!52 sync some patches from upstream

From: @xinghe_1 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-close-socket-in-helper-process.patch

@@ -0,0 +1,57 @@
+From 7196943f112c3087bcdf04d0106213a30d177a27 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 28 Nov 2024 14:45:23 +0100
+Subject: [PATCH] nts: close socket in helper process on exit
+
+Close the socket used for receiving helper requests before exit to avoid
+another valgrind error.
+
+Conflict:NA
+Reference:https://github.com/mlichvar/chrony/commit/7196943f112c3087bcdf04d0106213a30d177a27
+---
+ nts_ke_server.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/nts_ke_server.c b/nts_ke_server.c
+index 6fe28be..6dd6251 100644
+--- a/nts_ke_server.c
++++ b/nts_ke_server.c
+@@ -702,7 +702,7 @@ key_timeout(void *arg)
+ /* ================================================== */
+ 
+ static void
+-run_helper(uid_t uid, gid_t gid, int scfilter_level)
++run_helper(uid_t uid, gid_t gid, int scfilter_level, int sock_fd)
+ {
+   LOG_Severity log_severity;
+ 
+@@ -729,10 +729,15 @@ run_helper(uid_t uid, gid_t gid, int scfilter_level)
+   if (scfilter_level != 0)
+     SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER);
+ 
++  SCH_AddFileHandler(sock_fd, SCH_FILE_INPUT, handle_helper_request, NULL);
++
+   SCH_MainLoop();
+ 
+   DEBUG_LOG("Helper exiting");
+ 
++  SCH_RemoveFileHandler(sock_fd);
++  close(sock_fd);
++
+   NKS_Finalise();
+   SCK_Finalise();
+   SYS_Finalise();
+@@ -792,9 +797,8 @@ NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level)
+     LOG_CloseParentFd();
+ 
+     SCK_CloseSocket(sock_fd1);
+-    SCH_AddFileHandler(sock_fd2, SCH_FILE_INPUT, handle_helper_request, NULL);
+ 
+-    run_helper(uid, gid, scfilter_level);
++    run_helper(uid, gid, scfilter_level, sock_fd2);
+   }
+ 
+   SCK_CloseSocket(sock_fd2);
+-- 
+2.33.0
+

backport-dont-load-sourcedir-during-initstepslew.patch

@@ -0,0 +1,94 @@
+From f49be7f06343ee27fff2950937d7f6742f53976f Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Tue, 12 Mar 2024 14:30:27 +0100
+Subject: [PATCH] conf: don't load sourcedir during initstepslew and RTC init
+
+If the reload sources command was received in the chronyd start-up
+sequence with initstepslew and/or RTC init (-s option), the sources
+loaded from sourcedirs caused a crash due to failed assertion after
+adding sources specified in the config.
+
+Ignore the reload sources command until chronyd enters the normal
+operation mode.
+
+Fixes: 519796de3756 ("conf: add sourcedirs directive")
+
+Conflict:The log feature is added in the pre-patch. Therefore, the test cases are adapted.
+Reference:https://github.com/mlichvar/chrony/commit/f49be7f06343ee27fff2950937d7f6742f53976f
+---
+ conf.c                         | 11 ++++++++++-
+ test/simulation/203-initreload | 26 ++++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+ create mode 100755 test/simulation/203-initreload
+
+diff --git a/conf.c b/conf.c
+index 6eae11c..8849bdc 100644
+--- a/conf.c
++++ b/conf.c
+@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources;
+ static ARR_Instance ntp_source_dirs;
+ /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
+ static ARR_Instance ntp_source_ids;
++/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
++static int conf_ntp_sources_added = 0;
+ 
+ /* Array of RefclockParameters */
+ static ARR_Instance refclock_sources;
+@@ -1689,8 +1691,12 @@ reload_source_dirs(void)
+   NSR_Status s;
+   int d;
+ 
++  /* Ignore reload command before adding configured sources */
++  if (!conf_ntp_sources_added)
++    return;
++
+   prev_size = ARR_GetSize(ntp_source_ids);
+-  if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size)
++  if (ARR_GetSize(ntp_sources) != prev_size)
+     assert(0);
+ 
+   /* Save the current sources and their configuration IDs */
+@@ -1859,7 +1865,10 @@ CNF_AddSources(void)
+     Free(source->params.name);
+   }
+ 
++  /* The arrays will be used for sourcedir (re)loading */
+   ARR_SetSize(ntp_sources, 0);
++  ARR_SetSize(ntp_source_ids, 0);
++  conf_ntp_sources_added = 1;
+ 
+   reload_source_dirs();
+ }
+diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload
+new file mode 100755
+index 0000000..cf7924b
+--- /dev/null
++++ b/test/simulation/203-initreload
+@@ -0,0 +1,24 @@
++#!/usr/bin/env bash
++
++. ./test.common
++
++check_config_h 'FEAT_CMDMON 1' || test_skip
++
++# Test fix "conf: don't load sourcedir during initstepslew and RTC init"
++
++test_start "reload during initstepslew"
++
++client_conf="initstepslew 5 192.168.123.1
++sourcedir tmp"
++client_server_conf="#"
++chronyc_conf="reload sources"
++chronyc_start=4
++
++echo 'server 192.168.123.1' > tmp/sources.sources
++
++run_test || test_fail
++check_chronyd_exit || test_fail
++check_source_selection || test_fail
++check_sync || test_fail
++
++test_pass
+-- 
+2.33.0
+

