From 5d854355d873702b78ff6aa8c6fddc025c45be2d Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Mon, 25 Nov 2019 16:07:17 -0500 Subject: [PATCH] Uprev ntp to version 4.2.6p5-29.el7 This solves: ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) See the announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006016.html for more details. Here we refresh the meta patches and correct the crime of "name of patch file differs from git format-patch". We also clean up the commit short logs. Change-Id: I263465d85f06096296fdd478a302eb110ab1259c Closes-Bug: 1849197 Depends-On: https://review.opendev.org/#/c/695983 Signed-off-by: Jim Somerville --- .../Fix-ntpq-truncates-IPV6-addresses.patch | 41 +++++++++++++++++++ ...ch-Fix-ntpq-truncates-IPV6-addresses.patch | 37 ----------------- base/ntp/centos/meta_patches/PATCH_ORDER | 2 +- ...te-package-versioning-for-TIS-format.patch | 12 +++--- base/ntp/centos/srpm_path | 2 +- 5 files changed, 50 insertions(+), 44 deletions(-) create mode 100644 base/ntp/centos/meta_patches/Fix-ntpq-truncates-IPV6-addresses.patch delete mode 100644 base/ntp/centos/meta_patches/Include-patch-Fix-ntpq-truncates-IPV6-addresses.patch diff --git a/base/ntp/centos/meta_patches/Fix-ntpq-truncates-IPV6-addresses.patch b/base/ntp/centos/meta_patches/Fix-ntpq-truncates-IPV6-addresses.patch new file mode 100644 index 000000000..283078ed1 --- /dev/null +++ b/base/ntp/centos/meta_patches/Fix-ntpq-truncates-IPV6-addresses.patch @@ -0,0 +1,41 @@ +From fbfbbc827d080370f71a76284dde4dc3dd1d16da Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <536afc9500d65768db35f6ca07c21c490b19bda7.1574708120.git.Jim.Somerville@windriver.com> +References: <536afc9500d65768db35f6ca07c21c490b19bda7.1574708120.git.Jim.Somerville@windriver.com> +From: Kristine Bujold +Date: Tue, 3 Sep 2019 16:18:58 -0400 +Subject: [PATCH 2/2] Fix ntpq truncates IPV6 addresses + +Signed-off-by: Kristine Bujold +Signed-off-by: Jim Somerville +--- + SPECS/ntp.spec | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec +index 84aa1ac..4d32d8c 100644 +--- a/SPECS/ntp.spec ++++ b/SPECS/ntp.spec +@@ -204,6 +204,9 @@ Patch78: ntp-4.2.6p5-netlinknobuf.patch + # add bugs for compatibility with original EL7 ntpstat + Patch100: ntpstat-compat.patch + ++# STX IPV6 ntpq patch ++Patch500: Fix-ntpq-truncates-IPV6-addresses.patch ++ + URL: http://www.ntp.org + Requires(post): systemd-units + Requires(preun): systemd-units +@@ -361,6 +364,9 @@ This package contains NTP documentation in HTML format. + + %patch100 -p1 -b .compat + ++%patch500 -p1 -b .ntpq-truncates-IPV6-addresses ++ ++ + # set default path to sntp KoD database + sed -i 's|/var/db/ntp-kod|%{_localstatedir}/lib/sntp/kod|' sntp/{sntp.1,main.c} + +-- +1.8.3.1 + diff --git a/base/ntp/centos/meta_patches/Include-patch-Fix-ntpq-truncates-IPV6-addresses.patch b/base/ntp/centos/meta_patches/Include-patch-Fix-ntpq-truncates-IPV6-addresses.patch deleted file mode 100644 index cec15ee70..000000000 --- a/base/ntp/centos/meta_patches/Include-patch-Fix-ntpq-truncates-IPV6-addresses.