Package: ntpsec Version: 1.2.0+dfsg1-4 Severity: important Tags: patch Bug also in ntp package.
There's a stupid bug in ntpleapfetch that mangles the hash extracted from the leapsecond files and therefore calls them all invalid. To see the failure, just run ntpleapfetch, notice that you get something like this: ERROR: EXPECTED: 00000000 599d45bf accd4b4f 08b60e46 0049b6237d13b825 00000000 00000000 00000000 00000000 ERROR: COMPUTED: 599d45bfaccd4b4f08b60e460049b6237d13b825 Notice that EXPECTED is the wrong size and contains the actual checksum padded with spurious zeroes. The fix is simple, and involves adding the handling for the space/tab(s) preceeding the checksum in the leap-seconds file. The comment which *says* it does that has been a lie for a while... https://u25039542.ct.sendgrid.net/ls/click?upn=0O5yqPC0YgKzANBXFSRMGSiEz6GGG23ysiD-2FussQkApJD0NH1WOf2uFjHAXNEY0fjcYg7q4yWb-2Bb50shbm07WSofjbTDMcpXBr633DkGTJLAD4HxwxtnyY-2F0SlXWO3rZRlMN_kfytytOqXJMoRhb2oyNeM0XjBzsVuOf-2Bk81owLo9uR-2B2kXug4z3VJ6xmun8YzmRwJEABwoZMEaODHYdDXZpq7gckxhKBLMDAQ9Kh-2BYTFPI6d0BB-2BySc9uYbJ8TLDM5zu6G8qN-2Bm3PA2a8nOEoa9gezVr10eR-2FhvOD2r9QUAACcDNc2jeA2p2USKt4ePfV1KzbDbtJ23lErkEm6l9LqiipFAqwuzd3cqM-2BssHjUaZ1Ec-3D And that's that, aside from the obscurity of the ntpleapfetch command, which I have never before had reason to "discover" in a few decades of running ntp[sec] on various machines. -- System Information: Debian Release: 11.3 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-14-amd64 (SMP w/12 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ntpsec depends on: ii adduser 3.118 ii init-system-helpers 1.60 ii libbsd0 0.11.3-1 ii libc6 2.31-13+deb11u3 ii libcap2 1:2.44-1 ii libssl1.1 1.1.1n-0+deb11u2 ii lsb-base 11.1.0 ii netbase 6.3 ii python3 3.9.2-3 ii python3-ntp 1.2.0+dfsg1-4 ii tzdata 2021a-1+deb11u2 Versions of packages ntpsec recommends: ii cron [cron-daemon] 3.0pl1-137 ii systemd 247.3-7 Versions of packages ntpsec suggests: ii apparmor 2.13.6-10 pn certbot <none> ii ntpsec-doc 1.2.0+dfsg1-4 ii ntpsec-ntpviz 1.2.0+dfsg1-4 -- Configuration Files: /etc/default/ntpsec changed [not included] /etc/letsencrypt/renewal-hooks/deploy/ntpsec [Errno 2] No such file or directory: '/etc/letsencrypt/renewal-hooks/deploy/ntpsec' /etc/ntpsec/ntp.conf changed [not included] -- no debconf information