[chrony/el5] update to 1.30 (CVE-2014-0021)
Miroslav Lichvar
mlichvar at fedoraproject.org
Wed Jul 2 14:46:16 UTC 2014
commit 57eb25ea6bba08663903de17343373c3818a3c0a
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date: Tue Jul 1 17:44:05 2014 +0200
update to 1.30 (CVE-2014-0021)
.gitignore | 2 +-
chrony-cve-2012-4502.patch | 167 --------------------------------------------
chrony-cve-2012-4503.patch | 35 ---------
chrony.spec | 15 ++--
chronyd.init | 17 ++---
sources | 2 +-
6 files changed, 16 insertions(+), 222 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d9c55de..f01cf27 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/chrony-1.25.tar.gz
+/chrony-1.30.tar.gz
diff --git a/chrony.spec b/chrony.spec
index 55bfe72..1541012 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -1,5 +1,5 @@
Name: chrony
-Version: 1.25
+Version: 1.30
Release: 3%{?gitpatch}%{?dist}
Summary: An NTP client/server
@@ -14,8 +14,6 @@ Source4: chronyd.init
Source5: chrony.logrotate
# wget -O timepps.h 'http://gitweb.enneenne.com/?p=linuxpps;a=blob_plain;f=Documentation/pps/timepps.h;hb=b895b1a28558b83907c691aad231c41a0d14df88'
%{?gitpatch:Patch0: chrony-%{version}-%{gitpatch}.patch.gz}
-Patch1: chrony-cve-2012-4502.patch
-Patch2: chrony-cve-2012-4503.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libcap-devel readline-devel ncurses-devel bison texinfo
@@ -35,8 +33,6 @@ clocks, system real-time clock or manual input as time references.
%prep
%setup -q -n %{name}-%{version}%{?prerelease}
%{?gitpatch:%patch0 -p1}
-%patch1 -p1 -b .cve-2012-4502
-%patch2 -p1 -b .cve-2012-4503
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
@@ -50,7 +46,12 @@ CFLAGS="$CFLAGS -pie -fpie"
export CFLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
-%configure --docdir=%{_docdir} --enable-forcednsretry
+%configure \
+ --enable-debug \
+ --docdir=%{_docdir} \
+ --with-user=chrony \
+ --with-sendmail=%{_sbindir}/sendmail
+
make %{?_smp_mflags} getdate all docs
%install
@@ -102,7 +103,7 @@ fi
%files
%defattr(-,root,root,-)
-%doc COPYING NEWS README chrony.txt faq.txt examples/*
+%doc COPYING FAQ NEWS README chrony.txt examples/*
%config(noreplace) %{_sysconfdir}/chrony.conf
%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
diff --git a/chronyd.init b/chronyd.init
index 8070476..a5d53f6 100644
--- a/chronyd.init
+++ b/chronyd.init
@@ -35,7 +35,7 @@ dhclient_servers=/var/lib/dhclient/chrony.servers.*
lockfile=/var/lock/subsys/$prog
get_key() {
- awk '/^[ \t]*'$1'\>/ { print $2; exit }' < $keyfile
+ awk '/^[ \t]*'$1'\>/ { print $(NF); exit }' < $keyfile
}
get_commandkeyid() {
@@ -43,16 +43,10 @@ get_commandkeyid() {
}
chrony_command() {
- commandkeyid=$(get_commandkeyid)
- [ -z "$commandkeyid" ] && return 1
- commandkey=$(get_key $commandkeyid)
- [ -z "$commandkey" ] && return 2
-
- $chronyc <<EOF | grep -v '200 OK'
-password $commandkey
+ $chronyc -a <<EOF | grep -v '200 OK'
$1
EOF
- return ${PIPESTATUS[0]}
+ return ${PIPESTATUS[0]}
}
generate_commandkey() {
@@ -62,8 +56,9 @@ generate_commandkey() {
[ -z "$commandkey" ] || return 0
echo -n $"Generating chrony command key: "
- commandkey=$(tr -c -d '[\041-\176]' < /dev/urandom | head -c 8)
- [ -n "$commandkey" ] && echo "$commandkeyid $commandkey" >> $keyfile &&
+ commandkey=$(tr -c -d '0-9ABCDEF' < /dev/urandom | head -c 32)
+ [ -n "$commandkey" ] &&
+ echo "$commandkeyid MD5 HEX:$commandkey" >> $keyfile &&
success || failure
echo
}
diff --git a/sources b/sources
index 482199e..8698a4b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9de3605616228ee010790da09df27500 chrony-1.25.tar.gz
+4f0767528a51af44abd512699c5cf194 chrony-1.30.tar.gz
More information about the scm-commits
mailing list