[ubuntu/cosmic-proposed] ntp 1:4.2.8p11+dfsg-1ubuntu1 (Accepted)

Christian Ehrhardt christian.ehrhardt at canonical.com
Tue Jun 5 05:37:15 UTC 2018 

ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1773921). Remaining changes:
    - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
    - Add PPS support (LP 1512980):
      + debian/README.Debian: Add a PPS section to the README.Debian
      + debian/ntp.conf: Add some PPS configuration examples from the offical
        documentation.
    - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
  * Dropped Changes (accepted in Debian)
    - d/ntp-systemd-wrapper protect systemd service startup from concurrent
      ntpdate processes the same way it was protected on sysv-init (LP 1706818)
    - debian/apparmor-profile: add attach_disconnected which is needed in some
      cases to let ntp report its log messages (LP 1727202).
    - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
    - fix apparmor denial when checking for running ntpdate (LP 1749389)

ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium

  * New upstream version 4.2.8p11+dfsg (Closes: #851096)
    - Refresh patches
    - Drop ntpd-increase-stack-size included upstream
    - CVE-2018-7185: Unauthenticated packet can reset authenticated
      interleaved association (LOW/MED)
    - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
      (LOW/MED)
    - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
      symmetric passive peering (LOW)
    - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
    - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
      behavior and information leak (Info/Medium)
    - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
      (mitigated in 4.2.8p7)
  * convert dfsg.sh into mk-origtargz script
  * Run wrap-and-sort
  * Sync AppArmor profile changes from Ubuntu, including a fix for a
    harmless AppArmor denial in /usr/local (Closes: #883022)
  * Don't chown in postinst recursively.
    Thanks to Daniel Kahn Gillmor (Closes: #889488)
  * Build sntp against system libevent
  * Drop versioned build-deps already fulfilled by oldoldstable

ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium

  * Make sntp KoD path FHS-compliant.
    Thanks to Aaron Smith (Closes: #863873)
  * Drop historic Breaks/Pre-Depends
  * Drop historic conffile handling from pre-jessie
  * Adjust ntpdate description stating that it is deprecated
  * Move Vcs-* to salsa
  * Bump Standards-Version to 4.1.3.0, no changes necessary
  * Cherry-pick patch from upstream to increase stack size.
    Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
  * Temporarily add ntpdate lock for systemd wrapper.
    Thanks to Christian Ehrhardt (Closes: #874540)
  * Add note about AppArmor tunable in README.Debian (Closes: #883949)

