Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: chrony | Distribution: SUSE Linux Enterprise 15 |
Version: 4.1 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150400.19.4 | Build date: Sun May 8 11:35:27 2022 |
Group: Productivity/Networking/Other | Build host: s390zl34 |
Size: 618096 | Source RPM: chrony-4.1-150400.19.4.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://chrony.tuxfamily.org/ | |
Summary: System Clock Synchronization Client and Server |
Chrony is an implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. a GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network. Chrony consists of two programs: chronyd and chronyc. Chronyd is a daemon which runs in the background on the system. It obtains measurements of the system clock’s offset relative to time servers on other systems via the network and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using chronyc). In either case, chronyd determines the rate at which the computer gains or loses time, and compensates for this. Chronyd can act as either a client or a server. Chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings. It can do so while running on the same computer as the chronyd instance it is controlling or a different computer.
GPL-2.0-only
* Thu Mar 24 2022 [email protected] - Fix config file handling in the spec file and remove "ntsdumpdir" from default config, because augeas-lenses cannot parse it during installation of SLE Micro on SLE-15-SP3 (bsc#1194220). * Mon Jan 10 2022 [email protected] - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. * Tue Dec 07 2021 [email protected] - Add chrony-htonl.patch to work around undocumented behaviour of htonl() in older glibc versions (SLE-12) on 64 bit big endian architectures (s390x). * Fri Nov 19 2021 [email protected] - SLE bugs that have been fixed in openSUSE up to this point without explicit references: bsc#1183783, bsc#1184400, bsc#1171806, bsc#1161119, bsc#1159840. - Obsoleted SLE patches: * chrony-fix-open.patch * chrony-gettimeofday.patch * chrony-ntp-era-split.patch * chrony-pidfile.patch * chrony-select-timeout.patch * chrony-urandom.patch * chrony.sysconfig * clknetsim-glibc-2.31.patch * Fri Oct 08 2021 [email protected] - boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway. * Mon Aug 30 2021 [email protected] - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch * Thu Jul 01 2021 [email protected] - boo#1187906: Consolidate all references to the helper script. - bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch . * Sun Jun 13 2021 [email protected] - Add now working CONFIG parameter to sysusers generator * Wed Jun 02 2021 [email protected] - Change to using systemd-sysusers - Remove otherproviders, not needed anymore * Tue Jun 01 2021 [email protected] - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). * Fri Feb 05 2021 [email protected] - Enable syscallfilter unconditionally [boo#1181826]. * Mon Dec 07 2020 [email protected] - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. * Sun Nov 01 2020 [email protected] - Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - add BuildRequires for gnutls-devel (which also pulls nettle to enable the new features) - drop patches which are included in the update: chrony-test-update-processing-of-packet-log.patch chrony-test-fix-util-unit-test-for-NTP-era-split.patch - refreshed chrony-config.patch - track series file for easier quilt setup - added option to turn off testsuite with osc build --without=testsuite testsuite still runs by default * Wed Oct 28 2020 [email protected] - By default we don't write log files but log to journald, so only recommend logrotate. * Mon Sep 14 2020 [email protected] - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). * Sun Sep 13 2020 [email protected] - Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) * Sun Aug 02 2020 [email protected] - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) * Thu Jun 04 2020 [email protected] - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). * Thu Apr 30 2020 [email protected] - Use _systemdutildir instead of _libexecdir/systemd: systemd does not actually live below libexecdir. * Thu Feb 13 2020 [email protected] - Add chrony-test-update-processing-of-packet-log.patch in order to fix test-suite failure. * Wed Feb 12 2020 [email protected] - Update clknetsim to version 79ffe44 (fixes boo#1162964). - Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. * Sat Oct 26 2019 [email protected] - Change to BuildRequires: rubygem(asciidoctor) and remove conditional (is available in SLE12-SP4 and SLE15* as well) - Fix typo in %install * Tue Oct 22 2019 [email protected] - Fix asciidoc in Tumbleweed - Revert clknetsim to version 58c5e8b * Tue Oct 22 