diff --git a/backport-close-socket-in-helper-process.patch b/backport-close-socket-in-helper-process.patch deleted file mode 100644 index 889741e4a33de01d208d3de8c763a58914857650..0000000000000000000000000000000000000000 --- a/backport-close-socket-in-helper-process.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 7196943f112c3087bcdf04d0106213a30d177a27 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Thu, 28 Nov 2024 14:45:23 +0100 -Subject: [PATCH] nts: close socket in helper process on exit - -Close the socket used for receiving helper requests before exit to avoid -another valgrind error. - -Conflict:NA -Reference:https://github.com/mlichvar/chrony/commit/7196943f112c3087bcdf04d0106213a30d177a27 ---- - nts_ke_server.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/nts_ke_server.c b/nts_ke_server.c -index 6fe28be..6dd6251 100644 ---- a/nts_ke_server.c -+++ b/nts_ke_server.c -@@ -702,7 +702,7 @@ key_timeout(void *arg) - /* ================================================== */ - - static void --run_helper(uid_t uid, gid_t gid, int scfilter_level) -+run_helper(uid_t uid, gid_t gid, int scfilter_level, int sock_fd) - { - LOG_Severity log_severity; - -@@ -729,10 +729,15 @@ run_helper(uid_t uid, gid_t gid, int scfilter_level) - if (scfilter_level != 0) - SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER); - -+ SCH_AddFileHandler(sock_fd, SCH_FILE_INPUT, handle_helper_request, NULL); -+ - SCH_MainLoop(); - - DEBUG_LOG("Helper exiting"); - -+ SCH_RemoveFileHandler(sock_fd); -+ close(sock_fd); -+ - NKS_Finalise(); - SCK_Finalise(); - SYS_Finalise(); -@@ -792,9 +797,8 @@ NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level) - LOG_CloseParentFd(); - - SCK_CloseSocket(sock_fd1); -- SCH_AddFileHandler(sock_fd2, SCH_FILE_INPUT, handle_helper_request, NULL); - -- run_helper(uid, gid, scfilter_level); -+ run_helper(uid, gid, scfilter_level, sock_fd2); - } - - SCK_CloseSocket(sock_fd2); --- -2.33.0 - diff --git a/backport-dont-load-sourcedir-during-initstepslew.patch b/backport-dont-load-sourcedir-during-initstepslew.patch deleted file mode 100644 index 0974640e5e27727a2bb8135029d8969f3daebd9c..0000000000000000000000000000000000000000 --- a/backport-dont-load-sourcedir-during-initstepslew.patch +++ /dev/null @@ -1,94 +0,0 @@ -From f49be7f06343ee27fff2950937d7f6742f53976f Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Tue, 12 Mar 2024 14:30:27 +0100 -Subject: [PATCH] conf: don't load sourcedir during initstepslew and RTC init - -If the reload sources command was received in the chronyd start-up -sequence with initstepslew and/or RTC init (-s option), the sources -loaded from sourcedirs caused a crash due to failed assertion after -adding sources specified in the config. - -Ignore the reload sources command until chronyd enters the normal -operation mode. - -Fixes: 519796de3756 ("conf: add sourcedirs directive") - -Conflict:The log feature is added in the pre-patch. Therefore, the test cases are adapted. -Reference:https://github.com/mlichvar/chrony/commit/f49be7f06343ee27fff2950937d7f6742f53976f ---- - conf.c | 11 ++++++++++- - test/simulation/203-initreload | 26 ++++++++++++++++++++++++++ - 2 files changed, 36 insertions(+), 1 deletion(-) - create mode 100755 test/simulation/203-initreload - -diff --git a/conf.c b/conf.c -index 6eae11c..8849bdc 100644 ---- a/conf.c -+++ b/conf.c -@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources; - static ARR_Instance ntp_source_dirs; - /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */ - static ARR_Instance ntp_source_ids; -+/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */ -+static int conf_ntp_sources_added = 0; - - /* Array of RefclockParameters */ - static ARR_Instance refclock_sources; -@@ -1689,8 +1691,12 @@ reload_source_dirs(void) - NSR_Status s; - int d; - -+ /* Ignore reload command before adding configured sources */ -+ if (!conf_ntp_sources_added) -+ return; -+ - prev_size = ARR_GetSize(ntp_source_ids); -- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size) -+ if (ARR_GetSize(ntp_sources) != prev_size) - assert(0); - - /* Save the current sources and their configuration IDs */ -@@ -1859,7 +1865,10 @@ CNF_AddSources(void) - Free(source->params.name); - } - -+ /* The arrays will be used for sourcedir (re)loading */ - ARR_SetSize(ntp_sources, 0); -+ ARR_SetSize(ntp_source_ids, 0); -+ conf_ntp_sources_added = 1; - - reload_source_dirs(); - } -diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload -new file mode 100755 -index 0000000..cf7924b ---- /dev/null -+++ b/test/simulation/203-initreload -@@ -0,0 +1,24 @@ -+#!