Version in base suite: 1.1.3+dfsg1-2 Base version: ntpsec_1.1.3+dfsg1-2 Target version: ntpsec_1.1.3+dfsg1-2+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/ntpsec/ntpsec_1.1.3+dfsg1-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/n/ntpsec/ntpsec_1.1.3+dfsg1-2+deb10u1.dsc changelog | 12 ++++ control | 4 - gbp.conf | 7 +- man/ntpdate-debian.8 | 20 +++--- man/ntpdate.8 | 24 -------- patches/0001-Fix-for-577-DNS-retry-sloth.patch | 56 ++++++++++++++++++ patches/0001-Fix-ntpdate-s-syslog.patch | 75 +++++++++++++++++++++++++ patches/series | 5 + 8 files changed, 164 insertions(+), 39 deletions(-) diff -Nru ntpsec-1.1.3+dfsg1/debian/changelog ntpsec-1.1.3+dfsg1/debian/changelog --- ntpsec-1.1.3+dfsg1/debian/changelog 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/changelog 2019-11-18 06:04:00.000000000 +0000 @@ -1,3 +1,15 @@ +ntpsec (1.1.3+dfsg1-2+deb10u1) buster; urgency=medium + + * Backport fix for slow DNS retries (Closes: 924192) + * ntpdate.8: Remove duplicated -o option + * ntpdate.8: Remove -p option (Closes: 926877) + * ntpdate.8: Remove -e option + * ntpdate.8: Remove inaccurate BUGS section + * Update ntpdate-debian.8 to match ntpdate.8 + * Fix ntpdate -s (syslog) to fix the if-up hook (Closes: 931414) + + -- Richard Laager Mon, 18 Nov 2019 00:04:00 -0600 + ntpsec (1.1.3+dfsg1-2) unstable; urgency=medium * Suppress lintian warning diff -Nru ntpsec-1.1.3+dfsg1/debian/control ntpsec-1.1.3+dfsg1/debian/control --- ntpsec-1.1.3+dfsg1/debian/control 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/control 2019-11-18 05:48:21.000000000 +0000 @@ -22,8 +22,8 @@ libwww-ssl-dev Standards-Version: 4.3.0 Rules-Requires-Root: no -Vcs-Browser: https://github.com/rlaager/ntpsec-pkg -Vcs-Git: https://github.com/rlaager/ntpsec-pkg.git +Vcs-Browser: https://salsa.debian.org/debian/ntpsec +Vcs-Git: https://salsa.debian.org/debian/ntpsec.git Homepage: https://www.ntpsec.org Package: ntpsec diff -Nru ntpsec-1.1.3+dfsg1/debian/gbp.conf ntpsec-1.1.3+dfsg1/debian/gbp.conf --- ntpsec-1.1.3+dfsg1/debian/gbp.conf 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/gbp.conf 2019-11-18 06:04:00.000000000 +0000 @@ -1,9 +1,12 @@ [DEFAULT] -debian-branch = sid +debian-branch = debian/buster +pristine-tar = True +upstream-branch = upstream/latest [buildpackage] -sign-tags = True +dist = buster posttag = gbp push +sign-tags = True [dch] meta = True diff -Nru ntpsec-1.1.3+dfsg1/debian/man/ntpdate-debian.8 ntpsec-1.1.3+dfsg1/debian/man/ntpdate-debian.8 --- ntpsec-1.1.3+dfsg1/debian/man/ntpdate-debian.8 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/man/ntpdate-debian.8 2019-11-18 03:36:12.000000000 +0000 @@ -3,19 +3,17 @@ ntpdate-debian \- set the date and time via NTP .SH SYNOPSIS .B ntpdate-debian -.RB [\| \-bBdoqsuv \|] -.RB [\| \-a -.IR key \|] -.RB [\| \-e -.IR authdelay \|] -.RB [\| \-k +.RB [\| \-46bBdqsuv \|] +.RB [\| \-a +.IR key \|] +.RB [\| \-k .IR keyfile \|] .RB [\| \-o .IR version \|] -.RB [\| \-p -.IR samples \|] .RB [\| \-t .IR timeout \|] +.I server +.RB [\| ... \|] .SH DESCRIPTION .B ntpdate-debian is identical to @@ -24,5 +22,7 @@ .I /etc/default/ntpsec-ntpdate by default. .B ntpdate -sets the local date and time by polling Network Time -Protocol (NTP) servers. +sets the local date and time by polling the Network Time +Protocol (NTP) server(s) given as the +.I server +argument(s) to determine the correct time. diff -Nru