File chrony.changes of Package chrony.14831

-------------------------------------------------------------------
Fri Mar 27 15:19:29 UTC 2020 - Reinhard Max <max@suse.com>

- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
  preconfigure chrony to use NTP servers from the  respective
  pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
  preconfigured servers.

-------------------------------------------------------------------
Wed Jan  8 17:31:23 UTC 2020 - Reinhard Max <max@suse.com>

- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
  "make check" builds made after 2019-12-20. Existing installations
  do not need to be updated as the bug only affects the test, but
  not chrony itself.

-------------------------------------------------------------------
Wed Mar 20 15:14:12 UTC 2019 - Reinhard Max <max@suse.com>

- Fix ordering and dependencies of chronyd.service, so that it is
  started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch

-------------------------------------------------------------------
Fri Dec 14 09:58:08 UTC 2018 - Martin Pluskal <mpluskal@suse.com>

- Make sure to generate correct sysconfig file (boo#1117147)

-------------------------------------------------------------------
Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com

- Added /etc/chrony.d/ directory to the package (bsc#1083597)
  Modifed default chrony.conf to add "include /etc/chrony.d/*"

-------------------------------------------------------------------
Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de

- Use %license instead of %doc [bsc#1082318]

-------------------------------------------------------------------
Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de

- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.

-------------------------------------------------------------------
Fri Feb  9 10:21:09 UTC 2018 - mpluskal@suse.com

- Enable pps support

-------------------------------------------------------------------
Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com

- Cleanup spec file:
  * Drop pre systemd support
  * Run spec-cleaner

-------------------------------------------------------------------
Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com

- Modified the spec file to comment out the pool statement
  in chrony.conf if _not_ building for openSUSE. (bsc#1063704).

-------------------------------------------------------------------
Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de

- refresh patches to apply cleanly again
  - chrony-config.patch
  - chrony-fix-open.patch

-------------------------------------------------------------------
Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com

- Upgraded to version 3.2:
  Enhancements
  * Improve stability with NTP sources and reference clocks
  * Improve stability with hardware timestamping
  * Improve support for NTP interleaved modes
  * Control frequency of system clock on macOS 10.13 and later
  * Set TAI-UTC offset of system clock with leapsectz directive
  * Minimise data in client requests to improve privacy
  * Allow transmit-only hardware timestamping
  * Add support for new timestamping options introduced in Linux 4.13
  * Add root delay, root dispersion and maximum error to tracking log
  * Add mindelay and asymmetry options to server/peer/pool directive
  * Add extpps option to PHC refclock to timestamp external PPS signal
  * Add pps option to refclock directive to treat any refclock as PPS
  * Add width option to refclock directive to filter wrong pulse edges
  * Add rxfilter option to hwtimestamp directive
  * Add -x option to disable control of system clock
  * Add -l option to log to specified file instead of syslog
  * Allow multiple command-line options to be specified together
  * Allow starting without root privileges with -Q option
  * Update seccomp filter for new glibc versions
  * Dump history on exit by default with dumpdir directive
  * Use hardening compiler options by default
  Bug fixes
  * Don't drop PHC samples with low-resolution system clock
  * Ignore outliers in PHC tracking, RTC tracking, manual input
  * Increase polling interval when peer is not responding
  * Exit with error message when include directive fails
  * Don't allow slash after hostname in allow/deny directive/command
  * Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version

-------------------------------------------------------------------
Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com

- Upgraded to version 3.1:
  - Enhancements
    - Add support for precise cross timestamping of PHC on Linux
    - Add minpoll, precision, nocrossts options to hwtimestamp directive
    - Add rawmeasurements option to log directive and modify measurements
      option to log only valid measurements from synchronised sources
    - Allow sub-second polling interval with NTP sources
  - Bug fixes
    - Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
  - chrony-config.patch
  - chrony-service-helper.patch
  - chrony-fix-open.patch

-------------------------------------------------------------------
Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com