/usr/bin/env bash -+ -+. ./test.common -+ -+check_config_h 'FEAT_CMDMON 1' || test_skip -+ -+# Test fix "conf: don't load sourcedir during initstepslew and RTC init" -+ -+test_start "reload during initstepslew" -+ -+client_conf="initstepslew 5 192.168.123.1 -+sourcedir tmp" -+client_server_conf="#" -+chronyc_conf="reload sources" -+chronyc_start=4 -+ -+echo 'server 192.168.123.1' > tmp/sources.sources -+ -+run_test || test_fail -+check_chronyd_exit || test_fail -+check_source_selection || test_fail -+check_sync || test_fail -+ -+test_pass --- -2.33.0 - diff --git a/backport-fix-finalization-for-async-resolver.patch b/backport-fix-finalization-for-async-resolver.patch deleted file mode 100644 index be08394aef9d06d10262b8fd1296e25661e33b15..0000000000000000000000000000000000000000 --- a/backport-fix-finalization-for-async-resolver.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Thu, 22 Aug 2024 09:26:59 +0200 -Subject: [PATCH] ntp: fix finalization for async resolver - -If an attempt to resolve addresses of an NTP server is made right before -starting the termination sequence, the asynchronous resolver thread -could read the server name when it was already freed. - -Leave unresolved sources allocated in NSR_Finalise() if the async -resolver did not finish yet, at least for now. Waiting for the resolving -result or cancelling the thread would complicate the code. The scheduler -is not expected to be running at this point. - -Conflict:Context adaptation -Reference:https://github.com/mlichvar/chrony/commit/08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 ---- - ntp_sources.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/ntp_sources.c b/ntp_sources.c -index 29c99ac..d2cd113 100644 ---- a/ntp_sources.c -+++ b/ntp_sources.c -@@ -219,8 +219,13 @@ NSR_Finalise(void) - ARR_DestroyInstance(records); - ARR_DestroyInstance(pools); - -- while (unresolved_sources) -- remove_unresolved_source(unresolved_sources); -+ /* Leave the unresolved sources allocated if the async resolver is running -+ to avoid reading the name from freed memory. The handler will not be -+ called as the scheduler should no longer be running at this point. */ -+ if (!resolving_source) { -+ while (unresolved_sources) -+ remove_unresolved_source(unresolved_sources); -+ } - - initialised = 0; - } --- -2.33.0 - diff --git a/backport-fix-memory-leak-of-empty-readline-string.patch b/backport-fix-memory-leak-of-empty-readline-string.patch deleted file mode 100644 index 3fa7098f490229d1f5daa6f65be6e4d41ec7ac1a..0000000000000000000000000000000000000000 --- a/backport-fix-memory-leak-of-empty-readline-string.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 55898e9b07d2bf97cb3bb96987dbe57f1b6376ef Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar -Date: Wed, 12 Feb 2025 13:22:04 +0100 -Subject: [PATCH] client: fix memory leak of empty readline() string - -Conflict:NA -Reference:https://github.com/mlichvar/chrony/commit/55898e9b07d2bf97cb3bb96987dbe57f1b6376ef ---- - client.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/client.c b/client.c -index 70bcdae..6bbce14 100644 ---- a/client.c -+++ b/client.c -@@ -125,12 +125,11 @@ read_line(void) - strncpy(line, cmd, sizeof(line) - 1); - line[sizeof(line) - 1] = '\0'; - add_history(cmd); -- /* free the buffer allocated by readline */ -- Free(cmd); - } else { - /* simulate the user has entered an empty line */ - *line = '\0'; - } -+ Free(cmd); - return( line ); - #else - printf("%s", prompt); --- -2.33.0 - diff --git a/chrony-4.3.tar.gz b/chrony-4.3.tar.gz deleted file mode 100644 index 900caa9a03b8c1c59b64e198fced6afe50af95df..0000000000000000000000000000000000000000 Binary files a/chrony-4.3.tar.gz and /dev/null differ diff --git a/chrony-4.7.tar.gz b/chrony-4.7.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..85cebbb71c93acea70f9eb236b801819639e9b44 Binary files /dev/null and b/chrony-4.7.tar.gz differ diff --git a/chrony-servicedirs.patch b/chrony-servicedirs.patch new file mode 100644 index 0000000000000000000000000000000000000000..e806dc9bce35a5a388dbd3ab9c84b2c3f042b4eb --- /dev/null +++ b/chrony-servicedirs.patch @@ -0,0 +1,18 @@ +diff -up chrony-4.7/examples/chronyd.service.servicedirs chrony-4.7/examples/chronyd.service +--- chrony-4.7/examples/chronyd.service.servicedirs 2025-06-11 15:06:19.000000000 +0200 ++++ chrony-4.7/examples/chronyd.service 2025-07-10 12:06:57.354215498 +0200 +@@ -10,7 +10,13 @@ Type=notify + PIDFile=/run/chrony/chronyd.pid + Environment="OPTIONS=" + EnvironmentFile=-/etc/sysconfig/chronyd +-ExecStart=/usr/sbin/chronyd -n $OPTIONS ++ExecStart=!