diff --git a/Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch b/Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch deleted file mode 100644 index a3866a50a22a486faee2554ac1dcbb9de8d21a11..0000000000000000000000000000000000000000 --- a/Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sat, 31 Jul 2021 10:51:41 -0700 -Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc - -In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which -could mean different stack sizes at runtime on different architectures -and it also causes compile failure. Default glibc thread stack size -or 64Kb set by ntp should be good in glibc these days. - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - libntp/work_thread.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libntp/work_thread.c b/libntp/work_thread.c -index 03a5647..3ddd751 100644 ---- a/libntp/work_thread.c -+++ b/libntp/work_thread.c -@@ -41,7 +41,7 @@ - #ifndef THREAD_MINSTACKSIZE - # define THREAD_MINSTACKSIZE (64U * 1024) - #endif --#ifndef __sun -+#if !defined(__sun) && !defined(__GLIBC__) - #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN - # undef THREAD_MINSTACKSIZE - # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN --- -2.32.0 diff --git a/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch b/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch deleted file mode 100644 index 7f4f3d740e41fe65cfedb5f9cdfddcca730b0ccb..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch +++ /dev/null @@ -1,167 +0,0 @@ -From ebd64fcbd4f3858b6986ff1a048e3467d96841ab Mon Sep 17 00:00:00 2001 -From: Harlen Stenn -Date: Sat, 13 May 2023 05:23:33 UTC -Subject: [PATCH] mstolfp:make sure the buffer has enough room for the input extra characters - -Conflict:NA -Reference:https://www.eecis.udel.edu/~ntp/ntp_spool//ntp4/ntp-4.2.8p15-3806-3807.patch - -CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 are marked identical to CVE-2023-26551 -https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1 - ---- - include/ntp_fp.h | 4 +- - libntp/mstolfp.c | 109 +++++++++++++++------------------------- - 2 files changed, 42 insertions(+), 71 deletions(-) - -diff --git a/include/ntp_fp.h b/include/ntp_fp.h -index afd1f82..fe6e390 100644 ---- a/include/ntp_fp.h -+++ b/include/ntp_fp.h -@@ -195,9 +195,9 @@ typedef u_int32 u_fp; - do { \ - int32 add_f = (int32)(f); \ - if (add_f >= 0) \ -- M_ADD((r_i), (r_f), 0, (uint32)( add_f)); \ -+ M_ADD((r_i), (r_f), 0, (u_int32)( add_f)); \ - else \ -- M_SUB((r_i), (r_f), 0, (uint32)(-add_f)); \ -+ M_SUB((r_i), (r_f), 0, (u_int32)(-add_f)); \ - } while(0) - - #define M_ISNEG(v_i) /* v < 0 */ \ -diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c -index 3dfc4ef..a428d17 100644 ---- a/libntp/mstolfp.c -+++ b/libntp/mstolfp.c -@@ -14,86 +14,57 @@ mstolfp( - l_fp *lfp - ) - { -- register const char *cp; -- register char *bp; -- register const char *cpdec; -- char buf[100]; -+ int ch, neg = 0; -+ u_int32 q, r; - - /* - * We understand numbers of the form: - * - * [spaces][-|+][digits][.][digits][spaces|\n|\0] - * -- * This is one enormous hack. Since I didn't feel like -- * rewriting the decoding routine for milliseconds, what -- * is essentially done here is to make a copy of the string -- * with the decimal moved over three places so the seconds -- * decoding routine can be used. -+ * This is kinda hack. We use 'atolfp' to do the basic parsing -+ * (after some initial checks) and then divide the result by -+ * 1000. The original implementation avoided that by -+ * hacking up the input string to move the decimal point, but -+ * that needed string manipulations prone to buffer overruns. -+ * To avoid that trouble we do the conversion first and adjust -+ * the result. - */ -- bp = buf; -- cp = str; -- while (isspace((unsigned char)*cp)) -- cp++; -- -- if (*cp == '-' || *cp == '+') { -- *bp++ = *cp++; -- } -- -- if (*cp != '.' && !isdigit((unsigned char)*cp)) -- return 0; -- -- -- /* -- * Search