* d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
* Notify chrony to update sources in response to systemd-networkd
events (LP: #1718227)
- d/links: link dispatcher script to networkd-dispatcher events routable
and off
- d/control: set Recommends to networkd-dispatcher
- d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
- d/p/lp-1718227-nm-dispatcher-for-networkd.patch
* debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
* Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
- d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
When dropping the root privileges, don't try to keep the CAP_SYS_TIME
capability if the -x option was enabled. This allows chronyd to be
started without the capability (e.g. in containers) and also drop the
root privileges.
- debian/chrony.service: allow the service to run without CAP_SYS_TIME
- debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
- debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off).
- debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
- debian/install: make chronyd-starter.sh available on install.
- debian/docs, debian/README.container: provide documentation about the
handling of this case.
* debian/chrony.conf: update default chrony.conf to not violate the policy
of pool.ntp.org (to use no more than four of their servers) and to provide
more ipv6 capable sources by default (LP: #1754358)
* Merge with Debian unstable. Remaining changes:
- d/control: switch to nss instead of tomcrypt (nss is in main)
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
* Dropped changes (in Debian)
- d/chrony.default, d/chrony.service: support /etc/default/chrony
DAEMON_OPTS in systemd environment (LP: 1746081)
- d/chrony.service: properly start after networking (LP: 1746458)
- d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
* Added Changes:
- debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
(LP: #1751241, Closes: #891201)
* debian/changelog:
- Remove trailing spaces.
* debian/chrony-dnssrv@.service:
- Use NTP servers obtained from DNS SRV records.
* debian/chrony-dnssrv@.timer:
- Periodic lookup of DNS SRV records.
* debian/chrony-helper:
- New helper script to make use of NTP servers obtained from DHCP and
_ntp._udp DNS SRV records.
* debian/chrony.dhcp:
- Add a dhclient-exit-hook script to add/remove NTP servers depending
on the operations invoked by the DHCP client. (Closes: #889656)
* debian/chrony.service:
- Run “/usr/lib/chrony/chrony-helper update-daemon” after starting chronyd.
* debian/control:
- Suggest dnsutils. The dig utility is used to update files with NTP
servers from DNS SRV records.
* debian/init:
- Run “/usr/lib/chrony/chrony-helper update-daemon” after starting chronyd.
* debian/install:
- Install the chrony-helper script in /usr/lib/chrony.
- Install chrony-dnssrv@.* files in /lib/systemd/system.
* debian/postinst:
- Don’t use recursive chown as this is vulnerable to hardlink attacks on
mainline, non-Debian kernels that do not have fs.protected_hardlinks=1.
Thanks Lintian!
* debian/postrm:
- Remove “/run/chrony” on purge.
* debian/rules:
- Install the dhclient-exit-hook script in /etc/dhcp/dhclient-enter-hooks.
* debian/tests/:
- Use autopkgtest to ensure that chronyd can use NTP servers obtained from
DHCP servers.
[ Christian Ehrhardt ]
* debian/chrony.default:
- Mention systemd service file in the comment.
* debian/chrony.service:
- Support the DAEMON_OPTS variable from “/etc/default/chrony” in systemd
environment. (LP: #1746081, Closes: #889012)
* debian/usr.sbin.chronyd:
- Allow the creation of /run/chrony on demand.
(LP: #1746444, Closes: #889011)
* Revert the changes of (LP 1746458) as in the follow on discussion
it became clear that we want it to start early (for example for an
early offset from drift file). iIf needed chrony will later on pick
up that servers are online via retries (augmented by hooks on network
events).
* d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
* d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
* d/chrony.default, d/chrony.service: support /etc/default/chrony
DAEMON_OPTS in systemd environment (LP: #1746081)
* d/chrony.service: properly start after networking (LP: #1746458)
* d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
* Initial AppArmor profile for chronyd. Thanks to Jamie
Strandboge <jamie@ubuntu.com>. (Closes: #888038)
* debian/compat:
- Bump to debhelper compat 11.
* debian/control:
- Bump standard-version to 4.1.3 (no changes required).
- Build depend on debhelper ≥ 11.
- Set “Rules-Requires-Root: no”.
- Move Vcs-* to salsa.debian.org.
* debian/copyright:
- Add myself as a copyright holder for 2018.
* debian/postinst:
- Don’t force removal of cron file since it doesn’t exist anymore.
* debian/preinst:
- Update the chrony version on which to act.
- Add the debhelper token.
* debian/usr.sbin.chronyd:
- Improve AppArmor profile to support more chronyd features and ease
portability with other distros.
* Import upstream version 3.2:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* Import upstream version 3.2-pre2:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/control:
- Bump standard-version to 4.1.0 (no changes required).
* debian/copyright:
- Update copyright years.
* Import upstream version 3.2-pre1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/patches/*:
- Remove allow_getpid_in_seccomp_filter.patch and update the series file
accordingly.
* debian/tests/upstream-simulation-test-suite:
- Run tests in multiple iterations.
* debian/chrony.if-up:
- Do not pass the “burst” command to chronyc as the script could return an
error in certain situations. As a consequence, that would prevent ifupdown
from writing the current state of the interfaces in /run/network/ifstate.
Thanks to John Eikenberry <jae@zhar.net> for reporting that issue.
(Closes: #868491)
* debian/chrony.ppp.ip-up:
- Take the same action as for the “chrony.if-up” script as a precautionary
measure.
* Now that Stretch has been released (\o/), let’s upload chrony 3.1 to
unstable.
* debian/:
- Remove the menu file used to launch “chronyc”. It is a CLI only tool,
thus it probably does not make a lot of sense to keep it in the Debian
menu.
* debian/control:
- Drop dependency on pre-jessie util-linux version.
- Bump standard-version to 4.0.0 (no changes required).
