From df5c8a392ac706c07d37b1d224224cc295ab1573 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Fri, 29 Sep 2017 11:48:02 +0200 Subject: [PATCH 1/2] update to 3.2 --- .gitignore | 4 ++-- chrony-defconfig.patch | 13 ++++++++++++ chrony-phcdelay.patch | 33 ----------------------------- chrony-seccomp.patch | 47 ------------------------------------------ chrony.spec | 17 +++++++-------- sources | 4 ++-- 6 files changed, 24 insertions(+), 94 deletions(-) create mode 100644 chrony-defconfig.patch delete mode 100644 chrony-phcdelay.patch delete mode 100644 chrony-seccomp.patch diff --git a/.gitignore b/.gitignore index 7857a09..99d3c37 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -/chrony-3.1.tar.gz -/clknetsim-ce89a1.tar.gz +/chrony-3.2.tar.gz +/clknetsim-71dbbc.tar.gz diff --git a/chrony-defconfig.patch b/chrony-defconfig.patch new file mode 100644 index 0000000..c5bbfcc --- /dev/null +++ b/chrony-defconfig.patch @@ -0,0 +1,13 @@ +diff -up chrony-3.2/examples/chrony.conf.example2.defconfig chrony-3.2/examples/chrony.conf.example2 +--- chrony-3.2/examples/chrony.conf.example2.defconfig 2017-09-15 08:32:09.000000000 +0200 ++++ chrony-3.2/examples/chrony.conf.example2 2017-09-18 12:48:08.688020942 +0200 +@@ -28,9 +28,6 @@ rtcsync + # Specify file containing keys for NTP authentication. + #keyfile /etc/chrony.keys + +-# Get TAI-UTC offset and leap seconds from the system tz database. +-#leapsectz right/UTC +- + # Specify directory for log files. + logdir /var/log/chrony + diff --git a/chrony-phcdelay.patch b/chrony-phcdelay.patch deleted file mode 100644 index d1d510e..0000000 --- a/chrony-phcdelay.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit abb09418b16993ecd8289dd459dff91701f4f971 -Author: Miroslav Lichvar -Date: Wed Apr 19 12:20:14 2017 +0200 - - sys_linux: don't drop PHC samples with zero delay - - When processing data from the PTP_SYS_OFFSET ioctl, the sample is - dropped when an interval between two consecutive readings of the system - clock is negative or zero, assuming the clock has been stepped between - the two readings. - - With a real PHC the interval is normally expected to be at least a - microsecond, but with a virtual PHC and a low-resolution system clock - it's possible to get two readings with the same system time. Modify the - check to drop only samples with a negative delay. - -diff --git a/sys_linux.c b/sys_linux.c -index c06112a..649afb0 100644 ---- a/sys_linux.c -+++ b/sys_linux.c -@@ -705,9 +705,11 @@ get_phc_sample(int phc_fd, double precision, struct timespec *phc_ts, - phc_tss[i] = ts2; - delays[i] = UTI_DiffTimespecsToDouble(&ts3, &ts1); - -- if (delays[i] <= 0.0) -+ if (delays[i] < 0.0) { - /* Step in the middle of a PHC reading? */ -+ DEBUG_LOG(LOGF_SysLinux, "Bad PTP_SYS_OFFSET sample delay=%e", delays[i]); - return 0; -+ } - - if (!i || delays[i] < min_delay) - min_delay = delays[i]; diff --git a/chrony-seccomp.patch b/chrony-seccomp.patch deleted file mode 100644 index 4577383..0000000 --- a/chrony-seccomp.patch +++ /dev/null @@ -1,47 +0,0 @@ -commit 768bce799bfe009e7dbaad5742738f7d05280d6d -Author: Miroslav Lichvar -Date: Mon Mar 13 14:26:12 2017 +0100 - - sys_linux: allow getpid in seccomp filter - - It seems to be used by syslog() in latest glibc. - -diff --git a/sys_linux.c b/sys_linux.c -index 3dd411f..c06112a 100644 ---- a/sys_linux.c -+++ b/sys_linux.c -@@ -467,9 +467,10 @@ SYS_Linux_EnableSystemCallFilter(int level) - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), - /* Process */ -- SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getrlimit), -- SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask), -- SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), SCMP_SYS(wait4), -+ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), -+ SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -+ SCMP_SYS(rt_sigprocmask), SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), -+ SCMP_SYS(wait4), - /* Memory */ - SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), - SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt), -commit 