update to 3.1.1 (#1979954 CVE-2021-3570 CVE-2021-3571)

Resolves: #1979954 CVE-2021-3570 CVE-2021-3571
This commit is contained in:
Miroslav Lichvar 2021-08-02 15:44:33 +02:00
parent 1ce7e12b45
commit a4f6926468
6 changed files with 172 additions and 11 deletions

6
.gitignore vendored
View File

@ -1,3 +1,3 @@
/linuxptp-3.1.tgz
/linuxptp-testsuite-ff37e2.tar.gz
/clknetsim-c4ccc2.tar.gz
/linuxptp-3.1.1.tgz
/linuxptp-testsuite-c66922.tar.gz
/clknetsim-ce3c4a.tar.gz

22
linuxptp-fclose.patch Normal file
View File

@ -0,0 +1,22 @@
commit e8a82d1b5be2d5bf9450a9acfe44e957b4867870
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Jul 20 11:41:35 2021 +0200
lstab: Close file after reading.
The lstab_read() function opens a file, but doesn't close it after use.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
diff --git a/lstab.c b/lstab.c
index e6e7ad2..0d6a427 100644
--- a/lstab.c
+++ b/lstab.c
@@ -144,6 +144,7 @@ static int lstab_read(struct lstab *lstab, const char *name)
index++;
}
}
+ fclose(fp);
if (!lstab->expiration_utc) {
fprintf(stderr, "missing expiration date in '%s'\n", name);
return -1;

28
linuxptp-manfix.patch Normal file
View File

@ -0,0 +1,28 @@
commit 0b80e32829ca7430be851fc64c4812896ad97c88
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon Jul 19 17:09:01 2021 +0200
Fix quoting in ptp4l man page.
In the groff syntax lines starting with a dot or quote are requests. A
line in the servo_offset_threshold description starts with a quote,
which breaks the output. Move a word to the beginning of the line to fix
it.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
diff --git a/ptp4l.8 b/ptp4l.8
index 7ca3474..a0779ef 100644
--- a/ptp4l.8
+++ b/ptp4l.8
@@ -788,8 +788,8 @@ The default value is 10.
.TP
.B servo_offset_threshold
The offset threshold used in order to transition from the SERVO_LOCKED
-to the SERVO_LOCKED_STABLE state. The transition occurs once the last
-'servo_num_offset_values' offsets are all below the threshold value.
+to the SERVO_LOCKED_STABLE state. The transition occurs once the
+last 'servo_num_offset_values' offsets are all below the threshold value.
The default value of offset_threshold is 0 (disabled).
.TP
.B slave_event_monitor

100
linuxptp-packalign.patch Normal file
View File

@ -0,0 +1,100 @@
commit 25dcf01e340d85bcdbe7b3c24eac7fe1ce7ea0c2
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed Mar 10 17:05:55 2021 +0100
Avoid unaligned pointers to packed members.
This fixes "taking address of packed member ... may result in an
unaligned pointer value [-Waddress-of-packed-member]" warnings from gcc.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
diff --git a/clock.c b/clock.c
index 7005636..f88df58 100644
--- a/clock.c
+++ b/clock.c
@@ -350,6 +350,7 @@ static int clock_management_fill_response(struct clock *c, struct port *p,
struct time_status_np *tsn;
struct tlv_extra *extra;
struct PTPText *text;
+ uint16_t duration;
int datalen = 0;
extra = tlv_extra_alloc();
@@ -452,7 +453,8 @@ static int clock_management_fill_response(struct clock *c, struct port *p,
break;
}
sen = (struct subscribe_events_np *)tlv->data;
- clock_get_subscription(c, req, sen->bitmask, &sen->duration);
+ clock_get_subscription(c, req, sen->bitmask, &duration);
+ memcpy(&sen->duration, &duration, sizeof(sen->duration));
datalen = sizeof(*sen);
break;
case TLV_SYNCHRONIZATION_UNCERTAIN_NP:
diff --git a/msg.c b/msg.c
index c4516ad..dcb397c 100644
--- a/msg.c
+++ b/msg.c
@@ -19,6 +19,7 @@
#include <arpa/inet.h>
#include <errno.h>
#include <malloc.h>
+#include <stdlib.h>
#include <string.h>
#include <time.h>
@@ -36,8 +37,8 @@ int assume_two_step = 0;
struct message_storage {
unsigned char reserved[MSG_HEADROOM];
- struct ptp_message msg;
-} PACKED;
+ struct ptp_message msg __attribute__((aligned (8)));
+};
static TAILQ_HEAD(msg_pool, ptp_message) msg_pool = TAILQ_HEAD_INITIALIZER(msg_pool);
diff --git a/tlv.c b/tlv.c
index 879bb7e..98ef6e1 100644
--- a/tlv.c
+++ b/tlv.c
@@ -67,7 +67,7 @@ static void timestamp_net2host(struct Timestamp *t)
NTOHL(t->nanoseconds);
}
-static uint16_t flip16(uint16_t *p)
+static uint16_t flip16(void *p)
{
uint16_t v;
memcpy(&v, p, sizeof(v));
@@ -76,7 +76,7 @@ static uint16_t flip16(uint16_t *p)
return v;
}
-static int64_t host2net64_unaligned(int64_t *p)
+static int64_t host2net64_unaligned(void *p)
{
int64_t v;
memcpy(&v, p, sizeof(v));
@@ -85,7 +85,7 @@ static int64_t host2net64_unaligned(int64_t *p)
return v;
}
-static int64_t net2host64_unaligned(int64_t *p)
+static int64_t net2host64_unaligned(void *p)
{
int64_t v;
memcpy(&v, p, sizeof(v));
diff --git a/util.h b/util.h
index 41e33d4..739c8fd 100644
--- a/util.h
+++ b/util.h
@@ -57,7 +57,7 @@ const char *ts_str(enum timestamp_type ts);
*/
int addreq(enum transport_type type, struct address *a, struct address *b);
-static inline uint16_t align16(uint16_t *p)
+static inline uint16_t align16(void *p)
{
uint16_t v;
memcpy(&v, p, sizeof(v));

