Your message dated Sat, 25 Mar 2017 18:18:10 +0000
with message-id <[email protected]>
and subject line unblock ntp
has caused the Debian Bug report #858493,
regarding unblock: ntp/4.2.8p10+dfsg-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
858493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858493
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
User: [email protected]
Usertags: unblock
Severity: normal
Hi,
I've just uploaded a new version of ntp to unstable that fixes
some security issues.
Upstreams has the habbit of regenerating all autogenerated files
with a random version each time. This time it seems the debdiff is
relativly small:
322 files changed, 17920 insertions(+), 50426 deletions(-)
The changes in the Debian packages are very minimal:
ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high
* New upstream version
- Fix security issues
* Update openssl-disable-check.patch
-- Kurt Roeckx <[email protected]> Wed, 22 Mar 2017 21:53:40 +0100
The upstream changes are:
(4.2.8p10)
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <[email protected]>
* [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock
(Pentest report 01.2017) <[email protected]>
* [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option
(Pentest report 01.2017) <[email protected]>
* [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value
(Pentest report 01.2017) <[email protected]>
* [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn
* [Sec 3384] NTP-01-009: Privileged execution of User Library code
(Pentest report 01.2017) <[email protected]>
* [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line
(Pentest report 01.2017) <[email protected]>
* [Sec 3382] NTP-01-007: Data Structure terminated insufficiently
(Pentest report 01.2017) <[email protected]>
* [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver
(Pentest report 01.2017) <[email protected]>
* [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions
(Pentest report 01.2017) <[email protected]>
* [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send()
(Pentest report 01.2017) <[email protected]>
* [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist
(Pentest report 01.2017) <[email protected]
* [Sec 3376] Support build "hardening" flags. [email protected]
* [Sec 3361] 0rigin (zero origin) DoS. HStenn.
* [Bug 3393] clang scan-build findings <[email protected]>
* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
- rework of patch set from <[email protected]>. <[email protected]>
* [Bug 3356] Bugfix 3072 breaks multicastclient <[email protected]>
* [Bug 3216] libntp audio ioctl() args incorrectly cast to int
on 4.4BSD-Lite derived platforms <[email protected]>
- original patch by Majdi S. Abbas
* [Bug 3215] 'make distcheck' fails with new BK repo format <[email protected]>
* [Bug 3173] forking async worker: interrupted pipe I/O <[email protected]>
- initial patch by Christos Zoulas
* [Bug 3139] (...) time_pps_create: Exec format error <[email protected]>
- move loader API from 'inline' to proper source
- augment pathless dlls with absolute path to NTPD
- use 'msyslog()' instead of 'printf() 'for reporting trouble
* [Bug 3107] Incorrect Logic for Peer Event Limiting <[email protected]>
- applied patch by Matthew Van Gundy
* [Bug 3065] Quiet warnings on NetBSD <[email protected]>
- applied some of the patches provided by Havard. Not all of them
still match the current code base, and I did not touch libopt.
* [Bug 3062] Change the process name of forked DNS worker <[email protected]>
- applied patch by Reinhard Max. See bugzilla for limitations.
* [Bug 2923] Trap Configuration Fail <[email protected]>
- fixed dependency inversion from [Bug 2837]
* [Bug 2896] Nothing happens if minsane < maxclock < minclock
- produce ERROR log message about dysfunctional daemon. <[email protected]>
* [Bug 2851] allow -4/-6 on restrict line with mask <[email protected]>
- applied patch by Miroslav Lichvar for ntp4.2.6 compat
* [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
- Fixed these and some more locations of this pattern.
Probably din't get them all, though. <[email protected]>
* Update copyright year.
* bk-7 trigger updates
---
(4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <[email protected]>
* [Bug 3144] NTP does not build without openSSL. <[email protected]>
- added missed changeset for automatic openssl lib detection
- fixed some minor warning issues
* [Bug 3095] More compatibility with openssl 1.1. <[email protected]>
* configure.ac cleanup. [email protected]
* openssl configure cleanup. [email protected]
Kurt
--- End Message ---
--- Begin Message ---
Unblocked ntp.
--- End Message ---
