ntp in precise has disabled crypto
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntp (Debian) |
Fix Released
|
Unknown
|
|||
ntp (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
ssl support in ntp is broken
[Text Case]
Not sure how to test, but check in the build log if "checking if we will use crypto..." is "yes" or "no"
the precise version:
https:/
"checking if we will use crypto... no"
the quantal one:
https:/
"checking if we will use crypto... yes"
[Regression Potential]
should be limited, it's just pointing to the right location
[Original Report]
Hey,
this is the exact same bug as Debian's #670662 and #671626 but as it affects a stable (LTS) release I thought I would report it too, in case it can be fixed before the next release.
Basically a multi-arch change in OpenSSL package disabled the crypto part in ntp, meaning it's not possible anymore to use some kind of protection, wether on the client part or the server part.
I'm unsure about tagging it security since it's not really a vulnerability by itself, but you see the point. Attached patch should fix the problem, but the Debian maintainer tagged the bug “pending” so you might want to wait for his fix.
Changed in ntp (Debian): | |
status: | Unknown → Fix Released |
description: | updated |
Changed in ntp (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
description: | updated |
Changed in ntp (Ubuntu Precise): | |
status: | Triaged → Fix Committed |
description: | updated |
Well, in fact the package was indeed fixed in Debian, so you can pick the patch there.