2019 [email protected] - Fix incorrect download link for package signature * Mon Oct 21 2019 [email protected] - Temporarily disable signature usage as its expired - Update clknetsim to version ac3c832 * Sat Oct 19 2019 [email protected] - fix chrony-service-helper.patch * Sat Oct 19 2019 [email protected] - Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems * Thu Mar 21 2019 [email protected] - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). - Add chrony-service-ordering.patch - Fix location of helper script in [email protected] (bsc#1128846). * Wed Mar 06 2019 [email protected] - Update testsuite to version 58c5e8b * Thu Dec 20 2018 [email protected] - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. * Fri Dec 14 2018 [email protected] - Make sure to generate correct sysconfig file (boo#1117147) - Update clknetsim to revision 8b48422 * Thu Nov 22 2018 [email protected] - Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529) * Thu Oct 18 2018 [email protected] - Update the keyring and uncomment it in the spec file * Thu Oct 18 2018 [email protected] - Comment out bad signature * Wed Sep 19 2018 [email protected] - Added %{_tmpfilesdir}/%{name}.conf - Updated clknetsim - Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD * Fri Aug 03 2018 [email protected] - Update clknetsim to revision 42b693b * Drop not needed chrony-fix-open.patch - Build tests with optflags as well - Do not run tests on i586 - Enable signd * Thu Aug 02 2018 [email protected] - Mention all sources as such in spec file - Fix formatting of changelog - Drop reference to change is not present * Wed Aug 01 2018 [email protected] - Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step * Wed Apr 18 2018 [email protected] - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add "include /etc/chrony.d/*" * Mon Mar 26 2018 [email protected] - Use %license instead of %doc [bsc#1082318] * Wed Mar 14 2018 [email protected] - Fix name of fillup template (was never installed before) - Fix Requires for fillup, it's used in post, not pre. * Fri Feb 09 2018 [email protected] - Enable pps support * Thu Nov 23 2017 [email protected] - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Thu Oct 26 2017 [email protected] - Cleanup spec file: * Drop pre systemd support * Run spec-cleaner * Tue Oct 24 2017 [email protected] - Modified the spec file to comment out the pool statement in chrony.conf if _not_ building for openSUSE. (bsc#1063704). * Thu Sep 28 2017 [email protected] - refresh patches to apply cleanly again - chrony-config.patch - chrony-fix-open.patch * Wed Sep 20 2017 [email protected] - Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up - Upgraded clknetsim to version 71dbbc5. - Reworked chrony-fix-open.patch to fit the new version * Tue Jan 31 2017 [email protected] - Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode - Upgraded clknetsim to version ce89a1b. - Reworked the following patches to fit the new versions - chrony-config.patch - chrony-service-helper.patch - chrony-fix-open.patch * Mon Jan 16 2017 [email protected] - Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving - Upgraded clknetsim to version 6bb6519. * Tue Nov 29 2016 [email protected] - Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive * Wed Jun 08 2016 [email protected] - update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets - Removed features - Drop documentation in Texinfo format - update clknetsim to a5949fe for fixing a testsuite failure: - add IP_PKTINFO socket option - accept environment variables in make - fix building with FORTIFY_SOURCE - fix compiler warning - support multiple SHM refclocks - fix recv functions with new glibc headers - refreshed chrony-fix-open.patch: to apply cleanly after clknetsim update - drop patches: - chrony-include-termios.patch - make-105-ntpauth-more-reliable.patch - drop buildrequires for texinfo and pre requires on the install info packages - no longer use make install-docs: it only installed 0 byte html files. * Wed Apr 13 2016 [email protected] - Provide ntp-daemon (bsc#973981) * Mon Apr 11 2016 [email protected] - chrony-fix-open.patch: make sure _open and _close are initialized in open()/close() override, as libfreebl3 also calls from the the ELF constructor. FATE#319508 - enable mozilla-nss * Fri Apr 08 2016 [email protected] - Use correct license - Drop hardcoded dependency on libseccomp, it is detected during build * Fri Apr 08 2016 [email protected] - Undo reference to [email protected] in %pre, %preun, %post, and %postun as it would lead to error. - Change conditions for libseccom, we can use any version on SLE-12 x86_64 * Tue Apr 05 2016 [email protected] - Removed %if for distributions that aren't building