Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,56 +0,0 @@
|
|||||||
commit 8eb5dd54efd13aa0209aea38dbad2a7904377f75
|
|
||||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
|
||||||
Date: Tue Sep 17 13:00:43 2024 +0200
|
|
||||||
|
|
||||||
configure: enable AES-CMAC using gnutls
|
|
||||||
|
|
||||||
Allow gnutls to be used for AES-CMAC when nettle doesn't support it
|
|
||||||
without switching also hashing.
|
|
||||||
|
|
||||||
diff --git a/configure b/configure
|
|
||||||
index eefe5de8..0fb3aa38 100755
|
|
||||||
--- a/configure
|
|
||||||
+++ b/configure
|
|
||||||
@@ -937,14 +937,26 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_gnutls = "1" ];
|
|
||||||
HASH_LINK="$test_link"
|
|
||||||
MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
|
|
||||||
add_def FEAT_SECHASH
|
|
||||||
+ fi
|
|
||||||
+fi
|
|
||||||
|
|
||||||
- if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
|
|
||||||
- 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
|
|
||||||
- then
|
|
||||||
- add_def HAVE_CMAC
|
|
||||||
- EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
|
|
||||||
- EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
|
|
||||||
- fi
|
|
||||||
+if [ $feat_sechash = "1" ] && [ $try_gnutls = "1" ] &&
|
|
||||||
+ ! grep '#define HAVE_CMAC' config.h > /dev/null; then
|
|
||||||
+ if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
|
|
||||||
+ test_cflags=""
|
|
||||||
+ test_link=""
|
|
||||||
+ else
|
|
||||||
+ test_cflags="`pkg_config --cflags gnutls`"
|
|
||||||
+ test_link="`pkg_config --libs gnutls`"
|
|
||||||
+ fi
|
|
||||||
+ if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
|
|
||||||
+ 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
|
|
||||||
+ then
|
|
||||||
+ add_def HAVE_CMAC
|
|
||||||
+ EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
|
|
||||||
+ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
|
|
||||||
+ LIBS="$LIBS $test_link"
|
|
||||||
+ MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
@@ -978,7 +990,7 @@ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS $HASH_OBJ"
|
|
||||||
LIBS="$LIBS $HASH_LINK"
|
|
||||||
|
|
||||||
if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then
|
|
||||||
- if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
|
|
||||||
+ if echo "$HASH_OBJ $EXTRA_OBJECTS" | grep "_gnutls\.o" > /dev/null; then
|
|
||||||
test_cflags=""
|
|
||||||
test_link=""
|
|
||||||
else
|
|
@ -1,86 +0,0 @@
|
|||||||
commit f49be7f06343ee27fff2950937d7f6742f53976f
|
|
||||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
|
||||||
Date: Tue Mar 12 14:30:27 2024 +0100
|
|
||||||
|
|
||||||
conf: don't load sourcedir during initstepslew and RTC init
|
|
||||||
|
|
||||||
If the reload sources command was received in the chronyd start-up
|
|
||||||
sequence with initstepslew and/or RTC init (-s option), the sources
|
|
||||||
loaded from sourcedirs caused a crash due to failed assertion after
|
|
||||||
adding sources specified in the config.
|
|
||||||
|
|
||||||
Ignore the reload sources command until chronyd enters the normal
|
|
||||||
operation mode.
