chrony/chrony.changes

-------------------------------------------------------------------
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de

- clean up build section
  - the configure script can actually import CC/CFLAGS from the
    environment. no need to break any CFLAGS it might set in the
    configure script.
  - remove unneeded prefix from the make calls.
  - enable building the binaries with PIE/relro now

-------------------------------------------------------------------
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de

- Update to version 1.29.1:
  * Modify chronyc protocol to prevent amplification attacks
    (CVE-2014-0021) (incompatible with previous protocol version,
    chronyc supports both)
- Additional changes from 1.29
  * Fix crash when processing crafted commands (CVE-2012-4502)
    (possible with IP addresses allowed by cmdallow and localhost)
  * Don't send uninitialized data in SUBNETS_ACCESSED and
    CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
  * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Additional changes from 1.28
  * Combine sources to improve accuracy
  * Make config and command parser strict
  * Add -a option to chronyc to authenticate automatically
  * Add -R option to ignore initstepslew and makestep directives
  * Add generatecommandkey, minsamples, maxsamples and user
    directives
  * Improve compatibility with NTPv1 and NTPv2 clients
  * Create sockets only in selected family with -4/-6 option
  * Treat address bind errors as non-fatal
  * Extend tracking log
  * Accept float values as initstepslew threshold
  * Allow hostnames in offline, online and burst commands
  * Fix and improve peer polling
  * Fix crash in config parsing with too many servers
  * Fix crash with duplicated initstepslew address
  * Fix delta calculation with extreme frequency offsets
  * Set local stratum correctly
  * Remove unnecessary adjtimex calls
  * Set paths in documentation by configure
  * Update chrony.spec
- Updated chrony-config.patch:
  - lots of config values were fixed upstream already
  - key file patching is unnecessary

-------------------------------------------------------------------
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org

- Update to version 1.27:
  + Added support for stronger authentication keys via NSS or
    libtomcrypt library.
  + Extended tracking, sources and activity reports printed by
    chronyc.
  + The daemon now waits in foreground until it is fully
    initialized.
  + Other bug fixes and improvements.
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
  dependencys.

-------------------------------------------------------------------
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org

-run spec-cleaner on the spec file, fix license and remove cruft

-------------------------------------------------------------------
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de

- Update to version 1.26:
  * Added compatibility with Linux 3.0 and later
  * Fixed replying on multihomed IPv6 hosts
  * Other minor bug fixes and improvements
- Cleanup package a bit.