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 44c7f5aa4df30c2ac8eae5a956dc503d7e62e1fd Mon Sep 17 00:00:00 2001 -From: Kristine Bujold -Date: Tue, 3 Sep 2019 16:18:58 -0400 -Subject: [PATCH] Include patch Fix-ntpq-truncates-IPV6-addresses.patch. - -Signed-off-by: Kristine Bujold ---- - SPECS/ntp.spec | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec -index a9ebf30..330d5b0 100644 ---- a/SPECS/ntp.spec -+++ b/SPECS/ntp.spec -@@ -207,6 +207,9 @@ Patch104: ntpstat-0.2-errorbit.patch - # improve man page - Patch105: ntpstat-0.2-manual.patch - -+# STX IPV6 ntpq patch -+Patch500: Fix-ntpq-truncates-IPV6-addresses.patch -+ - URL: http://www.ntp.org - Requires(post): systemd-units - Requires(preun): systemd-units -@@ -366,6 +369,9 @@ This package contains NTP documentation in HTML format. - %patch104 -p1 -b .errorbit - %patch105 -p1 -b .manual - -+%patch500 -p1 -b .ntpq-truncates-IPV6-addresses -+ -+ - # set default path to sntp KoD database - sed -i 's|/var/db/ntp-kod|%{_localstatedir}/lib/sntp/kod|' sntp/{sntp.1,main.c} - --- -1.8.3.1 - diff --git a/base/ntp/centos/meta_patches/PATCH_ORDER b/base/ntp/centos/meta_patches/PATCH_ORDER index 0bfdab01e..dd3f82721 100644 --- a/base/ntp/centos/meta_patches/PATCH_ORDER +++ b/base/ntp/centos/meta_patches/PATCH_ORDER @@ -1,2 +1,2 @@ Update-package-versioning-for-TIS-format.patch -Include-patch-Fix-ntpq-truncates-IPV6-addresses.patch +Fix-ntpq-truncates-IPV6-addresses.patch diff --git a/base/ntp/centos/meta_patches/Update-package-versioning-for-TIS-format.patch b/base/ntp/centos/meta_patches/Update-package-versioning-for-TIS-format.patch index 7b56ad4e4..69d8524a9 100644 --- a/base/ntp/centos/meta_patches/Update-package-versioning-for-TIS-format.patch +++ b/base/ntp/centos/meta_patches/Update-package-versioning-for-TIS-format.patch @@ -1,23 +1,25 @@ -From b7992d01d3ce4ccb51f73e7c1c4e3f4cb9e8e454 Mon Sep 17 00:00:00 2001 +From 536afc9500d65768db35f6ca07c21c490b19bda7 Mon Sep 17 00:00:00 2001 +Message-Id: <536afc9500d65768db35f6ca07c21c490b19bda7.1574708120.git.Jim.Somerville@windriver.com> From: Kristine Bujold Date: Tue, 3 Sep 2019 16:08:25 -0400 -Subject: [PATCH] Update-package-versioning-for-TIS-format +Subject: [PATCH 1/2] Update package versioning for TIS format Signed-off-by: Kristine Bujold +Signed-off-by: Jim Somerville --- SPECS/ntp.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec -index 52ad9aa..a9ebf30 100644 +index 178a961..84aa1ac 100644 --- a/SPECS/ntp.spec +++ b/SPECS/ntp.spec @@ -1,7 +1,7 @@ Summary: The NTP daemon and utilities Name: ntp Version: 4.2.6p5 --Release: 28%{?dist} -+Release: 28.el7.centos%{?_tis_dist}.%{tis_patch_ver} +-Release: 29%{?dist} ++Release: 29.el7.centos%{?_tis_dist}.%{tis_patch_ver} # primary license (COPYRIGHT) : MIT # ElectricFence/ (not used) : GPLv2 # kernel/sys/ppsclock.h (not used) : BSD with advertising diff --git a/base/ntp/centos/srpm_path b/base/ntp/centos/srpm_path index b5e385938..4d0761b8b 100644 --- a/base/ntp/centos/srpm_path +++ b/base/ntp/centos/srpm_path @@ -1 +1 @@ -mirror:Source/ntp-4.2.6p5-28.el7.centos.src.rpm +mirror:Source/ntp-4.2.6p5-29.el7.centos.src.rpm