|
|
||||||
|
|
||||||
Fixes: 519796de3756 ("conf: add sourcedirs directive")
|
|
||||||
|
|
||||||
diff --git a/conf.c b/conf.c
|
|
||||||
index 6eae11c9..8849bdce 100644
|
|
||||||
--- a/conf.c
|
|
||||||
+++ b/conf.c
|
|
||||||
@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources;
|
|
||||||
static ARR_Instance ntp_source_dirs;
|
|
||||||
/* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
|
|
||||||
static ARR_Instance ntp_source_ids;
|
|
||||||
+/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
|
|
||||||
+static int conf_ntp_sources_added = 0;
|
|
||||||
|
|
||||||
/* Array of RefclockParameters */
|
|
||||||
static ARR_Instance refclock_sources;
|
|
||||||
@@ -1689,8 +1691,12 @@ reload_source_dirs(void)
|
|
||||||
NSR_Status s;
|
|
||||||
int d, pass;
|
|
||||||
|
|
||||||
+ /* Ignore reload command before adding configured sources */
|
|
||||||
+ if (!conf_ntp_sources_added)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
prev_size = ARR_GetSize(ntp_source_ids);
|
|
||||||
- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size)
|
|
||||||
+ if (ARR_GetSize(ntp_sources) != prev_size)
|
|
||||||
assert(0);
|
|
||||||
|
|
||||||
/* Save the current sources and their configuration IDs */
|
|
||||||
@@ -1859,7 +1865,10 @@ CNF_AddSources(void)
|
|
||||||
Free(source->params.name);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* The arrays will be used for sourcedir (re)loading */
|
|
||||||
ARR_SetSize(ntp_sources, 0);
|
|
||||||
+ ARR_SetSize(ntp_source_ids, 0);
|
|
||||||
+ conf_ntp_sources_added = 1;
|
|
||||||
|
|
||||||
reload_source_dirs();
|
|
||||||
}
|
|
||||||
diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload
|
|
||||||
new file mode 100755
|
|
||||||
index 00000000..cf7924b8
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/simulation/203-initreload
|
|
||||||
@@ -0,0 +1,26 @@
|
|
||||||
+#!/usr/bin/env bash
|
|
||||||
+
|
|
||||||
+. ./test.common
|
|
||||||
+
|
|
||||||
+check_config_h 'FEAT_CMDMON 1' || test_skip
|
|
||||||
+
|
|
||||||
+# Test fix "conf: don't load sourcedir during initstepslew and RTC init"
|
|
||||||
+
|
|
||||||
+test_start "reload during initstepslew"
|
|
||||||
+
|
|
||||||
+client_conf="initstepslew 5 192.168.123.1
|
|
||||||
+sourcedir tmp"
|
|
||||||
+client_server_conf="#"
|
|
||||||
+chronyc_conf="reload sources"
|
|
||||||
+chronyc_start=4
|
|
||||||
+
|
|
||||||
+echo 'server 192.168.123.1' > tmp/sources.sources
|
|
||||||
+
|
|
||||||
+run_test || test_fail
|
|
||||||
+check_chronyd_exit || test_fail
|
|
||||||
+check_source_selection || test_fail
|
|
||||||
+check_sync || test_fail
|
|
||||||
+
|
|
||||||
+check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail
|
|
||||||
+
|
|
||||||
+test_pass
|
|
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: chrony
|
Name: chrony
|
||||||
Version: 4.5
|
Version: 4.5
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: An NTP client/server
|
Summary: An NTP client/server
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -34,10 +34,6 @@ Patch2: chrony-service-helper.patch
|
|||||||
Patch3: chrony-defconfig.patch
|
Patch3: chrony-defconfig.patch
|
||||||
# fix serverstats to correctly count authenticated packets
|
# fix serverstats to correctly count authenticated packets
|
||||||
Patch4: chrony-serverstats.patch
|
Patch4: chrony-serverstats.patch
|
||||||
# fix crash on reload command during start
|
|
||||||
Patch5: chrony-reload.patch
|
|
||||||
# enable AES-CMAC support using gnutls (but keep nettle for hashing)
|
|
||||||
Patch6: chrony-cmac.patch
|
|
||||||
|
|
||||||
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
|
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
|
||||||
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
||||||
@ -75,8 +71,6 @@ service to other computers in the network.
|
|||||||
%patch2 -p1 -b .service-helper
|
%patch2 -p1 -b .service-helper
|
||||||
%patch3 -p1 -b .defconfig
|
%patch3 -p1 -b .defconfig
|
||||||
%patch4 -p1 -b .serverstats
|
%patch4 -p1 -b .serverstats
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1 -b .cmac
|
|
||||||
|
|
||||||
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
|
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
|
||||||
|
|
||||||
@ -225,10 +219,6 @@ fi
|
|||||||
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
|
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Sep 18 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-2.el8_10
|
|
||||||
- fix crash on reload command during start (RHEL-59112)
|
|
||||||
- enable AES-CMAC support using gnutls (RHEL-59032)
|
|
||||||
|
|
||||||
* Wed Jan 10 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
|
* Wed Jan 10 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
|
||||||
- update to 4.5 (RHEL-21069 RHEL-10701)
|
- update to 4.5 (RHEL-21069 RHEL-10701)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user