* debian/tests/upstream-simulation-test-suite:
- Fix the leading comment which mentioned “vm” despite the fact that the
test runs in a container.
* debian/chrony.if-{post-down,up}:
- Remove unnecessary “else” statements.
* debian/chrony.ppp.ip-down:
- Don’t check and delete “/var/run/chrony-ppp-up”, that file doesn’t exist
anymore.
- Check for pid file existence instead of calling “pidof”.
* debian/chrony.ppp.ip-up:
- Don’t create “/var/run/chrony-ppp-up” file after the ppp link came up.
- Check for pid file existence instead of calling “pidof”.
- Don’t call “chronyc” using its absolute path.
- Check for the presence of a default route before advising “chronyd” that
the network connectivity to the sources is ready.
* debian/init:
- Check if “$PIDFILE” exists before taking action.
- Do not print informational messages.
- Remove the “chronyd” pid file when stopping as it doesn’t do it on
its own.
- Rework the “restart|force-reload” pattern.
- Make use of some init-functions.
- Print a message if “chronyd” is already running while attempting to start
it.
- Do not delete “/var/run/chrony-ppp-up”, that file doesn’t exist anymore.
* d/rules:
- Move the default pid file from “/var/run” to “/run”.
* d/tests/*:
- Use autopkgtest facility to run the upstream simulation test suite.
* Merge branch 'master' into experimental. (Closes: #861258)
* debian/patches/*:
- Remove the “fix_time_smoothing_in_interleaved_mode.patch” patch. Not
needed anymore.
* Import upstream version 3.1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/chrony.conf:
- Remove the “hwclockfile” directive. Unneeded now that the configure
script allows us to set the default path to the adjtime file via the
“--with-hwclockfile” option.
* debian/copyright:
- Update copyright years.
* debian/rules:
- Specify default path to hwclock adjtime file.
* debian/patches/*:
- Backport commit 768bce799bfe to make chrony operable with the syscall
filtering feature enabled in level 1. (Closes: #861258)
* debian/patches/*:
- Backport an upstream patch to fix time smoothing in interleaved mode.
(Closes: #854424)
* debian/chrony.conf:
- Disable logging by default, it waste some disk space and users are
probably better served by “chronyc sources” and “chronyc sourcestats”
commands anyway.
* debian/chrony.service:
- Remove the “Restart=on-failure” option. There are possible security
implications for NTP clients.
* debian/dirs:
- Add etc/logrotate.d to avoid build failure.
* Remove our logrotate configuration file in favour of the upstream’s one.
* Import upstream version 3.0:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* Merge branch “experimental”:
- Enable support for MS-SNTP authentication in Samba.
- Rename --chronysockdir to --chronyrundir.
- Enable seccomp facility on powerpcspe.
* debian/chrony.conf:
- Make use of the “makestep” directive to step the system clock instead of
slewing it when necessary.
- Drop the “offline” option as per upstream’s advice to render chrony’s
start-up sequence safer.
* debian/chrony.service:
- Reflect init-helper script deletion.
* debian/copyright:
- Add myself as a copyright holder for 2017.
- Adjust copyright holders and update some copyright years. Kudos to Paul
Gevers <elbrus@debian.org> for spotting the necessary updates.
* debian/init:
- Reflect init-helper script deletion.
* debian/install:
- Don’t install the init-helper script, it has been deleted.
* debian/README.Debian:
- Remove obsolete information.
* Remove the init-helper script as it no longer needed.
* Import upstream version 3.0-pre3:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* Merge branch “master”.
* Enable seccomp facility on powerpcspe.
* Import upstream version 3.0-pre2:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* Import upstream version 3.0-pre1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/copyright:
- Mention new files.
* debian/rules:
- Enable support for MS-SNTP authentication in Samba.
- Rename --chronysockdir to --chronyrundir.
* debian/apm:
- Removing that script as APM as been replaced by ACPI long time ago, thus
it’s highly probable that it isn’t useful anymore.
* debian/chrony.maintscript:
- Remove the apm script’s conffile.
* debian/chrony.service:
- Supply a systemd service file.
- Update unit section’s description. Add chronyc and chrony.conf man pages
information and remove reference to “/usr/share/doc/chrony.txt.gz” which
is not generated anymore.
- Update unit section’s documentation.
* debian/dirs:
- Don’t create etc/apm/event.d as the apm script isn’t provided anymore.
* debian/init:
- Convert to use the init-helper script.
* debian/init-helper:
- Add a helper script that will be used to maintain feature parity between
the SysV script and the systemd service file.
* debian/install:
- Install the init-helper script in “/usr/lib/chrony”.
* debian/rules:
- Don’t install the now removed apm script.
* debian/chrony.conf:
- Don’t create sample histories by default. Using that feature does not
make a lot of sense when using a pool of rapidely rotating time servers.
- Remove unused directives.
- Improve (well, I hope! ;-) ) the configuration file readability.
- Reword the driftfile directive commentary.
- Shorten the lead-in comment.
* debian/control:
- Build-depend on pps-tools only on linux.
- Remove libnss3-dev from Build-Depends until #846012 is fixed.
* debian/init:
- Don’t pass the “-r” option when restarting chronyd as we have disabled
the creation of sample histories by default.
* debian/rules:
- Drop dh_auto_build override. Nowadays, the documentation is built by
default.
* Import upstream version 2.4.1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/chrony.default:
- New file used to pass options to chronyd. Thanks to nutzteil
<nutzteil@web.de> for the suggestion and the initial patch.
(Closes: #834240)
* debian/compat:
- Bump to debhelper compat 10.
* debian/control:
- Build depend on debhelper ≥ 10.
* debian/copyright:
- Use HTTPS for all URI.
* debian/init:
- Read and execute options assigned to the “DAEMON_OPTS” variable.
* debian/rules:
- Drop dh “--parallel” option. Enabled by default in debhelper 10.