ntpsec-1.1.3+dfsg1/debian/man/ntpdate.8 ntpsec-1.1.3+dfsg1/debian/man/ntpdate.8 --- ntpsec-1.1.3+dfsg1/debian/man/ntpdate.8 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/man/ntpdate.8 2019-11-18 03:36:12.000000000 +0000 @@ -3,17 +3,13 @@ ntpdate \- set the date and time via NTP .SH SYNOPSIS .B ntpdate -.RB [\| \-46bBdoqsuv \|] +.RB [\| \-46bBdqsuv \|] .RB [\| \-a .IR key \|] -.RB [\| \-e -.IR authdelay \|] .RB [\| \-k .IR keyfile \|] .RB [\| \-o .IR version \|] -.RB [\| \-p -.IR samples \|] .RB [\| \-t .IR timeout \|] .I server @@ -91,13 +87,6 @@ but not adjust the local clock and using an unprivileged port. Information useful for general debugging will also be printed. .TP -.BI \-e \ authdelay -Specify the processing delay to perform an authentication -function as the value authdelay, in seconds and fraction (see -ntpd for details). This number is usually small enough to be -negligible for most purposes, though specifying a value may -improve timekeeping on very slow CPU's. -.TP .BI \-k \ keyfile Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp.keys. This file should be in @@ -108,11 +97,6 @@ can be 1, 2, 3 or 4. The default is 4. This allows ntpdate to be used with older NTP versions. .TP -.BI \-p \ samples -Specify the number of samples to be acquired from each server -as the integer samples, with values from 1 to 8 inclusive. The -default is 4. -.TP .B \-q Query only \(en don't set the clock. .TP @@ -144,12 +128,6 @@ .TP .I /etc/ntp.keys \- encryption keys used by ntpdate. -.SH BUGS -The slew adjustment is actually 50% larger than the measured offset, -since this (it is argued) will tend to keep a badly drifting clock -more accurate. This is probably not a good idea and may cause a -troubling hunt for some values of the kernel variables tick and -tickadj. .SH AUTHOR David L. Mills (mills@udel.edu) .br diff -Nru ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-for-577-DNS-retry-sloth.patch ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-for-577-DNS-retry-sloth.patch --- ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-for-577-DNS-retry-sloth.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-for-577-DNS-retry-sloth.patch 2019-11-18 05:47:13.000000000 +0000 @@ -0,0 +1,56 @@ +From bf3dfbe30ad16b4d345dfe9d6c6d842d9321355f Mon Sep 17 00:00:00 2001 +From: Hal Murray +Date: Sat, 16 Mar 2019 11:07:41 -0700 +Subject: [PATCH] Fix for #577, DNS retry sloth + +There is only one thread for DNS (and NTS-KE) work. If an attempt +was made while the thread was busy, it waited for the retry timer +rather than trying again as soon as the previous DNS work finished. +--- + ntpd/ntp_proto.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +--- a/ntpd/ntp_proto.c ++++ b/ntpd/ntp_proto.c +@@ -811,7 +811,11 @@ + if ((peer_associations <= 2 * sys_maxclock) && + (peer_associations < sys_maxclock || + sys_survivors < sys_minclock)) +- if (!dns_probe(peer)) return; ++ if (!dns_probe(peer)) { ++ /* DNS thread busy, try again soon */ ++ peer->nextdate = current_time; ++ return; ++ } + poll_update(peer, hpoll); + return; + } +@@ -819,7 +823,10 @@ + /* Does server need DNS lookup? */ + if (peer->cfg.flags & FLAG_DNS) { + peer->outdate = current_time; +- if (!dns_probe(peer)) return; ++ if (!dns_probe(peer)) { ++ peer->nextdate = current_time; ++ return; ++ } + poll_update(peer, hpoll); + return; + } +@@ -2419,8 +2426,15 @@ + hpoll = 