From 272d0d38f0940cfa6156dc3e38877c1e37358f38 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 25 2016 13:12:00 +0000 Subject: import ntp-4.2.6p5-22.el7_2.1 --- diff --git a/SOURCES/ntp-4.2.6p5-cve-2015-8138.patch b/SOURCES/ntp-4.2.6p5-cve-2015-8138.patch new file mode 100644 index 0000000..e8d9b91 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-cve-2015-8138.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.orig ntp-4.2.6p5/ntpd/ntp_proto.c +--- ntp-4.2.6p5/ntpd/ntp_proto.c.orig 2015-11-06 10:48:42.672684827 +0100 ++++ ntp-4.2.6p5/ntpd/ntp_proto.c 2015-11-06 13:03:14.284092484 +0100 +@@ -1069,7 +1069,7 @@ receive( + * the packet is not bogus in symmetric interleaved mode. + */ + } else if (peer->flip == 0) { +- if (!L_ISEQU(&p_org, &peer->aorg)) { ++ if (L_ISZERO(&p_org) || !L_ISEQU(&p_org, &peer->aorg)) { + peer->bogusorg++; + peer->flash |= TEST2; /* bogus */ + if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org, diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec index 04711a3..d188f6e 100644 --- a/SPECS/ntp.spec +++ b/SPECS/ntp.spec @@ -1,7 +1,7 @@ Summary: The NTP daemon and utilities Name: ntp Version: 4.2.6p5 -Release: 22%{?dist} +Release: 22%{?dist}.1 # primary license (COPYRIGHT) : MIT # ElectricFence/ (not used) : GPLv2 # kernel/sys/ppsclock.h (not used) : BSD with advertising @@ -133,6 +133,8 @@ Patch42: ntp-4.2.6p5-dscp.patch Patch43: ntp-4.2.6p5-cve-2015-7704.patch # allow only one step larger than panic threshold with -g Patch44: ntp-4.2.6p5-cve-2015-5300.patch +# ntpbz #2945 +Patch45: ntp-4.2.6p5-cve-2015-8138.patch # handle unknown clock types Patch50: ntpstat-0.2-clksrc.patch @@ -214,7 +216,7 @@ This package contains NTP documentation in HTML format. # pool.ntp.org vendor zone which will be used in ntp.conf %if 0%{!?vendorzone:1} %{?fedora: %global vendorzone fedora.} -%{?rhel: %global vendorzone centos.} +%{?rhel: %global vendorzone rhel.} %endif %prep @@ -265,6 +267,7 @@ This package contains NTP documentation in HTML format. %patch42 -p1 -b .dscp %patch43 -p1 -b .cve-2015-7704 %patch44 -p1 -b .cve-2015-5300 +%patch45 -p1 -b .cve-2015-8138 # ntpstat patches %patch50 -p1 -b .clksrc @@ -482,8 +485,8 @@ popd %{ntpdocdir}/html %changelog -* Thu Nov 19 2015 CentOS Sources - 4.2.6p5-22.el7.centos -- rebrand vendorzone +* Wed Jan 20 2016 Miroslav Lichvar 4.2.6p5-22.el7_2.1 +- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) * Fri Oct 16 2015 Miroslav Lichvar 4.2.6p5-22 - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)