The “Fix decade-old bug reports” release.
* Import upstream version 2.4:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/chrony.if-{up,post-down}:
- New scripts used to put chronyd online/offline depending on the
state of the connection. (Closes: #240528,#312092,#389961)
* debian/chrony.keys:
- Highlight “chronyc keygen” command to generate keys.
* debian/chrony.ppp.ip-down:
- Be sure that there is no default route before going offline.
(Closes: #252131)
* debian/control:
- Remove install-info dependency.
- Remove texinfo build dependency since documentation in Texinfo format
has been dropped upstream.
- Build depend on asciidoctor ≥ 1.5.3-1~. The version constraint is
important since chrony’s man pages are generated from “adoc” files, a
functionality that has been added in asciidoctor 1.5.3.
* debian/dirs:
- Add “etc/NetworkManager/dispatcher.d”.
* debian/doc-base:
- Remove the file since we do not generate chrony.{html,txt} anymore.
* debian/docs:
- Remove references to chrony.{html,txt}.
* debian/patches/*:
- Drop fix-ftbfs-on-powerpc-ppc64-ppc64el.diff; applied upstream.
- Update the “series” file accordingly.
* debian/postinst:
- Use ucfr to associate chrony with its configuration files. Suggested by
Paul Gevers <elbrus@debian.org>
* debian/postrm:
- Remove all vestiges of the association between chrony and its
configuration files. Also suggested by Paul Gevers <elbrus@debian.org>
* debian/rules:
- Provide upstream NetworkManager dispatcher script.
* debian/watch:
- Use HTTPS to fetch new upstream releases.
- Switch to version 4 format.
* Cherry pick upstream patch to fix FTBFS on PowerPC, ppc64 and ppc64el
architectures.
* Import upstream version 2.3:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
(Closes: #818235)
* debian/chrony.conf:
- Drop the “logchange” directive. Upstream has enabled “logchange” by
default with a threshold of 1 second. We now use that instead of our custom
threshold of 0,5 second which tended to spam syslog.
- Remove obsolete comment.
* debian/chrony.lintian-overrides:
- Update “chrony.keys” path
* debian/control:
- Bump standard-version to 3.9.8 (no changes required).
- Use HTTPS transport protocol for the homepage URL.
* debian/copyright:
- Add some entries about new or untracked files.
* debian/postinst:
- Move /usr/share/chrony/chrony.keys template to /etc/chrony using ucf.
- Avoid displaying needless prompt when upgrading to chrony ≥ 2.2.1-1.
(Closes: #820087)
* debian/postrm:
- Remove chrony.keys on purge.
- Remove all vestiges of chrony.keys from the state hashfile.
* debian/rules:
- Re-enable test suite.
- Remove dh_installinit override. The init script is LSB-compliant so
passing the “default” option or the two-digit sequence number is unneeded.
- Explicitly set the NTP era. With this change, the NTP time will be
mapped from 1970-01-01T00:00:00Z to 2106-02-07T06:28:16Z. Thanks to this
fixed value, chrony build should be reproducible.
- Move the key file template (chrony.keys) in /usr/share/chrony.
- Force /usr/share/chrony/chrony.keys to use 0640 modes.
* Import upstream versions 2.2 and 2.2.1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
- The 2.2.1 release version fixes CVE-2016-1567. (Closes: #812923)
* debian/chrony.conf:
- Drop the commandkey directive. It is obsolete since the introduction of a
Unix domain command socket in chrony 2.2.
- Fix keyfile directive commentary.
* debian/chrony.keys:
- New file template.
* debian/chrony.lintian-overrides:
- New file used to force lintian to stop complaining about the “chrony.keys”
file modes (0640).
* debian/chrony.ppp.ip-down:
- Drop obsolete authentication method to the chronyd daemon. This is now
handled by the usage of a Unix domain command socket.
* debian/chrony.ppp.ip-up:
- Drop obsolete authentication method to the chronyd daemon. This is now
handled by the usage of a Unix domain command socket.
- Reinstate the “burst” chronyc command.
* debian/control:
- Build depend on libseccomp-dev ≥ 2.2.3-3~. We need it to provide syscall
filtering.
- Fix a typo relative to the name of an architecture.
- Build depend on pkg-config.
- Restrict libcap-dev build dependency on Linux only.
- Depend on iproute2 instead of net-tools.
- Drop timelimit dependency.
- Update Vcs-Git to use HTTPS.
- Bump standard-version to 3.9.7 (no changes required).
* debian/copyright:
- Update copyright year for debian/*.
* debian/init:
- Make use of “ip r” instead of “netstat -rn”. (Closes: #818234)
- Delete unused “FLAGS” variable.
- Do not execute ip and chronyc through timelimit.
- Don’t call chronyc using its absolute path.
- Check if the value of the DAEMON variable is executable.
- Drop the two seconds delay as it should be unnecessary.
- Drop obsolete authentication method from the putonline() function.
- Fix indentation issue in the putonline() function.
* debian/logrotate:
- Do not pass the “-a” option to chronyc, it’s no longer necessary.
* debian/NEWS:
- Add a comment about the command key suppression from the “chrony.keys”
file.
* debian/patches/:
- Drop 01_do-not-install-copying-file.patch, not needed anymore.
↳ Remove reference to that patch from the series file.
* debian/postinst:
- Do not create an ID/key pair for command authentication. Configuration
and monitoring via chronyc is now done using Unix domain socket accessible
by root or by the system user to which chronyd will drop root privileges,
i.e. _chrony.
* debian/postrm:
- Remove /var/lib/chrony content only on purge. (Closes: #568492)
* debian/README.Debian:
- Drop obsolete statement.
* debian/rules:
- Build with --enable-scfilter.
- Install the “chrony.keys” file in /etc/chrony/ with 0640 modes.
