2015-07-30 07:16:05 |
Richard Laager |
bug |
|
|
added bug |
2015-07-30 07:16:05 |
Richard Laager |
attachment added |
|
Patch from upstream, made suitable for debian/patches https://bugs.launchpad.net/bugs/1479652/+attachment/4436105/+files/udp-ports-under-123.patch |
|
2015-07-30 07:16:17 |
Richard Laager |
bug watch added |
|
http://bugs.ntp.org/show_bug.cgi?id=2174 |
|
2015-07-30 07:16:17 |
Richard Laager |
bug task added |
|
ntp |
|
2015-07-30 07:16:35 |
Richard Laager |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691412 |
|
2015-07-30 07:16:35 |
Richard Laager |
bug task added |
|
ntp (Debian) |
|
2015-07-30 07:19:14 |
Richard Laager |
description |
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch from upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2015-07-30 08:19:49 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2015-07-30 08:19:57 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2015-07-30 10:43:38 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Server Team |
2015-07-30 18:21:47 |
Bug Watch Updater |
ntp: status |
Unknown |
Fix Released |
|
2015-07-30 18:21:47 |
Bug Watch Updater |
ntp: importance |
Unknown |
High |
|
2015-07-31 03:46:32 |
Bug Watch Updater |
ntp (Debian): status |
Unknown |
New |
|
2015-11-06 08:19:31 |
Robie Basak |
removed subscriber Ubuntu Server Team |
|
|
|
2016-01-22 22:27:27 |
Eric Desrochers |
bug |
|
|
added subscriber Eric Desrochers |
2016-01-22 22:53:37 |
Timo Aaltonen |
nominated for series |
|
Ubuntu Wily |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
bug task added |
|
ntp (Ubuntu Wily) |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
nominated for series |
|
Ubuntu Precise |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
bug task added |
|
ntp (Ubuntu Precise) |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
nominated for series |
|
Ubuntu Xenial |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
bug task added |
|
ntp (Ubuntu Xenial) |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
nominated for series |
|
Ubuntu Trusty |
|
2016-01-22 22:53:37 |
Timo Aaltonen |
bug task added |
|
ntp (Ubuntu Trusty) |
|
2016-01-22 22:55:35 |
Eric Desrochers |
ntp (Ubuntu Precise): importance |
Undecided |
Medium |
|
2016-01-22 22:55:36 |
Eric Desrochers |
ntp (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-01-22 22:55:38 |
Eric Desrochers |
ntp (Ubuntu Wily): importance |
Undecided |
Medium |
|
2016-01-22 22:55:40 |
Eric Desrochers |
ntp (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-01-22 22:55:43 |
Eric Desrochers |
ntp (Ubuntu Precise): assignee |
|
Eric Desrochers (slashd) |
|
2016-01-22 22:55:46 |
Eric Desrochers |
ntp (Ubuntu Trusty): assignee |
|
Eric Desrochers (slashd) |
|
2016-01-22 22:55:48 |
Eric Desrochers |
ntp (Ubuntu Wily): assignee |
|
Eric Desrochers (slashd) |
|
2016-01-22 22:56:04 |
Eric Desrochers |
ntp (Ubuntu Xenial): assignee |
|
Kick In (kick-d) |
|
2016-01-23 21:34:07 |
Eric Desrochers |
ntp (Ubuntu Xenial): status |
New |
In Progress |
|
2016-01-23 21:34:12 |
Eric Desrochers |
ntp (Ubuntu Wily): status |
New |
In Progress |
|
2016-01-23 21:34:27 |
Eric Desrochers |
ntp (Ubuntu Precise): status |
New |
In Progress |
|
2016-01-23 21:34:51 |
Eric Desrochers |
ntp (Ubuntu Trusty): status |
New |
In Progress |
|
2016-01-25 16:26:37 |
Eric Desrochers |
description |
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd.
This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream
[Bug 2174] http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 16:27:01 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd.