- Upgraded to version 3.0:
  - Enhancements
    - Add support for software and hardware timestamping on Linux
    - Add support for client/server and symmetric interleaved modes
    - Add support for MS-SNTP authentication in Samba
    - Add support for truncated MACs in NTPv4 packets
    - Estimate and correct for asymmetric network jitter
    - Increase default minsamples and polltarget to improve stability with very low jitter
    - Add maxjitter directive to limit source selection by jitter
    - Add offset option to server/pool/peer directive
    - Add maxlockage option to refclock directive
    - Add -t option to chronyd to exit after specified time
    - Add partial protection against replay attacks on symmetric mode
    - Don't reset polling interval when switching sources to online state
    - Allow rate limiting with very short intervals
    - Improve maximum server throughput on Linux and NetBSD
    - Remove dump files after start
    - Add tab-completion to chronyc with libedit/readline
    - Add ntpdata command to print details about NTP measurements
    - Allow all source options to be set in add server/peer command
    - Indicate truncated addresses/hostnames in chronyc output
    - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
  - Bug fixes
    - Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.

-------------------------------------------------------------------
Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com

- Upgraded to version 2.4.1:
  - Bug fixes
    - Fix processing of kernel timestamps on non-Linux systems
    - Fix crash with smoothtime directive
    - Fix validation of refclock sample times
    - Fix parsing of refclock directive

-------------------------------------------------------------------
Wed Jun  8 10:02:51 UTC 2016 - mrueckert@suse.de

- update to 2.4:
  - Enhancements
    - Add orphan option to local directive for orphan mode
      compatible with ntpd
    - Add distance option to local directive to set activation
      threshold (1 second by default)
    - Add maxdrift directive to set maximum allowed drift of system
      clock
    - Try to replace NTP sources exceeding maximum distance
    - Randomise source replacement to avoid getting stuck with bad
      sources
    - Randomise selection of sources from pools on start
    - Ignore reference timestamp as ntpd doesn't always set it
      correctly
    - Modify tracking report to use same values as seen by NTP
      clients
    - Add -c option to chronyc to write reports in CSV format
    - Provide detailed manual pages
  - Bug fixes
    - Fix SOCK refclock to work correctly when not specified as
      last refclock
    - Fix initstepslew and -q/-Q options to accept time from own
      NTP clients
    - Fix authentication with keys using 512-bit hash functions
    - Fix crash on exit when multiple signals are received
    - Fix conversion of very small floating-point numbers in
      command packets
  - Removed features
    - Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
  - add IP_PKTINFO socket option
  - accept environment variables in make
  - fix building with FORTIFY_SOURCE
  - fix compiler warning
  - support multiple SHM refclocks
  - fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
  update
- drop patches:
  - chrony-include-termios.patch
  - make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
  info packages
- no longer use make install-docs: it only installed 0 byte html
  files.

-------------------------------------------------------------------
Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com

- Provide ntp-daemon (bsc#973981)

-------------------------------------------------------------------
Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com

- chrony-fix-open.patch: make sure _open and _close are initialized
  in open()/close() override, as libfreebl3 also calls from the
  the ELF constructor. FATE#319508
- enable mozilla-nss

-------------------------------------------------------------------
Fri Apr  8 15:54:08 UTC 2016 - mpluskal@suse.com

- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during 
  build

-------------------------------------------------------------------
Fri Apr  8 08:38:00 UTC 2016 - mpluskal@suse.com

- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12 
  x86_64

-------------------------------------------------------------------
Tue Apr  5 22:27:48 UTC 2016 - mpost@suse.com

- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
  the patch is not particularly version-dependent.
- Added clknetsim for "make check" processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
  and running "make check".
- Changed Buildrequires and Requires to specify the minimum level of
  libseccomp needed to build on s390x and ppc64le.
- Removed "-Recommends: timedatex" since I couldn't find any instance
  of it anywhere in the build service.
- Modified the description to use some of the information from the
  chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "make check"
  will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "interruption code
  0x2003B in chronyd" errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to 
  point to the actual location of the service command, not the symlink
  in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
  and %postun.
  
