diff --git a/.chrony.metadata b/.chrony.metadata new file mode 100644 index 0000000..59f2c95 --- /dev/null +++ b/.chrony.metadata @@ -0,0 +1,2 @@ +4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz +e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz diff --git a/.gitignore b/.gitignore index a1b6ce7..55ba819 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/chrony-4.5.tar.gz -SOURCES/clknetsim-5d1dc0.tar.gz +SOURCES/clknetsim-5d1dc0.tar.gz \ No newline at end of file diff --git a/SOURCES/chrony-cmac.patch b/SOURCES/chrony-cmac.patch new file mode 100644 index 0000000..b8884d3 --- /dev/null +++ b/SOURCES/chrony-cmac.patch @@ -0,0 +1,56 @@ +commit 8eb5dd54efd13aa0209aea38dbad2a7904377f75 +Author: Miroslav Lichvar +Date: Tue Sep 17 13:00:43 2024 +0200 + + configure: enable AES-CMAC using gnutls + + Allow gnutls to be used for AES-CMAC when nettle doesn't support it + without switching also hashing. + +diff --git a/configure b/configure +index eefe5de8..0fb3aa38 100755 +--- a/configure ++++ b/configure +@@ -937,14 +937,26 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_gnutls = "1" ]; + HASH_LINK="$test_link" + MYCPPFLAGS="$MYCPPFLAGS $test_cflags" + add_def FEAT_SECHASH ++ fi ++fi + +- if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \ +- 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);' +- then +- add_def HAVE_CMAC +- EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o" +- EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o" +- fi ++if [ $feat_sechash = "1" ] && [ $try_gnutls = "1" ] && ++ ! grep '#define HAVE_CMAC' config.h > /dev/null; then ++ if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then ++ test_cflags="" ++ test_link="" ++ else ++ test_cflags="`pkg_config --cflags gnutls`" ++ test_link="`pkg_config --libs gnutls`" ++ fi ++ if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \ ++ 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);' ++ then ++ add_def HAVE_CMAC ++ EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o" ++ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o" ++ LIBS="$LIBS $test_link" ++ MYCPPFLAGS="$MYCPPFLAGS $test_cflags" + fi + fi + +@@ -978,7 +990,7 @@ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS $HASH_OBJ" + LIBS="$LIBS $HASH_LINK" + + if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then +- if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then ++ if echo "$HASH_OBJ $EXTRA_OBJECTS" | grep "_gnutls\.o" > /dev/null; then + test_cflags="" + test_link="" + else diff --git a/SOURCES/chrony-reload.patch b/SOURCES/chrony-reload.patch new file mode 100644 index 0000000..b8ac742 --- /dev/null +++ b/SOURCES/chrony-reload.patch @@ -0,0 +1,86 @@ +commit f49be7f06343ee27fff2950937d7f6742f53976f +Author: Miroslav Lichvar +Date: Tue Mar 12 14:30:27 2024 +0100 + + conf: don't load sourcedir during initstepslew and RTC init + + If the reload sources command was received in the chronyd start-up + sequence with initstepslew and/or RTC init (-s option), the sources + loaded from sourcedirs caused a crash due to failed assertion after + adding sources specified in the config. + + Ignore the reload sources command until chronyd enters the normal + operation mode. + + Fixes: 519796de3756 ("conf: add sourcedirs directive") + +diff --git a/conf.c b/conf.c +index 6eae11c9..8849bdce 100644 +--- a/conf.c ++++ b/conf.c +@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources; + static ARR_Instance ntp_source_dirs; + /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */ + static ARR_Instance ntp_source_ids; ++/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */ ++static int conf_ntp_sources_added = 0; + + /* Array of RefclockParameters */ + static ARR_Instance refclock_sources; +@@ -1689,8 +1691,12 @@ reload_source_dirs(void) + NSR_Status s; + int d, pass; + ++ /* Ignore reload command before adding configured sources */ ++ if (!conf_ntp_sources_added) ++ return; ++ + prev_size = ARR_GetSize(ntp_source_ids); +- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size) ++ if (ARR_GetSize(ntp_sources) != prev_size) + assert(0); + + /* Save the current sources and their configuration IDs */ +@@ -1859,7 +1865,10 @@ CNF_AddSources(void) + Free(source->params.name); + } + ++ /* The arrays will be used for sourcedir (re)loading */ + ARR_SetSize(ntp_sources, 0); ++ ARR_SetSize(ntp_source_ids, 0); ++ conf_ntp_sources_added = 1; + + reload_source_dirs(); + } +diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload +new file mode 100755 +index 00000000..cf7924b8 +--- /dev/null ++++ b/test/simulation/203-initreload +@@ -0,0 +1,26 @@ ++#!/usr/bin/env bash ++ ++. ./test.common ++ ++check_config_h 'FEAT_CMDMON 1' || test_skip ++ ++# Test fix "conf: don't load sourcedir during initstepslew and RTC init" ++ ++test_start "reload during initstepslew" ++ ++client_conf="initstepslew 5 192.168.123.1 ++sourcedir tmp" ++client_server_conf="#" ++chronyc_conf="reload sources" ++chronyc_start=4 ++ ++echo 'server 192.168.123.1' > tmp/sources.sources ++ ++run_test || test_fail ++check_chronyd_exit || test_fail ++check_source_selection || test_fail ++check_sync || test_fail ++ ++check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail ++ ++test_pass diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index 8ddd075..0e70e5b 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -6,7 +6,7 @@ Name: chrony Version: 4.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -34,6 +34,10 @@ Patch2: chrony-service-helper.patch Patch3: chrony-defconfig.patch # fix serverstats to correctly count authenticated packets Patch4: chrony-serverstats.patch +# fix crash on reload command during start +Patch5: chrony-reload.patch +# enable AES-CMAC support using gnutls (but keep nettle for hashing) +Patch6: chrony-cmac.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x @@ -71,6 +75,8 @@ service to other computers in the network. %patch2 -p1 -b .service-helper %patch3 -p1 -b .defconfig %patch4 -p1 -b .serverstats +%patch5 -p1 +%patch6 -p1 -b .cmac %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} @@ -219,6 +225,10 @@ fi %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Wed Sep 18 2024 Miroslav Lichvar 4.5-2.el8_10 +- fix crash on reload command during start (RHEL-59112) +- enable AES-CMAC support using gnutls (RHEL-59032) + * Wed Jan 10 2024 Miroslav Lichvar 4.5-1 - update to 4.5 (RHEL-21069 RHEL-10701)