This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream
[Bug 2174] http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream
[Bug 2174] http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 16:27:24 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream
[Bug 2174] http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 16:27:32 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174]
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 16:35:00 |
Eric Desrochers |
tags |
patch |
patch sts |
|
2016-01-25 16:53:32 |
Eric Desrochers |
attachment added |
|
trusty_ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.8 https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1479652/+attachment/4556319/+files/lp1479652_trusty_14.04.8.debdiff |
|
2016-01-25 17:25:22 |
Eric Desrochers |
attachment added |
|
wily_4.2.6.p5+dfsg-3ubuntu8.2 https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1479652/+attachment/4556354/+files/lp1479652_wily_8.2.debdiff |
|
2016-01-25 17:52:39 |
Eric Desrochers |
attachment added |
|
precise_ntp_4.2.6.p3+dfsg-1ubuntu3.9 https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1479652/+attachment/4556380/+files/lp1479652_precise_3.9.debdiff |
|
2016-01-25 17:54:43 |
Eric Desrochers |
bug |
|
|
added subscriber SRU Verification |
2016-01-25 19:28:23 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source 10.55.15.154:100-122
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 19:29:46 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source 10.55.15.154:100-122
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 19:35:39 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-01-25 19:36:15 |
Eric Desrochers |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-02-11 17:29:00 |
Robie Basak |
description |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
[Impact]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
[Development Fix]
Fixed by merge of NTP of newer upstream release that includes the fix. Stuck in dep-wait in xenial-proposed due to an unrelated issue (pps-tools MIR or other resolution).
[Test Case]
The problem can easily be reproduced by having an iptable postrouting nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU process to bring more confidence for the patch. Positive feedbacks has been given by the community to confirm the patch addressed the bug [comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description below is mine.]
If an NTP client sends a request with a source port less than 123, the packet is silently ignored by ntpd. This is occurring in our environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue. I've verified it fixes the problem. Debian has been ignoring this patch for almost 3 years. Can we get this in Ubuntu please? |
|
2016-02-11 17:29:55 |
Robie Basak |
ntp (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2016-02-11 17:30:54 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2016-02-11 18:23:49 |
Brian Murray |
ntp (Ubuntu Wily): status |
In Progress |
Fix Committed |
|
2016-02-11 18:23:52 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-02-11 18:23:58 |
Brian Murray |
tags |
patch sts |
patch sts verification-needed |
|
2016-02-11 18:26:40 |
Brian Murray |
ntp (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2016-02-11 18:27:46 |
Brian Murray |
ntp (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
2016-02-11 19:35:32 |
Eric Desrochers |
tags |
patch sts verification-needed |
patch sts verification-done |
|
2016-02-11 19:36:14 |
Eric Desrochers |
tags |
patch sts verification-done |
patch sts verification-done-trusty |
|
2016-02-11 19:36:38 |
Eric Desrochers |
tags |
patch sts verification-done-trusty |
patch sts verification-done |
|
2016-02-11 20:29:15 |
Eric Desrochers |
tags |
patch sts verification-done |
patch sts verification-done-trusty |
|
2016-02-11 21:31:28 |
Eric Desrochers |
tags |
patch sts verification-done-trusty |
patch sts verification-done-precise verification-done-trusty |
|
2016-02-12 01:35:29 |
Eric Desrochers |
tags |
patch sts verification-done-precise verification-done-trusty |
patch sts verification-done-precise verification-done-trusty verification-done-wily |
|
2016-02-15 23:26:40 |
Launchpad Janitor |
ntp (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2016-02-15 23:26:45 |
Adam Conrad |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2016-02-15 23:26:54 |
Launchpad Janitor |
ntp (Ubuntu Wily): status |
Fix Committed |
Fix Released |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
ntp (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9293 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9294 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9295 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9296 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9297 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2014-9298 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-1798 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-1799 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5146 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5194 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5195 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5196 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5219 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-5300 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7691 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7692 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7701 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7702 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7703 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7704 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7705 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7850 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7852 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7853 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7855 |
|
2016-02-17 02:04:23 |
Launchpad Janitor |
cve linked |
|
2015-7871 |
|
2016-02-18 19:36:25 |
Brian Murray |
removed subscriber Ubuntu Review Team |
|
|
|
2016-02-18 19:36:59 |
Launchpad Janitor |
ntp (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2017-04-03 22:11:56 |
Bug Watch Updater |
ntp (Debian): status |
New |
Fix Released |
|