View File

@ -1,9 +1,9 @@
%global _hardened_build 1
%global testsuite_ver ff37e2
%global clknetsim_ver c4ccc2
%global testsuite_ver c66922
%global clknetsim_ver ce3c4a
Name: linuxptp
Version: 3.1
Version: 3.1.1
Release: 5%{?dist}
Summary: PTP implementation for Linux
@ -21,8 +21,14 @@ Source10: https://github.com/mlichvar/linuxptp-testsuite/archive/%{testsuite_ver
# simulator for test suite
Source11: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
# fix quoting in ptp4l man page
Patch7: linuxptp-manfix.patch
# close lstab file after use
Patch8: linuxptp-fclose.patch
# fix handling of zero-length messages
Patch1: linuxptp-zerolength.patch
Patch9: linuxptp-zerolength.patch
# avoid unaligned pointers to packed members
Patch10: linuxptp-packalign.patch
BuildRequires: gcc gcc-c++ make systemd
@ -37,7 +43,10 @@ Supporting legacy APIs and other platforms is not a goal.
%prep
%setup -q -a 10 -a 11 -n %{name}-%{!?gitfullver:%{version}}%{?gitfullver}
%patch1 -p1 -b .zerolength
%patch7 -p1 -b .manfix
%patch8 -p1 -b .fclose
%patch9 -p1 -b .zerolength
%patch10 -p1 -b .packalign
mv linuxptp-testsuite-%{testsuite_ver}* testsuite
mv clknetsim-%{clknetsim_ver}* testsuite/clknetsim
@ -60,6 +69,8 @@ echo 'OPTIONS="-a -r"' > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/phc2sys
echo '.so man8/ptp4l.8' > $RPM_BUILD_ROOT%{_mandir}/man5/ptp4l.conf.5
echo '.so man8/timemaster.8' > $RPM_BUILD_ROOT%{_mandir}/man5/timemaster.conf.5
rm -f configs/snmpd.conf
%check
cd testsuite
# set random seed to get deterministic results

View File

@ -1,3 +1,3 @@
SHA512 (linuxptp-3.1.tgz) = 681a31d988f926ead0a7a1ae57457ef11577ca9f57bc8d344d1b6846b55ec4e69bd642b0d8ecc9bdcb438871d1687b02eabb03bc977d396bb6ae1c4140d5018a
SHA512 (linuxptp-testsuite-ff37e2.tar.gz) = 5d5c4ec2a8ff7955b3c5eb75d5cc03fb1d4ef0e973fbf4f988cd3487d3723bfdaf8908c3c6063f9b7ad12fad8b5c117d2fd88df496d31d3e44d8f6a8fdb53d27
SHA512 (clknetsim-c4ccc2.tar.gz) = d2f71b2036e33ee92cd3590079dac04bc57bf2e9909f11e9ba66cd61c9946e92d2ebbdfd03c359cf39c6c8c07b28557d35fee3cb57eec75f5b1201858aa1d701
SHA512 (linuxptp-3.1.1.tgz) = c3c40987fe68480a8473097ebc3c506fb4f8f3b6456bbe637b2b3cb0b3e0182f1513b511fdc04b3607d5f7d8bd1bd22502bb86eb13f9fa4fa63a3331846b33ec
SHA512 (linuxptp-testsuite-c66922.tar.gz) = 1cf30348bb72768e4de59c363f57b56257b01e5306e27b3d243418572ebfbf324c4cc9cb4f74cac04f8408223b501105aeec70a509cf76ae8e0945a01bc70dd6
SHA512 (clknetsim-ce3c4a.tar.gz) = 2cc17cbb0a45ffc17cd79027e433afb727e712d9ea77c5f87b71fe170df1f7c99a25fca16619d34f3627b588427077ffbdc566ac45eb789eae86293aca573c56