diff --git a/backport-close-socket-in-helper-process.patch b/backport-close-socket-in-helper-process.patch new file mode 100644 index 0000000000000000000000000000000000000000..889741e4a33de01d208d3de8c763a58914857650 --- /dev/null +++ b/backport-close-socket-in-helper-process.patch @@ -0,0 +1,57 @@ +From 7196943f112c3087bcdf04d0106213a30d177a27 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Thu, 28 Nov 2024 14:45:23 +0100 +Subject: [PATCH] nts: close socket in helper process on exit + +Close the socket used for receiving helper requests before exit to avoid +another valgrind error. + +Conflict:NA +Reference:https://github.com/mlichvar/chrony/commit/7196943f112c3087bcdf04d0106213a30d177a27 +--- + nts_ke_server.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/nts_ke_server.c b/nts_ke_server.c +index 6fe28be..6dd6251 100644 +--- a/nts_ke_server.c ++++ b/nts_ke_server.c +@@ -702,7 +702,7 @@ key_timeout(void *arg) + /* ================================================== */ + + static void +-run_helper(uid_t uid, gid_t gid, int scfilter_level) ++run_helper(uid_t uid, gid_t gid, int scfilter_level, int sock_fd) + { + LOG_Severity log_severity; + +@@ -729,10 +729,15 @@ run_helper(uid_t uid, gid_t gid, int scfilter_level) + if (scfilter_level != 0) + SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER); + ++ SCH_AddFileHandler(sock_fd, SCH_FILE_INPUT, handle_helper_request, NULL); ++ + SCH_MainLoop(); + + DEBUG_LOG("Helper exiting"); + ++ SCH_RemoveFileHandler(sock_fd); ++ close(sock_fd); ++ + NKS_Finalise(); + SCK_Finalise(); + SYS_Finalise(); +@@ -792,9 +797,8 @@ NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level) + LOG_CloseParentFd(); + + SCK_CloseSocket(sock_fd1); +- SCH_AddFileHandler(sock_fd2, SCH_FILE_INPUT, handle_helper_request, NULL); + +- run_helper(uid, gid, scfilter_level); ++ run_helper(uid, gid, scfilter_level, sock_fd2); + } + + SCK_CloseSocket(sock_fd2); +-- +2.33.0 + diff --git a/backport-dont-load-sourcedir-during-initstepslew.patch b/backport-dont-load-sourcedir-during-initstepslew.patch new file mode 100644 index 0000000000000000000000000000000000000000..0974640e5e27727a2bb8135029d8969f3daebd9c --- /dev/null +++ b/backport-dont-load-sourcedir-during-initstepslew.patch @@ -0,0 +1,94 @@ +From f49be7f06343ee27fff2950937d7f6742f53976f Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Tue, 12 Mar 2024 14:30:27 +0100 +Subject: [PATCH] conf: don't load sourcedir during initstepslew and RTC init + +If the reload sources command was received in the chronyd start-up +sequence with initstepslew and/or RTC init (-s option), the sources +loaded from sourcedirs caused a crash due to failed assertion after +adding sources specified in the config. + +Ignore the reload sources command until chronyd enters the normal +operation mode. + +Fixes: 519796de3756 ("conf: add sourcedirs directive") + +Conflict:The log feature is added in the pre-patch. Therefore, the test cases are adapted. +Reference:https://github.com/mlichvar/chrony/commit/f49be7f06343ee27fff2950937d7f6742f53976f +--- + conf.c | 11 ++++++++++- + test/simulation/203-initreload | 26 ++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) + create mode 100755 test/simulation/203-initreload + +diff --git a/conf.c b/conf.c +index 6eae11c..8849bdc 100644 +--- a/conf.c ++++ b/conf.c +@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources; + static ARR_Instance ntp_source_dirs; + /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */ + static ARR_Instance ntp_source_ids; ++/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */ ++static int conf_ntp_sources_added = 0; + + /* Array of RefclockParameters */ + static ARR_Instance refclock_sources; +@@ -1689,8 +1691,12 @@ reload_source_dirs(void) + NSR_Status s; + int d; + ++ /* Ignore reload command before adding configured sources */ ++ if (!conf_ntp_sources_added) ++ return; ++ + prev_size = ARR_GetSize(ntp_source_ids); +- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size) ++ if (ARR_GetSize(ntp_sources) != prev_size) + assert(0); + + /* Save the current sources and their configuration IDs */ +@@ -1859,7 +1865,10 @@ CNF_AddSources(void) + Free(source->params.name); + } + ++ /* The arrays will be used for sourcedir (re)loading */ + ARR_SetSize(ntp_sources, 0); ++ ARR_SetSize(ntp_source_ids, 0); ++ conf_ntp_sources_added = 1; + + reload_source_dirs(); + } +diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload +new file mode 100755 +index 0000000..cf7924b +--- /dev/null ++++ b/test/simulation/203-initreload +@@ -0,0 +1,24 @@ ++#!