Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package chrony for openSUSE:Factory checked
in at 2021-07-04 22:10:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/chrony (Old)
and /work/SRC/openSUSE:Factory/.chrony.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chrony"
Sun Jul 4 22:10:30 2021 rev:31 rq:903544 version:4.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/chrony/chrony.changes 2021-07-01
07:05:26.807565033 +0200
+++ /work/SRC/openSUSE:Factory/.chrony.new.2625/chrony.changes 2021-07-04
22:10:31.469330410 +0200
@@ -1,0 +2,10 @@
+Thu Jul 1 12:38:13 UTC 2021 - Reinhard Max <m...@suse.com>
+
+- boo#1187906: Consolidate all references to the helper script.
+- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
+ but needed for calculating refids from IPv6 addresses as part of
+ the NTP protocol (rfc5905). As this is a non-cryptographic use of
+ MD5 we can use our own implementation without violating FIPS
+ rules: chrony-refid-internal-md5.patch .
+
+-------------------------------------------------------------------
New:
----
chrony-refid-internal-md5.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ chrony.spec ++++++
--- /var/tmp/diff_new_pack.mVz4hT/_old 2021-07-04 22:10:32.129325305 +0200
+++ /var/tmp/diff_new_pack.mVz4hT/_new 2021-07-04 22:10:32.129325305 +0200
@@ -25,6 +25,7 @@
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
+%define chrony_helper %{_libexecdir}/chrony/helper
Name: chrony
Version: 4.1
Release: 0
@@ -53,6 +54,7 @@
Patch1: chrony-service-helper.patch
Patch2: chrony-logrotate.patch
Patch3: chrony-service-ordering.patch
+Patch4: chrony-refid-internal-md5.patch
BuildRequires: NetworkManager-devel
BuildRequires: bison
BuildRequires: gcc-c++
@@ -63,10 +65,10 @@
BuildRequires: pps-tools-devel
# The timezone package is needed for the "make check" tests. It can be
# removed if the call to make check is ever deleted.
+BuildRequires: sysuser-tools
BuildRequires: timezone
BuildRequires: pkgconfig(systemd)
BuildRequires: rubygem(asciidoctor)
-BuildRequires: sysuser-tools
Recommends: logrotate
Requires(post): %fillup_prereq
%sysusers_requires
@@ -147,11 +149,12 @@
%prep
%setup -q -a 10
+sed -e 's-@CHRONY_HELPER@-%{chrony_helper}-g' -i %{PATCH1} %{SOURCE3}
%{SOURCE5}
%patch0 -p1
-sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{PATCH1}
%patch1 -p1
%patch2 -p1
%patch3
+%patch4
# Remove pool statements from the default /etc/chrony.conf. They will
# be provided by branding packages in /etc/chrony.d/pool.conf .
@@ -203,7 +206,6 @@
%{buildroot}%{_unitdir}/chronyd.service
install -Dpm 0644 examples/chrony-wait.service \
%{buildroot}%{_unitdir}/chrony-wait.service
-sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE5}
install -Dpm 0644 %{SOURCE5} \
%{buildroot}%{_unitdir}/chrony-dnssrv@.service
install -Dpm 0644 %{SOURCE6} \
@@ -221,8 +223,7 @@
install -Dpm 0644 %{SOURCE2} \
%{buildroot}%{_fillupdir}/sysconfig.chronyd
-install -Dpm 755 %{SOURCE4} \
- %{buildroot}%{_libexecdir}/%name/helper
+install -Dpm 755 %{SOURCE4} %{buildroot}%{chrony_helper}
install -d %{buildroot}%{_localstatedir}/log/chrony
touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc}
++++++ chrony-dnssrv@.service ++++++
--- /var/tmp/diff_new_pack.mVz4hT/_old 2021-07-04 22:10:32.189324841 +0200
+++ /var/tmp/diff_new_pack.mVz4hT/_new 2021-07-04 22:10:32.189324841 +0200
@@ -5,4 +5,4 @@
[Service]
Type=oneshot
-ExecStart=@LIBEXECDIR@/chrony/helper update-dnssrv-servers %I
+ExecStart=@CHRONY_HELPER@ update-dnssrv-servers %I
++++++ chrony-refid-internal-md5.patch ++++++
--- util.c.orig
+++ util.c
@@ -32,7 +32,13 @@
#include "logging.h"
#include "memory.h"
#include "util.h"
-#include "hash.h"
+/*
+ * We use the internal MD5 implementation here to avoid trouble with
+ * FIPS. This is OK, because MD5 is only being used for the non-crypto
+ * purpose of hashing 128 bit IPv6 addresses to 32 bit referenc IDs,
+ * as required by RFC 5905.
+ */
+#include "md5.c"
#define NSEC_PER_SEC 1000000000
@@ -392,21 +398,17 @@ UTI_IsIPReal(const IPAddr *ip)
uint32_t
UTI_IPToRefid(const IPAddr *ip)
{
- static int MD5_hash = -1;
- unsigned char buf[16];
+ MD5_CTX ctx;
+ unsigned char *buf = &ctx.digest;
switch (ip->family) {
case IPADDR_INET4:
return ip->addr.in4;
case IPADDR_INET6:
- if (MD5_hash < 0)
- MD5_hash = HSH_GetHashId(HSH_MD5);
-
- if (MD5_hash < 0 ||
- HSH_Hash(MD5_hash, (const unsigned char *)ip->addr.in6, sizeof
(ip->addr.in6),
- NULL, 0, buf, sizeof (buf)) != sizeof (buf))
- LOG_FATAL("Could not get MD5");
-
+ MD5Init(&ctx);
+ MD5Update(&ctx, (unsigned const char *)ip->addr.in6,
+ sizeof(ip->addr.in6));
+ MD5Final(&ctx);
return (uint32_t)buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
}
return 0;
++++++ chrony-service-helper.patch ++++++
--- /var/tmp/diff_new_pack.mVz4hT/_old 2021-07-04 22:10:32.225324563 +0200
+++ /var/tmp/diff_new_pack.mVz4hT/_new 2021-07-04 22:10:32.229324532 +0200
@@ -5,7 +5,7 @@
PIDFile=/run/chrony/chronyd.pid
EnvironmentFile=-/etc/sysconfig/chronyd
ExecStart=/usr/sbin/chronyd $OPTIONS
-+ExecStartPost=@LIBEXECDIR@/chrony/helper update-daemon
++ExecStartPost=@CHRONY_HELPER@ update-daemon
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
++++++ chrony.dhclient ++++++
--- /var/tmp/diff_new_pack.mVz4hT/_old 2021-07-04 22:10:32.257324315 +0200
+++ /var/tmp/diff_new_pack.mVz4hT/_new 2021-07-04 22:10:32.257324315 +0200
@@ -8,13 +8,13 @@
for server in $new_ntp_servers; do
echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE
done
- /usr/share/chrony-helper update-daemon || :
+ @CHRONY_HELPER@ update-daemon || :
fi
}
chrony_restore() {
if [ -f $SERVERFILE ]; then
rm -f $SERVERFILE
- /usr/share/chrony-helper update-daemon || :
+ @CHRONY_HELPER@ update-daemon || :
fi
}