- Override dh_fixperms to prevent it from modifying modes of the
“chrony.keys” file. By default, dh_fixperms tries to set the default modes
(0644).
- Move the “chronyd.sock” file from /var/run/chrony to /run/chrony.
* Import upstream version 2.0 and 2.1.1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/:
- Rename ppp scripts from ip-{up,down} to chrony.ppp.ip-{up,down}.
Necessary to let dh_installppp do its magic.
* debian/chrony.conf:
- Use the new 'pool' directive to specify the pool of NTP servers.
- Use the iburst option to speed up the initial synchronization.
- Drop the minpoll option. There is no point to deviate from upstream here.
Consequently, the default minimum polling interval is now 64 seconds
instead of 256 seconds.
- Enable kernel synchronization of the RTC via the 'rtcsync' directive.
- Drop the commented out 'rtcfile' directive in the configuration file.
- Stricly act as an NTP client by default. Serving time to other systems
should be the decision of the administrator(s). (Closes: #778770)
- Clarify some comments.
- Improve comment about the 'commandkey' directive.
* debian/control:
- Drop 'Recommends: udev (>= 0.124-1)' since it predates Debian squeeze.
* debian/copyright:
- Update copyright years.
- Various cleanups.
- Update relative to sys_macosx.{c,h} files.
- The test/simulation/test.common file is under the GPL-2+ license.
Thanks to Paul Gevers <elbrus@debian.org> for catching it.
* debian/NEWS:
- Comment the deactivation of the NTP server capability by default.
* debian/patches/:
- Refresh 01_do-not-install-copying-file.patch.
* debian/README.Debian:
- Fix misleading information.
* debian/rules:
- No need to install ppp scripts from the 'rules' script. Let dh_installppp
handle that.
* Rename the NEWS.Debian file to NEWS. dh_installchangelogs doesn’t seems
to be able to deal with the former name.
* Import upstream version 1.31 and 1.31.1:
- Please see /usr/share/doc/chrony/changelog.gz for release notes.
* debian/chrony.conf:
- Use the 'hwclockfile' directive. Avoid using text processing methods in
the post install script to find out if the RTC keeps local time or UTC.
(Closes: #778710)
* debian/clean:
- Add getdate.c
* debian/control:
- Move chrony from admin to net section.
- Change priority from extra to optional.
- Build depends on libcap-dev. (Closes: #768803)
- Bump standards-version to 3.9.6 (no changes required).
- Set myself as maintainer and Joachim as uploader.
- Update Vcs-Browser URL to use cgit and https.
- Build depends on pps-tools. Provides PPSAPI (RFC-2783) support.
- Improve the synopsis.
- Depend on util-linux (>= 2.20.1-5). Ensure that the 'UTC=' setting
from the '/etc/default/rcS' file have been migrated to UTC/LOCAL in
'/etc/adjtime'.
- Depends on adduser. Needed to create "_chrony" system user/group.
* debian/copyright:
- Add myself to copyright holders.
- Remove spaces from short name license (fix Lintian warning)
- Filled short license field (RSA-MD) (fix Lintian warning)
- Move comment to the "Comment:" field
* debian/logrotate:
- Simplify postrotate script. Thanks to Frédéric Brière
<fbriere@fbriere.net> for reporting and diagnosing the issue.
(Closes: #763542)
* debian/patches:
- Drop patches for issues fixed upstream.
- Rename and update patch. Update the series file accordingly.
* debian/postinst:
- Pass the '--three-way' option to ucf.
- Remove useless text processing methods as we now use the 'hwclockfile'
directive. (Closes: #778711)
- Create "_chrony" system user/group.
- Update the "new_file" path in the ucf invocation.
- Remove the MAILPASSWORD shell variable as we don’t use it.
* debian/postrm:
- Drop removal instruction of /etc/cron.weekly/chrony.
- Remove "_chrony" system user/group on purge.
- Don’t pass the --group option to deluser.
* debian/NEWS.Debian:
- New file incorporating worthwhile changes in this release.
* debian/README.Debian:
- Fix typo, thanks to Paul Gevers <elbrus@debian.org> for catching it.
- Missing word added.
* debian/rules:
- Build with all hardening flags.
- Ease the reading of configure options.
- Specify "_chrony" as default chronyd user. This is the system user to
which chronyd will drop root privileges. You'll find further information
in /usr/share/doc/chrony/README.Debian.
(Closes: #688971)
* With the following security bugfixes (Closes: #782160):
- Fix CVE-2015-1853: Protect authenticated symmetric NTP
associations against DoS attacks.
- Fix CVE-2015-1821: Fix access configuration with subnet
size indivisible by 4.
- Fix CVE-2015-1822: Fix initialization of reply slots for
authenticated commands.
* debian/control:
- Update e-mail address of myself.
- Add Vincent Blut as co-maintainer.
* New upstream release with following bugfixes:
- Fix crash when selecting with multiple preferred sources.
- Fix frequency calculation with large frequency offsets.
- Fix code writing drift and RTC files to compile correctly.
- Fix -4/-6 options in chronyc to not reset hostname set by -h.
- Fix refclock sample validation with sub-second polling interval.
- Set stratum correctly with non-PPS SOCK refclock and local stratum.
- Modify dispersion accounting in refclocks to prevent PPS getting
stuck with large dispersion and not accepting new samples.
- Move faq.txt (PHP style) to a plain text file FAQ. Closes: #415729
* Add gpg signature of upstream developer for use with uscan.
* Update debian/watch, add check of upstream gpg signature.
* Update all patches.
* Bugfix: Use /etc/adjtime in postinst script to recognize
UTC hardware clock. Closes: #680498
* Use logrotate instead of cron script. Closes: #323966
* debian/rules: disable test simulation.
* debian/control: remove obsolete build dependency to dpkg-dev.
