merge ntp 1:4.2.8p11+dfsg-1 for cosmic

Drops due to my contribs being accepted in Debian:
  pick 1dc3bef2 DROP: d/ntp-systemd-wrapper protect service startup from ntpdate (LP: #1706818)
  pick 3018fe81 DROP: add attach_disconnected to let ntp report log messages (LP: #1727202)
  pick 316d86fa DROP: * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227)
  pick 448d707f DROP: * fix apparmor denial when checking for running ntpdate (LP: 1749389)

Prepared ppa at https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3273

I checked a few more bugs I wanted to check with the new version and updated the bugs.
Also I cleared quite a bunch of ntp bugs this morning by retriaging them before the merge.

Upgrade/Install from the ppa seemed good.
Tests from the ppa show no new regressions good (including the qa regression tests).

Opening up the MP for this merge at: https://code.launchpad.net/~paelzer/ubuntu/+source/ntp/+git/ntp/+merge/347033

This bug was fixed in the package ntp - 1:4.2.8p11+dfsg-1ubuntu1

---------------
ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1773921). Remaining changes:
    - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
    - Add PPS support (LP 1512980):
      + debian/README.Debian: Add a PPS section to the README.Debian
      + debian/ntp.conf: Add some PPS configuration examples from the offical
        documentation.
    - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
  * Dropped Changes (accepted in Debian)
    - d/ntp-systemd-wrapper protect systemd service startup from concurrent
      ntpdate processes the same way it was protected on sysv-init (LP 1706818)
    - debian/apparmor-profile: add attach_disconnected which is needed in some
      cases to let ntp report its log messages (LP 1727202).
    - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
    - fix apparmor denial when checking for running ntpdate (LP 1749389)

ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium

  * New upstream version 4.2.8p11+dfsg (Closes: #851096)
    - Refresh patches
    - Drop ntpd-increase-stack-size included upstream
    - CVE-2018-7185: Unauthenticated packet can reset authenticated
      interleaved association (LOW/MED)
    - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
      (LOW/MED)
    - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
      symmetric passive peering (LOW)
    - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
    - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
      behavior and information leak (Info/Medium)
    - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
      (mitigated in 4.2.8p7)
  * convert dfsg.sh into mk-origtargz script
  * Run wrap-and-sort
  * Sync AppArmor profile changes from Ubuntu, including a fix for a
    harmless AppArmor denial in /usr/local (Closes: #883022)
  * Don't chown in postinst recursively.
    Thanks to Daniel Kahn Gillmor (Closes: #889488)
  * Build sntp against system libevent
  * Drop versioned build-deps already fulfilled by oldoldstable

ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium

  * Make sntp KoD path FHS-compliant.
    Thanks to Aaron Smith (Closes: #863873)
  * Drop historic Breaks/Pre-Depends
  * Drop historic conffile handling from pre-jessie
  * Adjust ntpdate description stating that it is deprecated
  * Move Vcs-* to salsa
  * Bump Standards-Version to 4.1.3.0, no changes necessary
  * Cherry-pick patch from upstream to increase stack size.
    Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
  * Temporarily add ntpdate lock for systemd wrapper.
    Thanks to Christian Ehrhardt (Closes: #874540)
  * Add note about AppArmor tunable in README.Debian (Closes: #883949)

 -- Christian Ehrhardt <email address hidden> Tue, 29 May 2018 10:34:11 +0200