Accepting request 223745 from home:darix:branches:network:time

- clean up build section
  - the configure script can actually import CC/CFLAGS from the
    environment. no need to break any CFLAGS it might set in the
    configure script.
  - remove unneeded prefix from the make calls.
  - enable building the binaries with PIE/relro now
- Update to version 1.29.1:
  * Modify chronyc protocol to prevent amplification attacks
    (CVE-2014-0021) (incompatible with previous protocol version,
    chronyc supports both)
- Additional changes from 1.29
  * Fix crash when processing crafted commands (CVE-2012-4502)
    (possible with IP addresses allowed by cmdallow and localhost)
  * Don't send uninitialized data in SUBNETS_ACCESSED and
    CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
  * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Updated chrony-config.patch:
  - lots of config values were fixed upstream already
  - key file patching is unnecessary

OBS-URL: https://build.opensuse.org/request/show/223745
OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=5

chrony-1.27.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d44835ee2180a9a0f4f320fc498c39d59dec33d35c2aa05b446fe65a2a83ae9d
-size 392876

chrony-1.29.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:658c9bb4d8c8d8ec7d0908429aa266e5f8413ba86bd4acbfd2f9669f6065af27
+size 392889

chrony-config.patch

@@ -1,13 +1,12 @@
---- examples/chrony.conf.example	2010-03-07 17:42:07.000000000 +0100
-+++ examples/chrony.conf.example	2010-03-07 23:59:35.000000000 +0100
-@@ -43,9 +43,45 @@
- # you can access at
- # http://www.eecis.udel.edu/~mills/ntp/servers.htm.
- 
-+server 0.pool.ntp.org
-+server 1.pool.ntp.org
-+server 2.pool.ntp.org
-+server 3.pool.ntp.org
+Index: examples/chrony.conf.example
+===================================================================
+--- examples/chrony.conf.example.orig	2014-02-24 17:46:48.776464049 +0100
++++ examples/chrony.conf.example	2014-02-24 17:51:15.983463576 +0100
+@@ -46,7 +46,37 @@
+ ! server 0.pool.ntp.org iburst
+ ! server 1.pool.ntp.org iburst
+ ! server 2.pool.ntp.org iburst
+- 
 +
 +# for Europe:
 +! server 0.europe.pool.ntp.org
@@ -39,41 +38,19 @@
 +! server 2.oceania.pool.ntp.org
 +! server 3.oceania.pool.ntp.org
 +
-+# for your own ISP (preferred):
-+! server ntp.skynet.be
- ! server ntp0.your-isp.com
- ! server ntp1.your-isp.com
--! server ntp.public-server.org
-  
  # However, for dial-up use you probably want these instead.  The word
  # 'offline' means that the server is not visible at boot time.  Use
-@@ -89,7 +125,7 @@
+ # chronyc's 'online' command to tell chronyd that these servers have
+@@ -89,7 +119,7 @@
  # immediately so that it doesn't gain or lose any more time.  You
  # generally want this, so it is uncommented.
  
--driftfile /etc/chrony.drift
+-driftfile /var/lib/chrony/drift
 +driftfile /var/lib/chrony/chrony.drift
  
  # If you want to use the program called chronyc to configure aspects of
  # chronyd's operation once it is running (e.g. tell it the Internet link
-@@ -122,14 +158,14 @@
- # Enable these two options to use this.
- 
- ! dumponexit
--! dumpdir /var/log/chrony
-+! dumpdir /var/lib/chrony
- 
- # chronyd writes its process ID to a file.  If you try to start a second
- # copy of chronyd, it will detect that the process named in the file is
- # still running and bail out.  If you want to change the path to the PID
- # file, uncomment this line and edit it.  The default path is shown.
- 
--! pidfile /var/run/chronyd.pid
-+pidfile /var/run/chronyd.pid
- 
- #######################################################################
- ### INITIAL CLOCK CORRECTION
-@@ -153,8 +189,8 @@
+@@ -152,8 +182,8 @@ commandkey 1
  # produce some graphs of your system's timekeeping performance, or you
  # need help in debugging a problem.
  