forward for the decimal point or the end of the string. -- */ -- cpdec = cp; -- while (isdigit((unsigned char)*cpdec)) -- cpdec++; - -- /* -- * Found something. If we have more than three digits copy the -- * excess over, else insert a leading 0. -- */ -- if ((cpdec - cp) > 3) { -- do { -- *bp++ = (char)*cp++; -- } while ((cpdec - cp) > 3); -- } else { -- *bp++ = '0'; -+ while (isspace(ch = *(const unsigned char*)str)) -+ ++str; -+ switch (ch) { -+ case '-': neg = TRUE; -+ case '+': ++str; -+ default : break; - } - -- /* -- * Stick the decimal in. If we've got less than three digits in -- * front of the millisecond decimal we insert the appropriate number -- * of zeros. -- */ -- *bp++ = '.'; -- if ((cpdec - cp) < 3) { -- size_t i = 3 - (cpdec - cp); -- do { -- *bp++ = '0'; -- } while (--i > 0); -- } -+ if (!isdigit(ch = *(const unsigned char*)str) && (ch != '.')) -+ return 0; -+ if (!atolfp(str, lfp)) -+ return 0; - -- /* -- * Copy the remainder up to the millisecond decimal. If cpdec -- * is pointing at a decimal point, copy in the trailing number too. -+ /* now do a chained/overlapping division by 1000 to get from -+ * seconds to msec. 1000 is small enough to go with temporary -+ * 32bit accus for Q and R. - */ -- while (cp < cpdec) -- *bp++ = (char)*cp++; -- -- if (*cp == '.') { -- cp++; -- while (isdigit((unsigned char)*cp)) -- *bp++ = (char)*cp++; -- } -- *bp = '\0'; -+ q = lfp->l_ui / 1000u; -+ r = lfp->l_ui - (q * 1000u); -+ lfp->l_ui = q; - -- /* -- * Check to make sure the string is properly terminated. If -- * so, give the buffer to the decoding routine. -- */ -- if (*cp != '\0' && !isspace((unsigned char)*cp)) -- return 0; -- return atolfp(buf, lfp); -+ r = (r << 16) | (lfp->l_uf >> 16); -+ q = r / 1000u; -+ r = ((r - q * 1000) << 16) | (lfp->l_uf & 0x0FFFFu); -+ lfp->l_uf = q << 16; -+ q = r / 1000; -+ lfp->l_uf |= q; -+ r -= q * 1000u; -+ -+ /* fix sign */ -+ if (neg) -+ L_NEG(lfp); -+ /* round */ -+ if (r >= 500) -+ L_ADDF(lfp, (neg ? -1 : 1)); -+ return 1; - } --- -2.33.0 - - diff --git a/backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch b/backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch deleted file mode 100644 index b28b09d4dc2b281fc421e9c3c10c747afa19419e..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 1e6893546c526c0961930b6b60a6aba42692dba9 Mon Sep 17 00:00:00 2001 -From: Harlan Stenn -Date: Sat, 13 May 2023 05:23:33 UTC -Subject: [PATCH] refclock_palisade:fix an out-of-bounds write in praecis_parse - -Conflict:NA -Reference:https://www.eecis.udel.edu/~ntp/ntp_spool//ntp4/ntp-4.2.8p15-3806-3807.patch - ---- - ntpd/refclock_palisade.c | 50 ++++++++++++++++++++++++++++++++++------ - 1 file changed, 43 insertions(+), 7 deletions(-) - -diff --git a/ntpd/refclock_palisade.c b/ntpd/refclock_palisade.c -index cb68255..66bfbc8 100644 ---- a/ntpd/refclock_palisade.c -+++ b/ntpd/refclock_palisade.c -@@ -1225,9 +1225,9 @@ palisade_poll ( - return; /* using synchronous packet input */ - - if(up->type == CLK_PRAECIS) { -- if(write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) -+ if (write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) { - msyslog(LOG_ERR, "Palisade(%d) write: %m:",unit); -- else { -+ } else { - praecis_msg = 1; - return; - } -@@ -1249,20 +1249,53 @@ praecis_parse ( - - pp = peer->procptr; - -- memcpy(buf+p,rbufp->recv_space.X_recv_buffer, rbufp->recv_length); -+ if (p + rbufp->recv_length >= sizeof buf) { -+ struct palisade_unit *up; -+ up = pp->unitptr; -+ -+ /* -+ * We COULD see if there is a \r\n in the incoming -+ * buffer before it overflows, and then process the -+ * current line. -+ * -+ * Similarly, if we already have a hunk of data that -+ * we're now flushing, that will cause the line of -+ * data we're in the process of collecting to be garbage. -+ * -+ * Since we now check for this overflow and log when it -+ * happens, we're now in a better place to easily see -+ * what's going on and perhaps