2016-04-08 10:42:30 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Do reference to chrony-dnssrv@.service in %pre, %preun, %post,
|
|
|
|
|
and %postun as it would lead to error.
|
|
|
|
|
- Change conditions for libseccom, we can use any version on SLE-12
|
|
|
|
|
x86_64
|
|
|
|
|
|
2016-04-06 10:53:39 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com
|
|
|
|
|
|
|
|
|
|
- Removed %if for distributions that aren't building chrony.
|
|
|
|
|
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
|
|
|
|
|
the patch is not particularly version-dependent.
|
|
|
|
|
- Added clknetsim for "make check" processing.
|
|
|
|
|
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
|
|
|
|
|
and running "make check".
|
|
|
|
|
- Changed Buildrequires and Requires to specify the minimum level of
|
|
|
|
|
libseccomp needed to build on s390x and ppc64le.
|
|
|
|
|
- Removed "-Recommends: timedatex" since I couldn't find any instance
|
|
|
|
|
of it anywhere in the build service.
|
|
|
|
|
- Modified the description to use some of the information from the
|
|
|
|
|
chrony web site.
|
|
|
|
|
- Added chrony-include-termios.patch so that it will build on ppc64le.
|
|
|
|
|
- Added make-105-ntpauth-more-reliable.patch so that "make check"
|
|
|
|
|
will not report a non-failure as a failure.
|
|
|
|
|
- Added --without-nss to ./configure to avoid "interruption code
|
|
|
|
|
0x2003B in chronyd" errors.
|
|
|
|
|
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
|
|
|
|
|
point to the actual location of the service command, not the symlink
|
|
|
|
|
in /sbin.
|
|
|
|
|
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
|
|
|
|
|
and %postun.
|
|
|
|
|
|
2016-03-28 11:36:00 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
|
|
|
- Prepare for submission to Factory (see fate#319508)
|
|
|
|
|
|
2016-02-18 23:22:23 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 2.3
|
|
|
|
|
- Enhancements
|
|
|
|
|
- Add support for NTP and command response rate limiting
|
|
|
|
|
- Add support for dropping root privileges on Mac OS X,
|
|
|
|
|
FreeBSD, Solaris
|
|
|
|
|
- Add require and trust options for source selection
|
|
|
|
|
- Enable logchange by default (1 second threshold)
|
|
|
|
|
- Set RTC on Mac OS X with rtcsync directive
|
|
|
|
|
- Allow binding to NTP port after dropping root privileges on
|
|
|
|
|
NetBSD
|
|
|
|
|
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
|
|
|
|
|
is disabled
|
|
|
|
|
- Resolve names in separate process when seccomp filter is
|
|
|
|
|
enabled
|
|
|
|
|
- Replace old records in client log when memory limit is
|
|
|
|
|
reached
|
|
|
|
|
- Don't reveal local time and synchronisation state in client
|
|
|
|
|
packets
|
|
|
|
|
- Don't keep client sockets open for longer than necessary
|
|
|
|
|
- Ignore poll in KoD RATE packets as ntpd doesn't always set it
|
|
|
|
|
correctly
|
|
|
|
|
- Warn when using keys shorter than 80 bits
|
|
|
|
|
- Add keygen command to generate random keys easily
|
|
|
|
|
- Add serverstats command to report NTP and command packet
|
|
|
|
|
statistics
|
|
|
|
|
- Bug fixes
|
|
|
|
|
- Fix clock correction after making step on Mac OS X
|
|
|
|
|
- Fix building on Solaris
|
|
|
|
|
- refreshed patches to apply cleanly again:
|
|
|
|
|
chrony-2.2_logrotate.patch
|
|
|
|
|
chrony-config.patch
|
|
|
|
|
chrony-service-helper.patch
|
|
|
|
|
|
2016-01-29 15:41:59 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 2.2.1
|
|
|
|
|
Restrict authentication of NTP server/peer to specified key
|
|
|
|
|
(CVE-2016-1567)
|
|
|
|
|
|
2015-11-26 11:46:56 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- silence groupadd/useradd call and drop the shell from the user.
|
|
|
|
|
|
2014-02-25 16:55:43 +01:00
|
|
|
-------------------------------------------------------------------
|
2015-11-26 09:03:25 +01:00
|
|
|
Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 2.2
|
|
|
|
|
see /usr/share/doc/packages/chrony/NEWS
|
|
|
|
|
- sync with fedora spec and add systemd support
|
|
|
|
|
- refreshed chrony-config.patch to apply cleanly again
|
|
|
|
|
- added chrony-2.2_logrotate.patch: add missing su option as we no
|
|
|
|
|
longer have the daemon run as root.
|
|
|
|
|
- added chrony-service-helper.patch: imported from fedora with a
|
|
|
|
|
changed path for moving from libexecdir to datadir
|
|
|
|
|
- only use syscall filters on 12.3 and newer
|
|
|
|
|
- move helper from libexecdir to datadir
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2014-02-25 16:55:43 +01:00
|
|
|
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- clean up build section
|
|
|
|
|
- the configure script can actually import CC/CFLAGS from the
|
|
|
|
|
environment. no need to break any CFLAGS it might set in the
|
|
|
|
|
configure script.
|
|
|
|
|
- remove unneeded prefix from the make calls.
|
|
|
|
|
- enable building the binaries with PIE/relro now
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to version 1.29.1:
|
|
|
|
|
* Modify chronyc protocol to prevent amplification attacks
|
|
|
|
|
(CVE-2014-0021) (incompatible with previous protocol version,
|
|
|
|
|
chronyc supports both)
|
|
|
|
|
- Additional changes from 1.29
|
|
|
|
|
* Fix crash when processing crafted commands (CVE-2012-4502)
|
|
|
|
|
(possible with IP addresses allowed by cmdallow and localhost)
|
|
|
|
|
* Don't send uninitialized data in SUBNETS_ACCESSED and
|
|
|
|
|
CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
|
|
|
|
|
* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
|
|
|
|
|
- Additional changes from 1.28
|
|
|
|
|
* Combine sources to improve accuracy
|
|
|
|
|
* Make config and command parser strict
|
|
|
|
|
* Add -a option to chronyc to authenticate automatically
|
|
|
|
|
* Add -R option to ignore initstepslew and makestep directives
|
|
|
|
|
* Add generatecommandkey, minsamples, maxsamples and user
|
|
|
|
|
directives
|
|
|
|
|
* Improve compatibility with NTPv1 and NTPv2 clients
|
|
|
|
|
* Create sockets only in selected family with -4/-6 option
|
|
|
|
|
* Treat address bind errors as non-fatal
|
|
|
|
|
* Extend tracking log
|
|
|
|
|
* Accept float values as initstepslew threshold
|
|
|
|
|
* Allow hostnames in offline, online and burst commands
|
|
|
|
|
* Fix and improve peer polling
|
|
|
|
|
* Fix crash in config parsing with too many servers
|
|
|
|
|
* Fix crash with duplicated initstepslew address
|
|
|
|
|
* Fix delta calculation with extreme frequency offsets
|
|
|
|
|
* Set local stratum correctly
|
|
|
|
|
* Remove unnecessary adjtimex calls
|
|
|
|
|
* Set paths in documentation by configure
|
|
|
|
|
* Update chrony.spec
|
|
|
|
|
- Updated chrony-config.patch:
|
|
|
|
|
- lots of config values were fixed upstream already
|
|
|
|
|
- key file patching is unnecessary
|
|
|
|
|
|
2013-07-23 09:25:51 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Update to version 1.27:
|
|
|
|
|
+ Added support for stronger authentication keys via NSS or
|
|
|
|
|
libtomcrypt library.
|
|
|
|
|
+ Extended tracking, sources and activity reports printed by
|
|
|
|
|
chronyc.
|
|
|
|
|
+ The daemon now waits in foreground until it is fully
|
|
|
|
|
initialized.
|
|
|
|
|
+ Other bug fixes and improvements.
|
|
|
|
|
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
|
|
|
|
|
dependencys.
|
|
|
|
|
|
2013-01-11 13:21:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org
|
|
|
|
|
|
|
|
|
|
-run spec-cleaner on the spec file, fix license and remove cruft
|
|
|
|
|
|
2012-01-18 10:23:10 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to version 1.26:
|
|
|
|
|
* Added compatibility with Linux 3.0 and later
|
|
|
|
|
* Fixed replying on multihomed IPv6 hosts
|
|
|
|
|
* Other minor bug fixes and improvements
|
|
|
|
|
- Cleanup package a bit.
|
|
|
|
|
|
|
|
|
|
|