* debian/install, debian/dirs, debian/clean: Update.
* debian/copyright: Update and add entries.
* New upstream release with bugfix:
- Closes: #737644: Fixing vulnerability:
CVE-2014-0021 - traffic amplification in cmdmon protocol
(incompatible with previous protocol version, but chronyc
supports both).
* New upstream release with some bugfixes:
- Closes: #719132: new upstream version, fixes security bugs.
- Closes: #719203: Fixing vulnerabilities:
CVE-2012-4502 - Buffer overflow,
CVE-2012-4503 - Uninitialized data.
* debian/control:
- Set myself as new maintainer. Closes: #705768
- Bump to Standards-Version 3.9.5.
- Move to debhelper >= 9 and compat level 9.
- Update package descriptions.
- Add Vcs fields to new git repository.
- Add dependency to lsb-base (for init script).
- Add build dependency to libtomcrypt-dev.
* Move to source format 3.0 (quilt).
* Add the following patch files: (Closes: #637514)
- 01_fix-small-typo-in-manpages
- 03_recreate-always-getdate-c
- 04_do-not-look-for-ncurses (Closes: #646732)
- 05_disable-installation-of-license
* debian/rules:
- Move to dh-based rules file.
- Enable parallel builds.
* Add debian/watch file.
* Full update of debian/copyright file.
* Add debian/doc-base file.
* Full update of debian/README.Debian file.
* Update debian/postinst, debian/postrm, debian/prerm.
* Remove obsolete debian/preinst. Reduce mailing within postinst.
* Do not use old md5sum file anymore for ucf in postinst script.
* Add status action in init script (debian/init). Closes: #652207
* Add debian/install file for installing example of chrony.conf.
* Reduce debian/dirs file for use with debhelper 9.
* QA upload.
* Depend on net-tools, for netstat (closes: #707260).
* Orphaned.
* Fixed Makefile.in so that getdate.c gets made (and removed
in "clean"). This will go upstream. Moved faq stuff in rules
from binary-indep to binary-arch.
* Restored accidently deleted nmu changelog entry.
* Applied patch from Moritz Muehlenhoff <jmm@debian.org>
Closes: #655123 Please enabled hardened build flags
* Fixed upstream.
Closes: #518385 Chrony segfaults on startup (narrowed down to
chronyc and "burst")
* Added DEB_BUILD_OPTIONS=noopt to rules.
Added build-arch and build-indep to rules.
Prefix is now 'usr'.
Changed to dh_installman.
Fixed "clean:" target.
Closes: #479389 Improvements for debian/rules
* Fixed upstream.
Closes: #195620 Strange "System time : xxx seconds slow of NTP time"
output
* Upstream changes should have fixed this.
Closes:#294030 chronyd makes the whole system briefly (< 1 second)
freeze
* Fixed by upstream changes and new LSB headers.
Closes: #407466 Chrony won't access hardware clock but prevents
hwclock from doing so either
* New upstream release
Closes: #348554: chrony and hwclock packages not coordinated.
Closes: #572964: RTC support is missing.
Closes: #642209: add RTC support for linux 3.0.
Closes: #644241: new upstream version 1.26 available.
* Applied patches from Joachim Wiedorn <ad_debian@joonet.de>:
Fixed several typos in man pages and README.
Added version.h.
Moved default chrony.conf to debian/ .
Renamed cron and init files.
Removed debian/NEWS.Debian, debian/info.
Added debian/clean.
Updated debian/copyright. COPYING stays. Upstream requires it.
Fixed debian/menu, debian/control, updated debian/compat.
Added "--without-readline" to debian/rules: rewrite later.
Minor fixes to initscript: rewrite later.
Closes: #646732 Move from readline support to editline support.
Closes: #598253 Fix typo in LSB init headers ($hwclock to $time).
Closes: #600403 Fix init check with PPP connection.
* Non-maintainer upload.
* Add patch (directly over the source...), to work with kernels > 3.0.0,
by Paul Martin at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628919#15.
(Closes: #628919)
* Fix readline build-depends from "libreadline5-dev | libreadline-dev" to
libreadline-gplv2-dev because chrony is GPLv2 only. (Closes: #634447)
* Update copyright file to say that chrony is GPLv2 only. (Closes: #637526)
* Applied (modifed) patch from Gregor Herrmann.
Closes: #593145: fails to configure on installation
Closes: #552162: chrony incorrectly thinks that it has failed to
(re)start
Closes: #592930: invoke-rc.d: initscript chrony, action "start" failed.
* Fixed regression that caused default CHRONY_IOC_ lines to
vanish from io_linux.h thereby breaking hppa and ia64.
Closes: #588930: FTBFS [ia64,hppa]: "I don't know the values of the
_IOC_* constants on your architecture"
* $remote_fs was added in 1.24-1. Depending on networking is neither
necessary nor desireable.
Closes: #590888: Dependencies on init.d script insuficcient
* Still need to rewrite scripts.
* New upstream release. The scripts will be rewritten and many more bugs
taken care of in -2. Right now I want to get 1.24 out there.
* Applied patch from Petter Reinholdtsen to init.d
Closes: #541806: misses syslog dependency in LSB headers
* Chrony cannot be linked to libreadline6 because it is GPLv2 only.
Closes: #553739 replacing libreadline5-dev build dependency with
libreadline-dev
* "configure" rewritten upstream, eliminating "+=".
Closes: #573036: RTC support disabled (due to Bashism in configure line 293)
* Removed "install-info" from scripts.
Closes: #568703: dpkg warnings
* client.c has been rewritten upstream.
Closes: #573032
* Fixed typos.
Closes: #434629: 'man chrony', 'cronyc', 'cronyd' typos: "parateters" x 2,
"priviliges"
* Added debian/source/format containing "1.0".
