[chrony/el6] update to 1.30 (CVE-2014-0021)
Miroslav Lichvar
mlichvar at fedoraproject.org
Wed Jul 2 14:52:04 UTC 2014
commit 16d29744a2abc5cb4de393bce6394641348d8cd9
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date: Tue Jul 1 17:44:05 2014 +0200
update to 1.30 (CVE-2014-0021)
.gitignore | 2 +-
chrony-cve-2012-4502.patch | 167 --------------------------------------------
chrony-cve-2012-4503.patch | 35 ---------
chrony-kernel.patch | 159 -----------------------------------------
chrony.spec | 20 +++---
chronyd.init | 17 ++---
sources | 2 +-
7 files changed, 17 insertions(+), 385 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e958fa3..6d95963 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
/timepps.h
-/chrony-1.25.tar.gz
+/chrony-1.30.tar.gz
diff --git a/chrony.spec b/chrony.spec
index 168a29e..190ff7e 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -1,5 +1,5 @@
Name: chrony
-Version: 1.25
+Version: 1.30
Release: 4%{?gitpatch}%{?dist}
Summary: An NTP client/server
@@ -17,13 +17,9 @@ Source6: timepps.h
Source7: chrony.nm-dispatcher
Source8: chrony.dhclient
%{?gitpatch:Patch0: chrony-%{version}-%{gitpatch}.patch.gz}
-Patch1: chrony-cve-2012-4502.patch
-Patch2: chrony-cve-2012-4503.patch
-# Support recent kernels
-Patch3: chrony-kernel.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: libcap-devel libedit-devel bison texinfo
+BuildRequires: libcap-devel libedit-devel nss-devel bison texinfo
Requires(pre): shadow-utils
Requires(post): chkconfig info
@@ -41,9 +37,6 @@ clocks, system real-time clock or manual input as time references.
%setup -q -n %{name}-%{version}%{?prerelease}
mkdir pps; cp -p %{SOURCE6} pps
%{?gitpatch:%patch0 -p1}
-%patch1 -p1 -b .cve-2012-4502
-%patch2 -p1 -b .cve-2012-4503
-%patch3 -p1 -b .kernel
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
@@ -58,7 +51,12 @@ export CFLAGS
export CPPFLAGS="-Ipps"
export LDFLAGS="-Wl,-z,relro,-z,now"
-%configure --docdir=%{_docdir} --enable-forcednsretry
+%configure \
+ --enable-debug \
+ --docdir=%{_docdir} \
+ --with-user=chrony \
+ --with-sendmail=%{_sbindir}/sendmail
+
make %{?_smp_mflags} getdate all docs
%install
@@ -116,7 +114,7 @@ fi
%files
%defattr(-,root,root,-)
-%doc COPYING NEWS README chrony.txt faq.txt examples/*
+%doc COPYING FAQ NEWS README chrony.txt examples/*
%config(noreplace) %{_sysconfdir}/chrony.conf
%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
diff --git a/chronyd.init b/chronyd.init
index 8070476..b0dee9e 100644
--- a/chronyd.init
+++ b/chronyd.init
@@ -35,7 +35,7 @@ dhclient_servers=/var/lib/dhclient/chrony.servers.*
lockfile=/var/lock/subsys/$prog
get_key() {
- awk '/^[ \t]*'$1'\>/ { print $2; exit }' < $keyfile
+ awk '/^[ \t]*'$1'\>/ { print $(NF); exit }' < $keyfile
}
get_commandkeyid() {
@@ -43,16 +43,10 @@ get_commandkeyid() {
}
chrony_command() {
- commandkeyid=$(get_commandkeyid)
- [ -z "$commandkeyid" ] && return 1
- commandkey=$(get_key $commandkeyid)
- [ -z "$commandkey" ] && return 2
-
- $chronyc <<EOF | grep -v '200 OK'
-password $commandkey
+ $chronyc -a <<EOF | grep -v '200 OK'
$1
EOF
- return ${PIPESTATUS[0]}
+ return ${PIPESTATUS[0]}
}
generate_commandkey() {
@@ -62,8 +56,9 @@ generate_commandkey() {
[ -z "$commandkey" ] || return 0
echo -n $"Generating chrony command key: "
- commandkey=$(tr -c -d '[\041-\176]' < /dev/urandom | head -c 8)
- [ -n "$commandkey" ] && echo "$commandkeyid $commandkey" >> $keyfile &&
+ commandkey=$(tr -c -d '0-9ABCDEF' < /dev/urandom | head -c 40)
+ [ -n "$commandkey" ] &&
+ echo "$commandkeyid SHA1 HEX:$commandkey" >> $keyfile &&
success || failure
echo
}
diff --git a/sources b/sources
index be7a908..346a12d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
b494eddf72f3455c333eed80642dc20d timepps.h
-9de3605616228ee010790da09df27500 chrony-1.25.tar.gz
+4f0767528a51af44abd512699c5cf194 chrony-1.30.tar.gz
More information about the scm-commits
mailing list