From 10a3ac2c54acc6b1e85a24d3d0d6a27b3f02b615 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Mon, 11 Nov 2024 15:56:30 +0800 Subject: [PATCH 1/3] [BUG]update to chrony-4.5-2.src.rpm to #11802 update to chrony-4.5-2.src.rpm for bugfix Signed-off-by: Jacob Wang --- chrony-cmac.patch | 56 +++++++++++++++++++++++++++++ chrony-reload.patch | 86 +++++++++++++++++++++++++++++++++++++++++++++ chrony.spec | 23 ++++++------ dist | 2 +- 4 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 chrony-cmac.patch create mode 100644 chrony-reload.patch diff --git a/chrony-cmac.patch b/chrony-cmac.patch new file mode 100644 index 0000000..b8884d3 --- /dev/null +++ b/chrony-cmac.patch @@ -0,0 +1,56 @@ +commit 8eb5dd54efd13aa0209aea38dbad2a7904377f75 +Author: Miroslav Lichvar +Date: Tue Sep 17 13:00:43 2024 +0200 + + configure: enable AES-CMAC using gnutls + + Allow gnutls to be used for AES-CMAC when nettle doesn't support it + without switching also hashing. + +diff --git a/configure b/configure +index eefe5de8..0fb3aa38 100755 +--- a/configure ++++ b/configure +@@ -937,14 +937,26 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_gnutls = "1" ]; + HASH_LINK="$test_link" + MYCPPFLAGS="$MYCPPFLAGS $test_cflags" + add_def FEAT_SECHASH ++ fi ++fi + +- if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \ +- 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);' +- then +- add_def HAVE_CMAC +- EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o" +- EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o" +- fi ++if [ $feat_sechash = "1" ] && [ $try_gnutls = "1" ] && ++ ! grep '#define HAVE_CMAC' config.h > /dev/null; then ++ if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then ++ test_cflags="" ++ test_link="" ++ else ++ test_cflags="`pkg_config --cflags gnutls`" ++ test_link="`pkg_config --libs gnutls`" ++ fi ++ if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \ ++ 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);' ++ then ++ add_def HAVE_CMAC ++ EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o" ++ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o" ++ LIBS="$LIBS $test_link" ++ MYCPPFLAGS="$MYCPPFLAGS $test_cflags" + fi + fi + +@@ -978,7 +990,7 @@ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS $HASH_OBJ" + LIBS="$LIBS $HASH_LINK" + + if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then +- if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then ++ if echo "$HASH_OBJ $EXTRA_OBJECTS" | grep "_gnutls\.o" > /dev/null; then + test_cflags="" + test_link="" + else diff --git a/chrony-reload.patch b/chrony-reload.patch new file mode 100644 index 0000000..b8ac742 --- /dev/null +++ b/chrony-reload.patch @@ -0,0 +1,86 @@ +commit f49be7f06343ee27fff2950937d7f6742f53976f +Author: Miroslav Lichvar +Date: Tue Mar 12 14:30:27 2024 +0100 + + conf: don't load sourcedir during initstepslew and RTC init + + If the reload sources command was received in the chronyd start-up + sequence with initstepslew and/or RTC init (-s option), the sources + loaded from sourcedirs caused a crash due to failed assertion after + adding sources specified in the config. + + Ignore the reload sources command until chronyd enters the normal + operation mode. + + Fixes: 519796de3756 ("conf: add sourcedirs directive") + +diff --git a/conf.c b/conf.c +index 6eae11c9..8849bdce 100644 +--- a/conf.c ++++ b/conf.c +@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources; + static ARR_Instance ntp_source_dirs; + /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */ + static ARR_Instance ntp_source_ids; ++/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */ ++static int conf_ntp_sources_added = 0; + + /* Array of RefclockParameters */ + static ARR_Instance refclock_sources; +@@ -1689,8 +1691,12 @@ reload_source_dirs(void) + NSR_Status s; + int d, pass; + ++ /* Ignore reload command before adding configured sources */ ++ if (!conf_ntp_sources_added) ++ return; ++ + prev_size = ARR_GetSize(ntp_source_ids); +- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size) ++ if (ARR_GetSize(ntp_sources) != prev_size) + assert(0); + + /* Save the current sources and their configuration IDs */ +@@ -1859,7 +1865,10 @@ CNF_AddSources(void) + Free(source->params.name); + } + ++ /* The arrays will be used for sourcedir (re)loading */ + ARR_SetSize(ntp_sources, 0); ++ ARR_SetSize(ntp_source_ids, 0); ++ conf_ntp_sources_added = 1; + + reload_source_dirs(); + } +diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload +new file mode 100755 +index 00000000..cf7924b8 +--- /dev/null ++++ b/test/simulation/203-initreload +@@ -0,0 +1,26 @@ ++#!