* Applied patches from upstream to fix remote DOS:
CVE-2010-0292 Don't reply to invalid cmdmon packets
CVE-2010-0293 Limit client log memory size
CVE-2010-0294 Limit rate of syslog messages
* Commented out rtcfile directive in chrony.conf because it can cause
lockups with certain combinations of motherboard and kernel (this is
a known kernel bug).
Closes: #508298: chronyd unreachable and does not work (clock drifts)
* Chrony no longer uses the ppp/ip-up.d and ppp/ip-up.d files and the new
init.d file won't hang if chronyc hangs.
Closes: #448481: /etc/ppp/ip-up.d/chrony doesn't work when bindaddress is set.
* Cannot reproduce on current version on amd64.
Closes: #412961: error in tracking report (on amd64?)
* Replaced background kill with 'timelimit' in initscript.
Closes: #505094: chrony: kills random netstat processes
* Added 'Recommends: udev (>= 0.124-1)'
Closes: #497113: /dev/rtc renamed to /dev/rtc0 with linux-image-2.6-*/2.6.26+15
* Had previously applied patch from Nathanael Nerode to fix configure
bug but forgot to close the bug.
Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses
* Fixed dependency of init script on Pppconfig ip-up.d script by moving
those lines into the init script.
* Added checks to try to make sure that Chronyd is really, really running.
Changed Netstat call to use -n, added code to kill it if it hangs.
Added code to kill Chronyc if it can't contact Chronyd.
Discussed the HPET/rtc problem in NEWS.Debian.
Closes: #504000: init script hangs for a while might break upgrade
* Added missing initialization to create_instance() in ntp_core.c.
This was why UTI_NormaliseTimeval() was being called with huge
values at times.
* See comment on #195620 in 1.21z-6 below. If you know of more LP64
bugs reopen #348412 with a patch.
Closes: #348412: chronyc not LP64 compliant
* Added comment about sources being discarded to chrony.conf as suggested
by Andreas Hübner in #268289.
* This is normal behavior.
Closes: #287060: trimrtc takes 40 seconds to take effect
* Rewrote UTI_NormaliseTimeval()in util.c to use divide/remainder
instead of loops at the suggestion of Gabor Gombas. This prevents the
problem of the loop running until the sun goes out when the function
is called with a very large value for tv_usec on 64-bit architectures.
Also fixed some other spots where the same loop was being used.
Closes: #474294 Goes into endless loop
Closes: #447011 chronyd stalls with 100% CPU usage
I still don't know why the function is being called with such a
large value, however.
* Changed default servers in chrony,conf to Debian servers.
Closes: #434483: chrony: Should use NTP servers in Debian pool
* Added default IOC's to io_linux.h.
Closes: #477043: chrony_1.23-1(ia64/experimental): FTBFS: IOC
constants unknown on ia64
Closes: #476963: chrony_1.23-1(hppa/experimental): FTBFS: "I don't
know the values of the _IOC_* constants for your architecture"
* New upstream release
This is 1.23 with Debian patches applied (including some for LP64).
I'm uploading this to Experimental to get it tested on x86_64 to see
if #474294 is fixed.
* Applied patches from Eric Lammerts <eric@lammerts.org> and Goswin von
Brederlow <brederlo@informatik.uni-tuebingen.de> to cast the value
returned by ntohl to int32_t and so cause correct sign-extension near
line 1655 in client.c. Also fixed similar bugs in the same area. I'm
not sure this entirely fixes the chronyc number display problem,
though. I've not closed #348412 here because chrony is still not
fully LP64 compliant.
Closes: #195620: Strange "System time : xxx seconds slow of
NTP time" output
* Replaced addrfilt.c with addrfilt.c from upstream git repository.
This fixes the recursive structure definition problems.
* Replaced 'route' with 'netstat -r' in the initscript.
* Applied patch for configure script from Nathanael Nerode
<neroden@gcc.gnu.org> to delete the superfluous "lncurses" at line
327.
Closes: #392273: Recursive dependency disease: chrony shouldn't depend
on ncurses
* Added test to reject servers claiming stratum less than 1 in
ntp_core.c "Test 7". Bill Unruh <unruh@physics.ubc.ca> has run across
a server that sometimes claims to be stratum 0, which causes
considerable confusion.
* Applied postinst patch from Lionel Elie Mamane to test for the
existence of old .keys and .conf files before renaming them.
Closes: #397759: fails to configure: mv: cannot stat `/etc/chrony/chrony.keys.1.21-2':
No such file or directory
* Added burst command to /etc/ppp/ip-up.d/chrony to give chronyd a kick in the butt.
Shouldn't need that, though.
Initscript now calls /etc/ppp/ip-up.d/chrony if a default route exists.
Closes: #397739: Not connecting to sources after reboot - dialup
* Added test for /usr/bin/mail to postinst.
Closes: #386651: chrony: Requires /usr/bin/mail but doesn't depend on it
Closes: #390280: chrony: missing dependency on mail
* Added LSB headers to initscript
* Corrected erroneous use of 'dpkg --compare-version' in preinst and postinst.
Closes: #386733: fails to configure (bad upgrade check)
* Added rm to postinst to remove keyfile possibly left by a failed install.
Closes: #390278: usage of tempfile /etc/chrony/chrony.keys is doubtful
* Changed upstream version number from 1.21 to 1.21z to satisfy Debian
archive software.
* Replaced impure chrony_1.21.orig.tar.gz.
Closes: #340030: chrony: Tarball is impure
* Now Provides, Conflicts, Replaces time-daemon
Closes: #330839: time-daemon pseudopackage
* Corrected typos.
Closes: #321121: chrony: typo in 'Conflicts:' field: s/ntpsimple/ntp-simple/ and s/ntprefclock/ntp-refclock/
* Rewrote postinst and postrm to use ucf. Wrote preinst to protect chrony.conf from dpkg.
