mlichvar pushed to ntp (f21). "don't drop packets with source port below 123"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 8 11:46:45 UTC 2015
>From cb8d1e4707e00167276866d9ff11ea692d9bc49b Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar at redhat.com>
Date: Thu, 26 Feb 2015 15:31:22 +0100
Subject: don't drop packets with source port below 123
diff --git a/ntp-4.2.6p5-sourceport.patch b/ntp-4.2.6p5-sourceport.patch
new file mode 100644
index 0000000..ef3fb10
--- /dev/null
+++ b/ntp-4.2.6p5-sourceport.patch
@@ -0,0 +1,12 @@
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport 2015-02-06 16:43:27.857879763 +0100
++++ ntp-4.2.6p5/ntpd/ntp_proto.c 2015-02-06 16:43:56.446879712 +0100
+@@ -334,7 +334,7 @@ receive(
+ * reveals a clogging attack.
+ */
+ sys_received++;
+- if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
++ if (SRCPORT(&rbufp->recv_srcadr) == 0) {
+ sys_badlength++;
+ return; /* bogus port */
+ }
diff --git a/ntp.spec b/ntp.spec
index 4648a2a..90833cc 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -107,6 +107,8 @@ Patch27: ntp-4.2.6p5-cve-2014-9296.patch
Patch28: ntp-4.2.6p5-cve-2014-9297.patch
# ntpbz #2672
Patch29: ntp-4.2.6p5-cve-2014-9298.patch
+# ntpbz #2174
+Patch30: ntp-4.2.6p5-sourceport.patch
# handle unknown clock types
Patch50: ntpstat-0.2-clksrc.patch
@@ -229,6 +231,7 @@ This package contains NTP documentation in HTML format.
%patch27 -p1 -b .cve-2014-9296
%patch28 -p1 -b .cve-2014-9297
%patch29 -p1 -b .cve-2014-9298
+%patch30 -p1 -b .sourceport
# ntpstat patches
%patch50 -p1 -b .clksrc
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/ntp.git/commit/?h=f21&id=cb8d1e4707e00167276866d9ff11ea692d9bc49b
More information about the scm-commits
mailing list