Revisions of chrony
Reinhard Max (rmax)
committed
(revision 115)
- Update to 4.4: * Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS cookies to avoid some length-specific blocking of NTP on Internet. * Add support for multiple refclocks using extpps option on one PHC. * Add maxpoll option to hwtimestamp directive to improve PHC tracking with low packet rates * Add hwtstimeout directive to configure timeout for late timestamps. * Handle late hardware transmit timestamps of NTP requests on all sockets. * Handle mismatched 32/64-bit time_t in SOCK refclock samples * Improve source replacement * Log important changes made by command requests (chronyc) * Refresh address of NTP sources periodically * Set DSCP for IPv6 packets * Shorten NTS-KE retry interval when network is down * Update seccomp filter for musl * Warn if loading keys from file with unexpected permissions * Warn if source selection fails or falseticker is detected * Add selectopts command to modify source-specific selection options. * Add timestamp sources to serverstats report and make its fields 64-bit. * Add -e option to chronyc to indicate end of response - Update clknetsim to snapshot ef2a7a9.
buildservice-autocommit
accepted
request 1038940
from
Reinhard Max (rmax)
(revision 114)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 1038692
from
Clemens Famulla-Conrad (cfconrad)
(revision 113)
- Install chrony DHCP dispatcher script for Networkmanager * chrony.nm-dispatcher.dhcp.patch /var/run to /run
buildservice-autocommit
accepted
request 1002167
from
Factory Maintainer (factory-maintainer)
(revision 112)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 111)
- Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff.
Reinhard Max (rmax)
accepted
request 1000645
from
Stefan Schubert (schubi2)
(revision 110)
- Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
buildservice-autocommit
accepted
request 978662
from
Reinhard Max (rmax)
(revision 109)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 978120
from
Stefan Schubert (schubi2)
(revision 108)
- Moved 20-chrony file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update.
Reinhard Max (rmax)
committed
(revision 107)
- boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty.
Reinhard Max (rmax)
committed
(revision 106)
- Update to 4.2 * Add support for NTPv4 extension field improving synchronisation stability and resolution of root delay and dispersion (experimental) * Add support for NTP over PTP (experimental) * Add support for AES-CMAC and hash functions in GnuTLS * Improve server interleaved mode to be more reliable and support multiple clients behind NAT * Update seccomp filter * Fix RTC support with 64-bit time_t on 32-bit Linux * Fix seccomp filter to work correctly with bind*device directives - Obsoleted patches: * chrony-refid-internal-md5.patch * harden_chrony-wait.service.patch * harden_chronyd.service.patch - Update clknetsim to snapshot 470b5e9. - Add chrony-htonl.patch to work around undocumented behaviour of htonl() in older glibc versions (SLE-12) on 64 bit big endian architectures (s390x). - SLE bugs that have been fixed in openSUSE up to this point without explicit references: bsc#1183783, bsc#1184400, bsc#1171806, bsc#1161119, bsc#1159840. - Obsoleted SLE patches: * chrony-fix-open.patch * chrony-gettimeofday.patch * chrony-ntp-era-split.patch * chrony-pidfile.patch * chrony-select-timeout.patch
Reinhard Max (rmax)
committed
(revision 105)
- boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway.
Reinhard Max (rmax)
accepted
request 915264
from
Johannes Segitz (jsegitz)
(revision 104)
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Reinhard Max (rmax)
committed
(revision 103)
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch .
Reinhard Max (rmax)
committed
(revision 102)
- boo#1187906: Consolidate all references to the helper script.
Martin Pluskal (pluskalm)
accepted
request 899811
from
Callum Farmer (gmbr3)
(revision 101)
- Add now working CONFIG parameter to sysusers generator
buildservice-autocommit
accepted
request 898039
from
Reinhard Max (rmax)
(revision 100)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 896868
from
Callum Farmer (gmbr3)
(revision 99)
- Change to using systemd-sysusers - Remove otherproviders, not needed anymore
buildservice-autocommit
accepted
request 896714
from
Reinhard Max (rmax)
(revision 98)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 97)
- Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
Reinhard Max (rmax)
committed
(revision 96)
- Enable syscallfilter unconditionally [boo#1181826].
Displaying revisions 21 - 40 of 135