/usr/sbin/chronyd -n $OPTIONS ++ ++User=chrony ++LogsDirectory=chrony ++LogsDirectoryMode=0750 ++StateDirectory=chrony ++StateDirectoryMode=0750 + + CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE + CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE diff --git a/chrony.spec b/chrony.spec index 97350e5b6c221134d9a99992c9c789bfd9279730..345ed59cb51c0b5aee8cc5993d7944cc0cbef7d5 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,25 +1,25 @@ -%global clknetsim_ver f00531 +%global clknetsim_ver a2eb0b258f8b7f0b42af8f448be33406edae1d26 Name: chrony -Version: 4.3 -Release: 3 +Version: 4.7 +Release: 1 Summary: An NTP client/server -License: GPLv2 -URL: https://chrony.tuxfamily.org -Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +License: GPL-2.0-only +URL: https://chrony-project.org/ +Source0: https://chrony-project.org/releases/chrony-%{version}.tar.gz Source1: chrony.dhclient +Source4: chrony.sysusers -Source6: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source6: https://gitlab.com/chrony/clknetsim/-/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.bz2 Patch1: chrony-nm-dispatcher-dhcp.patch Patch2: chrony-services.patch -Patch3: backport-dont-load-sourcedir-during-initstepslew.patch -Patch4: backport-fix-finalization-for-async-resolver.patch -Patch5: backport-close-socket-in-helper-process.patch -Patch6: backport-fix-memory-leak-of-empty-readline-string.patch +Patch3: chrony-servicedirs.patch BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel m4 gnutls-devel gnutls-utils -Requires: shadow-utils systemd timedatex +Requires: timedatex +%{?systemd_requires} +%{?sysusers_requires_compat} %description chrony is a versatile implementation of the Network Time Protocol (NTP). @@ -31,7 +31,6 @@ service to other computers in the network. %package_help %prep - %autosetup -p1 -n %{name}-%{version} -a 6 # regenerate the file from getdate.y @@ -87,13 +86,7 @@ make quickcheck %pre -if ! getent group chrony > /dev/null ; then - groupadd -r chrony -fi -if ! getent passwd chrony >/dev/null ; then - useradd -r -g chrony -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony -fi - +%sysusers_create_compat %{S:4} %preun %systemd_preun chronyd.service chrony-wait.service @@ -116,7 +109,6 @@ fi %systemd_postun_with_restart chronyd.service %files -%defattr(-,root,root) %license COPYING %config(noreplace) %{_sysconfdir}/chrony.conf @@ -131,18 +123,19 @@ fi %{_prefix}/lib/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service -%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc -%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony - +%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %files help -%defattr(644,root,root) %doc FAQ NEWS README -%{_mandir}/man[158]/%{name}*.[158]* +%{_mandir}/man?/* %changelog +* Sat Jul 19 2025 Funda Wang - 4.7-1 +- update to 4.7 + * Tue Apr 15 2025 xinghe - 4.3-3 - Type:bugfix - ID:NA diff --git a/chrony.sysusers b/chrony.sysusers new file mode 100644 index 0000000000000000000000000000000000000000..b02f5fe879572d1670af315e409889b58a823366 --- /dev/null +++ b/chrony.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u chrony - "chrony system user" /var/lib/chrony /sbin/nologin diff --git a/chrony.yaml b/chrony.yaml index 5610dea15d83ed01cdd908d60db50778fd6baa27..b4f193df0e657dac746d74b8536e01fa3dba6bf9 100644 --- a/chrony.yaml +++ b/chrony.yaml @@ -1,4 +1,4 @@ version_control: git -src_repo: https://git.tuxfamily.org/chrony/chrony.git -tag_prefix: chrony- -seperator: . +src_repo: https://gitlab.com/chrony/chrony.git +tag_prefix: +separator: . diff --git a/clknetsim-a2eb0b258f8b7f0b42af8f448be33406edae1d26.tar.bz2 b/clknetsim-a2eb0b258f8b7f0b42af8f448be33406edae1d26.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..ec8f6290e455d53a9c4a4924feed2ee35a45ee21 Binary files /dev/null and b/clknetsim-a2eb0b258f8b7f0b42af8f448be33406edae1d26.tar.bz2 differ diff --git a/clknetsim-f00531.tar.gz b/clknetsim-f00531.tar.gz deleted file mode 100644 index 9528dc28b043b4493b5cebfab31d2427de616f17..0000000000000000000000000000000000000000 Binary files a/clknetsim-f00531.tar.gz and /dev/null differ