[Bug 998403] Re: ntp in precise has disabled crypto
Sebastien Bacher
seb128 at ubuntu.com
Tue Jun 5 16:37:27 UTC 2012
** Description changed:
[Impact]
ssl support in ntp is broken
[Text Case]
Not sure how to test, but check in the build log if "checking if we will use crypto..." is "yes" or "no"
the precise version:
https://launchpadlibrarian.net/95616971/buildlog_ubuntu-precise-i386.ntp_1%3A4.2.6.p3%2Bdfsg-1ubuntu3_BUILDING.txt.gz
"checking if we will use crypto... no"
+
+ the quantal one:
+ https://launchpadlibrarian.net/106850381/buildlog_ubuntu-quantal-i386.ntp_1%3A4.2.6.p3%2Bdfsg-1ubuntu4_BUILDING.txt.gz
+ "checking if we will use crypto... yes"
[Regression Potential]
should be limited, it's just pointing to the right location
[Original Report]
Hey,
this is the exact same bug as Debian's #670662 and #671626 but as it
affects a stable (LTS) release I thought I would report it too, in case
it can be fixed before the next release.
Basically a multi-arch change in OpenSSL package disabled the crypto
part in ntp, meaning it's not possible anymore to use some kind of
protection, wether on the client part or the server part.
I'm unsure about tagging it security since it's not really a
vulnerability by itself, but you see the point. Attached patch should
fix the problem, but the Debian maintainer tagged the bug “pending” so
you might want to wait for his fix.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/998403
Title:
ntp in precise has disabled crypto
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/998403/+subscriptions
More information about the Ubuntu-server-bugs
mailing list