Package: release.debian.org Severity: normal X-Debbugs-Cc: chrony@packages.debian.org Control: affects -1 + src:chrony User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package chrony [ Reason ] A regression has been introduced in chrony 4.6 which renders the 'maxsources' option inoperative for time sources not specified by an IP address when they are loaded from a sourcedir. [ Impact ] While not serious, this issue would certainly confuse users wanting a specific number of time sources from a pool of NTP servers. [ Tests ] Testing that this regression is fixed is as simple as: # Configure a pool of NTP servers in a sourcedir. # echo "pool 1.debian.pool.ntp.org maxsources 3" > /etc/chrony/sources.d/debian-pool.sources # Check that we have 3 selectable sources. $ chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ serveur-sauvegarde.easys> 3 6 377 1 -516us[ -516us] +/- 60ms ^+ ip212-227-232-161.pbiaas> 2 6 377 1 -3531us[-3531us] +/- 58ms ^* flightplandatabase.com 2 6 177 1 +2580us[+2744us] +/- 51ms # Reload the time sources. $ sudo chronyc reload sources 200 OK # Check that we *still* have 3 and only 3 selectable sources. $ chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ serveur-sauvegarde.easys> 2 6 377 65 -4089us[-3453us] +/- 57ms ^+ ip212-227-232-161.pbiaas> 2 7 377 67 +1015us[+3415us] +/- 63ms ^+ flightplandatabase.com 2 6 377 1 +2416us[+2416us] +/- 44ms Without the proposed fix, the last command would have shown more selectable sources than the maximum of 3 we have requested with the 'maxsources 3' option. [ Risks ] The fix is fairly trivial and well tested both upstream and by myself. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock chrony/4.6.1-3
diff -Nru chrony-4.6.1/debian/changelog chrony-4.6.1/debian/changelog
--- chrony-4.6.1/debian/changelog 2025-04-02 21:33:06.000000000 +0200
+++ chrony-4.6.1/debian/changelog 2025-06-03 17:16:37.000000000 +0200
@@ -1,3 +1,11 @@
+chrony (4.6.1-3) unstable; urgency=medium
+
+ * debian/patches/:
+ - Add conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch. Thanks
+ to MichaelR <MichaelR42@runbox.com> for the report. (Closes: #1106875)
+
+ -- Vincent Blut <vincent.debian@free.fr> Tue, 03 Jun 2025 17:16:37 +0200
+
chrony (4.6.1-2) unstable; urgency=medium
[ Vincent Blut ]
diff -Nru chrony-4.6.1/debian/patches/conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch chrony-4.6.1/debian/patches/conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch
--- chrony-4.6.1/debian/patches/conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch 1970-01-01 01:00:00.000000000 +0100
+++ chrony-4.6.1/debian/patches/conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch 2025-06-03 17:16:37.000000000 +0200
@@ -0,0 +1,56 @@
+From cacd64bf4a1fb5248f16c1fa5008a4beed568844 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Mon, 2 Jun 2025 10:53:47 +0200
+Subject: [PATCH] conf: fix sourcedir reloading to not multiply sources
+
+The sourcedir reload triggered by the chronyc "reload sources"
+command incorrectly assumed that NSR_AddSourceByName() can return
+only the NSR_Success status when a source is added. It ignored the
+NSR_UnresolvedName status returned for a source whose name needs to
+be resolved after the call (i.e. not specified with an IP address)
+and added the source again, effectively multiplying it if the name
+can be resolved to a different IP address.
+
+Fix the code to check for the NSR_UnresolvedName status to correctly
+determine whether the source was already added before and should not be
+added again.
+
+Reported-by: MichaelR <MichaelR42@runbox.com>
+Fixes: 916ed70c4a81 ("conf: save source status in sourcedir reload")
+---
+ conf.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+Index: chrony/conf.c
+===================================================================
+--- chrony.orig/conf.c
++++ chrony/conf.c
+@@ -1742,8 +1742,8 @@ reload_source_dirs(void)
+ NTP_Source *prev_sources, *new_sources, *source;
+ unsigned int i, j, prev_size, new_size, unresolved;
+ char buf[MAX_LINE_LENGTH];
++ int d, pass, was_added;
+ NSR_Status s;
+- int d, pass;
+
+ /* Ignore reload command before adding configured sources */
+ if (!conf_ntp_sources_added)
+@@ -1782,13 +1782,16 @@ reload_source_dirs(void)
+ else
+ d = i < prev_size ? -1 : 1;
+
++ was_added = d <= 0 && (prev_sources[i].status == NSR_Success ||
++ prev_sources[i].status == NSR_UnresolvedName);
++
+ /* Remove missing sources before adding others to avoid conflicts */
+- if (pass == 0 && d < 0 && prev_sources[i].status == NSR_Success) {
++ if (pass == 0 && d < 0 && was_added) {
+ NSR_RemoveSourcesById(prev_sources[i].conf_id);
+ }
+
+ /* Add new sources and sources that could not be added before */
+- if (pass == 1 && (d > 0 || (d == 0 && prev_sources[i].status != NSR_Success))) {
++ if (pass == 1 && (d > 0 || (d == 0 && !was_added))) {
+ source = &new_sources[j];
+ s = NSR_AddSourceByName(source->params.name, source->params.family, source->params.port,
+ source->pool, source->type, &source->params.params,
diff -Nru chrony-4.6.1/debian/patches/series chrony-4.6.1/debian/patches/series
--- chrony-4.6.1/debian/patches/series 2025-04-02 21:33:06.000000000 +0200
+++ chrony-4.6.1/debian/patches/series 2025-06-03 17:16:37.000000000 +0200
@@ -1,2 +1,3 @@
+conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch
debianize-chronyd-restricted-unit-file.patch
nm-dispatcher-dhcp_Move-server_dir-to-run.patch
Attachment:
signature.asc
Description: PGP signature