Closes: #351332: chrony: conffile change prompt prevents smooth upgrade from sarge to etch
* Deleted last few lines of chrony.conf as they no longer apply.
* Deleted .arch-ids from contrib and examples.
* Fixed typo in chronyc.1
Closes: #349871: chrony: typo in chrnoyc.1 results in missing word
* Corrected references in man pages.
Closes: #345034: chrony: man pages refer to wrong sections
* Added "allow 172.16/12" to chrony.conf.
Closes: #252952: chrony: default allow should also have 172.16/12
* Channged server lines in chrony.conf to follow ntp.org current recommendation.
Closes: #243534: chrony: new pool.ntp.org setup doesn't work well
* Fixed FSF address in debian/copyright.
* Patched io_linux.h to add missing architectures.
Closes: #339764: chrony - FTBFS: #error "I don't know the values of the
_IOC_* constants for your architecture"
* Fixed brown-bag error in rules.
Closes: #339853: /usr/sbin/chronyd is missing
* New upstream release
Closes: #328292: New version of chrony avalaible
Closes: #301592: Fails to read RTC and floods logfiles
* Enabled RTC as upstream has installed a work-around for the HPET bug.
* Switched to libreadline5.
Closes: #326379: please rebuild with libreadline5-dev as build dependency
* Patched addrfilt.c to fix gcc 4.0 build problem.
Closes: #298709: chrony: FTBFS (amd64/gcc-4.0): array type has incomplete element type
* There are lots more minor things to fix but I'm uploading now to close
the serious bugs. I'll upload another version with some improvements
in a few weeks.
* Added test for /usr/bin/mail in postinst.
Closes: #307061: Install failure: Cannot configure on system without mailx
I consider this bug serious because it can cause installation to fail
and so I want to get the fix into Sarge.
* Fixed typo in chrony.conf, replaced '/etc/init.d/chrony restart'
with 'invoke-rc.d chrony restart'.
Closes: #305090: Typo in chrony.conf, should mention invoke-rc.d
* Added README.Debian explaining that rtc is off by default.
* Added info-4 to debian/rules.
Closes: #287142: chrony: Can't find chrony.info-4
* Corrected "See Also" section in chrony man page. Now mentions
chronyc(1), chronyd(8), and chrony.conf(5).
Closes: #287444: chrony.1.gz: SEE ALSO on man page has wrong section.
* Edited chrony.conf to disable rtc by default and explain why:
on some systems that use genrtc or the HPET real-time clock it
fails and causes chronyd to fill up the log. The failure is
probably due to a kernel bug, bug the logging should be
throttled.
* Added more explanatory comments at the servers directive in
chrony.conf.
* The postinst script now sends a message to root saying where the
password is, whether Chrony is assuming UTC or local time,
that rtc updating is disabled, why, and how to change it.
* Added missing '#' to
"Can't tell how your clock is set: assuming local time."
in postinst.
* Fixed error in chrony.conf where the non-existent 'online' directive
was mentioned.
Closes: #257235 misleading instructions in chrony.conf
* Patched Makefile.in to generate faq.html.
Closes: #265936 /usr/share/doc/chrony/faq.txt.gz: how to read?
* Put pool.ntp.org servers in chrony.conf as defaults.
* Fixed erroneous references to chronyd(1) in some man pages.
Closes: #241746 SEE ALSO chronyd(1) should be (8)
* I got a new motherboard and can no longer reproduce this.
If you can please reopen the bug.
Closes: #223518 Rtc stuff is broken
* Edited chrony.conf(5).
Closes: #241745 many more features have been added
* Edited chrony.conf to add logchange and mailonchange and to
enable rtc by default.
Closes: #226644 /etc/chrony/chrony.conf: rtc; not all options are noted in conf file
* Fixed upstream: see NEWS.
Closes: #124089 mistake in the chrony manual
Closes: #177366: trailing blank on log lines
Closes: #195618 failure to use /dev/misc/rtc floods logfiles
Closes: #53066 "acquisitionport" directive and doc fixes [patch]
Closes: #100880 RFE: don't use /proc when uname(2) will do
Closes: #163470: different bindaddresses for ntp port and control port
Closes: #200174: Chrony breaks under Kernel 2.5 (two bugs)
* Added '#include <asm/types>' to rtc_linux.c to fix Alpha build problem.
Also removed spinlock stuff from configure.
* Removed all inclusions of kernel headers.
Hopefully Chrony will now build on m68k.
* Removed spinlock.h and mc146818.h from rtc_linux.c. linux/rtc.h and
RTC_UIE=0x10 provide everything needed now.
Closes: #223134 FTBFS: Errors in kernel headers
* However, rtc is now broken (and appears to have been broken for some time)
on 440BX chipsets with 2.4 kernels.
* New upstream release.
* Frank Otto's patch to sys_linux.c, function guess_hz_and_shift_hz now
incorporated upstream.
Closes: #198557 Fatal error: chronyd can't determine hz for kernel with HZ=200
* Security and 64 bit patches are now incorporated upstream
along with most non-i386 architecture patches.
* Put correct links in /usr/share/doc/chrony/timeservers.
Closes: #189686 /usr/share/doc/timeservers links are broken
* Put correct links in chrony.conf.
Closes: #210886 bad link in chrony.conf
* Put missing newlines in apm and chrony.keys.
Closes: #211604 Build-warning: some files misses final newline
* Removed conflict with ntpdate.
* Put linux/linkage.h ahead of linux/spinlock.h as I meant to in
the first place.
* Added "#include <linux/linkage.h>" to rtc_linux.c to fix mips
build failure.
Closes: #200165 chrony doesn't build on mips and mipsel
* Added bison to build-depends because of addition of getdate.y
* Closes: #186498 chronyc hangs if no chronyd is running
Added test for running daemon to ip-{up|down} scripts.
