[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
This bug was fixed in the package ntp - 1:4.2.8p4+dfsg-3ubuntu1 --- ntp (1:4.2.8p4+dfsg-3ubuntu1) xenial; urgency=medium * Merge from Debian testing. Remaining changes: + debian/rules: enable debugging. Ask debian to add this. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + Add enforcing AppArmor profile: - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/control: Build-Depends on dh-apparmor. - add debian/apparmor-profile*. - debian/ntp.dirs: Add apparmor directories. - debian/rules: Install apparmor-profile and apparmor-profile.tunable. - debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. - debian/README.Debian: Add note on AppArmor. + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode, don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can get stale. Patch by Simon Déziel. + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). * Includes fix for requests with source ports < 123, fixed upstream in 4.2.8p1 (LP: #1479652). * Add PPS support (LP: #1512980): + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. + debian/ntp.conf: Add some configuration examples from the offical documentation. + debian/control: Add Build-Depends on pps-tools * Drop Changes: + debian/rules: Update config.{guess,sub} for AArch64, because upstream use dh_autoreconf now. + debian/{control,rules}: Add and enable hardened build for PIE. Upstream use fPIC. Options -fPIC and -fPIE are uncompatible, thus this is never applied, (cf. dpkg-buildflags manual), checked with Marc Deslauriers on freenode #ubuntu-hardened, 2016-01-20~13:11 UTC. + debian/rules: Remove update-rcd-params in dh_installinit command. When setting up ntp package, the following message is presented to the user due to deprecated use: "update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults". The defaults are taken from the init.d script LSB comment header, which contain what we need anyway. + debian/rules: Remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. Seems to have been due to ntpd/ntp_parser.y patches from CVE-2015-5194 and CVE-2015-5196, already upstreamed. + debian/ntpdate.if-up: Drop lockfile mechanism as upstream is using flock now. + Remove natty timeframe old deltas (transitional code not needed since Trusty): Those patches were for an incorrect behaviour of system-tools-backend, around natty time (https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/83604/comments/23) - debian/ntpdate-debian: Disregard empty ntp.conf files. - debian/ntp.preinst: Remove empty /etc/ntp.conf on fresh intallation. + debian/ntp.dhcp: Rewrite sed rules. This was done incorrectly as pointed out in LP 575458. This decision is explained in detail there. * All previous ubuntu security patches/fixes have been upstreamed: + CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-7703, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702, CVE-2015-7701, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871, CVE-2015-1798, CVE-2015-1799, CVE-2014-9297, CVE-2014-9298, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 + Fix to ignore ENOBUFS on routing netlink socket + Fix use-after-free in routing socket code + ntp-keygen infinite loop or lack of randonmess on big endian platforms -- Pierre-André MOREYFri, 5 Feb 2016 18:28:52 +0100 ** Changed in: ntp (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9293 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9294 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9295 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9296 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9297 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9298 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-1798 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-1799 ** CVE added: http://www.cve.mitre.org/cgi-
Re: [Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
Thanks Robie, excited to take it for a spin :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: Fix Committed Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
Fixed in 1:4.2.8p4+dfsg-3ubuntu1, but I missed that pps-tools is in universe when sponsoring, so it's stuck in dep-wait right now. We need to look into whether we want to MIR pps-tools, or if pps-tools is not needed at runtime, or if there is some way to build NTP with PPS support without pps-tools. At a cursory glance it looks like it's a build time dependency for headers only, in which case the current proposal to not require build deps to be in main may resolve this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: In Progress Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
** Changed in: ntp (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: Fix Committed Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
** Changed in: ntp (Ubuntu) Assignee: Robie Basak (racb) => Kick In (kick-d) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: In Progress Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
Thanks kick-d :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: In Progress Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
** Changed in: ntp (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: In Progress Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
Thank you Christian! Let's go with 4.2.8 for all the obvious reasons, get it done in Ubuntu and offer up the patch to Debian. Mark -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: New Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