backport-fix-finalization-for-async-resolver.patch

@@ -0,0 +1,43 @@
+From 08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 22 Aug 2024 09:26:59 +0200
+Subject: [PATCH] ntp: fix finalization for async resolver
+
+If an attempt to resolve addresses of an NTP server is made right before
+starting the termination sequence, the asynchronous resolver thread
+could read the server name when it was already freed.
+
+Leave unresolved sources allocated in NSR_Finalise() if the async
+resolver did not finish yet, at least for now. Waiting for the resolving
+result or cancelling the thread would complicate the code. The scheduler
+is not expected to be running at this point.
+
+Conflict:Context adaptation
+Reference:https://github.com/mlichvar/chrony/commit/08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9
+---
+ ntp_sources.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/ntp_sources.c b/ntp_sources.c
+index 29c99ac..d2cd113 100644
+--- a/ntp_sources.c
++++ b/ntp_sources.c
+@@ -219,8 +219,13 @@ NSR_Finalise(void)
+   ARR_DestroyInstance(records);
+   ARR_DestroyInstance(pools);
+ 
+-  while (unresolved_sources)
+-    remove_unresolved_source(unresolved_sources);
++  /* Leave the unresolved sources allocated if the async resolver is running
++     to avoid reading the name from freed memory.  The handler will not be
++     called as the scheduler should no longer be running at this point. */
++  if (!resolving_source) {
++    while (unresolved_sources)
++      remove_unresolved_source(unresolved_sources);
++  }
+ 
+   initialised = 0;
+ }
+-- 
+2.33.0
+

backport-fix-memory-leak-of-empty-readline-string.patch

@@ -0,0 +1,32 @@
+From 55898e9b07d2bf97cb3bb96987dbe57f1b6376ef Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Wed, 12 Feb 2025 13:22:04 +0100
+Subject: [PATCH] client: fix memory leak of empty readline() string
+
+Conflict:NA
+Reference:https://github.com/mlichvar/chrony/commit/55898e9b07d2bf97cb3bb96987dbe57f1b6376ef
+---
+ client.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/client.c b/client.c
+index 70bcdae..6bbce14 100644
+--- a/client.c
++++ b/client.c
+@@ -125,12 +125,11 @@ read_line(void)
+       strncpy(line, cmd, sizeof(line) - 1);
+       line[sizeof(line) - 1] = '\0';
+       add_history(cmd);
+-      /* free the buffer allocated by readline */
+-      Free(cmd);
+     } else {
+       /* simulate the user has entered an empty line */
+       *line = '\0';
+     }
++    Free(cmd);
+     return( line );
+ #else
+     printf("%s", prompt);
+-- 
+2.33.0
+