-------------------------------------------------------------------
Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com

- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)

-------------------------------------------------------------------
Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de

- update to 2.3
  - Enhancements
    - Add support for NTP and command response rate limiting
    - Add support for dropping root privileges on Mac OS X,
      FreeBSD, Solaris
    - Add require and trust options for source selection
    - Enable logchange by default (1 second threshold)
    - Set RTC on Mac OS X with rtcsync directive
    - Allow binding to NTP port after dropping root privileges on
      NetBSD
    - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
      is disabled
    - Resolve names in separate process when seccomp filter is
      enabled
    - Replace old records in client log when memory limit is
      reached
    - Don't reveal local time and synchronisation state in client
      packets
    - Don't keep client sockets open for longer than necessary
    - Ignore poll in KoD RATE packets as ntpd doesn't always set it
      correctly
    - Warn when using keys shorter than 80 bits
    - Add keygen command to generate random keys easily
    - Add serverstats command to report NTP and command packet
      statistics
  - Bug fixes
    - Fix clock correction after making step on Mac OS X
    - Fix building on Solaris
- refreshed patches to apply cleanly again:
  chrony-2.2_logrotate.patch
  chrony-config.patch
  chrony-service-helper.patch

-------------------------------------------------------------------
Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de

- update to 2.2.1
  Restrict authentication of NTP server/peer to specified key
  (CVE-2016-1567)

-------------------------------------------------------------------
Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de

- silence groupadd/useradd call and drop the shell from the user.

-------------------------------------------------------------------
Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de

- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir

-------------------------------------------------------------------
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de

- clean up build section
  - the configure script can actually import CC/CFLAGS from the
    environment. no need to break any CFLAGS it might set in the
    configure script.
  - remove unneeded prefix from the make calls.
  - enable building the binaries with PIE/relro now

-------------------------------------------------------------------
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de

- Update to version 1.29.1:
  * Modify chronyc protocol to prevent amplification attacks
    (CVE-2014-0021) (incompatible with previous protocol version,
    chronyc supports both)
- Additional changes from 1.29
  * Fix crash when processing crafted commands (CVE-2012-4502)
    (possible with IP addresses allowed by cmdallow and localhost)
  * Don't send uninitialized data in SUBNETS_ACCESSED and
    CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
  * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Additional changes from 1.28
  * Combine sources to improve accuracy
  * Make config and command parser strict
  * Add -a option to chronyc to authenticate automatically
  * Add -R option to ignore initstepslew and makestep directives
  * Add generatecommandkey, minsamples, maxsamples and user
    directives
  * Improve compatibility with NTPv1 and NTPv2 clients
  * Create sockets only in selected family with -4/-6 option
  * Treat address bind errors as non-fatal
  * Extend tracking log
  * Accept float values as initstepslew threshold
  * Allow hostnames in offline, online and burst commands
  * Fix and improve peer polling
  * Fix crash in config parsing with too many servers
  * Fix crash with duplicated initstepslew address
  * Fix delta calculation with extreme frequency offsets
  * Set local stratum correctly
  * Remove unnecessary adjtimex calls
  * Set paths in documentation by configure
  * Update chrony.spec
- Updated chrony-config.patch:
  - lots of config values were fixed upstream already
  - key file patching is unnecessary

-------------------------------------------------------------------
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org

- Update to version 1.27:
  + Added support for stronger authentication keys via NSS or
    libtomcrypt library.
  + Extended tracking, sources and activity reports printed by
    chronyc.
  + The daemon now waits in foreground until it is fully
    initialized.
  + Other bug fixes and improvements.
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
  dependencys.

-------------------------------------------------------------------
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org

-run spec-cleaner on the spec file, fix license and remove cruft

-------------------------------------------------------------------
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de

- Update to version 1.26:
  * Added compatibility with Linux 3.0 and later
  * Fixed replying on multihomed IPv6 hosts
  * Other minor bug fixes and improvements
- Cleanup package a bit.


openSUSE Build Service is sponsored by