ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium * Backport three commits from 1.1.3 to fix (LP: #1812458) - CVE-2019-6442: "An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y." - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd." - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem." -- Richard Laager Fri, 18 Jan 2019 20:07:06 -0600 ntpsec (1.1.0+dfsg1-1ubuntu0.1) bionic; urgency=medium * Update apparmor for new drift temp file (LP: #1788102) -- Richard Laager Tue, 21 Aug 2018 00:27:21 -0500 ntpsec (1.1.0+dfsg1-1) unstable; urgency=medium * Make ntpsec Conflict with ntpdate - Use ntpsec-ntpdate instead of ntpdate. * Stop deleting /var/lib/ntpdate/ (Closes: 892966) Thanks to Bernhard Schmidt for the suggestion. * New upstream version - Digests longer then 20 bytes will be truncated. - We have dropped support for Broadcast servers. - A bug that caused the rejection of 33% of packets from Amazon time service has been fixed. * Drop patches merged upstream - fix-ntpdig.patch - systemd-remove-extra-dependencies.patch - fix-name-of-psutil.patch - fix-spectracom-log-prefixes.patch - fix-ntpviz-file-encodings.patch - systemd-remove-remainafterexit.patch - systemd-use-high-priority.patch - systemd-ionice-ntpviz.patch - systemd-cleanup-ntp-wait-service.patch - fix-ntploggps.patch - systemd-use-usr-sbin.patch - systemd-do-not-restart.patch - systemd-allow-running-in-containers.patch - Merge-Classic-fix-for-CVE-2018-7182.patch * Update copyright -- Richard Laager Fri, 16 Mar 2018 00:42:24 -0500 ntpsec (1.0.0+dfsg1-5) unstable; urgency=high * Fix CVE-2018-7182 -- Richard Laager Wed, 07 Mar 2018 19:47:34 -0600 ntpsec (1.0.0+dfsg1-4) unstable; urgency=medium * Remove empty /var/log/ntpstats on ntpviz removal * Fix installing ntpsec-ntpviz without ntpsec (Closes: 891278) * systemd: Allow running in containers (Closes: 890771) -- Richard Laager Sun, 04 Mar 2018 15:06:58 -0600 ntpsec (1.0.0+dfsg1-3) unstable; urgency=medium * Add Vcs-* headers * Update Standards-Version to 4.1.3 * Improve debian/copyright (Closes: 890758) * Bump the autorevision version requirement (Closes: 890761) * Fix FTBFS when building arch-indep only. Thanks to Daniel Baumann (Closes: 890762) * Make ntpsec-ntpdate depend on python3-ntp (Closes: 890770) * Inline the SHM message in README.Debian * Add note about AppArmor tunable in README.Debian. Thanks to Bernhard Schmidt * Drop historic Breaks/Pre-Depends. Thanks to Bernhard Schmidt * ntpsec: Stop creating /var/log/ntpstats * ntpsec-ntpviz: Add Suggests: python * Create /var/lib/ntp in the postinst * Do not recursively chown /var/log/ntpstats * Suppress a lintian warning * Drop historic apparmor Suggests/Breaks/Replaces * Changes as of ntp_4.2.8p10+dfsg-6 have been merged as appropriate. -- Richard Laager Wed, 21 Feb 2018 00:29:24 -0600 ntpsec (1.0.0+dfsg1-2) unstable; urgency=medium * debian/apparmor-profile: add attach_disconnected. Thanks to Christian Ehrhardt * Fix reading the drift file on startup * Drop the ntpwait "quick mode" patch -- Richard Laager Wed, 13 Dec 2017 17:18:10 -0600 ntpsec (1.0.0+dfsg1-1) unstable; urgency=medium * Initial release. (Closes: #819806) The packaging was originally forked from ntp_4.2.8p8+dfsg. Changes as of ntp_4.2.8p10+dfsg-5 have been merged. -- Richard Laager Thu, 30 Nov 2017 21:29:52 -0600