diff --git a/.chrony.metadata b/.chrony.metadata index 2402c22..f22b34c 100644 --- a/.chrony.metadata +++ b/.chrony.metadata @@ -1 +1 @@ -442fb7d62a6f23bf1057864a3dbdfa55e1b6eb35 SOURCES/chrony-1.29.tar.gz +bf07c0afa6ab761d9863714497555fa5be578f3d SOURCES/chrony-1.29.1.tar.gz diff --git a/SOURCES/chrony-driftwrite.patch b/SOURCES/chrony-driftwrite.patch new file mode 100644 index 0000000..b55ce01 --- /dev/null +++ b/SOURCES/chrony-driftwrite.patch @@ -0,0 +1,59 @@ +commit 925d7119ec0db3620a2350eca3cbaea1a8eb4306 +Author: Miroslav Lichvar +Date: Tue Jan 21 18:18:04 2014 +0100 + + Fix writing of drift and RTC files + + Without sequence points the driftfile and RTC file could be closed + before new values were written. + +diff --git a/reference.c b/reference.c +index 12e6beb..3a3af1e 100644 +--- a/reference.c ++++ b/reference.c +@@ -290,6 +290,7 @@ update_drift_file(double freq_ppm, double skew) + struct stat buf; + char *temp_drift_file; + FILE *out; ++ int r1, r2; + + /* Create a temporary file with a '.tmp' extension. */ + +@@ -311,8 +312,9 @@ update_drift_file(double freq_ppm, double skew) + } + + /* Write the frequency and skew parameters in ppm */ +- if ((fprintf(out, "%20.6f %20.6f\n", freq_ppm, 1.0e6 * skew) < 0) | +- fclose(out)) { ++ r1 = fprintf(out, "%20.6f %20.6f\n", freq_ppm, 1.0e6 * skew); ++ r2 = fclose(out); ++ if (r1 < 0 || r2) { + Free(temp_drift_file); + LOG(LOGS_WARN, LOGF_Reference, "Could not write to temporary driftfile %s.tmp", + drift_file); +diff --git a/rtc_linux.c b/rtc_linux.c +index 8eda906..91b0cac 100644 +--- a/rtc_linux.c ++++ b/rtc_linux.c +@@ -467,6 +467,7 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) + struct stat buf; + char *temp_coefs_file_name; + FILE *out; ++ int r1, r2; + + /* Create a temporary file with a '.tmp' extension. */ + +@@ -488,9 +489,10 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) + } + + /* Gain rate is written out in ppm */ +- if ((fprintf(out, "%1d %ld %.6f %.3f\n", +- valid,ref_time, offset, 1.0e6 * rate) < 0) | +- fclose(out)) { ++ r1 = fprintf(out, "%1d %ld %.6f %.3f\n", ++ valid, ref_time, offset, 1.0e6 * rate); ++ r2 = fclose(out); ++ if (r1 < 0 || r2) { + Free(temp_coefs_file_name); + LOG(LOGS_WARN, LOGF_RtcLinux, "Could not write to temporary RTC file %s.tmp", + coefs_file_name); diff --git a/SOURCES/chrony-preferselect.patch b/SOURCES/chrony-preferselect.patch new file mode 100644 index 0000000..e128152 --- /dev/null +++ b/SOURCES/chrony-preferselect.patch @@ -0,0 +1,44 @@ +commit f456cd57b93695b1a9bd792ed084c62f9ffa7c9f +Author: Miroslav Lichvar +Date: Tue Jan 21 17:18:48 2014 +0100 + + Fix selecting of sources with prefer option + + List of selectable sources that is used in combining was trimmed to + sources with prefer option, but scoring algorithm considered all + selectable sources. When a source without prefer was selected and + no source was combined, it caused assertion failure. + +diff --git a/sources.c b/sources.c +index 6c6a5bb..de07bd3 100644 +--- a/sources.c ++++ b/sources.c +@@ -503,7 +503,7 @@ combine_sources(int n_sel_sources, struct timeval *ref_time, double *offset, + void + SRC_SelectSource(uint32_t match_refid) + { +- int i, j, index, old_selected_index; ++ int i, j, index, old_selected_index, sel_prefer; + struct timeval now, ref_time; + double src_offset, src_offset_sd, src_frequency, src_skew; + double src_root_delay, src_root_dispersion; +@@ -811,6 +811,9 @@ SRC_SelectSource(uint32_t match_refid) + } + if (j > 0) { + n_sel_sources = j; ++ sel_prefer = 1; ++ } else { ++ sel_prefer = 0; + } + + /* Now find minimum stratum. If none are left now, +@@ -843,7 +846,8 @@ SRC_SelectSource(uint32_t match_refid) + for (i = 0; i < n_sources; i++) { + + /* Reset score for non-selectable sources */ +- if (sources[i]->status != SRC_SELECTABLE) { ++ if (sources[i]->status != SRC_SELECTABLE || ++ (sel_prefer && sources[i]->sel_option != SRC_SelectPrefer)) { + sources[i]->sel_score = 1.0; + sources[i]->outlier = OUTLIER_PENALTY; + continue; diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index 43bee46..09861b4 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -1,6 +1,8 @@ +%global _hardened_build 1 + Name: chrony -Version: 1.29 -Release: 2%{?dist} +Version: 1.29.1 +Release: 1%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -16,6 +18,8 @@ Source7: chrony.nm-dispatcher Source8: chrony.dhclient Source9: chrony-wait.service %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} +Patch1: chrony-preferselect.patch +Patch2: chrony-driftwrite.patch BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel BuildRequires: bison texinfo systemd-units @@ -40,6 +44,8 @@ clocks, system real-time clock or manual input as time references. %prep %setup -q -n %{name}-%{version}%{?prerelease} %{?gitpatch:%patch0 -p1} +%patch1 -p1 -b .preferselect +%patch2 -p1 -b .driftwrite %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} @@ -47,15 +53,6 @@ sed -e 's|VENDORZONE\.|%{vendorzone}|' < %{SOURCE1} > chrony.conf touch -r %{SOURCE1} chrony.conf %build -CFLAGS="$RPM_OPT_FLAGS" -%ifarch %{sparc} -CFLAGS="$CFLAGS -fPIE" -%else -CFLAGS="$CFLAGS -fpie" -%endif -export CFLAGS -export LDFLAGS="-pie -Wl,-z,relro,-z,now" - %configure \ --docdir=%{_docdir} \ --with-sendmail=%{_sbindir}/sendmail @@ -131,6 +128,18 @@ fi %dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Tue Feb 04 2014 Miroslav Lichvar 1.29.1-1 +- update to 1.29.1 (#1053022, CVE-2014-0021) +- fix selecting of sources with prefer option (#1061048) +- fix potential bug in writing of drift files (#1061106) +- replace hardening build flags with _hardened_build (#1061036) + +* Fri Jan 24 2014 Daniel Mach - 1.29-4 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.29-3 +- Mass rebuild 2013-12-27 + * Thu Oct 03 2013 Miroslav Lichvar 1.29-2 - add ordering dependency to not start chronyd before ntpd stopped (#1011968)