chrony. - Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since the patch is not particularly version-dependent. - Added clknetsim for "make check" processing. - Added Buildrequires for gcc-c++ and timezone for building clknetsim and running "make check". - Changed Buildrequires and Requires to specify the minimum level of libseccomp needed to build on s390x and ppc64le. - Removed "-Recommends: timedatex" since I couldn't find any instance of it anywhere in the build service. - Modified the description to use some of the information from the chrony web site. - Added chrony-include-termios.patch so that it will build on ppc64le. - Added make-105-ntpauth-more-reliable.patch so that "make check" will not report a non-failure as a failure. - Added --without-nss to ./configure to avoid "interruption code 0x2003B in chronyd" errors. - Changed the symbolic links for rcchronyd and rcchronyd-wait to point to the actual location of the service command, not the symlink in /sbin. - Added reference to [email protected] in %pre, %preun, %post, and %postun. * Mon Mar 28 2016 [email protected] - Cleanup spec file with spec-cleaner - Prepare for submission to Factory (see fate#319508) * Thu Feb 18 2016 [email protected] - update to 2.3 - Enhancements - Add support for NTP and command response rate limiting - Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris - Add require and trust options for source selection - Enable logchange by default (1 second threshold) - Set RTC on Mac OS X with rtcsync directive - Allow binding to NTP port after dropping root privileges on NetBSD - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled - Resolve names in separate process when seccomp filter is enabled - Replace old records in client log when memory limit is reached - Don't reveal local time and synchronisation state in client packets - Don't keep client sockets open for longer than necessary - Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly - Warn when using keys shorter than 80 bits - Add keygen command to generate random keys easily - Add serverstats command to report NTP and command packet statistics - Bug fixes - Fix clock correction after making step on Mac OS X - Fix building on Solaris - refreshed patches to apply cleanly again: chrony-2.2_logrotate.patch chrony-config.patch chrony-service-helper.patch * Fri Jan 29 2016 [email protected] - update to 2.2.1 Restrict authentication of NTP server/peer to specified key (CVE-2016-1567) * Thu Nov 26 2015 [email protected] - silence groupadd/useradd call and drop the shell from the user. * Thu Nov 26 2015 [email protected] - update to 2.2 see /usr/share/doc/packages/chrony/NEWS - sync with fedora spec and add systemd support - refreshed chrony-config.patch to apply cleanly again - added chrony-2.2_logrotate.patch: add missing su option as we no longer have the daemon run as root. - added chrony-service-helper.patch: imported from fedora with a changed path for moving from libexecdir to datadir - only use syscall filters on 12.3 and newer - move helper from libexecdir to datadir
/etc/NetworkManager/dispatcher.d/20-chrony /etc/chrony.conf /etc/chrony.d /etc/chrony.keys /etc/dhcp /etc/dhcp/dhclient.d /etc/dhcp/dhclient.d/chrony.sh /etc/logrotate.d/chrony /run/chrony /usr/bin/chronyc /usr/lib/chrony /usr/lib/chrony/helper /usr/lib/systemd/ntp-units.d/50-chronyd.list /usr/lib/systemd/system/[email protected] /usr/lib/systemd/system/[email protected] /usr/lib/systemd/system/chrony-wait.service /usr/lib/systemd/system/chronyd.service /usr/lib/sysusers.d/system-user-chrony.conf /usr/lib/tmpfiles.d/chrony.conf /usr/sbin/chronyd /usr/sbin/rcchrony-wait /usr/sbin/rcchronyd /usr/share/doc/packages/chrony /usr/share/doc/packages/chrony/FAQ /usr/share/doc/packages/chrony/NEWS /usr/share/doc/packages/chrony/README /usr/share/doc/packages/chrony/examples /usr/share/doc/packages/chrony/examples/chrony-wait.service /usr/share/doc/packages/chrony/examples/chrony.conf.example1 /usr/share/doc/packages/chrony/examples/chrony.conf.example2 /usr/share/doc/packages/chrony/examples/chrony.conf.example3 /usr/share/doc/packages/chrony/examples/chrony.keys.example /usr/share/doc/packages/chrony/examples/chrony.logrotate /usr/share/doc/packages/chrony/examples/chrony.nm-dispatcher.dhcp /usr/share/doc/packages/chrony/examples/chrony.nm-dispatcher.onoffline /usr/share/doc/packages/chrony/examples/chronyd.service /usr/share/fillup-templates/sysconfig.chronyd /usr/share/licenses/chrony /usr/share/licenses/chrony/COPYING /usr/share/man/man1/chronyc.1.gz /usr/share/man/man5/chrony.conf.5.gz /usr/share/man/man8/chronyd.8.gz /var/lib/chrony /var/lib/chrony/drift /var/lib/chrony/rtc /var/log/chrony
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 20:22:04 2024