@@ -84,14 +61,3 @@
  
  # If you have real time clock support enabled (see below), you might want
  # this line instead:
---- examples/chrony.keys.example	2010-03-07 17:41:49.000000000 +0100
-+++ examples/chrony.keys.example	2010-03-07 17:42:01.000000000 +0100
-@@ -12,7 +12,7 @@
- #######################################################################
- # A valid key line looks like this
- 
--1 a_key
-+1 change_me_to_a_secret
- 
- # It must consist of an integer, followed by whitespace, followed by a block of
- # text with no spaces in it.  (You cannot put a space in a key).  If you wanted

chrony.changes

@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de
+
+- clean up build section
+  - the configure script can actually import CC/CFLAGS from the
+    environment. no need to break any CFLAGS it might set in the
+    configure script.
+  - remove unneeded prefix from the make calls.
+  - enable building the binaries with PIE/relro now
+
+-------------------------------------------------------------------
+Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de
+
+- Update to version 1.29.1:
+  * Modify chronyc protocol to prevent amplification attacks
+    (CVE-2014-0021) (incompatible with previous protocol version,
+    chronyc supports both)
+- Additional changes from 1.29
+  * Fix crash when processing crafted commands (CVE-2012-4502)
+    (possible with IP addresses allowed by cmdallow and localhost)
+  * Don't send uninitialized data in SUBNETS_ACCESSED and
+    CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
+  * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
+- Additional changes from 1.28
+  * Combine sources to improve accuracy
+  * Make config and command parser strict
+  * Add -a option to chronyc to authenticate automatically
+  * Add -R option to ignore initstepslew and makestep directives
+  * Add generatecommandkey, minsamples, maxsamples and user
+    directives
+  * Improve compatibility with NTPv1 and NTPv2 clients
+  * Create sockets only in selected family with -4/-6 option
+  * Treat address bind errors as non-fatal
+  * Extend tracking log
+  * Accept float values as initstepslew threshold
+  * Allow hostnames in offline, online and burst commands
+  * Fix and improve peer polling
+  * Fix crash in config parsing with too many servers
+  * Fix crash with duplicated initstepslew address
+  * Fix delta calculation with extreme frequency offsets
+  * Set local stratum correctly
+  * Remove unnecessary adjtimex calls
+  * Set paths in documentation by configure
+  * Update chrony.spec
+- Updated chrony-config.patch:
+  - lots of config values were fixed upstream already
+  - key file patching is unnecessary
+
 -------------------------------------------------------------------
 Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org
 

chrony.spec

@@ -3,7 +3,7 @@
 #
 
 Name:           chrony
-Version:        1.27
+Version:        1.29.1
 Release:        0
 License:        GPL-2.0+
 Summary:        System Clock Synchronization Client and Server
@@ -54,6 +54,9 @@ as the Chronyd instance it is controlling or a different computer.
 
 %build
 # not autoconf:
+export CC="gcc"
+export CFLAGS="%{optflags} -Wall -fpic -DPIC"
+export LDFLAGS="-pie -Wl,-z,relro,-z,now"
 ./configure \
 	 --prefix="%{_prefix}" \
 	 --exec-prefix="%{_exec_prefix}" \
@@ -65,13 +68,9 @@ as the Chronyd instance it is controlling or a different computer.
 	 --mandir="%{_mandir}" \
 	 --docdir="%{_docdir}/%{name}"
 
-make %{?_smp_mflags} \
-	 CC="gcc" \
-	 CFLAGS="%{optflags} -Wall" \
-	 prefix="%{_prefix}"
-
-make chrony.txt prefix="%{_prefix}"
-make chrony.info prefix="%{_prefix}"
+make %{?_smp_mflags}
+make chrony.txt
+make chrony.info
 
 %install
 %makeinstall
@@ -98,7 +97,6 @@ test -e "$h" && ln -s -f "$h" .
 install -d "%{buildroot}%{_sysconfdir}"
 install -m0644 examples/chrony.conf.example "%{buildroot}%{_sysconfdir}/chrony.conf"
 install -m0600 examples/chrony.keys.example "%{buildroot}%{_sysconfdir}/chrony.keys"
-rm examples/chrony.keys.example.orig
 
 %pre
 /usr/sbin/groupadd -r chrony || :