#1012699 ntpsec: ntpleapfetch broken, which one notices as leap-seconds.list is expiring soon

Package:
ntpsec
Source:
ntpsec
Description:
Network Time Protocol daemon and utility programs
Submitter:
maney
Date:
2022-06-13 15:54:03 UTC
Severity:
important
Tags:
#1012699#5
Date:
2022-06-12 02:04:49 UTC
From:
To:
Bug also in ntp package.

There's a stupid bug in ntpleapfetch that mangles the hash extracted
from the leapsecond files and therefore calls them all invalid.  To
see the failure, just run ntpleapfetch, notice that you get something
like this:

ERROR: EXPECTED: 00000000 599d45bf accd4b4f 08b60e46 0049b6237d13b825 00000000 00000000 00000000 00000000
ERROR: COMPUTED: 599d45bfaccd4b4f08b60e460049b6237d13b825

Notice that EXPECTED is the wrong size and contains the actual checksum
padded with spurious zeroes.  The fix is simple, and involves adding the
handling for the space/tab(s) preceeding the checksum in the leap-seconds
file.  The comment which *says* it does that has been a lie for a while...

https://u25039542.ct.sendgrid.net/ls/click?upn=0O5yqPC0YgKzANBXFSRMGSiEz6GGG23ysiD-2FussQkApJD0NH1WOf2uFjHAXNEY0fjcYg7q4yWb-2Bb50shbm07WSofjbTDMcpXBr633DkGTJLAD4HxwxtnyY-2F0SlXWO3rZRlMN_kfytytOqXJMoRhb2oyNeM0XjBzsVuOf-2Bk81owLo9uR-2B2kXug4z3VJ6xmun8YzmRwJEABwoZMEaODHYdDXZpq7gckxhKBLMDAQ9Kh-2BYTFPI6d0BB-2BySc9uYbJ8TLDM5zu6G8qN-2Bm3PA2a8nOEoa9gezVr10eR-2FhvOD2r9QUAACcDNc2jeA2p2USKt4ePfV1KzbDbtJ23lErkEm6l9LqiipFAqwuzd3cqM-2BssHjUaZ1Ec-3D

And that's that, aside from the obscurity of the ntpleapfetch command,
which I have never before had reason to "discover" in a few decades of
running ntp[sec] on various machines.
#1012699#10
Date:
2022-06-12 03:11:34 UTC
From:
To:
And apologies for the link munging - I've been forced to route through
sendgrid ever since the connection here was upgraded to fiber, and
despite repeated claims to the contrary, it does block outbound SMTP.
The fix is in commit a0e5e050dfbdb672459f74bf52562bc8fc50c3b9 in
ntpsec's github repo.
#1012699#15
Date:
2022-06-12 03:43:26 UTC
From:
To:
[Responding on mobile.] I’ll take a look at it, as obviously it should be made to work. But on Debian, there shouldn’t be a need for ntpleapfetch, as the tzdata package ships the leap second file.
#1012699#20
Date:
2022-06-13 15:43:02 UTC
From:
To:
I looked into this. I already backported the fix to unstable (and it has
migrated to testing). A stable update to bullseye (and potentially
buster) is an option, but it seems of limited value, given that tzdata
has been updated in both.

In bullseye, the updated file is provided in version 2021a-1+deb11u4:

https://metadata.ftp-master.debian.org/changelogs//main/t/tzdata/tzdata_2021a-1+deb11u4_changelog

and in buster, version 2021a-0+deb10u5:

https://metadata.ftp-master.debian.org/changelogs//main/t/tzdata/tzdata_2021a-0+deb10u5_changelog