/usr/bin/env bash ++ ++. ./test.common ++ ++check_config_h 'FEAT_CMDMON 1' || test_skip ++ ++# Test fix "conf: don't load sourcedir during initstepslew and RTC init" ++ ++test_start "reload during initstepslew" ++ ++client_conf="initstepslew 5 192.168.123.1 ++sourcedir tmp" ++client_server_conf="#" ++chronyc_conf="reload sources" ++chronyc_start=4 ++ ++echo 'server 192.168.123.1' > tmp/sources.sources ++ ++run_test || test_fail ++check_chronyd_exit || test_fail ++check_source_selection || test_fail ++check_sync || test_fail ++ ++test_pass +-- +2.33.0 + diff --git a/backport-fix-finalization-for-async-resolver.patch b/backport-fix-finalization-for-async-resolver.patch new file mode 100644 index 0000000000000000000000000000000000000000..be08394aef9d06d10262b8fd1296e25661e33b15 --- /dev/null +++ b/backport-fix-finalization-for-async-resolver.patch @@ -0,0 +1,43 @@ +From 08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Thu, 22 Aug 2024 09:26:59 +0200 +Subject: [PATCH] ntp: fix finalization for async resolver + +If an attempt to resolve addresses of an NTP server is made right before +starting the termination sequence, the asynchronous resolver thread +could read the server name when it was already freed. + +Leave unresolved sources allocated in NSR_Finalise() if the async +resolver did not finish yet, at least for now. Waiting for the resolving +result or cancelling the thread would complicate the code. The scheduler +is not expected to be running at this point. + +Conflict:Context adaptation +Reference:https://github.com/mlichvar/chrony/commit/08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 +--- + ntp_sources.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ntp_sources.c b/ntp_sources.c +index 29c99ac..d2cd113 100644 +--- a/ntp_sources.c ++++ b/ntp_sources.c +@@ -219,8 +219,13 @@ NSR_Finalise(void) + ARR_DestroyInstance(records); + ARR_DestroyInstance(pools); + +- while (unresolved_sources) +- remove_unresolved_source(unresolved_sources); ++ /* Leave the unresolved sources allocated if the async resolver is running ++ to avoid reading the name from freed memory. The handler will not be ++ called as the scheduler should no longer be running at this point. */ ++ if (!resolving_source) { ++ while (unresolved_sources) ++ remove_unresolved_source(unresolved_sources); ++ } + + initialised = 0; + } +-- +2.33.0 + diff --git a/backport-fix-memory-leak-of-empty-readline-string.patch b/backport-fix-memory-leak-of-empty-readline-string.patch new file mode 100644 index 0000000000000000000000000000000000000000..3fa7098f490229d1f5daa6f65be6e4d41ec7ac1a --- /dev/null +++ b/backport-fix-memory-leak-of-empty-readline-string.patch @@ -0,0 +1,32 @@ +From 55898e9b07d2bf97cb3bb96987dbe57f1b6376ef Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Wed, 12 Feb 2025 13:22:04 +0100 +Subject: [PATCH] client: fix memory leak of empty readline() string + +Conflict:NA +Reference:https://github.com/mlichvar/chrony/commit/55898e9b07d2bf97cb3bb96987dbe57f1b6376ef +--- + client.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/client.c b/client.c +index 70bcdae..6bbce14 100644 +--- a/client.c ++++ b/client.c +@@ -125,12 +125,11 @@ read_line(void) + strncpy(line, cmd, sizeof(line) - 1); + line[sizeof(line) - 1] = '\0'; + add_history(cmd); +- /* free the buffer allocated by readline */ +- Free(cmd); + } else { + /* simulate the user has entered an empty line */ + *line = '\0'; + } ++ Free(cmd); + return( line ); + #else + printf("%s", prompt); +-- +2.33.0 + diff --git a/chrony.spec b/chrony.spec index ff8b69f3dd227a49ab5ca9af23c1fb91817dcb19..6301d4dc45333bf1232cb74ac1074f428285fb49 100644 --- a/chrony.spec +++ b/chrony.spec @@ -2,7 +2,7 @@ Name: chrony Version: 4.1 -Release: 6 +Release: 7 Summary: An NTP client/server License: GPLv2 URL: https://chrony.tuxfamily.org @@ -17,6 +17,10 @@ Patch2: feat-loongarch64-do-not-support-fstat.patch Patch6000: backport-rework-command-and-limit-the-length-of-command.patch Patch6001: backport-sys_linux-allow-clone3-and-pread64-in-secco.patch +Patch6002: backport-dont-load-sourcedir-during-initstepslew.patch +Patch6003: backport-fix-finalization-for-async-resolver.patch +Patch6004: backport-close-socket-in-helper-process.patch +Patch6005: backport-fix-memory-leak-of-empty-readline-string.patch BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel gnutls-devel gnutls-utils @@ -140,6 +144,12 @@ fi %{_mandir}/man[158]/%{name}*.[158]* %changelog +* Tue Apr 15 2025 xinghe - 4.1-7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync some patches from upstream + * Thu Aug 10 2023 herengui - 4.1-6 - Type:bugfix - ID:NA