From ba6829b07a47972676c5b82ee1fc9cbd90a39fce Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Oct 21 2015 08:56:13 +0000
Subject: check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)


---

diff --git a/ntp-4.2.6p5-cve-2015-7704.patch b/ntp-4.2.6p5-cve-2015-7704.patch
new file mode 100644
index 0000000..a3e0d27
--- /dev/null
+++ b/ntp-4.2.6p5-cve-2015-7704.patch
@@ -0,0 +1,12 @@
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.kodtest ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.kodtest	2015-09-24 18:20:19.121981664 +0200
++++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-09-24 18:20:54.596594166 +0200
+@@ -1165,7 +1165,7 @@ receive(
+ 	peer->ppoll = max(peer->minpoll, pkt->ppoll);
+ 	if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
+ 	    hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
+-	    "RATE", 4) == 0) {
++	    "RATE", 4) == 0 && !(peer->flash & PKT_TEST_MASK)) {
+ 		peer->selbroken++;
+ 		report_event(PEVNT_RATE, peer, NULL);
+ 		if (pkt->ppoll > peer->minpoll)
diff --git a/ntp.spec b/ntp.spec
index 5e10aa8..d140274 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -145,6 +145,8 @@ Patch47: ntp-4.2.6p5-cve-2015-5195.patch
 Patch48: ntp-4.2.6p5-cve-2015-5196.patch
 # don't hang in sntp with crafted reply
 Patch49: ntp-4.2.6p5-cve-2015-5219.patch
+# ntpbz #2901
+Patch50: ntp-4.2.6p5-cve-2015-7704.patch
 
 # handle unknown clock types
 Patch100: ntpstat-0.2-clksrc.patch
@@ -291,6 +293,7 @@ This package contains NTP documentation in HTML format.
 %patch47 -p1 -b .cve-2015-5195
 %patch48 -p1 -b .cve-2015-5196
 %patch49 -p1 -b .cve-2015-5219
+%patch50 -p1 -b .cve-2015-7704
 
 # ntpstat patches
 %patch100 -p1 -b .clksrc