Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal
Hi, I've just uploaded a new version of ntp to unstable that fixes some security issues. Upstreams has the habbit of regenerating all autogenerated files with a random version each time. This time it seems the debdiff is relativly small: 322 files changed, 17920 insertions(+), 50426 deletions(-) The changes in the Debian packages are very minimal: ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high * New upstream version - Fix security issues * Update openssl-disable-check.patch -- Kurt Roeckx <k...@roeckx.be> Wed, 22 Mar 2017 21:53:40 +0100 The upstream changes are: (4.2.8p10) * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn * [Sec 3384] NTP-01-009: Privileged execution of User Library code (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3382] NTP-01-007: Data Structure terminated insufficiently (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) <perlin...@ntp.org> * [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) <perlin...@ntp.org * [Sec 3376] Support build "hardening" flags. st...@ntp.org * [Sec 3361] 0rigin (zero origin) DoS. HStenn. * [Bug 3393] clang scan-build findings <perlin...@ntp.org> * [Bug 3363] Support for openssl-1.1.0 without compatibility modes - rework of patch set from <ntp....@eroen.eu>. <perlin...@ntp.org> * [Bug 3356] Bugfix 3072 breaks multicastclient <perlin...@ntp.org> * [Bug 3216] libntp audio ioctl() args incorrectly cast to int on 4.4BSD-Lite derived platforms <perlin...@ntp.org> - original patch by Majdi S. Abbas * [Bug 3215] 'make distcheck' fails with new BK repo format <perlin...@ntp.org> * [Bug 3173] forking async worker: interrupted pipe I/O <perlin...@ntp.org> - initial patch by Christos Zoulas * [Bug 3139] (...) time_pps_create: Exec format error <perlin...@ntp.org> - move loader API from 'inline' to proper source - augment pathless dlls with absolute path to NTPD - use 'msyslog()' instead of 'printf() 'for reporting trouble * [Bug 3107] Incorrect Logic for Peer Event Limiting <perlin...@ntp.org> - applied patch by Matthew Van Gundy * [Bug 3065] Quiet warnings on NetBSD <perlin...@ntp.org> - applied some of the patches provided by Havard. Not all of them still match the current code base, and I did not touch libopt. * [Bug 3062] Change the process name of forked DNS worker <perlin...@ntp.org> - applied patch by Reinhard Max. See bugzilla for limitations. * [Bug 2923] Trap Configuration Fail <perlin...@ntp.org> - fixed dependency inversion from [Bug 2837] * [Bug 2896] Nothing happens if minsane < maxclock < minclock - produce ERROR log message about dysfunctional daemon. <perlin...@ntp.org> * [Bug 2851] allow -4/-6 on restrict line with mask <perlin...@ntp.org> - applied patch by Miroslav Lichvar for ntp4.2.6 compat * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags - Fixed these and some more locations of this pattern. Probably din't get them all, though. <perlin...@ntp.org> * Update copyright year. * bk-7 trigger updates --- (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <st...@ntp.org> * [Bug 3144] NTP does not build without openSSL. <perlin...@ntp.org> - added missed changeset for automatic openssl lib detection - fixed some minor warning issues * [Bug 3095] More compatibility with openssl 1.1. <perlin...@ntp.org> * configure.ac cleanup. st...@ntp.org * openssl configure cleanup. st...@ntp.org Kurt