rpms/ntp/devel ntp-4.2.4p6-ntpqsprintf.patch, NONE, 1.1 ntp-4.2.4p5-sleep.patch, 1.1, 1.2 ntp.dhclient, 1.1, 1.2 ntp.spec, 1.87, 1.88 ntpd.init, 1.27, 1.28

Miroslav Lichvar mlichvar at fedoraproject.org
Mon Apr 20 11:44:56 UTC 2009 

Author: mlichvar

Update of /cvs/pkgs/rpms/ntp/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19218

Modified Files:
	ntp-4.2.4p5-sleep.patch ntp.dhclient ntp.spec ntpd.init 
Added Files:
	ntp-4.2.4p6-ntpqsprintf.patch 
Log Message:
- don't restart ntpd in dhclient script with every renewal
- fix buffer overflow in ntpq (#490617)
- check status in condrestart (#481261)
- don't crash when compiled with HAVE_TIMER_CREATE (#486217)


ntp-4.2.4p6-ntpqsprintf.patch:

--- NEW FILE ntp-4.2.4p6-ntpqsprintf.patch ---

#### ChangeSet ####
2009-04-09 04:13:41-04:00, stenn at whimsy.udel.edu 
  [Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159

==== ntpq/ntpq.c ====
2009-04-09 04:13:30-04:00, stenn at whimsy.udel.edu +2 -2
  [Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159

--- 1.65/ntpq/ntpq.c	2006-07-26 00:55:41 -07:00
+++ 1.66/ntpq/ntpq.c	2009-04-09 01:13:30 -07:00
@@ -3185,9 +3185,9 @@ cookedprint(
 				if (!decodeuint(value, &uval))
 				    output_raw = '?';
 				else {
-					char b[10];
+					char b[12];
 
-					(void) sprintf(b, "%03lo", uval);
+					(void) snprintf(b, sizeof b, "%03lo", uval);
 					output(fp, name, b);
 				}
 				break;

ntp-4.2.4p5-sleep.patch:

Index: ntp-4.2.4p5-sleep.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp-4.2.4p5-sleep.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ntp-4.2.4p5-sleep.patch	29 Aug 2008 08:26:04 -0000	1.1
+++ ntp-4.2.4p5-sleep.patch	20 Apr 2009 11:44:54 -0000	1.2
@@ -116,24 +116,40 @@
  
  /*
   * Stats.  Number of overflows and number of calls to transmit().
-@@ -116,6 +117,8 @@ reinit_timer(void)
- 	itimer.it_interval.tv_nsec = 0;
- 	timer_settime(ntpd_timerid, 0 /*!TIMER_ABSTIME*/, &itimer, NULL);
- #  else
+@@ -99,6 +100,8 @@ static	RETSIGTYPE alarming P((int));
+ void 
+ reinit_timer(void)
+ {
 +	get_systime(&timer_base);
-+	return;
- 	getitimer(ITIMER_REAL, &itimer);
- 	if (itimer.it_value.tv_sec < 0 || itimer.it_value.tv_sec > (1<<EVENT_TIMEOUT)) {
- 		itimer.it_value.tv_sec = (1<<EVENT_TIMEOUT);
-@@ -160,6 +163,8 @@ init_timer(void)
++#if 0
+ #if !defined(SYS_WINNT) && !defined(VMS)
+ #  if defined(HAVE_TIMER_CREATE) && defined(HAVE_TIMER_SETTIME)
+ 	timer_gettime(ntpd_timerid, &itimer);
+@@ -132,6 +135,7 @@ reinit_timer(void)
+ 	setitimer(ITIMER_REAL, &itimer, (struct itimerval *)0);
+ #  endif
+ # endif /* VMS */
++#endif
+ }
+ 
+ /*
+@@ -159,6 +163,8 @@ init_timer(void)
+ 	timer_xmtcalls = 0;
  	timer_timereset = 0;
  
- #if !defined(SYS_WINNT)
 +	get_systime(&timer_base);
-+	return;
++#if 0
+ #if !defined(SYS_WINNT)
  	/*
  	 * Set up the alarm interrupt.	The first comes 2**EVENT_TIMEOUT
- 	 * seconds from now and they continue on every 2**EVENT_TIMEOUT
+@@ -242,6 +248,7 @@ init_timer(void)
+ 	}
+ 
+ #endif /* SYS_WINNT */
++#endif
+ }
+ 
+ #if defined(SYS_WINNT)
 @@ -252,6 +257,46 @@ get_timer_handle(void)
  }
  #endif