653d70ec4e567b33b917f6784a68dfb254aa8984 -Author: Miroslav Lichvar -Date: Wed Apr 19 14:38:51 2017 +0200 - - sys_linux: allow sysinfo in seccomp filter - - It may be used by glob() in latest glibc. - -diff --git a/sys_linux.c b/sys_linux.c -index 649afb0..2cd178a 100644 ---- a/sys_linux.c -+++ b/sys_linux.c -@@ -490,7 +490,7 @@ SYS_Linux_EnableSystemCallFilter(int level) - SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex), SCMP_SYS(select), - SCMP_SYS(set_robust_list), SCMP_SYS(write), - /* Miscellaneous */ -- SCMP_SYS(uname), -+ SCMP_SYS(sysinfo), SCMP_SYS(uname), - }; - - const int socket_domains[] = { diff --git a/chrony.spec b/chrony.spec index 9c172ea..75ab538 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,9 +1,9 @@ %global _hardened_build 1 -%global clknetsim_ver ce89a1 +%global clknetsim_ver 71dbbc %bcond_without debug Name: chrony -Version: 3.1 +Version: 3.2 Release: 4%{?dist} Summary: An NTP client/server @@ -21,10 +21,8 @@ Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c # add NTP servers from DHCP when starting service Patch1: chrony-service-helper.patch -# fix seccomp filter for new glibc -Patch2: chrony-seccomp.patch -# don't drop PHC samples with zero delay -Patch3: chrony-phcdelay.patch +# revert upstream changes in packaged chrony.conf example +Patch2: chrony-defconfig.patch BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x @@ -61,8 +59,7 @@ clocks, system real-time clock or manual input as time references. %setup -q -n %{name}-%{version}%{?prerelease} -a 10 %{?gitpatch:%patch0 -p1} %patch1 -p1 -b .service-helper -%patch2 -p1 -b .seccomp -%patch3 -p1 -b .phcdelay +%patch2 -p1 -b .defconfig %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} @@ -72,7 +69,7 @@ md5sum -c <<-EOF | (! grep -v 'OK$') 58978d335ec3752ac2c38fa82b48f0a5 examples/chrony.conf.example2 ba6bb05c50e03f6b5ab54a2b7914800d examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - 298b7f611078aa0176aad58e936c7b0d examples/chrony.nm-dispatcher + 27cbc940c94575de320dbd251cbb4514 examples/chrony.nm-dispatcher a85246982a89910b1e2d3356b7d131d7 examples/chronyd.service EOF @@ -145,7 +142,7 @@ echo 'chronyd.service' > \ # set random seed to get deterministic results export CLKNETSIM_RANDOM_SEED=24502 make %{?_smp_mflags} -C test/simulation/clknetsim -make check +make quickcheck %pre getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony diff --git a/sources b/sources index 5f5ef6e..18748af 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (chrony-3.1.tar.gz) = 4ba3a75c3634050bb63ba9ee80d9be7a295f44ce4d195a050e4be4738bd7dd807fe37f2289d7ead4a75272bd5ebadbd03c233c67f859e9b68871fca5a6671427 -SHA512 (clknetsim-ce89a1.tar.gz) = 88888559439c570099bf66aff86d7260402b3110514da1c27b5620a97716c2eed416ba12e43e63705d7abd08d0f3f926df28730addd0e7ccb97f36b6a6480fd7 +SHA512 (chrony-3.2.tar.gz) = 496af5bed91600f268c1a0fa577bb8c7785e485f78598b666829c674e94770c16548cec4289a2ae9d0a51191d2705eda00886cb6cccae3828aa201a49d4783a4 +SHA512 (clknetsim-71dbbc.tar.gz) = 626175a3e97b33eaa462cd8416d5da18f44750d74a73dc824b591573a30613e956275951fd9d5bc52e1092284b0d7a67a85179e89532fa41d4a74c97aa0c78ba From f0a04592cae4e34093b56763d0197fd8d9f474fb Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 11 Oct 2017 18:07:53 +0200 Subject: [PATCH 2/2] 3.2-1 --- chrony.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/chrony.spec b/chrony.spec index 75ab538..5ec27c8 100644 --- a/chrony.spec +++ b/chrony.spec @@ -4,7 +4,7 @@ Name: chrony Version: 3.2 -Release: 4%{?dist} +Release: 1%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -182,6 +182,10 @@ getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ %dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Wed Oct 11 2017 Miroslav Lichvar 3.2-1 +- update to 3.2 +- check PEERNTP variable before loading existing dhclient files + * Thu Apr 20 2017 Miroslav Lichvar 3.1-4 - use ID from /etc/os-release to set pool.ntp.org vendor zone (#1443599) - fix seccomp filter for new glibc once again