------------------------------------------------------------------- Wed Jun 8 10:02:51 UTC 2016 - mrueckert@suse.de - update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets - Removed features - Drop documentation in Texinfo format - update clknetsim to a5949fe for fixing a testsuite failure: - add IP_PKTINFO socket option - accept environment variables in make - fix building with FORTIFY_SOURCE - fix compiler warning - support multiple SHM refclocks - fix recv functions with new glibc headers - refreshed chrony-fix-open.patch: to apply cleanly after clknetsim update - drop patches: - chrony-include-termios.patch - make-105-ntpauth-more-reliable.patch - drop buildrequires for texinfo and pre requires on the install info packages - no longer use make install-docs: it only installed 0 byte html files. ------------------------------------------------------------------- Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com - Provide ntp-daemon (bsc#973981) ------------------------------------------------------------------- Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com - chrony-fix-open.patch: make sure _open and _close are initialized in open()/close() override, as libfreebl3 also calls from the the ELF constructor. FATE#319508 - enable mozilla-nss ------------------------------------------------------------------- Fri Apr 8 15:54:08 UTC 2016 - mpluskal@suse.com - Use correct license - Drop hardcoded dependency on libseccomp, it is detected during build ------------------------------------------------------------------- Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com - Undo reference to chrony-dnssrv@.service in %pre, %preun, %post, and %postun as it would lead to error. - Change conditions for libseccom, we can use any version on SLE-12 x86_64 ------------------------------------------------------------------- Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com - Removed %if for distributions that aren't building chrony. - Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since the patch is not particularly version-dependent. - Added clknetsim for "make check" processing. - Added Buildrequires for gcc-c++ and timezone for building clknetsim and running "make check". - Changed Buildrequires and Requires to specify the minimum level of libseccomp needed to build on s390x and ppc64le. - Removed "-Recommends: timedatex" since I couldn't find any instance of it anywhere in the build service. - Modified the description to use some of the information from the chrony web site. - Added chrony-include-termios.patch so that it will build on ppc64le. - Added make-105-ntpauth-more-reliable.patch so that "make check" will not report a non-failure as a failure. - Added --without-nss to ./configure to avoid "interruption code 0x2003B in chronyd" errors. - Changed the symbolic links for rcchronyd and rcchronyd-wait to point to the actual location of the service command, not the symlink in /sbin. - Added reference to chrony-dnssrv@.service in %pre, %preun, %post, and %postun. ------------------------------------------------------------------- Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com - Cleanup spec file with spec-cleaner - Prepare for submission to Factory (see fate#319508) ------------------------------------------------------------------- Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de - update to 2.3 - Enhancements - Add support for NTP and command response rate limiting - Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris - Add require and trust options for source selection - Enable logchange by default (1 second threshold) - Set RTC on Mac OS X with rtcsync directive - Allow binding to NTP port after dropping root privileges on NetBSD - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled - Resolve names in separate process when seccomp filter is enabled - Replace old records in client log when memory limit is reached - Don't reveal local time and synchronisation state in client packets - Don't keep client sockets open for longer than necessary - Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly - Warn when using keys shorter than 80 bits - Add keygen command to generate random keys easily - Add serverstats command to report NTP and command packet statistics - Bug fixes - Fix clock correction after making step on Mac OS X - Fix building on Solaris - refreshed patches to apply cleanly again: chrony-2.2_logrotate.patch chrony-config.patch chrony-service-helper.patch ------------------------------------------------------------------- Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de - update to 2.2.1 Restrict authentication of NTP server/peer to specified key (CVE-2016-1567) ------------------------------------------------------------------- Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de - silence groupadd/useradd call and drop the shell from the user. ------------------------------------------------------------------- Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de - update to 2.2 see /usr/share/doc/packages/chrony/NEWS - sync with fedora spec and add systemd support - refreshed chrony-config.patch to apply cleanly again - added chrony-2.2_logrotate.patch: add missing su option as we no longer have the daemon run as root. - added chrony-service-helper.patch: imported from fedora with a changed path for moving from libexecdir to datadir - only use syscall filters on 12.3 and newer - move helper from libexecdir to datadir ------------------------------------------------------------------- Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de - clean up build section - the configure script can actually import CC/CFLAGS from the environment. no need to break any CFLAGS it might set in the configure script. - remove unneeded prefix from the make calls. - enable building the binaries with PIE/relro now ------------------------------------------------------------------- Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de - Update to version 1.29.1: * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) (incompatible with previous protocol version, chronyc supports both) - Additional changes from 1.29 * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands - Additional changes from 1.28 * Combine sources to improve accuracy * Make config and command parser strict * Add -a option to chronyc to authenticate automatically * Add -R option to ignore initstepslew and makestep directives * Add generatecommandkey, minsamples, maxsamples and user directives * Improve compatibility with NTPv1 and NTPv2 clients * Create sockets only in selected family with -4/-6 option * Treat address bind errors as non-fatal * Extend tracking log * Accept float values as initstepslew threshold * Allow hostnames in offline, online and burst commands * Fix and improve peer polling * Fix crash in config parsing with too many servers * Fix crash with duplicated initstepslew address * Fix delta calculation with extreme frequency offsets * Set local stratum correctly * Remove unnecessary adjtimex calls * Set paths in documentation by configure * Update chrony.spec - Updated chrony-config.patch: - lots of config values were fixed upstream already - key file patching is unnecessary ------------------------------------------------------------------- Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org - Update to version 1.27: + Added support for stronger authentication keys via NSS or libtomcrypt library. + Extended tracking, sources and activity reports printed by chronyc. + The daemon now waits in foreground until it is fully initialized. + Other bug fixes and improvements. - Add mozilla-nss-devel & pkg-config BuildRequires, new optional dependencys. ------------------------------------------------------------------- Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org -run spec-cleaner on the spec file, fix license and remove cruft ------------------------------------------------------------------- Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de - Update to version 1.26: * Added compatibility with Linux 3.0 and later * Fixed replying on multihomed IPv6 hosts * Other minor bug fixes and improvements - Cleanup package a bit.