Index: ntp.dhclient
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp.dhclient,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ntp.dhclient	14 Jan 2009 17:46:22 -0000	1.1
+++ ntp.dhclient	20 Apr 2009 11:44:54 -0000	1.2
@@ -25,32 +25,35 @@
 CONF=/etc/ntp.conf
 SAVECONF=${SAVEDIR}/${CONF##*/}.predhclient.${interface}
 
+ntp_replace_conf() {
+        echo "$1" | diff -q ${CONF} - > /dev/null 2>&1
+        if [ $? -eq 1 ]; then
+            echo "$1" > ${CONF}
+            restorecon ${CONF} >/dev/null 2>&1
+            service ntpd condrestart >/dev/null 2>&1
+        fi
+}
+
 ntp_config() {
     if [ ! "${PEERNTP}" = "no" ] && [ -n "${new_ntp_servers}" ] &&
         [ -e ${CONF} ] && [ -d ${SAVEDIR} ]; then
-        mv -f ${CONF} ${SAVECONF}
+        local conf=$(egrep -v '^server .*  # added by /sbin/dhclient-script$' < ${CONF})
 
-        egrep -v '^server .*  # added by /sbin/dhclient-script$' < ${SAVECONF} > ${CONF}
+        conf=$(echo "$conf"
+            for s in ${new_ntp_servers}; do
+                echo "server ${s}  # added by /sbin/dhclient-script"
+            done)
 
-        diff -q ${CONF} ${SAVECONF} >/dev/null 2>&1
-        if [ $? -eq 1 ]; then
-            rm -f ${SAVECONF}
-            cp -f ${CONF} ${SAVECONF}
-        fi
-
-        for s in ${new_ntp_servers}; do
-            echo "server ${s}  # added by /sbin/dhclient-script" >> ${CONF}
-        done
-
-        restorecon ${CONF} ${SAVECONF} >/dev/null 2>&1
-        service ntpd condrestart >/dev/null 2>&1
+        [ -f ${SAVECONF} ] || touch ${SAVECONF}
+        ntp_replace_conf "$conf"
     fi
 }
 
 ntp_restore() {
-    if [ ! "${PEERNTP}" = "no" ] && [ -f ${SAVECONF} ]; then
-        mv -f ${SAVECONF} ${CONF}
-        restorecon ${CONF} >/dev/null 2>&1
-        service ntpd condrestart >/dev/null 2>&1
+    if [ -e ${CONF} ] && [ -f ${SAVECONF} ]; then
+        local conf=$(egrep -v '^server .*  # added by /sbin/dhclient-script$' < ${CONF})
+
+        ntp_replace_conf "$conf"
+        rm -f ${SAVECONF}
     fi
 }


Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp.spec,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- ntp.spec	26 Feb 2009 06:20:05 -0000	1.87
+++ ntp.spec	20 Apr 2009 11:44:54 -0000	1.88
@@ -1,7 +1,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
 Version: 4.2.4p6
-Release: 3%{?dist}
+Release: 4%{?dist}
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -84,6 +84,8 @@
 Patch26: ntp-4.2.4p5-retryres.patch
 # ntpbz #808
 Patch27: ntp-4.2.4p5-driftonexit.patch
+# ntpbz #1144
+Patch28: ntp-4.2.4p6-ntpqsprintf.patch
 
 URL: http://www.ntp.org
 Requires(post): /sbin/chkconfig
@@ -150,6 +152,7 @@
 %patch25 -p1 -b .rtnetlink
 %patch26 -p1 -b .retryres
 %patch27 -p1 -b .driftonexit
+%patch28 -p1 -b .ntpqsprintf
 
 # clock_gettime needs -lrt
 sed -i.gettime 's|^LIBS = @LIBS@|& -lrt|' ntp{d,q,dc,date}/Makefile.in
@@ -319,6 +322,12 @@
 %{_mandir}/man8/ntpdate.8*
 
 %changelog
+* Mon Apr 20 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p6-4
+- don't restart ntpd in dhclient script with every renewal
+- fix buffer overflow in ntpq (#490617)
+- check status in condrestart (#481261)
+- don't crash when compiled with HAVE_TIMER_CREATE (#486217)
+
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.2.4p6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 


Index: ntpd.init
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntpd.init,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- ntpd.init	29 Feb 2008 14:54:31 -0000	1.27
+++ ntpd.init	20 Apr 2009 11:44:54 -0000	1.28
@@ -74,7 +74,7 @@
 	start
 	;;
   try-restart|condrestart)
-	if [ -f $lockfile ]; then
+	if status $prog > /dev/null; then
 	    stop
 	    start
 	fi

More information about the scm-commits mailing list