Disabled trimrtc for ALPHA
Closes: #195615 GPL violation - generated file without source
* Added a copy of getdate.y to source.
* Closes: #179842 "CROAK" redefined
Added '#undef CROAK' before CROAK redefiniton in pktlength.h,
added '-DALPHA' to 'alpha' condition in configure, added
'ifdef ALPHA' around CROAK redefinition.
* Replaced many signed and unsigned longs as well as some ints,
shorts, and chars with stdint.h types in candm.h, md5.h, ntp.h,
clientlog.h, and ntp_io.c. This should fix all 64-bit problems.
* Closes: #184065 Assertion `sizeof(NTP_int32) == 4' failed on alpha
Fixed several spots where the author assumed that a long is 32 bits.
There are many more misuses of long as well as several of short and
char but I think I got the only ones likely to cause trouble.
* Closes: #179538 FTBFS: missing build-depends on makeinfo
Added texinfo to build-depends.
* CLoses: #179508: chrony(c|d) show wrong version numbers
Removed spurious version.h.
* Updated author's address in copyright file.
* Closes: #163446 patch, that scripts can handle all commandkeys
Applied debugged patch.
* Closes: #107863 doesn't know about APM
Put apm script in debian/ and added rules to copy it to
etc/apm/event.d as instructed by the apmd maintainer.
* Closes: #100879 unnecessary dependency on libm
Applied patch from Zack Weinberg <zack@codesourcery.com>
* Closes: #124091 the force-reload command of /etc/init.d/chrony should
use the -r option.
Added -r option.
* New upstream release.
* Closes: #178338 New upstream version fixes crashes caused by adjtimex
failure
* Closes: #178101 /etc/ppp/ip-{up,down}.d/chrony installed with
incorrect permissions
This bug was previously reported and fixed in 18-1
* Closes: #176130 got an error when I use ppp_on_boot
Changed 'update-rc.d chrony defaults 83' to
'update-rc.d chrony defaults 14' in init.d so that chrony
will come up before ppp.
* Added code to postinst to read /etc/default/rcS and
set rtconutc appropriately in chrony.conf.
* Rewrote password generator in postinst.
* Closes: #100879 unnecessary dependency on libm
I don't know why this wasn't closed months ago.
* Closes: #103447 typo in "/etc/init.d/chrony"
* Closes: #124087 problems with /etc/init.d/chrony
Fixed script.
* Closes: #161350 /etc/ppp/ip-down.d/chrony cat unnecessary
Fixed scripts.
* Closes: #113840 ntp has been split - add conflicts?
Added ntp-simple and ntp-refclock to conflicts.
* Corrects error in changelog which resulted
in uploads being erroneously classified as NMUs.
* Closes: #138142, #104774, #142670, #105344, #101039
* Closes: #162427, #56756, #98951, #99799, #139633
* Closes: #163469, #163408, #167416
* New upstream release.
* Closes: #138142 new upstream release
* Added Mark Brown's Alpha and PowerPC patch.
* Closes: #104774 hppa build failure
Applied patch.
* Closes: #142670 compilation errors on sparc
Applied patch.
* Closes: #105344 ip-{up, down}.d/chrony not executable
Fixed debian/rules.
* Closes: #101039 does not run on Alpha
Fixed by above mentioned Mark Brown patch.
* Closes: #162427 description should mention NTP
Fixed description.
* Closes: #56756 README.debian should caution about hwclock
Fixed README.debian.
* Closes: #98951 no chrony.keys file installed
Not reproducible, probable user error.
* Closes: #99799 logs world readable
Added umask 022 to log script.
* Closes: #139633 documentation error
Added rtconutc to chrony.conf.
* Closes: #163469 no default case in init.d script
Corrected typo.
* Closes: #163408 PIDFILE wrongly defined in ip-{up,down}
No chrony script uses any such variable.
* Closes: #167416 needs Build-Depends: libreadline4-dev
* Changed rtc_linux.c to not include linux/mc146818rtc.h
when building for sparc, because Moshe Zadka says this
will allow chrony to build there.
* Closes: #142670
* Changed architecture back to 'any'.
* Applied portability patch from LaMont Jones.
* Closes: #104774
* Changed architecture from 'any' to 'i386 sparc'.
Neither I nor the author can test on anything but i386. If
you want chrony on anything else send me a tested patch.
* Closes: #101039
* Closes: #104774
* Fixed bug in man pages.
* Closes: #95134
* Replaced <linux/spinlock.h> in rtc_linux.c with
typedef int spinlock_t as suggested by Paul Slootman.
* Put #define CROAK(message) assert(0) in pktlength.h
to fix Alpha build problem.
* Closes: #86991
* Closes: #84597
* New upstream release.
* Fixed more sprintfs.
* Closes: #50793, #52570, #48216, #65209, #62924, #70377, #61485, #76661
* Patched cron,weekly script with (corrected) patch
from Rene H. Larsen <renehl@post1.tele.dk>.
* Updated author address in copyright file.
* Compiled with egcs.
* Closes: #41885, #41551
* Patched rtc_linux.c with patch for SPARC from
bmc@visi.net.
* New upstream release.
* Upstream version number is 1.1. Debian version
number is 1.10 because previous upstream number
was 1.02.
* Changed configure to permit building on non-Intel.
* Fixed postrm bug.
* Fixed bugs 34954 and 36921.
* Moved to priority extra.
* Added README.debian text about rtc.
* Replaced sprintf's with snprintf's.
* Fixed bugs in cron.weekly, ip-up.d, and ip-down.d.
* Bug 29981 is also fixed.
* Added cron.weekly.
* Changed ip-up.d, ip-down.d, and cron.weekly to read the
password from chrony.keys.
* Added code to postinst to generate a random password and
put it in chrony.keys.
* Initial Release.