diff options
author | Justin M. Forbes <jforbes@redhat.com> | 2015-02-02 14:30:34 -0600 |
---|---|---|
committer | Justin M. Forbes <jforbes@redhat.com> | 2015-02-02 14:30:34 -0600 |
commit | 4a80ec24a49fd8f8807665acd3b3b15996075359 (patch) | |
tree | 8d3c17a5dcb97d4d5ba763903fbfb23ebf25c1e5 | |
parent | 75e1767eb70730973b97fe0a6fdf944fbf8087f3 (diff) | |
download | kernel-4a80ec24a49fd8f8807665acd3b3b15996075359.tar.gz kernel-4a80ec24a49fd8f8807665acd3b3b15996075359.tar.xz kernel-4a80ec24a49fd8f8807665acd3b3b15996075359.zip |
Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)
-rw-r--r-- | 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch | 46 | ||||
-rw-r--r-- | kernel.spec | 11 |
2 files changed, 56 insertions, 1 deletions
diff --git a/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch b/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch new file mode 100644 index 00000000..3d65d372 --- /dev/null +++ b/0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch @@ -0,0 +1,46 @@ +From 1079a4c2288cf33c13d2c6ca3e07d4039b1f39f0 Mon Sep 17 00:00:00 2001 +From: John Stultz <john.stultz@linaro.org> +Date: Mon, 2 Feb 2015 10:57:56 -0800 +Subject: [PATCH] ntp: Fixup adjtimex freq validation on 32bit systems + +Additional validation of adjtimex freq values to avoid +potential multiplication overflows were added in commit +5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values) + +Unfortunately the patch used LONG_MAX/MIN instead of +LLONG_MAX/MIN, which was fine on 64bit systems, but caused +false positives on 32bit systems resulting in most direct +frequency adjustments to fail w/ EINVAL. + +ntpd only does driect frequency adjustments at startup, +so the issue was not easily observed there, but other sync +applications like ptpd and chrony were more effected by +the bug. + +Cc: Sasha Levin <sasha.levin@oracle.com> +Reported-by: Josh Boyer <jwboyer@fedoraproject.org> +Reported-by: George Joseph <george.joseph@fairview5.com> +Signed-off-by: John Stultz <john.stultz@linaro.org> +--- + kernel/time/ntp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c +index 28bf91c..242774d 100644 +--- a/kernel/time/ntp.c ++++ b/kernel/time/ntp.c +@@ -634,9 +634,9 @@ int ntp_validate_timex(struct timex *txc) + return -EPERM; + + if (txc->modes & ADJ_FREQUENCY) { +- if (LONG_MIN / PPM_SCALE > txc->freq) ++ if (LLONG_MIN / PPM_SCALE > txc->freq) + return -EINVAL; +- if (LONG_MAX / PPM_SCALE < txc->freq) ++ if (LLONG_MAX / PPM_SCALE < txc->freq) + return -EINVAL; + } + +-- +1.9.1 + diff --git a/kernel.spec b/kernel.spec index 75f420c3..3f4cdaa0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -42,7 +42,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 200 +%global baserelease 201 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -636,6 +636,9 @@ Patch30001: mpssd-x86-only.patch # rhbz 1183744 1188347 Patch30002: ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch +#rhbz 1188074 +Patch30003: 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch + # END OF PATCH DEFINITIONS %endif @@ -1377,6 +1380,9 @@ ApplyPatch mpssd-x86-only.patch # rhbz 1183744 1188347 ApplyPatch ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch +#rhbz 1188074 +ApplyPatch 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2247,6 +2253,9 @@ fi # ||----w | # || || %changelog +* Mon Feb 02 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 3.18.5-201 +- Fixup adjtimex freq validation on 32bit systems (rhbz 1188074) + * Mon Feb 02 2015 Josh Boyer <jwboyer@fedoraproject.org> - CVE-XXXX-XXX DoS due to routing packets to too many different dsts/too fast (rhbz 1183744 1188347) |