From 41377f5dbf87cb0940c44feb2e30828a8466c82f4368fac00033c3f07e459409 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 2 Aug 2018 07:42:46 +0000 Subject: [PATCH 1/3] Accepting request 626940 from home:bmwiedemann:branches:network:time - Update to version 3.3 ed + Enhancements: Add burst option to server/pool directive Add stratum and tai options to refclock directive Add support for Nettle crypto library Add workaround for missing kernel receive timestamps on Linux Wait for late hardware transmit timestamps Improve source selection with unreachable sources Improve protection against replay attacks on symmetric mode Allow PHC refclock to use socket in /var/run/chrony Add shutdown command to stop chronyd Simplify format of response to manual list command Improve handling of unknown responses in chronyc + Bug fixes: Respond to NTPv1 client requests with zero mode Fix -x option to not require CAP_SYS_TIME under non-root user Fix acquisitionport directive to work with privilege separation Fix handling of socket errors on Linux to avoid high CPU usage Fix chronyc to not get stuck in infinite loop after clock step + make package build reproducible (boo#1047218) via https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg01685.html OBS-URL: https://build.opensuse.org/request/show/626940 OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=48 --- chrony-3.2.tar.gz | 3 --- chrony-3.3.tar.gz | 3 +++ chrony-3.3.tar.gz.sig | 6 ++++++ chrony.changes | 25 +++++++++++++++++++++++++ chrony.keyring | 29 +++++++++++++++++++++++++++++ chrony.spec | 7 ++++--- 6 files changed, 67 insertions(+), 6 deletions(-) delete mode 100644 chrony-3.2.tar.gz create mode 100644 chrony-3.3.tar.gz create mode 100644 chrony-3.3.tar.gz.sig create mode 100644 chrony.keyring diff --git a/chrony-3.2.tar.gz b/chrony-3.2.tar.gz deleted file mode 100644 index 6ea2ed3..0000000 --- a/chrony-3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:329f6718dd8c3ece3eee78be1f4821cbbeb62608e7d23f25da293cfa433c4116 -size 433882 diff --git a/chrony-3.3.tar.gz b/chrony-3.3.tar.gz new file mode 100644 index 0000000..5ca4bea --- /dev/null +++ b/chrony-3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0d1fb2d5875032f2d5a86f3770374c87ee4c941916f64171e81f7684f2a73128 +size 443571 diff --git a/chrony-3.3.tar.gz.sig b/chrony-3.3.tar.gz.sig new file mode 100644 index 0000000..200e8ab --- /dev/null +++ b/chrony-3.3.tar.gz.sig @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlrEnuoACgkQX/BvKboeATuMFQCfdu4xtf+APWbPOs3xGi0hSiaH +okQAnA/in5HE5qsRQoZQ8yi4MhOX4++X +=OZtM +-----END PGP SIGNATURE----- diff --git a/chrony.changes b/chrony.changes index 80aca8b..4d5f520 100644 --- a/chrony.changes +++ b/chrony.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com + +- Update to version 3.3 +ed + + Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc + + Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step + + make package build reproducible (boo#1047218) + ------------------------------------------------------------------- Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com diff --git a/chrony.keyring b/chrony.keyring new file mode 100644 index 0000000..5453a1f --- /dev/null +++ b/chrony.keyring @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEYLz1cRBADYNM9gn8g1Bw8t2Zj+HT9hbSHVs9ofSdxqdLEVAbNySeLftOlZ +ba+4CU+lIfC/6XHZ0r+UvTBVK+r/KLjFxWz5cWGGFVUrXOSjo2PDXDqWrs9VALtT +zH8sr0/7qJCByF9fnryPO1fmMKlh9R0+X5cF7vZjlWbM+BV/yxARi4lb4wCgpf9M +7uo9hJUcMyy2zJSdzjUPkcMEAMVyDpw7kwTjnWzwaOHnPlT/x31OkGAO2sZgzRGu +VE1zGN4Ruv36GS7hNPndtpTGZuPtmLrE2wJS2exer4kTYANfiGj/JDTiuGQYF2jp +9cN3zJL7e7Bik004TZVUGg3HzpuWWc/uiTXgrZxIDz4uPxjy5kdDfbhUziNsy9Uj +igOZBADQ9T6XYQBTfRmGUkl7hEeAeu+WfEGDVlHP+EpMtk/uANUqYef5xUG4RomE +EyjRlrEXwG7Ly2HhH3UADBuPjkP68AGN8WslbCNx5Na+nZr6r1sT1+Z3OdUDprpY +PQxCu5WWYsYgzroO/JEA2d3pYgaaHEAhyZxau1UtW4hpAn8svbQmTWlyb3NsYXYg +TGljaHZhciA8bWxpY2h2YXJAcmVkaGF0LmNvbT6IZgQTEQIAJgIbAwYLCQgHAwIE +FQIIAwQWAgMBAh4BAheABQJWlM11BQkWLJibAAoJEF/wbym6HgE7UTsAmwbZUuT0 +OVgRwWRvgpwzpRbdQBP5AKCXLqK/+vB/9d5pJUXch2v7lqyy87kCDQRGC89XEAgA +medsNk8FIYdzJYyP2eaIYKMTpSCFgTKE1EHdiRaX5n3oo9o26+vfA1NfIwKM8G54 +3Ddr1yl2PRmQermHMQahMMsXcehQXjsJoZXTglJq6kw5Xb1V1K6SyXQv/sLmWGxw +T91T+0I+9g+UqMeqR8B2hj950BbfWn6Pu5CRk2voTsYEU2ecejKOWOOrbUnD/5wy +mkSD/1g+T7bgGOHMrSgYWH3Fk7dWNKpGBtQn3cL7fKy+cn4koDW1L3ebxg4zWpFo +l51m3u8DXc9lqUjg9AoqJH1bc9eQPQvJKxd5syU2pkgtHhT2rlSqpRtsKsgRNfBC +qBbK9gtEM3DRUD+EbbEZgwADBQf8CTSksVEUs5svpQlldZERwViUwwVb4TMszKKq +nEti6zu6oMkIDreGzSISDsrWq1WxzUv9IYumwanzkgTpVVfFPxK7samtol8Lol5V +r3Zbil3Q0IGJ9thhitMHRSU3ClhVRZF5QF/MhSzD1j0cXK4Ls0np5DePT3H4tItZ ++OcEhZcDb8k2DMcJW/REuiisWOElwIDM0o0kZyQiy+5QRfE2xancu3n8+wGtwc0N +2Yp/elmIigreu0xuK7HaFOiScUYv00BJa/ZEO2aOkRuiKkdp3oxtz3MIdDYyGbI6 +mL4h+X8079i95yu+L2tUJGHeN5u+X0Hsg9sE6TpVEggQEI30YYhPBBgRAgAPAhsM +BQJWlM2TBQkWLJi3AAoJEF/wbym6HgE7G9sAnA3EsHwEZ+CcOmKFBJRbkj3Dxagp +AJ962OOivxERsKPk/hXIN1oUXY54Aw== +=Vbe3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/chrony.spec b/chrony.spec index 2f3d83d..f1c6b75 100644 --- a/chrony.spec +++ b/chrony.spec @@ -23,18 +23,19 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: chrony -Version: 3.2 +Version: 3.3 Release: 0 Summary: System Clock Synchronization Client and Server License: GPL-2.0-only Group: Productivity/Networking/Other -Url: http://chrony.tuxfamily.org/ -Source: http://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz +Url: https://chrony.tuxfamily.org/ +Source: https://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz Source2: chrony.sysconfig Source3: chrony.dhclient Source4: chrony.helper Source5: chrony-dnssrv@.service Source6: chrony-dnssrv@.timer +Source7: https://download.tuxfamily.org/chrony/chrony-3.3-tar-gz-asc.txt#/chrony-%{version}.tar.gz.sig # Simulator for test suite Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines From 029648ee59969b8e3cc121adcd4a83b4aa93f57d190d8308fdce4bcfdbe1737e Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 2 Aug 2018 07:54:01 +0000 Subject: [PATCH 2/3] - Mention all sources as such in spec file - Fix formatting of changelog - Drop reference to change is not present * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=49 --- chrony.changes | 45 +++++++++++++++++++++++++-------------------- chrony.spec | 17 +++++++++-------- 2 files changed, 34 insertions(+), 28 deletions(-) diff --git a/chrony.changes b/chrony.changes index 4d5f520..74c7d0f 100644 --- a/chrony.changes +++ b/chrony.changes @@ -1,27 +1,32 @@ +------------------------------------------------------------------- +Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com + +- Mention all sources as such in spec file +- Fix formatting of changelog +- Drop reference to change is not present + ------------------------------------------------------------------- Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com - Update to version 3.3 -ed - + Enhancements: - Add burst option to server/pool directive - Add stratum and tai options to refclock directive - Add support for Nettle crypto library - Add workaround for missing kernel receive timestamps on Linux - Wait for late hardware transmit timestamps - Improve source selection with unreachable sources - Improve protection against replay attacks on symmetric mode - Allow PHC refclock to use socket in /var/run/chrony - Add shutdown command to stop chronyd - Simplify format of response to manual list command - Improve handling of unknown responses in chronyc - + Bug fixes: - Respond to NTPv1 client requests with zero mode - Fix -x option to not require CAP_SYS_TIME under non-root user - Fix acquisitionport directive to work with