rpms/ntp/F-9 ntp-4.2.4p6-mlock.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 ntp.spec, 1.83, 1.84 sources, 1.28, 1.29 ntp-4.2.4p5-mlock.patch, 1.1, NONE
Miroslav Lichvar
mlichvar at fedoraproject.org
Mon Jan 12 14:12:23 UTC 2009
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1906
Modified Files:
.cvsignore ntp.spec sources
Added Files:
ntp-4.2.4p6-mlock.patch
Removed Files:
ntp-4.2.4p5-mlock.patch
Log Message:
- update to 4.2.4p6 (CVE-2009-0021)
ntp-4.2.4p6-mlock.patch:
--- NEW FILE ntp-4.2.4p6-mlock.patch ---
diff -up ntp-4.2.4p6/html/ntpd.html.mlock ntp-4.2.4p6/html/ntpd.html
--- ntp-4.2.4p6/html/ntpd.html.mlock 2009-01-12 12:50:50.000000000 +0100
+++ ntp-4.2.4p6/html/ntpd.html 2009-01-12 12:50:50.000000000 +0100
@@ -34,7 +34,7 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
<h4 id="descr">Description</h4>
<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
<h4 id="op">How NTP Operates</h4>
@@ -96,6 +96,8 @@
<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
<dt><tt>-L</tt>
<dd>Do not listen to virtual IPs. The default is to listen.
+ <dt><tt>-m</tt>
+ <dd>Lock memory.
<dt><tt>-n</tt>
<dd>Don't fork.
<dt><tt>-N</tt>
diff -up ntp-4.2.4p6/ntpd/ntpd-opts.c.mlock ntp-4.2.4p6/ntpd/ntpd-opts.c
--- ntp-4.2.4p6/ntpd/ntpd-opts.c.mlock 2009-01-08 12:11:54.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd-opts.c 2009-01-12 12:50:50.000000000 +0100
@@ -264,6 +264,15 @@ tSCC zNice_Name[] = "ni
#define NICE_FLAGS (OPTST_DISABLED)
/*
+ * Mlock option description:
+ */
+tSCC zMlockText[] =
+ "Lock memory";
+tSCC zMlock_NAME[] = "MLOCK";
+tSCC zMlock_Name[] = "mlock";
+#define MLOCK_FLAGS (OPTST_DISABLED)
+
+/*
* Pidfile option description:
*/
tSCC zPidfileText[] =
@@ -789,6 +798,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT
#endif
+ { /* entry idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equiv idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ MLOCK_FLAGS, 0,
+ /* last opt argumnt */ { NULL },
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
+ /* disablement strs */ NULL, NULL },
+
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, 0,
/* equivalenced to */ NO_EQUIVALENT,
@@ -881,7 +902,7 @@ tOptions ntpdOptions = {
NO_EQUIVALENT /* index of '-#' option */,
NO_EQUIVALENT /* index of default opt */
},
- 32 /* full option count */, 29 /* user option count */
+ 33 /* full option count */, 30 /* user option count */
};
/*
diff -up ntp-4.2.4p6/ntpd/ntpd-opts.h.mlock ntp-4.2.4p6/ntpd/ntpd-opts.h
--- ntp-4.2.4p6/ntpd/ntpd-opts.h.mlock 2009-01-08 12:11:54.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd-opts.h 2009-01-12 12:50:50.000000000 +0100
@@ -81,12 +81,13 @@ typedef enum {
INDEX_OPT_VAR = 26,
INDEX_OPT_DVAR = 27,
INDEX_OPT_SLEW = 28,
- INDEX_OPT_VERSION = 29,
- INDEX_OPT_HELP = 30,
- INDEX_OPT_MORE_HELP = 31
+ INDEX_OPT_MLOCK = 29,
+ INDEX_OPT_VERSION = 30,
+ INDEX_OPT_HELP = 31,
+ INDEX_OPT_MORE_HELP = 32
} teOptIndex;
-#define OPTION_CT 32
+#define OPTION_CT 33
#define NTPD_VERSION "4.2.4p6"
#define NTPD_FULL_VERSION "ntpd - NTP daemon program - Ver. 4.2.4p6"
@@ -179,6 +180,10 @@ typedef enum {
# warning undefining MODIFYMMTIMER due to option name conflict
# undef MODIFYMMTIMER
# endif
+# ifdef MLOCK
+# warning undefining MLOCK due to option name conflict
+# undef MLOCK
+# endif
# ifdef NOFORK
# warning undefining NOFORK due to option name conflict
# undef NOFORK
@@ -248,6 +253,7 @@ typedef enum {
# undef LOGFILE
# undef NOVIRTUALIPS
# undef MODIFYMMTIMER
+# undef MLOCK
# undef NOFORK
# undef NICE
# undef PIDFILE
@@ -290,6 +296,7 @@ typedef enum {
#ifdef SYS_WINNT
#define VALUE_OPT_MODIFYMMTIMER 'M'
#endif /* SYS_WINNT */
+#define VALUE_OPT_MLOCK 'm'
#define VALUE_OPT_NOFORK 'n'
#define VALUE_OPT_NICE 'N'
#define VALUE_OPT_PIDFILE 'p'
diff -up ntp-4.2.4p6/ntpd/ntpd.c.mlock ntp-4.2.4p6/ntpd/ntpd.c
--- ntp-4.2.4p6/ntpd/ntpd.c.mlock 2009-01-12 12:50:50.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd.c 2009-01-12 12:50:50.000000000 +0100
@@ -699,7 +699,8 @@ ntpdmain(
}
#endif
-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
+#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
+ if (HAVE_OPT( MLOCK )) {
# ifdef HAVE_SETRLIMIT
/*
* Set the stack limit to something smaller, so that we don't lock a lot
@@ -737,6 +738,7 @@ ntpdmain(
*/
if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
msyslog(LOG_ERR, "mlockall(): %m");
+ }
#else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
# ifdef HAVE_PLOCK
# ifdef PROCLOCK
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- .cvsignore 29 Aug 2008 08:36:37 -0000 1.27
+++ .cvsignore 12 Jan 2009 14:11:52 -0000 1.28
@@ -1,2 +1,2 @@
ntpstat-0.2.tgz
-ntp-4.2.4p5.tar.gz
+ntp-4.2.4p6.tar.gz
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/ntp.spec,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- ntp.spec 8 Oct 2008 11:29:13 -0000 1.83
+++ ntp.spec 12 Jan 2009 14:11:52 -0000 1.84
@@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities
Name: ntp
-Version: 4.2.4p5
-Release: 2%{?dist}
+Version: 4.2.4p6
+Release: 1%{?dist}
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -57,10 +57,13 @@
Patch11: ntp-4.2.4p2-filegen.patch
# ntpbz #738
Patch12: ntp-4.2.4-sprintf.patch
+# drop this and switch to libedit in 4.2.6
Patch13: ntp-4.2.4p4-bsdadv.patch
-Patch14: ntp-4.2.4p5-mlock.patch
+# add option -m to lock memory
+Patch14: ntp-4.2.4p6-mlock.patch
# fixed in 4.2.5
Patch15: ntp-4.2.4p2-clockselect.patch
+# don't build sntp
Patch16: ntp-4.2.4p2-nosntp.patch
# ntpbz #802
Patch17: ntp-4.2.4p5-sleep.patch
@@ -152,7 +155,7 @@
%patch5 -p1 -b .linkfastmath
%endif
-# replace some BSD with advertising code
+# replace BSD with advertising code in ntp{dc,q} to allow linking with readline
for f in include/{ntp_rfc2553,rsa_md5}.h \
libntp/{mktime,memmove,md5c,ntp_rfc2553,ntp_random}.c
do rm -f $f; touch $f; done
@@ -305,6 +308,9 @@
%{_mandir}/man8/ntpdate.8*
%changelog
+* Mon Jan 12 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p6-1.fc9
+- update to 4.2.4p6 (CVE-2009-0021)
+
* Wed Oct 08 2008 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p5-2.fc9
- don't write drift file upon exit
- run ntpq with full path in ntp-wait script
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/sources,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- sources 29 Aug 2008 08:36:37 -0000 1.28
+++ sources 12 Jan 2009 14:11:52 -0000 1.29
@@ -1,2 +1,2 @@
6b2bedefe2e7c63ea52609b222022121 ntpstat-0.2.tgz
-eb647e07ecbd6e9e07bf8d3dc555490e ntp-4.2.4p5.tar.gz
+1961c2c12b66b9046d5df37d0a41b181 ntp-4.2.4p6.tar.gz
--- ntp-4.2.4p5-mlock.patch DELETED ---
More information about the fedora-extras-commits
mailing list