version is good to have.

I have marked a few bugs to retest with this new build, but need the merge build first.

Related branches

Drops due to my contribs being accepted in Debian:
  pick 1dc3bef2 DROP: d/ntp-systemd-wrapper protect service startup from ntpdate (LP: #1706818)
  pick 3018fe81 DROP: add attach_disconnected to let ntp report log messages (LP: #1727202)
  pick 316d86fa DROP: * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227)
  pick 448d707f DROP: * fix apparmor denial when checking for running ntpdate (LP: 1749389)

Changed in ntp (Ubuntu):
status: New → In Progress

Prepared ppa at https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3273

I checked a few more bugs I wanted to check with the new version and updated the bugs.
Also I cleared quite a bunch of ntp bugs this morning by retriaging them before the merge.

Upgrade/Install from the ppa seemed good.
Tests from the ppa show no new regressions good (including the qa regression tests).

Opening up the MP for this merge at: https://code.launchpad.net/~paelzer/ubuntu/+source/ntp/+git/ntp/+merge/347033

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.8p11+dfsg-1ubuntu1

---------------
ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1773921). Remaining changes:
    - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
    - Add PPS support (LP 1512980):
      + debian/README.Debian: Add a PPS section to the README.Debian
      + debian/ntp.conf: Add some PPS configuration examples from the offical
        documentation.
    - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
  * Dropped Changes (accepted in Debian)
    - d/ntp-systemd-wrapper protect systemd service startup from concurrent
      ntpdate processes the same way it was protected on sysv-init (LP 1706818)
    - debian/apparmor-profile: add attach_disconnected which is needed in some
      cases to let ntp report its log messages (LP 1727202).
    - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
    - fix apparmor denial when checking for running ntpdate (LP 1749389)

ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium

  * New upstream version 4.2.8p11+dfsg (Closes: #851096)
    - Refresh patches
    - Drop ntpd-increase-stack-size included upstream
    - CVE-2018-7185: Unauthenticated packet can reset authenticated
      interleaved association (LOW/MED)
    - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
      (LOW/MED)
    - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
      symmetric passive peering (LOW)
    - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
    - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
      behavior and information leak (Info/Medium)
    - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
      (mitigated in 4.2.8p7)
  * convert dfsg.sh into mk-origtargz script
  * Run wrap-and-sort
  * Sync AppArmor profile changes from Ubuntu, including a fix for a
    harmless AppArmor denial in /usr/local (Closes: #883022)
  * Don't chown in postinst recursively.
    Thanks to Daniel Kahn Gillmor (Closes: #889488)
  * Build sntp against system libevent
  * Drop versioned build-deps already fulfilled by oldoldstable

ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium

  * Make sntp KoD path FHS-compliant.
    Thanks to Aaron Smith (Closes: #863873)
  * Drop historic Breaks/Pre-Depends
  * Drop historic conffile handling from pre-jessie
  * Adjust ntpdate description stating that it is deprecated
  * Move Vcs-* to salsa
  * Bump Standards-Version to 4.1.3.0, no changes necessary
  * Cherry-pick patch from upstream to increase stack size.
    Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
  * Temporarily add ntpdate lock for systemd wrapper.
    Thanks to Christian Ehrhardt (Closes: #874540)
  * Add note about AppArmor tunable in README.Debian (Closes: #883949)

 -- Christian Ehrhardt <email address hidden> Tue, 29 May 2018 10:34:11 +0200

Changed in ntp (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers