chrony/chrony.changes

-------------------------------------------------------------------
Wed Aug  1 16:36:17 UTC 2018 - bwiedemann@suse.com

- Update to version 3.3
ed
  + Enhancements:
    Add burst option to server/pool directive
    Add stratum and tai options to refclock directive
    Add support for Nettle crypto library
    Add workaround for missing kernel receive timestamps on Linux
    Wait for late hardware transmit timestamps
    Improve source selection with unreachable sources
    Improve protection against replay attacks on symmetric mode
    Allow PHC refclock to use socket in /var/run/chrony
    Add shutdown command to stop chronyd
    Simplify format of response to manual list command
    Improve handling of unknown responses in chronyc
  + Bug fixes:
    Respond to NTPv1 client requests with zero mode
    Fix -x option to not require CAP_SYS_TIME under non-root user
    Fix acquisitionport directive to work with privilege separation
    Fix handling of socket errors on Linux to avoid high CPU usage
    Fix chronyc to not get stuck in infinite loop after clock step
  + make package build reproducible (boo#1047218)

-------------------------------------------------------------------
Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com

- Added /etc/chrony.d/ directory to the package (bsc#1083597)
  Modifed default chrony.conf to add "include /etc/chrony.d/*"

-------------------------------------------------------------------
Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de

- Use %license instead of %doc [bsc#1082318]

-------------------------------------------------------------------
Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de

- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.

-------------------------------------------------------------------
Fri Feb  9 10:21:09 UTC 2018 - mpluskal@suse.com

- Enable pps support

-------------------------------------------------------------------
Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com

- Cleanup spec file:
  * Drop pre systemd support
  * Run spec-cleaner

-------------------------------------------------------------------
Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com

- Modified the spec file to comment out the pool statement
  in chrony.conf if _not_ building for openSUSE. (bsc#1063704).

-------------------------------------------------------------------
Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de

- refresh patches to apply cleanly again
  - chrony-config.patch
  - chrony-fix-open.patch

-------------------------------------------------------------------
Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com

- Upgraded to version 3.2:
  Enhancements
  * Improve stability with NTP sources and reference clocks
  * Improve stability with hardware timestamping
  * Improve support for NTP interleaved modes
  * Control frequency of system clock on macOS 10.13 and later
  * Set TAI-UTC offset of system clock with leapsectz directive
  * Minimise data in client requests to improve privacy
  * Allow transmit-only hardware timestamping
  * Add support for new timestamping options introduced in Linux 4.13
  * Add root delay, root dispersion and maximum error to tracking log
  * Add mindelay and asymmetry options to server/peer/pool directive
  * Add extpps option to PHC refclock to timestamp external PPS signal
  * Add pps option to refclock directive to treat any refclock as PPS
  * Add width option to refclock directive to filter wrong pulse edges
  * Add rxfilter option to hwtimestamp directive
  * Add -x option to disable control of system clock
  * Add -l option to log to specified file instead of syslog
  * Allow multiple command-line options to be specified together
  * Allow starting without root privileges with -Q option
  * Update seccomp filter for new glibc versions
  * Dump history on exit by default with dumpdir directive
  * Use hardening compiler options by default
  Bug fixes
  * Don't drop PHC samples with low-resolution system clock
  * Ignore outliers in PHC tracking, RTC tracking, manual input
  * Increase polling interval when peer is not responding
  * Exit with error message when include directive fails
  * Don't allow slash after hostname in allow/deny directive/command
  * Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version

-------------------------------------------------------------------
Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com

- Upgraded to version 3.1:
  - Enhancements
    - Add support for precise cross timestamping of PHC on Linux
    - Add minpoll, precision, nocrossts options to hwtimestamp directive
    - Add rawmeasurements option to log directive and modify measurements
      option to log only valid measurements from synchronised sources
    - Allow sub-second polling interval with NTP sources
  - Bug fixes
    - Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
  - chrony-config.patch
  - chrony-service-helper.patch
  - chrony-fix-open.patch

-------------------------------------------------------------------
Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com