** Changed in: ntp (Ubuntu) Assignee: (unassigned) => Robie Basak (racb) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1512980 Title: Please enable PPS in the Ubuntu build of ntpd Status in ntp package in Ubuntu: New Bug description: NTPD includes a reference clock driver called "pps" which uses a modern kernel mechanism for pulse-per-second devices for very accurate timekeeping. PPS is particularly useful for anybody building a stratum 0 GPS-disciplined time server. Please could we enable the PPS driver in Ubuntu's build of NTP? http://doc.ntp.org/4.2.6/drivers/driver22.html Thanks, Mark To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1512980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1512980] Re: Please enable PPS in the Ubuntu build of ntpd
Some initial analysis to support further decisions Version check Version upstream 4.2.8p4 2015/10/21 Latest versions in Ubuntu 1:4.2.6.p3+dfsg-1ubuntu3.6 | precise-security 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 | trusty-security 1:4.2.6.p5+dfsg-3ubuntu6.2 | vivid-security 1:4.2.6.p5+dfsg-3ubuntu8.1 | wily-security 1:4.2.6.p5+dfsg-3ubuntu8.1 | xenial Latest versions in Debian 1:4.2.6.p2+dfsg-1+b1 | squeeze 1:4.2.6.p2+dfsg-1+deb6u4 | squeeze-lts 1:4.2.6.p5+dfsg-2+deb7u6 | wheezy-security 1:4.2.6.p5+dfsg-7| jessie 1:4.2.6.p5+dfsg-7+deb8u1 | jessie-security 1:4.2.8p4+dfsg-3 | stretch 1:4.2.8p4+dfsg-3+b1 | sid Since Ubuntu is still on 4.2.6 it is worth to check how much the diff 4.2.6p5 to 4.2.8p4 will be. After doing so it is clear, that this is a new major version. The changelog between those versions is 2482 entries long. To the pps functionality alone there were 12 patches. There are also some preventive security fixing which has no CVE to cause it to go into ubuntu yet which might be worth to leverage. Get it to build Testing "buildability" of debians 4.2.8p4 + PPS in Xenial environment. A config currently delivers that regarding PPS: checking for sys/timepps.h... no checking timepps.h usability... no checking timepps.h presence... no checking for timepps.h... no checking sys/ppsclock.h usability... no checking sys/ppsclock.h presence... no checking for sys/ppsclock.h... no checking sys/ppstime.h usability... no checking sys/ppstime.h presence... no checking for sys/ppstime.h... no checking for struct ppsclockev... no checking for TTY PPS ioctl TIOCGPPSEV... no checking for TTY PPS ioctl TIOCSPPS... no checking for TTY PPS ioctl CIOGETEV... no checking ATOM PPS interface... yes checking for sys/timepps.h... no So most resolve to no due to the lack of sys/timepps.h being around. The next missing is sys/ppstime.h There is no explicit pps configure option to be considered, so building with might "just" need providing the headers. To get those one would "just need" a build dependency to pps-tools. Installing pps-tools provides sys/timepps.h but that doesn't APPERA to fix everything checking for sys/timepps.h... yes checking timepps.h usability... no checking timepps.h presence... no checking for timepps.h... no checking sys/ppsclock.h usability... no checking sys/ppsclock.h presence... no checking for sys/ppsclock.h... no checking sys/ppstime.h usability... no checking sys/ppstime.h presence... no checking for sys/ppstime.h... no checking for struct ppsclockev... no checking for sys/timepps.h... yes Most solutions out there for ubuntu/debian recompile ntp and sometimes also the kernel for kernel support. Whoever works on this should study: - http://superuser.com/questions/828036/how-can-i-check-whether-my-ntp-daemon-has-pps-support - http://www.worldtimesolutions.com/support/ntp/Debian_Lenny_Linux_PPS_support_for_ntpd.html ppsclock.h seems to be an older version and we don't have to care too much. Also these checks refer to older positions of the library formerly in /usr/include now in /usr/include/sys checking timepps.h usability... no checking timepps.h presence... no So while the configure output can be confusing having pps-tools around will make it work. So it really just should be a build dependency. Discussions around this But as things are never easy it turned out that this is quite a bit of back and forth that has to be resolved first: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/826873 - ATOM refclock driver not compiled into ntpd https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/805661 - NO reference clock support. I need Oncore ref clock support in ntp Both end with it should be fixed in debian as already suggested multiple times, but so far no one in debian did. So even more related discussions can be found in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691672 - build-depend on pps-tools - STALLED, no progress since July https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570233 - libc6-dev: please add timepps.h - CLOSED by creating pps-tools https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=241548 - Request PPS refclock support (Oncore) - BLOCKED waiting on 691672 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790973 - ntp: does not do PPS sync - OPEN https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793940 - ntp: does not use pps TL;DR - Debian 241548, 790973, 793940 are acctually clones of 691672 - LP 805661, 826873 wait for Debian 691672 - Latest Debian is a major version ahead (~2482 changes, 12 to PPS, 29 Security) - For pps we essentially miss a build dependency to pps-tools from universe (MIR) (no ubuntu delta) - Discussion in Debian 691672 came to the right conclusion, but