privilege separation - Fix handling of socket errors on Linux to avoid high CPU usage - Fix chronyc to not get stuck in infinite loop after clock step - + make package build reproducible (boo#1047218) + * Enhancements: + + Add burst option to server/pool directive + + Add stratum and tai options to refclock directive + + Add support for Nettle crypto library + + Add workaround for missing kernel receive timestamps on Linux + + Wait for late hardware transmit timestamps + + Improve source selection with unreachable sources + + Improve protection against replay attacks on symmetric mode + + Allow PHC refclock to use socket in /var/run/chrony + + Add shutdown command to stop chronyd + + Simplify format of response to manual list command + + Improve handling of unknown responses in chronyc + * Bug fixes: + + Respond to NTPv1 client requests with zero mode + + Fix -x option to not require CAP_SYS_TIME under non-root user + + Fix acquisitionport directive to work with privilege separation + + Fix handling of socket errors on Linux to avoid high CPU usage + + Fix chronyc to not get stuck in infinite loop after clock step ------------------------------------------------------------------- Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com diff --git a/chrony.spec b/chrony.spec index f1c6b75..61be17c 100644 --- a/chrony.spec +++ b/chrony.spec @@ -28,7 +28,7 @@ Release: 0 Summary: System Clock Synchronization Client and Server License: GPL-2.0-only Group: Productivity/Networking/Other -Url: https://chrony.tuxfamily.org/ +URL: https://chrony.tuxfamily.org/ Source: https://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz Source2: chrony.sysconfig Source3: chrony.dhclient @@ -36,6 +36,7 @@ Source4: chrony.helper Source5: chrony-dnssrv@.service Source6: chrony-dnssrv@.timer Source7: https://download.tuxfamily.org/chrony/chrony-3.3-tar-gz-asc.txt#/chrony-%{version}.tar.gz.sig +Source8: chrony.keyring # Simulator for test suite Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines @@ -110,7 +111,7 @@ sed -e 's|^\pool|! pool|' \ cat << EOF >> chrony.conf # Also include any directives found in configuration files in /etc/chrony.d -include /etc/chrony.d/*.conf +include %{_sysconfdir}/chrony.d/*.conf EOF touch -r examples/chrony.conf.example2 chrony.conf @@ -160,9 +161,9 @@ install -d %{buildroot}%{sbindir} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchronyd ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchrony-wait -install -d %{buildroot}%{_prefix}/lib/systemd/ntp-units.d +install -d %{buildroot}%{_libexecdir}/systemd/ntp-units.d echo 'chronyd.service' > \ - %{buildroot}%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list + %{buildroot}%{_libexecdir}/systemd/ntp-units.d/50-chronyd.list install -Dpm 0644 %{SOURCE2} \ %{buildroot}%{_fillupdir}/sysconfig.chrony @@ -208,10 +209,10 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d "%{_localstatedir}/ %{_bindir}/chronyc %{_sbindir}/chronyd %{_datadir}/chrony-helper -%{_mandir}/man1/chronyc.1%{ext_man} -%{_mandir}/man5/chrony.conf.5%{ext_man} -%{_mandir}/man8/chronyd.8%{ext_man} -%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_mandir}/man1/chronyc.1%{?ext_man} +%{_mandir}/man5/chrony.conf.5%{?ext_man} +%{_mandir}/man8/chronyd.8%{?ext_man} +%{_libexecdir}/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service %{_unitdir}/chrony*.timer %{_sbindir}/rcchrony* From c022e418584c43a0fd8ecfb933434c4d5a293820f12ccda6bdbbba8e658a34cc Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Fri, 3 Aug 2018 09:17:49 +0000 Subject: [PATCH 3/3] - Update clknetsim to revision 42b693b * Drop not needed chrony-fix-open.patch - Build tests with optflags as well - Do not run tests on i586 - Enable signd OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=50 --- chrony-fix-open.patch | 22 ---------------------- chrony.changes | 9 +++++++++ chrony.spec | 10 ++++++---- clknetsim-42b693b.tar.gz | 3 +++ clknetsim-71dbbc5.tar.gz | 3 --- 5 files changed, 18 insertions(+), 29 deletions(-) delete mode 100644 chrony-fix-open.patch create mode 100644 clknetsim-42b693b.tar.gz delete mode 100644 clknetsim-71dbbc5.tar.gz diff --git a/chrony-fix-open.patch b/chrony-fix-open.patch deleted file mode 100644 index a3c42f7..0000000 --- a/chrony-fix-open.