Date: Tue, 29 May 2018 10:34:11 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p11+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 May 2018 10:34:11 +0200
Source: ntp
Binary: ntp ntpdate ntp-doc sntp
Architecture: source
Version: 1:4.2.8p11+dfsg-1ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers (deprecated)
 sntp       - Network Time Protocol - sntp client
Closes: 851096 863873 874540 883022 883949 887385 889488
Launchpad-Bugs-Fixed: 1773921
Changes:
 ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1773921). Remaining changes:
     - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
     - Add PPS support (LP 1512980):
       + debian/README.Debian: Add a PPS section to the README.Debian
       + debian/ntp.conf: Add some PPS configuration examples from the offical
         documentation.
     - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983
   * Dropped Changes (accepted in Debian)
     - d/ntp-systemd-wrapper protect systemd service startup from concurrent
       ntpdate processes the same way it was protected on sysv-init (LP 1706818)
     - debian/apparmor-profile: add attach_disconnected which is needed in some
       cases to let ntp report its log messages (LP 1727202).
     - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227)
     - fix apparmor denial when checking for running ntpdate (LP 1749389)
 .
 ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 4.2.8p11+dfsg (Closes: #851096)
     - Refresh patches
     - Drop ntpd-increase-stack-size included upstream
     - CVE-2018-7185: Unauthenticated packet can reset authenticated
       interleaved association (LOW/MED)
     - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
       (LOW/MED)
     - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
       symmetric passive peering (LOW)
     - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
     - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
       behavior and information leak (Info/Medium)
     - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
       (mitigated in 4.2.8p7)
   * convert dfsg.sh into mk-origtargz script
   * Run wrap-and-sort
   * Sync AppArmor profile changes from Ubuntu, including a fix for a
     harmless AppArmor denial in /usr/local (Closes: #883022)
   * Don't chown in postinst recursively.
     Thanks to Daniel Kahn Gillmor (Closes: #889488)
   * Build sntp against system libevent
   * Drop versioned build-deps already fulfilled by oldoldstable
 .
 ntp (1:4.2.8p10+dfsg-6) unstable; urgency=medium
 .
   * Make sntp KoD path FHS-compliant.
     Thanks to Aaron Smith (Closes: #863873)
   * Drop historic Breaks/Pre-Depends
   * Drop historic conffile handling from pre-jessie
   * Adjust ntpdate description stating that it is deprecated
   * Move Vcs-* to salsa
   * Bump Standards-Version to 4.1.3.0, no changes necessary
   * Cherry-pick patch from upstream to increase stack size.
     Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
   * Temporarily add ntpdate lock for systemd wrapper.
     Thanks to Christian Ehrhardt (Closes: #874540)
   * Add note about AppArmor tunable in README.Debian (Closes: #883949)
Checksums-Sha1:
 30db71a15ecb4cc4159ab89766954ea971703740 2416 ntp_4.2.8p11+dfsg-1ubuntu1.dsc
 9e7794f51236272c803dbd6e66017e911d8954ff 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
 725d6ff15dcfddd2772e62e083a9883e1096b25c 57336 ntp_4.2.8p11+dfsg-1ubuntu1.debian.tar.xz
 bdbf04d2b3cfef207623c6c7e3c60e9b9fcf862e 7441 ntp_4.2.8p11+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
 9b462b8d7497572cf03a0a0fe0609526b13a5cadfc79176fa6c3fce514a1a35d 2416 ntp_4.2.8p11+dfsg-1ubuntu1.dsc
 ff11ac6a6c903698b303304af863582bc91ad68c456caec7ff8ef1c1ef9ca13b 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
 f55bc7431a97dc3eddd837888c4b9591ab35e082288a1888e1ff1b88bfe13393 57336 ntp_4.2.8p11+dfsg-1ubuntu1.debian.tar.xz
 06f35e5b9c39ae3416560f7b77cb6a14ef1623ec134d8ab7ed7bdb2871b7c96a 7441 ntp_4.2.8p11+dfsg-1ubuntu1_source.buildinfo
Files:
 d591e338f2e17dbf89a43118574e32a4 2416 net optional ntp_4.2.8p11+dfsg-1ubuntu1.dsc
 1fe80a1c34ec75a831c75083bc9e40ff 4342464 net optional ntp_4.2.8p11+dfsg.orig.tar.xz
 41087a0cda890f3a17d9d5432e98c5e8 57336 net optional ntp_4.2.8p11+dfsg-1ubuntu1.debian.tar.xz
 f7037673e0ae2ccf5359d4e595b60f34 7441 net optional ntp_4.2.8p11+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAlsWITAACgkQuj4pM4KA
skKRXA/9E76nS3JHxOEWHaecZ0ZhHq8rkndrBAN9TzVkz1a8kcuoQRSYKKGVsbiJ
ik7Fw2DQHM0GK99ErnvXEWLoJKIeOpomcefNUizVAECPVMWfF8eBWnXxXAmMTpbT
Ypgh97AoHglbxMHt1fc0oq0E4vOWnE2ezO+8rCDjIG2qEfqUgwZuPnX2WWEdo1PO
COW+IqQi1LO7WFlEJXVCFRsCDYX0h4h2qgNrwnORsECx4GJRlU1/ad8EHvM66/Ov
dhy74NqvPiLXOye3By2GpKnyE9DsNUoYG8ahVXuwHF4FY8yvfD0mJI4zoU414Hy9
U78TOB/XeI4ECwm9N6pULuNl3jIOE3AMOr/AQeekQS4E2YmjYKyFiTvrMRj5UI8w
MWRxHu3zwMTlXqaq7EtzQV7+kla1scM1JttvmGwL6s2g1RXHm0mC9ZxTRTBGPTED
6gDVAUA5BGJKvpzKWGav35JlAo7mPTSL2YuGqhn8uuzP5WBom+DfWm1DhOR3M8Hw
27fyBxOSxUxvF4oEhg3u5hP8R+pJMzlnYQLwUmiJH81tMofBTHopk4ym89NvZYhs
b6lTqiEZYZpihOSz411yoVmLUmuwiMUI3uw3gGHR9dv7+DKAMdgKPju5wcPo6kaP
Jfi++twavVqCtusPX5rustvHu0oyOI3joOXsymvy5xUV0i2vdHE=
=CKOO
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list