better choices can be made. -+ */ -+ -+ /* Do we need to log the size of the overflow? */ -+ msyslog(LOG_ERR, "Palisade(%d) praecis_parse(): input buffer overflow", -+ up->unit); -+ -+ p = 0; -+ praecis_msg = 0; -+ -+ refclock_report(peer, CEVNT_BADREPLY); -+ -+ return; -+ } -+ -+ memcpy(buf+p, rbufp->recv_buffer, rbufp->recv_length); - p += rbufp->recv_length; - -- if(buf[p-2] == '\r' && buf[p-1] == '\n') { -+ if ( p >= 2 -+ && buf[p-2] == '\r' -+ && buf[p-1] == '\n') { - buf[p-2] = '\0'; - record_clock_stats(&peer->srcadr, buf); - - p = 0; - praecis_msg = 0; - -- if (HW_poll(pp) < 0) -+ if (HW_poll(pp) < 0) { - refclock_report(peer, CEVNT_FAULT); -- -+ } - } -+ return; - } - - static void -@@ -1407,7 +1440,10 @@ HW_poll ( - - /* Edge trigger */ - if (up->type == CLK_ACUTIME) -- write (pp->io.fd, "", 1); -+ if (write (pp->io.fd, "", 1) != 1) -+ msyslog(LOG_WARNING, -+ "Palisade(%d) HW_poll: failed to send trigger: %m", -+ up->unit); - - if (ioctl(pp->io.fd, TIOCMSET, &x) < 0) { - #ifdef DEBUG --- -2.33.0 - - diff --git a/bugfix-fix-ifindex-length.patch b/bugfix-fix-ifindex-length.patch index 74322e23a031defd1b8727d4e1ff9a3d24e91673..d36b3018eb35b665a3b04bcd10e5f5d6e515d6a4 100644 --- a/bugfix-fix-ifindex-length.patch +++ b/bugfix-fix-ifindex-length.patch @@ -1,5 +1,5 @@ ---- ntp-4.2.6p5/lib/isc/unix/interfaceiter.c.orig 2018-10-15 15:16:00.414796346 +0800 -+++ ntp-4.2.6p5/lib/isc/unix/interfaceiter.c 2018-10-15 15:16:26.605794341 +0800 +--- a/libntp/lib/isc/unix/interfaceiter.c 2018-10-15 15:16:00.414796346 +0800 ++++ a/libntp/lib/isc/unix/interfaceiter.c 2018-10-15 15:16:26.605794341 +0800 @@ -151,7 +151,7 @@ get_addr(unsigned int family, isc_netadd #ifdef __linux diff --git a/fix-multiple-defination-with-gcc-10.patch b/fix-multiple-defination-with-gcc-10.patch deleted file mode 100644 index cf0a9fddc76ff0f50c322941fc679f72c4afc074..0000000000000000000000000000000000000000 --- a/fix-multiple-defination-with-gcc-10.patch +++ /dev/null @@ -1,155 +0,0 @@ -From bac29f25f063d3a2a87f2b824179df6fbd54334f Mon Sep 17 00:00:00 2001 -From: renmingshuai -Date: Fri, 30 Jul 2021 22:26:26 +0800 -Subject: [PATCH] Fix multiple defination with gcc 10 - ---- - sntp/tests/run-crypto.c | 2 +- - sntp/tests/run-keyFile.c | 2 +- - sntp/tests/run-kodDatabase.c | 2 +- - sntp/tests/run-kodFile.c | 2 +- - sntp/tests/run-networking.c | 2 +- - sntp/tests/run-packetHandling.c | 2 +- - sntp/tests/run-packetProcessing.c | 2 +- - sntp/tests/run-t-log.c | 2 +- - sntp/tests/run-utilities.c | 2 +- - tests/libntp/test-libntp.h | 5 ++++- - 10 files changed, 13 insertions(+), 10 deletions(-) - -diff --git a/sntp/tests/run-crypto.c b/sntp/tests/run-crypto.c -index a486f86..5d7d02e 100644 ---- a/sntp/tests/run-crypto.c -+++ b/sntp/tests/run-crypto.c -@@ -57,7 +57,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-keyFile.c b/sntp/tests/run-keyFile.c -index 5b25519..4321002 100644 ---- a/sntp/tests/run-keyFile.c -+++ b/sntp/tests/run-keyFile.c -@@ -55,7 +55,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-kodDatabase.c b/sntp/tests/run-kodDatabase.c -index 67b7fc2..b591a0b 100644 ---- a/sntp/tests/run-kodDatabase.c -+++ b/sntp/tests/run-kodDatabase.c -@@ -58,7 +58,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-kodFile.c b/sntp/tests/run-kodFile.c -index a3af218..96d0075 100644 ---- a/sntp/tests/run-kodFile.c -+++ b/sntp/tests/run-kodFile.c -@@ -56,7 +56,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-networking.c b/sntp/tests/run-networking.c -index 1c1364f..3e1b4cd 100644 ---- a/sntp/tests/run-networking.c -+++ b/sntp/tests/run-networking.c -@@ -48,7 +48,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-packetHandling.c b/sntp/tests/run-packetHandling.c -index 7790b20..c58380c 100644 ---- a/sntp/tests/run-packetHandling.c -+++ b/sntp/tests/run-packetHandling.c -@@ -64,7 +64,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-packetProcessing.c b/sntp/tests/run-packetProcessing.c -index c91a6d3..221c88c 