- Upgraded to version 3.0:
  - Enhancements
    - Add support for software and hardware timestamping on Linux
    - Add support for client/server and symmetric interleaved modes
    - Add support for MS-SNTP authentication in Samba
    - Add support for truncated MACs in NTPv4 packets
    - Estimate and correct for asymmetric network jitter
    - Increase default minsamples and polltarget to improve stability with very low jitter
    - Add maxjitter directive to limit source selection by jitter
    - Add offset option to server/pool/peer directive
    - Add maxlockage option to refclock directive
    - Add -t option to chronyd to exit after specified time
    - Add partial protection against replay attacks on symmetric mode
    - Don't reset polling interval when switching sources to online state
    - Allow rate limiting with very short intervals
    - Improve maximum server throughput on Linux and NetBSD
    - Remove dump files after start
    - Add tab-completion to chronyc with libedit/readline
    - Add ntpdata command to print details about NTP measurements
    - Allow all source options to be set in add server/peer command
    - Indicate truncated addresses/hostnames in chronyc output
    - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
  - Bug fixes
    - Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.

-------------------------------------------------------------------
Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com

- Upgraded to version 2.4.1:
  - Bug fixes
    - Fix processing of kernel timestamps on non-Linux systems
    - Fix crash with smoothtime directive
    - Fix validation of refclock sample times
    - Fix parsing of refclock directive

-------------------------------------------------------------------
Wed Jun  8 10:02:51 UTC 2016 - mrueckert@suse.de

- update to 2.4:
  - Enhancements
    - Add orphan option to local directive for orphan mode
      compatible with ntpd
    - Add distance option to local directive to set activation
      threshold (1 second by default)
    - Add maxdrift directive to set maximum allowed drift of system
      clock
    - Try to replace NTP sources exceeding maximum distance
    - Randomise source replacement to avoid getting stuck with bad
      sources
    - Randomise selection of sources from pools on start
    - Ignore reference timestamp as ntpd doesn't always set it
      correctly
    - Modify tracking report to use same values as seen by NTP
      clients
    - Add -c option to chronyc to write reports in CSV format
    - Provide detailed manual pages
  - Bug fixes
    - Fix SOCK refclock to work correctly when not specified as
      last refclock
    - Fix initstepslew and -q/-Q options to accept time from own
      NTP clients
    - Fix authentication with keys using 512-bit hash functions
    - Fix crash on exit when multiple signals are received
    - Fix conversion of very small floating-point numbers in
      command packets
  - Removed features
    - Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
  - add IP_PKTINFO socket option
  - accept environment variables in make
  - fix building with FORTIFY_SOURCE
  - fix compiler warning
  - support multiple SHM refclocks
  - fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
  update
- drop patches:
  - chrony-include-termios.patch
  - make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
  info packages
- no longer use make install-docs: it only installed 0 byte html
  files.

-------------------------------------------------------------------
Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com

- Provide ntp-daemon (bsc#973981)

-------------------------------------------------------------------
Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com

- chrony-fix-open.patch: make sure _open and _close are initialized
  in open()/close() override, as libfreebl3 also calls from the
  the ELF constructor. FATE#319508
- enable mozilla-nss

-------------------------------------------------------------------
Fri Apr  8 15:54:08 UTC 2016 - mpluskal@suse.com

- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during 
  build

-------------------------------------------------------------------
Fri Apr  8 08:38:00 UTC 2016 - mpluskal@suse.com

- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12 
  x86_64

-------------------------------------------------------------------
Tue Apr  5 22:27:48 UTC 2016 - mpost@suse.com

- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
  the patch is not particularly version-dependent.
- Added clknetsim for "make check" processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
  and running "make check".
- Changed Buildrequires and Requires to specify the minimum level of
  libseccomp needed to build on s390x and ppc64le.
- Removed "-Recommends: timedatex" since I couldn't find any instance
  of it anywhere in the build service.
- Modified the description to use some of the information from the
  chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "make check"
  will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "interruption code
  0x2003B in chronyd" errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to 
  point to the actual location of the service command, not the symlink
  in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun.
  
-------------------------------------------------------------------
Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com

- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)

-------------------------------------------------------------------
Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de

- update to 2.3
  - Enhancements
    - Add support for NTP and command response rate limiting
    - Add support for dropping root privileges on Mac OS X,
      FreeBSD, Solaris
    - Add require and trust options for source selection
    - Enable logchange by default (1 second threshold)
    - Set RTC on Mac OS X with rtcsync directive
    - Allow binding to NTP port after dropping root privileges on
      NetBSD
    - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
      is disabled
    - Resolve names in separate process when seccomp filter is
      enabled
    - Replace old records in client log when memory limit is
      reached
    - Don't reveal local time and synchronisation state in client
      packets
    - Don't keep client sockets open for longer than necessary
    - Ignore poll in KoD RATE packets as ntpd doesn't always set it
      correctly
    - Warn when using keys shorter than 80 bits
    - Add keygen command to generate random keys easily
    - Add serverstats command to report NTP and command packet
      statistics
  - Bug fixes
    - Fix clock correction after making step on Mac OS X
    - Fix building on Solaris
- refreshed patches to apply cleanly again:
  chrony-2.2_logrotate.patch
  chrony-config.patch
  chrony-service-helper.patch

-------------------------------------------------------------------
Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de

- update to 2.2.1
  Restrict authentication of NTP server/peer to specified key
  (CVE-2016-1567)

-------------------------------------------------------------------
Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de

- silence groupadd/useradd call and drop the shell from the user.

-------------------------------------------------------------------
Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de

- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir

-------------------------------------------------------------------
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de

- clean up build section
  - the configure script can actually import CC/CFLAGS from the
    environment. no need to break any CFLAGS it might set in the
    configure script.
  - remove unneeded prefix from the make calls.
  - enable building the binaries with PIE/relro now

-------------------------------------------------------------------
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de

- Update to version 1.29.1:
  * Modify chronyc protocol to prevent amplification attacks
    (CVE-2014-0021) (incompatible with previous protocol version,
    chronyc supports both)
- Additional changes from 1.29
  * Fix crash when processing crafted commands (CVE-2012-4502)
    (possible with IP addresses allowed by cmdallow and localhost)
  * Don't send uninitialized data in SUBNETS_ACCESSED and
    CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
  * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Additional changes from 1.28
  * Combine sources to improve accuracy
  * Make config and command parser strict
  * Add -a option to chronyc to authenticate automatically
  * Add -R option to ignore initstepslew and makestep directives
  * Add generatecommandkey, minsamples, maxsamples and user
    directives
  * Improve compatibility with NTPv1 and NTPv2 clients
  * Create sockets only in selected family with -4/-6 option
  * Treat address bind errors as non-fatal
  * Extend tracking log
  * Accept float values as initstepslew threshold
  * Allow hostnames in offline, online and burst commands
  * Fix and improve peer polling
  * Fix crash in config parsing with too many servers
  * Fix crash with duplicated initstepslew address
  * Fix delta calculation with extreme frequency offsets
  * Set local stratum correctly
  * Remove unnecessary adjtimex calls
  * Set paths in documentation by configure
  * Update chrony.spec
- Updated chrony-config.patch:
  - lots of config values were fixed upstream already
  - key file patching is unnecessary

-------------------------------------------------------------------
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org

- Update to version 1.27:
  + Added support for stronger authentication keys via NSS or
    libtomcrypt library.
  + Extended tracking, sources and activity reports printed by
    chronyc.
  + The daemon now waits in foreground until it is fully
    initialized.
  + Other bug fixes and improvements.
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
  dependencys.

-------------------------------------------------------------------
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org

-run spec-cleaner on the spec file, fix license and remove cruft

-------------------------------------------------------------------
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de

- Update to version 1.26:
  * Added compatibility with Linux 3.0 and later
  * Fixed replying on multihomed IPv6 hosts
  * Other minor bug fixes and improvements
- Cleanup package a bit.