644bee6b71
- Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff.
Reinhard Max2022-09-01 15:47:14 +00:00
f062008ad7
- Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff.
Reinhard Max2022-09-01 15:47:14 +00:00
973a6028ca
Accepting request 1000645 from home:schubi2
Reinhard Max2022-09-01 12:16:41 +00:00
b74d198589
Accepting request 1000645 from home:schubi2
Reinhard Max2022-09-01 12:16:41 +00:00
50f0dbdedd
- boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty.
Reinhard Max2022-01-12 17:27:13 +00:00
908bb1e965
- boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty.
Reinhard Max2022-01-12 17:27:13 +00:00
8d76d55b2f
- Update to 4.2 * Add support for NTPv4 extension field improving synchronisation stability and resolution of root delay and dispersion (experimental) * Add support for NTP over PTP (experimental) * Add support for AES-CMAC and hash functions in GnuTLS * Improve server interleaved mode to be more reliable and support multiple clients behind NAT * Update seccomp filter * Fix RTC support with 64-bit time_t on 32-bit Linux * Fix seccomp filter to work correctly with bind*device directives - Obsoleted patches: * chrony-refid-internal-md5.patch * harden_chrony-wait.service.patch * harden_chronyd.service.patch - Update clknetsim to snapshot 470b5e9.
Reinhard Max2021-12-16 18:15:17 +00:00
2eb8c93051
- Update to 4.2 * Add support for NTPv4 extension field improving synchronisation stability and resolution of root delay and dispersion (experimental) * Add support for NTP over PTP (experimental) * Add support for AES-CMAC and hash functions in GnuTLS * Improve server interleaved mode to be more reliable and support multiple clients behind NAT * Update seccomp filter * Fix RTC support with 64-bit time_t on 32-bit Linux * Fix seccomp filter to work correctly with bind*device directives - Obsoleted patches: * chrony-refid-internal-md5.patch * harden_chrony-wait.service.patch * harden_chronyd.service.patch - Update clknetsim to snapshot 470b5e9.
Reinhard Max2021-12-16 18:15:17 +00:00
902146d99c
- boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway.
Reinhard Max2021-10-08 16:29:48 +00:00
59beb62856
- boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway.
Reinhard Max2021-10-08 16:29:48 +00:00
f1e86c08f1
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch .
Reinhard Max2021-07-01 14:37:51 +00:00
a352b85fc0
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch .
Reinhard Max2021-07-01 14:37:51 +00:00
0e5e2f49b2
- boo#1187906: Consolidate all references to the helper script.
Reinhard Max2021-07-01 13:21:41 +00:00
0317a6c6da
- boo#1187906: Consolidate all references to the helper script.
Reinhard Max2021-07-01 13:21:41 +00:00
cde7f90ece
- Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
Reinhard Max2021-06-01 13:31:19 +00:00
b9fe9fc5d2
- Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
Reinhard Max2021-06-01 13:31:19 +00:00
67288b2a86
- Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
Reinhard Max2020-09-14 12:52:37 +00:00
9c13ed8d1e
- Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
Reinhard Max2020-09-14 12:52:37 +00:00
bba6f7b831
Accepting request 834167 from home:elimat:branches:network:time
Martin Pluskal2020-09-14 07:24:37 +00:00
e88433a368
Accepting request 834167 from home:elimat:branches:network:time
Martin Pluskal2020-09-14 07:24:37 +00:00
606c5dd576
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113).
Reinhard Max2020-06-04 15:25:07 +00:00
9e0fdec8b8
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113).
Reinhard Max2020-06-04 15:25:07 +00:00
Dominique Leuenberger
Reinhard Max
Martin Pluskal