100644 ---- a/sntp/tests/run-packetProcessing.c -+++ b/sntp/tests/run-packetProcessing.c -@@ -68,7 +68,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-t-log.c b/sntp/tests/run-t-log.c -index 268bf41..cd835bc 100644 ---- a/sntp/tests/run-t-log.c -+++ b/sntp/tests/run-t-log.c -@@ -50,7 +50,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/sntp/tests/run-utilities.c b/sntp/tests/run-utilities.c -index f717882..98d9bf1 100644 ---- a/sntp/tests/run-utilities.c -+++ b/sntp/tests/run-utilities.c -@@ -58,7 +58,7 @@ void resetTest(void) - setUp(); - } - --char const *progname; -+extern char const *progname; - - - //=======MAIN===== -diff --git a/tests/libntp/test-libntp.h b/tests/libntp/test-libntp.h -index 93050b3..2f386f6 100644 ---- a/tests/libntp/test-libntp.h -+++ b/tests/libntp/test-libntp.h -@@ -1,3 +1,5 @@ -+#ifndef TEST_LIBNTP_H -+#define TEST_LIBNTP_H - #include "config.h" - - #include "ntp_stdlib.h" -@@ -5,4 +7,5 @@ - - time_t timefunc(time_t *ptr); - void settime(int y, int m, int d, int H, int M, int S); --time_t nowtime; -+extern time_t nowtime; -+#endif --- -1.8.3.1 - diff --git a/modify-DSA-key-generation-parameters-base-on-openssl3.patch b/modify-DSA-key-generation-parameters-base-on-openssl3.patch deleted file mode 100644 index 515da046c78188f84ba3ab9f3ae169764863e7db..0000000000000000000000000000000000000000 --- a/modify-DSA-key-generation-parameters-base-on-openssl3.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0494312d943d70f45e45e8e41f659318e88c8e52 Mon Sep 17 00:00:00 2001 -From: chengyechun -Date: Tue, 14 Mar 2023 15:16:47 +0800 -Subject: [PATCH] modify DSA key generation parameters base on openssl3 - ---- - util/ntp-keygen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c -index eb2cb34..732c073 100644 ---- a/util/ntp-keygen.c -+++ b/util/ntp-keygen.c -@@ -121,7 +121,7 @@ - #define MD5SIZE 20 /* maximum key size */ - #ifdef AUTOKEY - #define PLEN 512 /* default prime modulus size (bits) */ --#define ILEN 256 /* default identity modulus size (bits) */ -+#define ILEN 512 /* default identity modulus size (bits) */ - #define MVMAX 100 /* max MV parameters */ - - /* --- -2.27.0 - diff --git a/ntp-4.2.8p15.tar.gz b/ntp-4.2.8p17.tar.gz similarity index 48% rename from ntp-4.2.8p15.tar.gz rename to ntp-4.2.8p17.tar.gz index 92b5d91c98a5c94483efb6db20c3714357a7fe17..92894e4ba38c555411cb31fa48a3682cc3e8784e 100644 Binary files a/ntp-4.2.8p15.tar.gz and b/ntp-4.2.8p17.tar.gz differ diff --git a/ntp.spec b/ntp.spec index d6b4302c4e9dd45071f396df5a8f15e7566d6c47..6181d58f31c447adc72bd9353230cea2c302c74a 100644 --- a/ntp.spec +++ b/ntp.spec @@ -1,8 +1,8 @@ %global _hardened_build 1 Name: ntp -Version: 4.2.8p15 -Release: 11 +Version: 4.2.8p17 +Release: 1 Summary: A protocol designed to synchronize the clocks of computers over a network License: MIT and BSD and BSD with advertising URL: https://www.ntp.org/ @@ -23,13 +23,8 @@ Source16: sntp.sysconfig Patch1: ntp-ssl-libs.patch Patch2: bugfix-fix-bind-port-in-debug-mode.patch Patch3: bugfix-fix-ifindex-length.patch -Patch4: fix-multiple-defination-with-gcc-10.patch -Patch5: Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch -Patch6: fix-MD5-manpage.patch -Patch7: modify-DSA-key-generation-parameters-base-on-openssl3.patch -Patch8: backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch -Patch9: backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch -Patch10: backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch +Patch4: fix-MD5-manpage.patch +Patch5: backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch BuildRequires: libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel BuildRequires: autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser @@ -212,6 +207,12 @@ make check %{_mandir}/man8/*.8* %changelog +* Fri Jul 21 2023 chengyechun - 4.2.8p17-1 +- Type:enhancement +- ID: +- SUG:NA +- DESC:update to 4.2.8p17 + * Wed Jun 21 2023 chengyechun - 4.2.8p15-11 - Type:bugfix - ID: