rpms/ntp/F-9 ntp-4.2.4p6-mlock.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 ntp.spec, 1.83, 1.84 sources, 1.28, 1.29 ntp-4.2.4p5-mlock.patch, 1.1, NONE

Miroslav Lichvar mlichvar at fedoraproject.org
Mon Jan 12 14:12:23 UTC 2009


Author: mlichvar

Update of /cvs/pkgs/rpms/ntp/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1906

Modified Files:
	.cvsignore ntp.spec sources 
Added Files:
	ntp-4.2.4p6-mlock.patch 
Removed Files:
	ntp-4.2.4p5-mlock.patch 
Log Message:
- update to 4.2.4p6 (CVE-2009-0021)


ntp-4.2.4p6-mlock.patch:

--- NEW FILE ntp-4.2.4p6-mlock.patch ---
diff -up ntp-4.2.4p6/html/ntpd.html.mlock ntp-4.2.4p6/html/ntpd.html
--- ntp-4.2.4p6/html/ntpd.html.mlock	2009-01-12 12:50:50.000000000 +0100
+++ ntp-4.2.4p6/html/ntpd.html	2009-01-12 12:50:50.000000000 +0100
@@ -34,7 +34,7 @@
 		</ul>
 		<hr>
 		<h4 id="synop">Synopsis</h4>
-		<tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+		<tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
 		<h4 id="descr">Description</h4>
 		<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
 		<h4 id="op">How NTP Operates</h4>
@@ -96,6 +96,8 @@
 			<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
 			<dt><tt>-L</tt>
 			<dd>Do not listen to virtual IPs. The default is to listen.
+			<dt><tt>-m</tt>
+			<dd>Lock memory.
 			<dt><tt>-n</tt>
 			<dd>Don't fork.
 			<dt><tt>-N</tt>
diff -up ntp-4.2.4p6/ntpd/ntpd-opts.c.mlock ntp-4.2.4p6/ntpd/ntpd-opts.c
--- ntp-4.2.4p6/ntpd/ntpd-opts.c.mlock	2009-01-08 12:11:54.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd-opts.c	2009-01-12 12:50:50.000000000 +0100
@@ -264,6 +264,15 @@ tSCC    zNice_Name[]               = "ni
 #define NICE_FLAGS       (OPTST_DISABLED)
 
 /*
+ *  Mlock option description:
+ */
+tSCC    zMlockText[] =
+        "Lock memory";
+tSCC    zMlock_NAME[]               = "MLOCK";
+tSCC    zMlock_Name[]               = "mlock";
+#define MLOCK_FLAGS       (OPTST_DISABLED)
+
+/*
  *  Pidfile option description:
  */
 tSCC    zPidfileText[] =
@@ -789,6 +798,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
                                 OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT
 #endif
 
+  {  /* entry idx, value */ 29, VALUE_OPT_MLOCK,
+     /* equiv idx, value */ 29, VALUE_OPT_MLOCK,
+     /* equivalenced to  */ NO_EQUIVALENT,
+     /* min, max, act ct */ 0, 1, 0,
+     /* opt state flags  */ MLOCK_FLAGS, 0,
+     /* last opt argumnt */ { NULL },
+     /* arg list/cookie  */ NULL,
+     /* must/cannot opts */ NULL, NULL,
+     /* option proc      */ NULL,
+     /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
+     /* disablement strs */ NULL, NULL },
+
   {  /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
      /* equiv idx value  */ NO_EQUIVALENT, 0,
      /* equivalenced to  */ NO_EQUIVALENT,
@@ -881,7 +902,7 @@ tOptions ntpdOptions = {
       NO_EQUIVALENT /* index of '-#' option */,
       NO_EQUIVALENT /* index of default opt */
     },
-    32 /* full option count */, 29 /* user option count */
+    33 /* full option count */, 30 /* user option count */
 };
 
 /*
diff -up ntp-4.2.4p6/ntpd/ntpd-opts.h.mlock ntp-4.2.4p6/ntpd/ntpd-opts.h
--- ntp-4.2.4p6/ntpd/ntpd-opts.h.mlock	2009-01-08 12:11:54.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd-opts.h	2009-01-12 12:50:50.000000000 +0100
@@ -81,12 +81,13 @@ typedef enum {
         INDEX_OPT_VAR              = 26,
         INDEX_OPT_DVAR             = 27,
         INDEX_OPT_SLEW             = 28,
-        INDEX_OPT_VERSION          = 29,
-        INDEX_OPT_HELP             = 30,
-        INDEX_OPT_MORE_HELP        = 31
+        INDEX_OPT_MLOCK            = 29,
+        INDEX_OPT_VERSION          = 30,
+        INDEX_OPT_HELP             = 31,
+        INDEX_OPT_MORE_HELP        = 32
 } teOptIndex;
 
-#define OPTION_CT    32
+#define OPTION_CT    33
 #define NTPD_VERSION       "4.2.4p6"
 #define NTPD_FULL_VERSION  "ntpd - NTP daemon program - Ver. 4.2.4p6"
 
@@ -179,6 +180,10 @@ typedef enum {
 #  warning undefining MODIFYMMTIMER due to option name conflict
 #  undef   MODIFYMMTIMER
 # endif
+# ifdef    MLOCK
+#  warning undefining MLOCK due to option name conflict
+#  undef   MLOCK
+# endif
 # ifdef    NOFORK
 #  warning undefining NOFORK due to option name conflict
 #  undef   NOFORK
@@ -248,6 +253,7 @@ typedef enum {
 # undef LOGFILE
 # undef NOVIRTUALIPS
 # undef MODIFYMMTIMER
+# undef MLOCK
 # undef NOFORK
 # undef NICE
 # undef PIDFILE
@@ -290,6 +296,7 @@ typedef enum {
 #ifdef SYS_WINNT
 #define VALUE_OPT_MODIFYMMTIMER  'M'
 #endif /* SYS_WINNT */
+#define VALUE_OPT_MLOCK          'm'
 #define VALUE_OPT_NOFORK         'n'
 #define VALUE_OPT_NICE           'N'
 #define VALUE_OPT_PIDFILE        'p'
diff -up ntp-4.2.4p6/ntpd/ntpd.c.mlock ntp-4.2.4p6/ntpd/ntpd.c
--- ntp-4.2.4p6/ntpd/ntpd.c.mlock	2009-01-12 12:50:50.000000000 +0100
+++ ntp-4.2.4p6/ntpd/ntpd.c	2009-01-12 12:50:50.000000000 +0100
@@ -699,7 +699,8 @@ ntpdmain(
 	}
 #endif
 
-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
+#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
+    if (HAVE_OPT( MLOCK )) {
 # ifdef HAVE_SETRLIMIT
 	/*
 	 * Set the stack limit to something smaller, so that we don't lock a lot
@@ -737,6 +738,7 @@ ntpdmain(
 	 */
 	if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
 		msyslog(LOG_ERR, "mlockall(): %m");
+    }
 #else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
 # ifdef HAVE_PLOCK
 #  ifdef PROCLOCK


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- .cvsignore	29 Aug 2008 08:36:37 -0000	1.27
+++ .cvsignore	12 Jan 2009 14:11:52 -0000	1.28
@@ -1,2 +1,2 @@
 ntpstat-0.2.tgz
-ntp-4.2.4p5.tar.gz
+ntp-4.2.4p6.tar.gz


Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/ntp.spec,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- ntp.spec	8 Oct 2008 11:29:13 -0000	1.83
+++ ntp.spec	12 Jan 2009 14:11:52 -0000	1.84
@@ -1,7 +1,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
-Version: 4.2.4p5
-Release: 2%{?dist}
+Version: 4.2.4p6
+Release: 1%{?dist}
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -57,10 +57,13 @@
 Patch11: ntp-4.2.4p2-filegen.patch
 # ntpbz #738
 Patch12: ntp-4.2.4-sprintf.patch
+# drop this and switch to libedit in 4.2.6
 Patch13: ntp-4.2.4p4-bsdadv.patch
-Patch14: ntp-4.2.4p5-mlock.patch
+# add option -m to lock memory
+Patch14: ntp-4.2.4p6-mlock.patch
 # fixed in 4.2.5
 Patch15: ntp-4.2.4p2-clockselect.patch
+# don't build sntp
 Patch16: ntp-4.2.4p2-nosntp.patch
 # ntpbz #802
 Patch17: ntp-4.2.4p5-sleep.patch
@@ -152,7 +155,7 @@
 %patch5 -p1 -b .linkfastmath
 %endif
 
-# replace some BSD with advertising code
+# replace BSD with advertising code in ntp{dc,q} to allow linking with readline
 for f in include/{ntp_rfc2553,rsa_md5}.h \
 	libntp/{mktime,memmove,md5c,ntp_rfc2553,ntp_random}.c
 do rm -f $f; touch $f; done
@@ -305,6 +308,9 @@
 %{_mandir}/man8/ntpdate.8*
 
 %changelog
+* Mon Jan 12 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p6-1.fc9
+- update to 4.2.4p6 (CVE-2009-0021)
+
 * Wed Oct 08 2008 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p5-2.fc9
 - don't write drift file upon exit
 - run ntpq with full path in ntp-wait script


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/sources,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- sources	29 Aug 2008 08:36:37 -0000	1.28
+++ sources	12 Jan 2009 14:11:52 -0000	1.29
@@ -1,2 +1,2 @@
 6b2bedefe2e7c63ea52609b222022121  ntpstat-0.2.tgz
-eb647e07ecbd6e9e07bf8d3dc555490e  ntp-4.2.4p5.tar.gz
+1961c2c12b66b9046d5df37d0a41b181  ntp-4.2.4p6.tar.gz


--- ntp-4.2.4p5-mlock.patch DELETED ---




More information about the fedora-extras-commits mailing list