chrony/chrony.changes

869 lines
35 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Tue Jun 4 14:57:09 UTC 2024 - Reinhard Max <max@suse.com>
- bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable
-------------------------------------------------------------------
Fri Sep 1 14:05:34 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
-------------------------------------------------------------------
Wed Aug 9 17:30:28 UTC 2023 - Reinhard Max <max@suse.com>
- Update to 4.4:
* Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS
cookies to avoid some length-specific blocking of NTP on
Internet.
* Add support for multiple refclocks using extpps option on one
PHC.
* Add maxpoll option to hwtimestamp directive to improve PHC
tracking with low packet rates
* Add hwtstimeout directive to configure timeout for late
timestamps.
* Handle late hardware transmit timestamps of NTP requests on
all sockets.
* Handle mismatched 32/64-bit time_t in SOCK refclock samples
* Improve source replacement
* Log important changes made by command requests (chronyc)
* Refresh address of NTP sources periodically
* Set DSCP for IPv6 packets
* Shorten NTS-KE retry interval when network is down
* Update seccomp filter for musl
* Warn if loading keys from file with unexpected permissions
* Warn if source selection fails or falseticker is detected
* Add selectopts command to modify source-specific selection
options.
* Add timestamp sources to serverstats report and make its fields
64-bit.
* Add -e option to chronyc to indicate end of response
- Update clknetsim to snapshot ef2a7a9.
-------------------------------------------------------------------
Wed Nov 16 11:37:25 UTC 2022 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Install chrony DHCP dispatcher script for Networkmanager
* chrony.nm-dispatcher.dhcp.patch /var/run to /run
-------------------------------------------------------------------
Thu Sep 1 14:40:46 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 4.3:
* Add local option to refclock directive to stabilise system
clock with more stable free-running clock (e.g. TCXO, OCXO).
* Add maxdelayquant option to server/pool/peer directive to
replace maxdelaydevratio filter with long-term quantile-based
filtering.
* Add selection option to log directive.
* Allow external PPS in PHC refclock without configurable pin.
* Don't accept first interleaved response to minimise error in
delay.
* Don't use arc4random on Linux to avoid server performance loss.
* Improve filter option to better handle missing NTP samples.
* Improve stability with hardware timestamping and PHC refclock.
* Update seccomp filter
- Update clknetsim to snapshot f00531b.
- Use a more specific conditional for the /usr/etc stuff.
-------------------------------------------------------------------
Wed Jun 15 14:41:05 UTC 2022 - Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
-------------------------------------------------------------------
Thu May 12 14:33:50 UTC 2022 - Stefan Schubert <schubi@suse.de>
- Moved 20-chrony file from user specif directory
/etc/NetworkManager/dispatcher.d to vendor specific directory
/usr/lib/NetworkManager/dispatcher.d. So, users changes can
still be done in /etc and will not be overwritten by an update.
-------------------------------------------------------------------
Mon Jan 10 17:26:02 UTC 2022 - Reinhard Max <max@suse.com>
- boo#1194206: Use /run instead of /var/run throughout.
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
-------------------------------------------------------------------
Thu Dec 16 16:47:08 UTC 2021 - Reinhard Max <max@suse.com>
- Update to 4.2
* Add support for NTPv4 extension field improving synchronisation
stability and resolution of root delay and dispersion
(experimental)
* Add support for NTP over PTP (experimental)
* Add support for AES-CMAC and hash functions in GnuTLS
* Improve server interleaved mode to be more reliable and support
multiple clients behind NAT
* Update seccomp filter
* Fix RTC support with 64-bit time_t on 32-bit Linux
* Fix seccomp filter to work correctly with bind*device directives
- Obsoleted patches:
* chrony-refid-internal-md5.patch
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- Update clknetsim to snapshot 470b5e9.
-------------------------------------------------------------------
Tue Dec 7 10:08:53 UTC 2021 - Reinhard Max <max@suse.com>
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
-------------------------------------------------------------------
Fri Nov 19 16:39:44 UTC 2021 - Reinhard Max <max@suse.com>
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
-------------------------------------------------------------------
Fri Oct 8 14:52:41 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
-------------------------------------------------------------------
Mon Aug 30 13:50:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
-------------------------------------------------------------------
Thu Jul 1 12:38:13 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1187906: Consolidate all references to the helper script.
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
but needed for calculating refids from IPv6 addresses as part of
the NTP protocol (rfc5905). As this is a non-cryptographic use of
MD5 we can use our own implementation without violating FIPS
rules: chrony-refid-internal-md5.patch .
-------------------------------------------------------------------
Sun Jun 13 13:29:36 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
-------------------------------------------------------------------
Wed Jun 2 09:10:41 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
-------------------------------------------------------------------
Tue Jun 1 12:53:23 UTC 2021 - Reinhard Max <max@suse.com>
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
-------------------------------------------------------------------
Fri Feb 5 09:38:02 UTC 2021 - Reinhard Max <max@suse.com>
- Enable syscallfilter unconditionally [boo#1181826].
-------------------------------------------------------------------
Mon Dec 7 09:53:22 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
can do all the other required crypto via nettle+gnutls. no need
for another crypto library.
-------------------------------------------------------------------
Sun Nov 1 22:26:48 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and "reload sources" command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get "maxsources"
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add "add pool" command
- Add "reset sources" command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Dont set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that dont support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option "version 3")
- Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
enable the new features)
- drop patches which are included in the update:
chrony-test-update-processing-of-packet-log.patch
chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
osc build --without=testsuite
testsuite still runs by default
-------------------------------------------------------------------
Wed Oct 28 07:49:37 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- By default we don't write log files but log to journald, so
only recommend logrotate.
-------------------------------------------------------------------
Mon Sep 14 10:41:58 UTC 2020 - Reinhard Max <max@suse.com>
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
-------------------------------------------------------------------
Sun Sep 13 20:22:46 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
- Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
-------------------------------------------------------------------
Sun Aug 2 21:27:45 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
-------------------------------------------------------------------
Thu Jun 4 15:23:17 UTC 2020 - Reinhard Max <max@suse.com>
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
-------------------------------------------------------------------
Thu Apr 30 16:03:16 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
not actually live below libexecdir.
-------------------------------------------------------------------
Thu Feb 13 12:45:44 UTC 2020 - Martin Liška <mliska@suse.cz>
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
-------------------------------------------------------------------
Wed Feb 12 09:24:24 UTC 2020 - Martin Liška <mliska@suse.cz>
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
-------------------------------------------------------------------
Sat Oct 26 10:39:29 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
-------------------------------------------------------------------
Tue Oct 22 21:18:58 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
-------------------------------------------------------------------
Tue Oct 22 15:25:18 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Fix incorrect download link for package signature
-------------------------------------------------------------------
Mon Oct 21 07:57:44 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
-------------------------------------------------------------------
Sat Oct 19 08:27:17 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
- fix chrony-service-helper.patch
-------------------------------------------------------------------
Sat Oct 19 07:22:58 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
- Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
-------------------------------------------------------------------
Thu Mar 21 13:35:20 UTC 2019 - Reinhard Max <max@suse.com>
- Fix ordering and dependencies of chronyd.service, so that it is
started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
-------------------------------------------------------------------
Wed Mar 6 13:40:04 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update testsuite to version 58c5e8b
-------------------------------------------------------------------
Thu Dec 20 16:48:14 UTC 2018 - Reinhard Max <max@suse.com>
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
-------------------------------------------------------------------
Fri Dec 14 08:05:35 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Make sure to generate correct sysconfig file (boo#1117147)
- Update clknetsim to revision 8b48422
-------------------------------------------------------------------
Thu Nov 22 09:27:58 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
-------------------------------------------------------------------
Thu Oct 18 10:14:08 UTC 2018 - Ismail Dönmez <idonmez@suse.com>
- Update the keyring and uncomment it in the spec file
-------------------------------------------------------------------
Thu Oct 18 07:43:44 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Comment out bad signature
-------------------------------------------------------------------
Wed Sep 19 18:21:19 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
-------------------------------------------------------------------
Fri Aug 3 07:56:06 UTC 2018 - mpluskal@suse.com
- Update clknetsim to revision 42b693b
* Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
-------------------------------------------------------------------
Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
-------------------------------------------------------------------
Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com
- Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
-------------------------------------------------------------------
Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
Modifed default chrony.conf to add "include /etc/chrony.d/*"
-------------------------------------------------------------------
Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
-------------------------------------------------------------------
Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
-------------------------------------------------------------------
Fri Feb 9 10:21:09 UTC 2018 - mpluskal@suse.com
- Enable pps support
-------------------------------------------------------------------
Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com
- Cleanup spec file:
* Drop pre systemd support
* Run spec-cleaner
-------------------------------------------------------------------
Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com
- Modified the spec file to comment out the pool statement
in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
-------------------------------------------------------------------
Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de
- refresh patches to apply cleanly again
- chrony-config.patch
- chrony-fix-open.patch
-------------------------------------------------------------------
Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com
- Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
-------------------------------------------------------------------
Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com
- Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
- chrony-config.patch
- chrony-service-helper.patch
- chrony-fix-open.patch
-------------------------------------------------------------------
Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com
- Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
-------------------------------------------------------------------
Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com
- Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
-------------------------------------------------------------------
Wed Jun 8 10:02:51 UTC 2016 - mrueckert@suse.de
- update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
- Removed features
- Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
- add IP_PKTINFO socket option
- accept environment variables in make
- fix building with FORTIFY_SOURCE
- fix compiler warning
- support multiple SHM refclocks
- fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
update
- drop patches:
- chrony-include-termios.patch
- make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
info packages
- no longer use make install-docs: it only installed 0 byte html
files.
-------------------------------------------------------------------
Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com
- Provide ntp-daemon (bsc#973981)
-------------------------------------------------------------------
Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com
- chrony-fix-open.patch: make sure _open and _close are initialized
in open()/close() override, as libfreebl3 also calls from the
the ELF constructor. FATE#319508
- enable mozilla-nss
-------------------------------------------------------------------
Fri Apr 8 15:54:08 UTC 2016 - mpluskal@suse.com
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
build
-------------------------------------------------------------------
Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
x86_64
-------------------------------------------------------------------
Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
the patch is not particularly version-dependent.
- Added clknetsim for "make check" processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
and running "make check".
- Changed Buildrequires and Requires to specify the minimum level of
libseccomp needed to build on s390x and ppc64le.
- Removed "-Recommends: timedatex" since I couldn't find any instance
of it anywhere in the build service.
- Modified the description to use some of the information from the
chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "make check"
will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "interruption code
0x2003B in chronyd" errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
point to the actual location of the service command, not the symlink
in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun.
-------------------------------------------------------------------
Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
-------------------------------------------------------------------
Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de
- update to 2.3
- Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X,
FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on
NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
is disabled
- Resolve names in separate process when seccomp filter is
enabled
- Replace old records in client log when memory limit is
reached
- Don't reveal local time and synchronisation state in client
packets
- Don't keep client sockets open for longer than necessary
- Ignore poll in KoD RATE packets as ntpd doesn't always set it
correctly
- Warn when using keys shorter than 80 bits
- Add keygen command to generate random keys easily
- Add serverstats command to report NTP and command packet
statistics
- Bug fixes
- Fix clock correction after making step on Mac OS X
- Fix building on Solaris
- refreshed patches to apply cleanly again:
chrony-2.2_logrotate.patch
chrony-config.patch
chrony-service-helper.patch
-------------------------------------------------------------------
Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de
- update to 2.2.1
Restrict authentication of NTP server/peer to specified key
(CVE-2016-1567)
-------------------------------------------------------------------
Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de
- silence groupadd/useradd call and drop the shell from the user.
-------------------------------------------------------------------
Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de
- update to 2.2
see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
-------------------------------------------------------------------
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de
- clean up build section
- the configure script can actually import CC/CFLAGS from the
environment. no need to break any CFLAGS it might set in the
configure script.
- remove unneeded prefix from the make calls.
- enable building the binaries with PIE/relro now
-------------------------------------------------------------------
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de
- Update to version 1.29.1:
* Modify chronyc protocol to prevent amplification attacks
(CVE-2014-0021) (incompatible with previous protocol version,
chronyc supports both)
- Additional changes from 1.29
* Fix crash when processing crafted commands (CVE-2012-4502)
(possible with IP addresses allowed by cmdallow and localhost)
* Don't send uninitialized data in SUBNETS_ACCESSED and
CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Additional changes from 1.28
* Combine sources to improve accuracy
* Make config and command parser strict
* Add -a option to chronyc to authenticate automatically
* Add -R option to ignore initstepslew and makestep directives
* Add generatecommandkey, minsamples, maxsamples and user
directives
* Improve compatibility with NTPv1 and NTPv2 clients
* Create sockets only in selected family with -4/-6 option
* Treat address bind errors as non-fatal
* Extend tracking log
* Accept float values as initstepslew threshold
* Allow hostnames in offline, online and burst commands
* Fix and improve peer polling
* Fix crash in config parsing with too many servers
* Fix crash with duplicated initstepslew address
* Fix delta calculation with extreme frequency offsets
* Set local stratum correctly
* Remove unnecessary adjtimex calls
* Set paths in documentation by configure
* Update chrony.spec
- Updated chrony-config.patch:
- lots of config values were fixed upstream already
- key file patching is unnecessary
-------------------------------------------------------------------
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org
- Update to version 1.27:
+ Added support for stronger authentication keys via NSS or
libtomcrypt library.
+ Extended tracking, sources and activity reports printed by
chronyc.
+ The daemon now waits in foreground until it is fully
initialized.
+ Other bug fixes and improvements.
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
dependencys.
-------------------------------------------------------------------
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org
-run spec-cleaner on the spec file, fix license and remove cruft
-------------------------------------------------------------------
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de
- Update to version 1.26:
* Added compatibility with Linux 3.0 and later
* Fixed replying on multihomed IPv6 hosts
* Other minor bug fixes and improvements
- Cleanup package a bit.