8; + break; + case DNS_temp: ++ /* DNS not working yet. ?? ++ * Want to retry soon, ++ * but also want to avoid log clutter. ++ * Beware, Fedora 29 lies: ++ * What I expect to be temp (no Wifi) ++ * gets EAI_NONAME, Name or service not known ++ */ + txt = "temp"; +- hpoll += 1; ++ hpoll = 3; + break; + case DNS_error: + txt = "error"; diff -Nru ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-ntpdate-s-syslog.patch ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-ntpdate-s-syslog.patch --- ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-ntpdate-s-syslog.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/patches/0001-Fix-ntpdate-s-syslog.patch 2019-11-18 05:47:13.000000000 +0000 @@ -0,0 +1,75 @@ +From 59070b9146de693cb36cdeab2a70be73cfb54bff Mon Sep 17 00:00:00 2001 +From: Richard Laager +Date: Thu, 8 Aug 2019 02:30:49 +0000 +Subject: [PATCH] Fix ntpdate -s (syslog) + +The ntpdate wrapper script was converting -s (for "log to syslog") to +ntpdig -p. This is wrong, as ntpdig -p is for the number of samples and +requires a parameter. The ntpdig man page says, "This version does not +log to syslog. Pipe standard output and standard error to logger(1) if +you want this behavior. + +Signed-off-by: Richard Laager +--- + attic/ntpdate | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/attic/ntpdate b/attic/ntpdate +index 0af352724..dd1137471 100755 +--- a/attic/ntpdate ++++ b/attic/ntpdate +@@ -28,7 +28,7 @@ + # -p N -q How many samples to take + # -q default -q query/report only, don't set clock + # (implies -u for ntpdate) +-# -s -p log to syslog (always enabled in ntpd) ++# -s log to syslog (always enabled in ntpd) + # -t N.N -t N.N request timeout + # -u default unpriv port + # -v verbose (ntpd is always more verbose than ntpdate) +@@ -43,7 +43,8 @@ + PASSTHROUGH="" + TIMEOUT="-t 1" + setclock=yes +-echo="" ++echo=no ++log=no + while getopts 46a:bBe:k:no:p:qst:uv opt + do + case $opt in +@@ -55,11 +56,11 @@ do + d) PASSTHROUGH="$PASSTHROUGH -d";; + e) echo "ntpdate: -e is no longer supported." >&2;; + k) PASSTHROUGH="$PASSTHROUGH -k $OPTARG";; +- n) echo=echo ;; # Echo generated command, don't execute ++ n) echo=yes;; # Echo generated command, don't execute + o) PASSTHROUGH="$PASSTHROUGH -o $OPTARG";; + p) echo "ntpdate: -p is no longer supported." >&2;; + q) setclock=no;; +- s) PASSTHROUGH="$PASSTHROUGH -p";; ++ s) log=yes;; + t) PASSTHROUGH="$PASSTHROUGH -t $OPTARG"; TIMEOUT="";; + u) ;; + v) ;; +@@ -72,7 +73,17 @@ then + ADJUST="-s -j" + fi + +-$echo ntpdig $ADJUST $TIMEOUT $PASSTHROUGH $* ++if [ "$echo" = yes ] ++then ++ echo ntpdig $ADJUST $TIMEOUT $PASSTHROUGH $* ++else ++ if [ "$log" = yes ] ++ then ++ ntpdig $ADJUST $TIMEOUT $PASSTHROUGH $* 2>&1 | logger -t ntpdate ++ else ++ ntpdig $ADJUST $TIMEOUT $PASSTHROUGH $* ++ fi ++fi + + #end + +-- +2.17.1 + diff -Nru ntpsec-1.1.3+dfsg1/debian/patches/series ntpsec-1.1.3+dfsg1/debian/patches/series --- ntpsec-1.1.3+dfsg1/debian/patches/series 2019-02-04 07:38:48.000000000 +0000 +++ ntpsec-1.1.3+dfsg1/debian/patches/series 2019-11-18 05:47:13.000000000 +0000 @@ -42,9 +42,10 @@ 0001-Use-.egg-info-for-the-Python-info-file.patch ## Fix a spelling error 0001-Fix-a-typo.2.patch - -# Forwarded +## Fix DNS timeouts +0001-Fix-for-577-DNS-retry-sloth.patch 0001-Add-Documentation-to-ntp-wait.service.patch +0001-Fix-ntpdate-s-syslog.patch # Forwarding not needed systemd-use-wrapper.patch