rpms/ntp/F-11 ntp-4.2.4p7-mode7dos.patch, NONE, 1.1 ntp.spec, 1.90, 1.91
Miroslav Lichvar
mlichvar at fedoraproject.org
Wed Dec 9 11:49:29 UTC 2009
- Previous message (by thread): rpms/sabayon/devel .cvsignore, 1.25, 1.26 sabayon.spec, 1.66, 1.67 sources, 1.25, 1.26
- Next message (by thread): rpms/olpc-switch-desktop/F-11 .cvsignore, 1.2, 1.3 olpc-switch-desktop.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30809
Modified Files:
ntp.spec
Added Files:
ntp-4.2.4p7-mode7dos.patch
Log Message:
- fix DoS with mode 7 packets (#545557, CVE-2009-3563)
ntp-4.2.4p7-mode7dos.patch:
ntp_request.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- NEW FILE ntp-4.2.4p7-mode7dos.patch ---
# This is a BitKeeper generated diff -Nru style patch.
#
# ntpd/ntp_request.c
# 2009/10/07 01:33:21+00:00 davehart at shiny.ad.hartbrothers.com +9 -2
# [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
#
diff -Nrpu a/ntpd/ntp_request.c b/ntpd/ntp_request.c
--- a/ntpd/ntp_request.c 2009-10-14 19:52:16 +00:00
+++ b/ntpd/ntp_request.c 2009-10-14 19:52:16 +00:00
@@ -409,6 +409,7 @@ process_private(
int mod_okay
)
{
+ static u_long quiet_until;
struct req_pkt *inpkt;
struct req_pkt_tail *tailinpkt;
struct sockaddr_storage *srcadr;
@@ -444,8 +445,14 @@ process_private(
|| (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
|| (++ec, rbufp->recv_length < REQ_LEN_HDR)
) {
- msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
- req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+ NLOG(NLOG_SYSEVENT)
+ if (current_time >= quiet_until) {
+ msyslog(LOG_ERR,
+ "process_private: drop test %d"
+ " failed, pkt from %s",
+ ec, stoa(srcadr));
+ quiet_until = current_time + 60;
+ }
return;
}
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-11/ntp.spec,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -p -r1.90 -r1.91
--- ntp.spec 28 May 2009 18:51:50 -0000 1.90
+++ ntp.spec 9 Dec 2009 11:49:29 -0000 1.91
@@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities
Name: ntp
Version: 4.2.4p7
-Release: 2%{?dist}
+Release: 3%{?dist}
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -100,6 +100,8 @@ Patch28: ntp-4.2.4p7-nano.patch
Patch29: ntp-4.2.4p7-minpoll.patch
# fix frequency mode, backported from 4.2.5
Patch30: ntp-4.2.4p7-freqmode.patch
+# fix DoS with mode 7 packets
+Patch31: ntp-4.2.4p7-mode7dos.patch
URL: http://www.ntp.org
Requires(post): /sbin/chkconfig
@@ -181,6 +183,7 @@ This package contains NTP documentation
%patch28 -p1 -b .nano
%patch29 -p1 -b .minpoll
%patch30 -p1 -b .freqmode
+%patch31 -p1 -b .mode7dos
# clock_gettime needs -lrt
sed -i.gettime 's|^LIBS = @LIBS@|& -lrt|' ntp{d,q,dc,date}/Makefile.in
@@ -360,6 +363,9 @@ fi
%{ntpdocdir}/html
%changelog
+* Wed Dec 09 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p7-3
+- fix DoS with mode 7 packets (#545557, CVE-2009-3563)
+
* Thu May 28 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p7-2
- fix frequency calculation when starting with no drift file
- reduce phase adjustments beyond Allan intercept in daemon PLL
- Previous message (by thread): rpms/sabayon/devel .cvsignore, 1.25, 1.26 sabayon.spec, 1.66, 1.67 sources, 1.25, 1.26
- Next message (by thread): rpms/olpc-switch-desktop/F-11 .cvsignore, 1.2, 1.3 olpc-switch-desktop.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list