* Merge with Debian unstable (LP: #1773921). Remaining changes:
- d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
- Add PPS support (LP 1512980):
+ debian/README.Debian: Add a PPS section to the README.Debian
+ debian/ntp.conf: Add some PPS configuration examples from the offical documentation.
- d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
* Dropped Changes (accepted in Debian)
- d/ntp-systemd-wrapper protect systemd service startup from concurrent
ntpdate processes the same way it was protected on sysv-init (LP 1706818)
- debian/apparmor-profile: add attach_disconnected which is needed in some
cases to let ntp report its log messages (LP 1727202).
- debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
- fix apparmor denial when checking for running ntpdate (LP 1749389)
ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
* New upstream version 4.2.8p11+dfsg (Closes: #851096)
- Refresh patches
- Drop ntpd-increase-stack-size included upstream
- CVE-2018-7185: Unauthenticated packet can reset authenticated
interleaved association (LOW/MED)
- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
(LOW/MED)
- CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
symmetric passive peering (LOW)
- CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
- CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak (Info/Medium)
- CVE-2016-1549: Sybil vulnerability: ephemeral association attack
(mitigated in 4.2.8p7)
* convert dfsg.sh into mk-origtargz script
* Run wrap-and-sort
* Sync AppArmor profile changes from Ubuntu, including a fix for a
harmless AppArmor denial in /usr/local (Closes: #883022)
* Don't chown in postinst recursively.
Thanks to Daniel Kahn Gillmor (Closes: #889488)
* Build sntp against system libevent
* Drop versioned build-deps already fulfilled by oldoldstable
ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium
* Make sntp KoD path FHS-compliant.
Thanks to Aaron Smith (Closes: #863873)
* Drop historic Breaks/Pre-Depends
* Drop historic conffile handling from pre-jessie
* Adjust ntpdate description stating that it is deprecated
* Move Vcs-* to salsa
* Bump Standards-Version to 4.1.3.0, no changes necessary
* Cherry-pick patch from upstream to increase stack size.
Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
* Temporarily add ntpdate lock for systemd wrapper.
Thanks to Christian Ehrhardt (Closes: #874540)
* Add note about AppArmor tunable in README.Debian (Closes: #883949)
-- Christian Ehrhardt <email address hidden> Tue, 29 May 2018 10:34:11 +0200
This bug was fixed in the package ntp - 1:4.2.8p11+ dfsg-1ubuntu1
--------------- 8p11+dfsg- 1ubuntu1) cosmic; urgency=medium
ntp (1:4.2.
* Merge with Debian unstable (LP: #1773921). Remaining changes: README. Debian: Add a PPS section to the README.Debian
documentation. wrapper protect systemd service startup from concurrent apparmor- profile: add attach_disconnected which is needed in some apparmor- profile: avoid denies to to arg checks (LP 1741227)
- d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
- Add PPS support (LP 1512980):
+ debian/
+ debian/ntp.conf: Add some PPS configuration examples from the offical
- d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
* Dropped Changes (accepted in Debian)
- d/ntp-systemd-
ntpdate processes the same way it was protected on sysv-init (LP 1706818)
- debian/
cases to let ntp report its log messages (LP 1727202).
- debian/
- fix apparmor denial when checking for running ntpdate (LP 1749389)
ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
* New upstream version 4.2.8p11+dfsg (Closes: #851096) stack-size included upstream
- Refresh patches
- Drop ntpd-increase-
- CVE-2018-7185: Unauthenticated packet can reset authenticated
interleaved association (LOW/MED)
- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
(LOW/MED)
- CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
symmetric passive peering (LOW)
- CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
- CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak (Info/Medium)
- CVE-2016-1549: Sybil vulnerability: ephemeral association attack
(mitigated in 4.2.8p7)
* convert dfsg.sh into mk-origtargz script
* Run wrap-and-sort
* Sync AppArmor profile changes from Ubuntu, including a fix for a
harmless AppArmor denial in /usr/local (Closes: #883022)
* Don't chown in postinst recursively.
Thanks to Daniel Kahn Gillmor (Closes: #889488)
* Build sntp against system libevent
* Drop versioned build-deps already fulfilled by oldoldstable
ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium
* Make sntp KoD path FHS-compliant.
Thanks to Aaron Smith (Closes: #863873)
* Drop historic Breaks/Pre-Depends
* Drop historic conffile handling from pre-jessie
* Adjust ntpdate description stating that it is deprecated
* Move Vcs-* to salsa
* Bump Standards-Version to 4.1.3.0, no changes necessary
* Cherry-pick patch from upstream to increase stack size.
Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
* Temporarily add ntpdate lock for systemd wrapper.
Thanks to Christian Ehrhardt (Closes: #874540)
* Add note about AppArmor tunable in README.Debian (Closes: #883949)
-- Christian Ehrhardt <email address hidden> Tue, 29 May 2018 10:34:11 +0200