chrony-nm-dispatcher-dhcp.patch

@@ -7,20 +7,23 @@ Use the PEERNTP and NTPSERVERARGS environment variables from
 
 Co-Authored-By: Christian Glombek <cglombek@redhat.com>
 
+---
+ examples/chrony.nm-dispatcher.dhcp | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
 diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
-index 6ea4c37..a6ad35a 100644
+index 547ce83..f23756e 100644
 --- a/examples/chrony.nm-dispatcher.dhcp
 +++ b/examples/chrony.nm-dispatcher.dhcp
-@@ -6,16 +6,24 @@
+@@ -10,13 +10,21 @@ action=$2
  
  chronyc=/usr/bin/chronyc
- default_server_options=iburst
+ server_options=iburst
 -server_dir=/var/run/chrony-dhcp
 +server_dir=/run/chrony-dhcp
  
  dhcp_server_file=$server_dir/$interface.sources
- # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
+ dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"
- nm_dhcp_servers=$DHCP4_NTP_SERVERS
  
 +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
 +[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \
@@ -32,12 +35,18 @@ index 6ea4c37..a6ad35a 100644
 +    # Don't add NTP servers if PEERNTP=no specified; return early.
 +    [ "$PEERNTP" = "no" ] && return
 +
-     for server in $nm_dhcp_servers; do
+     for server in $dhcp_ntp_servers; do
--        echo "server $server $default_server_options" >> "$dhcp_server_file"
+         # Check for invalid characters (from the DHCPv6 NTP FQDN suboption)
-+        echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file"
+         len1=$(printf '%s' "$server" | wc -c)
+@@ -25,7 +33,7 @@ add_servers_from_dhcp() {
+           continue
+         fi
+ 
+-        printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file"
++        printf 'server %s %s\n' "$server" "${NTPSERVERARGS:-$server_options}" >> "$dhcp_server_file"
      done
      $chronyc reload sources > /dev/null 2>&1 || :
  }
 -- 
-2.29.2
+2.23.0
 

chrony.spec

@@ -1,8 +1,8 @@
-%global clknetsim_ver 470b5e
+%global clknetsim_ver f00531
 
 Name:      chrony
-Version:   4.2
+Version:   4.3
-Release:   2
+Release:   3
 Summary:   An NTP client/server
 License:   GPLv2
 URL:       https://chrony.tuxfamily.org
@@ -13,8 +13,12 @@ Source6:   https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknet
 
 Patch1:	   chrony-nm-dispatcher-dhcp.patch
 Patch2:    chrony-services.patch
-BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel
+Patch3:    backport-dont-load-sourcedir-during-initstepslew.patch
+Patch4:    backport-fix-finalization-for-async-resolver.patch
+Patch5:    backport-close-socket-in-helper-process.patch
+Patch6:    backport-fix-memory-leak-of-empty-readline-string.patch
 
+BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel m4 gnutls-devel gnutls-utils 
 Requires:      shadow-utils systemd timedatex
 
 %description
@@ -28,9 +32,11 @@ service to other computers in the network.
 
 %prep
 
-%setup -q -n  %{name}-%{version} -a 6
+%autosetup -p1 -n  %{name}-%{version} -a 6
-%patch1 -p1
+
-%patch2 -p1
+# regenerate the file from getdate.y
+rm -f getdate.c
+
 mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
 
 %build
@@ -137,8 +143,32 @@ fi
 %{_mandir}/man[158]/%{name}*.[158]*
 
 %changelog
+* Tue Apr 15 2025 xinghe <xinghe2@h-partners.com> - 4.3-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync some patches from upstream
+
+* Sat May 6 2023 chengyechun <chengyechun1@huawei.com> - 4.3-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:add BuildRequire for enable NTS
+
+* Mon Jan 30 2023 chengyechun <chengyechun1@huawei.com> - 4.3-1
+- Type:enhancement
+- ID:NA
+- SUG:na
+- DESC:update to chrony-4.3 
+
+* Sat Dec 24 2022 chengyechun <chengyechun1@huawei.com> - 4.2-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:update the patching mode
+
 * Mon Jul 04 2022 qiaoyujie <qiaoyujie@kylinos.cn> - 4.2-2
-- Put patch2 into the source code
+- Add chrony-services.patch
 
 * Wed Jun 22 2022 qiaoyujie <qiaoyujie@kylinos.cn> - 4.2-1
 - Upgrade version to 4.2