------------------------------------------------------------------- Tue Jun 4 14:57:09 UTC 2024 - Reinhard Max - bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable ------------------------------------------------------------------- Mon May 27 15:34:40 UTC 2024 - Reinhard Max - Update clknetsim to snapshot 0a11a35. ------------------------------------------------------------------- Mon Feb 26 10:33:53 UTC 2024 - Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Mon Jan 15 14:12:31 UTC 2024 - Reinhard Max - Update to version 4.5: * Add support for AES-GCM-SIV in GnuTLS * Add support for corrections from PTP transparent clocks * Add support for systemd socket activation * Fix presend in interleaved mode * Fix reloading of modified sources from sourcedir ------------------------------------------------------------------- Fri Sep 1 14:05:34 UTC 2023 - Fabian Vogt - Use make quickcheck instead of make check to avoid >1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable. Here a seed is already set to get deterministic execution. ------------------------------------------------------------------- Wed Aug 9 17:30:28 UTC 2023 - Reinhard Max - Update to 4.4: * Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS cookies to avoid some length-specific blocking of NTP on Internet. * Add support for multiple refclocks using extpps option on one PHC. * Add maxpoll option to hwtimestamp directive to improve PHC tracking with low packet rates * Add hwtstimeout directive to configure timeout for late timestamps. * Handle late hardware transmit timestamps of NTP requests on all sockets. * Handle mismatched 32/64-bit time_t in SOCK refclock samples * Improve source replacement * Log important changes made by command requests (chronyc) * Refresh address of NTP sources periodically * Set DSCP for IPv6 packets * Shorten NTS-KE retry interval when network is down * Update seccomp filter for musl * Warn if loading keys from file with unexpected permissions * Warn if source selection fails or falseticker is detected * Add selectopts command to modify source-specific selection options. * Add timestamp sources to serverstats report and make its fields 64-bit. * Add -e option to chronyc to indicate end of response - Update clknetsim to snapshot ef2a7a9. ------------------------------------------------------------------- Wed Nov 16 11:37:25 UTC 2022 - Clemens Famulla-Conrad - Install chrony DHCP dispatcher script for Networkmanager * chrony.nm-dispatcher.dhcp.patch /var/run to /run ------------------------------------------------------------------- Thu Sep 1 14:40:46 UTC 2022 - Reinhard Max - Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff. ------------------------------------------------------------------- Wed Jun 15 14:41:05 UTC 2022 - Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ------------------------------------------------------------------- Thu May 12 14:33:50 UTC 2022 - Stefan Schubert - Moved 20-chrony file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update. ------------------------------------------------------------------- Mon Jan 10 17:26:02 UTC 2022 - Reinhard Max - boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. ------------------------------------------------------------------- Thu Dec 16 16:47:08 UTC 2021 - Reinhard Max - Update to 4.2 * Add support for NTPv4 extension field improving synchronisation stability and resolution of root delay and dispersion (experimental) * Add support for NTP over PTP (experimental) * Add support for AES-CMAC and hash functions in GnuTLS * Improve server interleaved mode to be more reliable and support multiple clients behind NAT * Update seccomp filter * Fix RTC support with 64-bit time_t on 32-bit Linux * Fix seccomp filter to work correctly with bind*device directives - Obsoleted patches: * chrony-refid-internal-md5.patch * harden_chrony-wait.service.patch * harden_chronyd.service.patch - Update clknetsim to snapshot 470b5e9. ------------------------------------------------------------------- Tue Dec 7 10:08:53 UTC 2021 - Reinhard Max - Add chrony-htonl.patch to work around undocumented behaviour of htonl() in older glibc versions (SLE-12) on 64 bit big endian architectures (s390x). ------------------------------------------------------------------- Fri Nov 19 16:39:44 UTC 2021 - Reinhard Max - SLE bugs that have been fixed in openSUSE up to this point without explicit references: bsc#1183783, bsc#1184400, bsc#1171806, bsc#1161119, bsc#1159840. - Obsoleted SLE patches: * chrony-fix-open.patch * chrony-gettimeofday.patch * chrony-ntp-era-split.patch * chrony-pidfile.patch * chrony-select-timeout.patch * chrony-urandom.patch * chrony.sysconfig * clknetsim-glibc-2.31.patch ------------------------------------------------------------------- Fri Oct 8 14:52:41 UTC 2021 - Reinhard Max - boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway. ------------------------------------------------------------------- Mon Aug 30 13:50:07 UTC 2021 - Johannes Segitz - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch ------------------------------------------------------------------- Thu Jul 1 12:38:13 UTC 2021 - Reinhard Max - boo#1187906: Consolidate all references to the helper script. - bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch . ------------------------------------------------------------------- Sun Jun 13 13:29:36 UTC 2021 - Callum Farmer - Add now working CONFIG parameter to sysusers generator ------------------------------------------------------------------- Wed Jun 2 09:10:41 UTC 2021 - Callum Farmer - Change to using systemd-sysusers - Remove otherproviders, not needed anymore ------------------------------------------------------------------- Tue Jun 1 12:53:23 UTC 2021 - Reinhard Max - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). ------------------------------------------------------------------- Fri Feb 5 09:38:02 UTC 2021 - Reinhard Max - Enable syscallfilter unconditionally [boo#1181826]. ------------------------------------------------------------------- Mon Dec 7 09:53:22 UTC 2020 - Marcus Rueckert - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. ------------------------------------------------------------------- Sun Nov 1 22:26:48 UTC 2020 - Marcus Rueckert - Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - add BuildRequires for gnutls-devel (which also pulls nettle to enable the new features) - drop patches which are included in the update: chrony-test-update-processing-of-packet-log.patch chrony-test-fix-util-unit-test-for-NTP-era-split.patch - refreshed chrony-config.patch - track series file for easier quilt setup - added option to turn off testsuite with osc build --without=testsuite testsuite still runs by default ------------------------------------------------------------------- Wed Oct 28 07:49:37 UTC 2020 - Thorsten Kukuk - By default we don't write log files but log to journald, so only recommend logrotate. ------------------------------------------------------------------- Mon Sep 14 10:41:58 UTC 2020 - Reinhard Max - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). ------------------------------------------------------------------- Sun Sep 13 20:22:46 UTC 2020 - Matthias Eliasson - Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) ------------------------------------------------------------------- Sun Aug 2 21:27:45 UTC 2020 - Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ------------------------------------------------------------------- Thu Jun 4 15:23:17 UTC 2020 - Reinhard Max - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). ------------------------------------------------------------------- Thu Apr 30 16:03:16 UTC 2020 - Dominique Leuenberger - Use _systemdutildir instead of _libexecdir/systemd: systemd does not actually live below libexecdir. ------------------------------------------------------------------- Thu Feb 13 12:45:44 UTC 2020 - Martin Liška - Add chrony-test-update-processing-of-packet-log.patch in order to fix test-suite failure. ------------------------------------------------------------------- Wed Feb 12 09:24:24 UTC 2020 - Martin Liška - Update clknetsim to version 79ffe44 (fixes boo#1162964). - Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. ------------------------------------------------------------------- Sat Oct 26 10:39:29 UTC 2019 - Arjen de Korte - Change to BuildRequires: rubygem(asciidoctor) and remove conditional (is available in SLE12-SP4 and SLE15* as well) - Fix typo in %install ------------------------------------------------------------------- Tue Oct 22 21:18:58 UTC 2019 - Arjen de Korte - Fix asciidoc in Tumbleweed - Revert clknetsim to version 58c5e8b ------------------------------------------------------------------- Tue Oct 22 15:25:18 UTC 2019 - Arjen de Korte - Fix incorrect download link for package signature ------------------------------------------------------------------- Mon Oct 21 07:57:44 UTC 2019 - Martin Pluskal - Temporarily disable signature usage as its expired - Update clknetsim to version ac3c832 ------------------------------------------------------------------- Sat Oct 19 08:27:17 UTC 2019 - Mathias Homann - fix chrony-service-helper.patch ------------------------------------------------------------------- Sat Oct 19 07:22:58 UTC 2019 - Mathias Homann - Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems ------------------------------------------------------------------- Thu Mar 21 13:35:20 UTC 2019 - Reinhard Max - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). - Add chrony-service-ordering.patch - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). ------------------------------------------------------------------- Wed Mar 6 13:40:04 UTC 2019 - Martin Pluskal - Update testsuite to version 58c5e8b ------------------------------------------------------------------- Thu Dec 20 16:48:14 UTC 2018 - Reinhard Max - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. ------------------------------------------------------------------- Fri Dec 14 08:05:35 UTC 2018 - Martin Pluskal - Make sure to generate correct sysconfig file (boo#1117147) - Update clknetsim to revision 8b48422 ------------------------------------------------------------------- Thu Nov 22 09:27:58 UTC 2018 - Martin Pluskal - Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529) ------------------------------------------------------------------- Thu Oct 18 10:14:08 UTC 2018 - Ismail Dönmez - Update the keyring and uncomment it in the spec file ------------------------------------------------------------------- Thu Oct 18 07:43:44 UTC 2018 - Martin Pluskal - Comment out bad signature ------------------------------------------------------------------- Wed Sep 19 18:21:19 UTC 2018 - Michael Ströder - Added %{_tmpfilesdir}/%{name}.conf - Updated clknetsim - Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD ------------------------------------------------------------------- Fri Aug 3 07:56:06 UTC 2018 - mpluskal@suse.com - Update clknetsim to revision 42b693b * Drop not needed chrony-fix-open.patch - Build tests with optflags as well - Do not run tests on i586 - Enable signd ------------------------------------------------------------------- Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com - Mention all sources as such in spec file - Fix formatting of changelog - Drop reference to change is not present ------------------------------------------------------------------- Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com - Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ------------------------------------------------------------------- Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add "include /etc/chrony.d/*" ------------------------------------------------------------------- Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de - Use %license instead of %doc [bsc#1082318] ------------------------------------------------------------------- Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de - Fix name of fillup template (was never installed before) - Fix Requires for fillup, it's used in post, not pre. ------------------------------------------------------------------- Fri Feb 9 10:21:09 UTC 2018 - mpluskal@suse.com - Enable pps support ------------------------------------------------------------------- Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com - Cleanup spec file: * Drop pre systemd support * Run spec-cleaner ------------------------------------------------------------------- Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com - Modified the spec file to comment out the pool statement in chrony.conf if _not_ building for openSUSE. (bsc#1063704). ------------------------------------------------------------------- Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de - refresh patches to apply cleanly again - chrony-config.patch - chrony-fix-open.patch ------------------------------------------------------------------- Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com - Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up - Upgraded clknetsim to version 71dbbc5. - Reworked chrony-fix-open.patch to fit the new version ------------------------------------------------------------------- Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com - Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode - Upgraded clknetsim to version ce89a1b. - Reworked the following patches to fit the new versions - chrony-config.patch - chrony-service-helper.patch - chrony-fix-open.patch ------------------------------------------------------------------- Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com - Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving - Upgraded clknetsim to version 6bb6519. ------------------------------------------------------------------- Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com - Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive ------------------------------------------------------------------- Wed Jun 8 10:02:51 UTC 2016 - mrueckert@suse.de - update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets - Removed features - Drop documentation in Texinfo format - update clknetsim to a5949fe for fixing a testsuite failure: - add IP_PKTINFO socket option - accept environment variables in make - fix building with FORTIFY_SOURCE - fix compiler warning - support multiple SHM refclocks - fix recv functions with new glibc headers - refreshed chrony-fix-open.patch: to apply cleanly after clknetsim update - drop patches: - chrony-include-termios.patch - make-105-ntpauth-more-reliable.patch - drop buildrequires for texinfo and pre requires on the install info packages - no longer use make install-docs: it only installed 0 byte html files. ------------------------------------------------------------------- Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com - Provide ntp-daemon (bsc#973981) ------------------------------------------------------------------- Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com - chrony-fix-open.patch: make sure _open and _close are initialized in open()/close() override, as libfreebl3 also calls from the the ELF constructor. FATE#319508 - enable mozilla-nss ------------------------------------------------------------------- Fri Apr 8 15:54:08 UTC 2016 - mpluskal@suse.com - Use correct license - Drop hardcoded dependency on libseccomp, it is detected during build ------------------------------------------------------------------- Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com - Undo reference to chrony-dnssrv@.service in %pre, %preun, %post, and %postun as it would lead to error. - Change conditions for libseccom, we can use any version on SLE-12 x86_64 ------------------------------------------------------------------- Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com - Removed %if for distributions that aren't building chrony. - Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since the patch is not particularly version-dependent. - Added clknetsim for "make check" processing. - Added Buildrequires for gcc-c++ and timezone for building clknetsim and running "make check". - Changed Buildrequires and Requires to specify the minimum level of libseccomp needed to build on s390x and ppc64le. - Removed "-Recommends: timedatex" since I couldn't find any instance of it anywhere in the build service. - Modified the description to use some of the information from the chrony web site. - Added chrony-include-termios.patch so that it will build on ppc64le. - Added make-105-ntpauth-more-reliable.patch so that "make check" will not report a non-failure as a failure. - Added --without-nss to ./configure to avoid "interruption code 0x2003B in chronyd" errors. - Changed the symbolic links for rcchronyd and rcchronyd-wait to point to the actual location of the service command, not the symlink in /sbin. - Added reference to chrony-dnssrv@.service in %pre, %preun, %post, and %postun. ------------------------------------------------------------------- Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com - Cleanup spec file with spec-cleaner - Prepare for submission to Factory (see fate#319508) ------------------------------------------------------------------- Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de - update to 2.3 - Enhancements - Add support for NTP and command response rate limiting - Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris - Add require and trust options for source selection - Enable logchange by default (1 second threshold) - Set RTC on Mac OS X with rtcsync directive - Allow binding to NTP port after dropping root privileges on NetBSD - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled - Resolve names in separate process when seccomp filter is enabled - Replace old records in client log when memory limit is reached - Don't reveal local time and synchronisation state in client packets - Don't keep client sockets open for longer than necessary - Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly - Warn when using keys shorter than 80 bits - Add keygen command to generate random keys easily - Add serverstats command to report NTP and command packet statistics - Bug fixes - Fix clock correction after making step on Mac OS X - Fix building on Solaris - refreshed patches to apply cleanly again: chrony-2.2_logrotate.patch chrony-config.patch chrony-service-helper.patch ------------------------------------------------------------------- Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de - update to 2.2.1 Restrict authentication of NTP server/peer to specified key (CVE-2016-1567) ------------------------------------------------------------------- Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de - silence groupadd/useradd call and drop the shell from the user. ------------------------------------------------------------------- Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de - update to 2.2 see /usr/share/doc/packages/chrony/NEWS - sync with fedora spec and add systemd support - refreshed chrony-config.patch to apply cleanly again - added chrony-2.2_logrotate.patch: add missing su option as we no longer have the daemon run as root. - added chrony-service-helper.patch: imported from fedora with a changed path for moving from libexecdir to datadir - only use syscall filters on 12.3 and newer - move helper from libexecdir to datadir ------------------------------------------------------------------- Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de - clean up build section - the configure script can actually import CC/CFLAGS from the environment. no need to break any CFLAGS it might set in the configure script. - remove unneeded prefix from the make calls. - enable building the binaries with PIE/relro now ------------------------------------------------------------------- Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de - Update to version 1.29.1: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) - Additional changes from 1.29 * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands - Additional changes from 1.28 * Combine sources to improve accuracy * Make config and command parser strict * Add -a option to chronyc to authenticate automatically * Add -R option to ignore initstepslew and makestep directives * Add generatecommandkey, minsamples, maxsamples and user directives * Improve compatibility with NTPv1 and NTPv2 clients * Create sockets only in selected family with -4/-6 option * Treat address bind errors as non-fatal * Extend tracking log * Accept float values as initstepslew threshold * Allow hostnames in offline, online and burst commands * Fix and improve peer polling * Fix crash in config parsing with too many servers * Fix crash with duplicated initstepslew address * Fix delta calculation with extreme frequency offsets * Set local stratum correctly * Remove unnecessary adjtimex calls * Set paths in documentation by configure * Update chrony.spec - Updated chrony-config.patch: - lots of config values were fixed upstream already - key file patching is unnecessary ------------------------------------------------------------------- Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org - Update to version 1.27: + Added support for stronger authentication keys via NSS or libtomcrypt library. + Extended tracking, sources and activity reports printed by chronyc. + The daemon now waits in foreground until it is fully initialized. + Other bug fixes and improvements. - Add mozilla-nss-devel & pkg-config BuildRequires, new optional dependencys. ------------------------------------------------------------------- Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org -run spec-cleaner on the spec file, fix license and remove cruft ------------------------------------------------------------------- Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de - Update to version 1.26: * Added compatibility with Linux 3.0 and later * Fixed replying on multihomed IPv6 hosts * Other minor bug fixes and improvements - Cleanup package a bit.