/usr/bin/env bash ++ ++. ./test.common ++ ++check_config_h 'FEAT_CMDMON 1' || test_skip ++ ++# Test fix "conf: don't load sourcedir during initstepslew and RTC init" ++ ++test_start "reload during initstepslew" ++ ++client_conf="initstepslew 5 192.168.123.1 ++sourcedir tmp" ++client_server_conf="#" ++chronyc_conf="reload sources" ++chronyc_start=4 ++ ++echo 'server 192.168.123.1' > tmp/sources.sources ++ ++run_test || test_fail ++check_chronyd_exit || test_fail ++check_source_selection || test_fail ++check_sync || test_fail ++ ++check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail ++ ++test_pass diff --git a/chrony.spec b/chrony.spec index 83e9adb..0e70e5b 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,5 +1,3 @@ -%define anolis_release .0.2 -%global vendorzone ntp.aliyun.com %global _hardened_build 1 %global clknetsim_ver 5d1dc0 %global ntp2chrony_ver 233b75 @@ -8,7 +6,7 @@ Name: chrony Version: 4.5 -Release: 1%{anolis_release}%{?dist} +Release: 2%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -36,6 +34,10 @@ Patch2: chrony-service-helper.patch Patch3: chrony-defconfig.patch # fix serverstats to correctly count authenticated packets Patch4: chrony-serverstats.patch +# fix crash on reload command during start +Patch5: chrony-reload.patch +# enable AES-CMAC support using gnutls (but keep nettle for hashing) +Patch6: chrony-cmac.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x @@ -73,6 +75,8 @@ service to other computers in the network. %patch2 -p1 -b .service-helper %patch3 -p1 -b .defconfig %patch4 -p1 -b .serverstats +%patch5 -p1 +%patch6 -p1 -b .cmac %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} @@ -94,7 +98,7 @@ test -n "%{vendorzone}" # - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) # - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata # - enable keyfile -sed -e 's|^\(pool \)\(pool.ntp.org\)|\1%{vendorzone}|' \ +sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ -e 's|#\(leapsectz\)|\1|' \ -e 's|#\(keyfile\)|\1|' \ < examples/chrony.conf.example2 > chrony.conf @@ -170,9 +174,6 @@ echo 'chronyd.service' > \ %check # set random seed to get deterministic results export CLKNETSIM_RANDOM_SEED=24502 -%ifarch loongarch64 -rm -rf test/simulation/106* test/simulation/133* -%endif make %{?_smp_mflags} -C test/simulation/clknetsim make quickcheck @@ -224,11 +225,9 @@ fi %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Thu Jul 11 2024 Wenlong Zhang - 4.5-1.0.2 -- skip test error for loongarch64 - -* Tue Jun 25 2024 Weitao Zhou 4.5-1.0.1 -- Fix unavailable time server for Anolis OS +* Wed Sep 18 2024 Miroslav Lichvar 4.5-2.el8_10 +- fix crash on reload command during start (RHEL-59112) +- enable AES-CMAC support using gnutls (RHEL-59032) * Wed Jan 10 2024 Miroslav Lichvar 4.5-1 - update to 4.5 (RHEL-21069 RHEL-10701) diff --git a/dist b/dist index 9c0e36e..1fe92cf 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8 +an8_10 -- Gitee From 803257c7ebd28f874dfb1fde2b667e33a9d31f90 Mon Sep 17 00:00:00 2001 From: weitao zhou Date: Thu, 5 Aug 2021 20:36:01 +0800 Subject: [PATCH 2/3] Fix unavailable time server for Anolis OS Signed-off-by: yunqi-zwt Signed-off-by: ZhouWeitao --- chrony.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/chrony.spec b/chrony.spec index 0e70e5b..f8b5b84 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,3 +1,5 @@ +%define anolis_release .0.1 +%global vendorzone ntp.aliyun.com %global _hardened_build 1 %global clknetsim_ver 5d1dc0 %global ntp2chrony_ver 233b75 @@ -6,7 +8,7 @@ Name: chrony Version: 4.5 -Release: 2%{?dist} +Release: 2%{anolis_release}%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -98,7 +100,7 @@ test -n "%{vendorzone}" # - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) # - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata # - enable keyfile -sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ +sed -e 's|^\(pool \)\(pool.ntp.org\)|\1%{vendorzone}|' \ -e 's|#\(leapsectz\)|\1|' \ -e 's|#\(keyfile\)|\1|' \ < examples/chrony.conf.example2 > chrony.conf @@ -225,6 +227,9 @@ fi %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Mon Nov 11 2024 Weitao Zhou 4.5-2.0.1 +- Fix unavailable time server for Anolis OS + * Wed Sep 18 2024 Miroslav Lichvar 4.5-2.el8_10 - fix crash on reload command during start (RHEL-59112) - enable AES-CMAC support using gnutls (RHEL-59032) -- Gitee From d8827ca9e212f325a9e55a7597472f4db20fe528 Mon Sep 17 00:00:00 2001 From: Wenlong Zhang Date: Thu, 11 Jul 2024 11:50:12 +0800 Subject: [PATCH 3/3] skip test error for loongarch64 --- chrony.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/chrony.spec b/chrony.spec index f8b5b84..e26db3e 100644 --- a/chrony.spec +++ b/chrony.spec @@ -176,6 +176,9 @@ echo 'chronyd.service' > \ %check # set random seed to get deterministic results export CLKNETSIM_RANDOM_SEED=24502 +%ifarch loongarch64 +rm -rf test/simulation/106* test/simulation/133* +%endif make %{?_smp_mflags} -C test/simulation/clknetsim make quickcheck @@ -229,6 +232,7 @@ fi %changelog * Mon Nov 11 2024 Weitao Zhou 4.5-2.0.1 - Fix unavailable time server for Anolis OS +- skip test error for loongarch64 (zhangwenlong@loongson.cn) * Wed Sep 18 2024 Miroslav Lichvar 4.5-2.el8_10 - fix crash on reload command during start (RHEL-59112) -- Gitee