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: chrony-3.2/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c -=================================================================== ---- chrony-3.2.orig/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c -+++ chrony-3.2/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c -@@ -1008,6 +1008,8 @@ int open(const char *pathname, int flags - else if (!strcmp(pathname, "/dev/ptp1")) - return SYSCLK_FD; - -+ if (!_open) -+ _open = (int (*)(const char *pathname, int flags))dlsym(RTLD_NEXT, "open"); - r = _open(pathname, flags); - assert(r < 0 || (r < BASE_SOCKET_FD && r < BASE_TIMER_FD)); - -@@ -1026,6 +1028,8 @@ int close(int fd) { - return 0; - } - -+ if (!_close) -+ _close = (int (*)(int fd))dlsym(RTLD_NEXT, "close"); - return _close(fd); - } - diff --git a/chrony.changes b/chrony.changes index 74c7d0f..639e276 100644 --- a/chrony.changes +++ b/chrony.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Aug 3 07:56:06 UTC 2018 - mpluskal@suse.com + +- Update clknetsim to revision 42b693b + * Drop not needed chrony-fix-open.patch +- Build tests with optflags as well +- Do not run tests on i586 +- Enable signd + ------------------------------------------------------------------- Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com diff --git a/chrony.spec b/chrony.spec index 61be17c..532da65 100644 --- a/chrony.spec +++ b/chrony.spec @@ -17,7 +17,7 @@ %define vendorzone opensuse. -%global clknetsim_ver 71dbbc5 +%global clknetsim_ver 42b693b #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates @@ -44,7 +44,6 @@ Patch0: chrony-config.patch # Add NTP servers from DHCP when starting service Patch1: chrony-service-helper.patch Patch2: chrony-logrotate.patch -Patch5: chrony-fix-open.patch BuildRequires: NetworkManager-devel BuildRequires: bison BuildRequires: gcc-c++ @@ -95,7 +94,6 @@ or a different computer. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch5 -p1 # If this is an openSUSE build, use our vendor zone # (2.*pool.ntp.org names include IPv6 addresses). If not @@ -132,7 +130,8 @@ export LDFLAGS="-pie -Wl,-z,relro,-z,now" %endif --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ - --with-sendmail=%{_sbindir}/sendmail + --with-sendmail=%{_sbindir}/sendmail \ + --enable-ntp-signd make %{?_smp_mflags} all docs %install @@ -173,11 +172,14 @@ install -Dpm 755 %{SOURCE4} \ install -d %{buildroot}%{_localstatedir}/log/chrony touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc} +%ifnarch %ix86 %check # Set random seed to get deterministic results export CLKNETSIM_RANDOM_SEED=24501 +export CFLAGS="%{optflags}" make %{?_smp_mflags} -C test/simulation/clknetsim make %{?_smp_mflags} check +%endif %pre getent group %{name} >/dev/null || groupadd -r %{name} diff --git a/clknetsim-42b693b.tar.gz b/clknetsim-42b693b.tar.gz new file mode 100644 index 0000000..bc881fe --- /dev/null +++ b/clknetsim-42b693b.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2cc12343114ebb9fc96e62404fac4be7fca5d5cb2a8bdc65fdc41948ea0ee449 +size 41933 diff --git a/clknetsim-71dbbc5.tar.gz b/clknetsim-71dbbc5.tar.gz deleted file mode 100644 index 6372926..0000000 --- a/clknetsim-71dbbc5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3f58e70731922bf2d6c8a39256acd0b402a5e125eefe82c5b9542081dac6d23 -size 41648