./net/chrony, Daemon for maintaining the accuracy of computer clocks

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.4, Package name: chrony-3.4, Maintainer: hannken

Chrony is a pair of programs for maintaining the accuracy of computer
clocks.

The reference time can be derived from either Network Time Protocol
(NTP) servers (preferred), or wristwatch-and-keyboard (via chronyc).
The main source of information about the Network Time Protocol is
http://www.eecis.udel.edu/~ntp.

It is designed so that it can work on computers which only have
intermittent access to reference sources, for example computers which
use a dial-up account to access the Internet. Of course, it will work
on computers with permanent connections too.

Chronyd can also operate as an RFC1305-compatible NTP server and peer.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: fa41e595e7041a9deda76a69e970a023091474f6
RMD160: 6accfb0b4ff50675f1f2a12d2d3560077b82aeab
Filesize: 442.438 KB

Version history: (Expand)


CVS history: (Expand)


   2018-10-02 03:01:43 by Nia Alarie | Files touched by this commit (1)
Log message:
chrony: remove stale patch.
   2018-10-01 17:53:58 by Nia Alarie | Files touched by this commit (9) | Package updated
Log message:
net/chrony: update to version 3.4.

Changes:

19 Sep 2018: chrony-3.4 released
Enhancements

    Add filter option to server/pool/peer directive

    Add minsamples and maxsamples options to hwtimestamp directive

    Add support for faster frequency adjustments in Linux 4.19

    Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \ 
without root privileges to remove it on exit

    Disable sub-second polling intervals for distant NTP sources

    Extend range of supported sub-second polling intervals

    Get/set IPv4 destination/source address of NTP packets on FreeBSD

    Make burst options and command useful with short polling intervals

    Modify auto_offline option to activate when sending request failed

    Respond from interface that received NTP request if possible

    Add onoffline command to switch between online and offline state according \ 
to current system network configuration

    Improve example NetworkManager dispatcher script

Bug fixes

    Avoid waiting in Linux getrandom system call

    Fix PPS support on FreeBSD and NetBSD

4 Apr 2018: chrony-3.3 released
Enhancements

    Add burst option to server/pool directive

    Add stratum and tai options to refclock directive

    Add support for Nettle crypto library

    Add workaround for missing kernel receive timestamps on Linux

    Wait for late hardware transmit timestamps

    Improve source selection with unreachable sources

    Improve protection against replay attacks on symmetric mode

    Allow PHC refclock to use socket in /var/run/chrony

    Add shutdown command to stop chronyd

    Simplify format of response to manual list command

    Improve handling of unknown responses in chronyc

Bug fixes

    Respond to NTPv1 client requests with zero mode

    Fix -x option to not require CAP_SYS_TIME under non-root user

    Fix acquisitionport directive to work with privilege separation

    Fix handling of socket errors on Linux to avoid high CPU usage

    Fix chronyc to not get stuck in infinite loop after clock step

15 Sep 2017: chrony-3.2 released
Enhancements

    Improve stability with NTP sources and reference clocks

    Improve stability with hardware timestamping

    Improve support for NTP interleaved modes

    Control frequency of system clock on macOS 10.13 and later

    Set TAI-UTC offset of system clock with leapsectz directive

    Minimise data in client requests to improve privacy

    Allow transmit-only hardware timestamping

    Add support for new timestamping options introduced in Linux 4.13

    Add root delay, root dispersion and maximum error to tracking log

    Add mindelay and asymmetry options to server/peer/pool directive

    Add extpps option to PHC refclock to timestamp external PPS signal

    Add pps option to refclock directive to treat any refclock as PPS

    Add width option to refclock directive to filter wrong pulse edges

    Add rxfilter option to hwtimestamp directive

    Add -x option to disable control of system clock

    Add -l option to log to specified file instead of syslog

    Allow multiple command-line options to be specified together

    Allow starting without root privileges with -Q option

    Update seccomp filter for new glibc versions

    Dump history on exit by default with dumpdir directive

    Use hardening compiler options by default

Bug fixes

    Don’t drop PHC samples with low-resolution system clock

    Ignore outliers in PHC tracking, RTC tracking, manual input

    Increase polling interval when peer is not responding

    Exit with error message when include directive fails

    Don’t allow slash after hostname in allow/deny directive/command

    Try to connect to all addresses in chronyc before giving up

31 Jan 2017: chrony-3.1 released
Enhancements

    Add support for precise cross timestamping of PHC on Linux

    Add minpoll, precision, nocrossts options to hwtimestamp directive

    Add rawmeasurements option to log directive and modify measurements option \ 
to log only valid measurements from synchronised sources

    Allow sub-second polling interval with NTP sources

Bug fixes

    Fix time smoothing in interleaved mode

16 Jan 2017: chrony-3.0 released
Enhancements

    Add support for software and hardware timestamping on Linux

    Add support for client/server and symmetric interleaved modes

    Add support for MS-SNTP authentication in Samba

    Add support for truncated MACs in NTPv4 packets

    Estimate and correct for asymmetric network jitter

    Increase default minsamples and polltarget to improve stability with very \ 
low jitter

    Add maxjitter directive to limit source selection by jitter

    Add offset option to server/pool/peer directive

    Add maxlockage option to refclock directive

    Add -t option to chronyd to exit after specified time

    Add partial protection against replay attacks on symmetric mode

    Don’t reset polling interval when switching sources to online state

    Allow rate limiting with very short intervals

    Improve maximum server throughput on Linux and NetBSD

    Remove dump files after start

    Add tab-completion to chronyc with libedit/readline

    Add ntpdata command to print details about NTP measurements

    Allow all source options to be set in add server/peer command

    Indicate truncated addresses/hostnames in chronyc output

    Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses

Bug fixes

    Fix crash with disabled asynchronous name resolving

21 Nov 2016: chrony-2.4.1 released
Bug fixes

    Fix processing of kernel timestamps on non-Linux systems

    Fix crash with smoothtime directive

    Fix validation of refclock sample times

    Fix parsing of refclock directive

7 Jun 2016: chrony-2.4 released
Enhancements

    Add orphan option to local directive for orphan mode compatible with ntpd

    Add distance option to local directive to set activation threshold (1 second \ 
by default)

    Add maxdrift directive to set maximum allowed drift of system clock

    Try to replace NTP sources exceeding maximum distance

    Randomise source replacement to avoid getting stuck with bad sources

    Randomise selection of sources from pools on start

    Ignore reference timestamp as ntpd doesn’t always set it correctly

    Modify tracking report to use same values as seen by NTP clients

    Add -c option to chronyc to write reports in CSV format

    Provide detailed manual pages

Bug fixes

    Fix SOCK refclock to work correctly when not specified as last refclock

    Fix initstepslew and -q/-Q options to accept time from own NTP clients

    Fix authentication with keys using 512-bit hash functions

    Fix crash on exit when multiple signals are received

    Fix conversion of very small floating-point numbers in command packets

Removed features

    Drop documentation in Texinfo format

16 Feb 2016: chrony-2.3 released
Enhancements

    Add support for NTP and command response rate limiting

    Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris

    Add require and trust options for source selection

    Enable logchange by default (1 second threshold)

    Set RTC on Mac OS X with rtcsync directive

    Allow binding to NTP port after dropping root privileges on NetBSD

    Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled

    Resolve names in separate process when seccomp filter is enabled

    Replace old records in client log when memory limit is reached

    Don’t reveal local time and synchronisation state in client packets

    Don’t keep client sockets open for longer than necessary

    Ignore poll in KoD RATE packets as ntpd doesn’t always set it correctly

    Warn when using keys shorter than 80 bits

    Add keygen command to generate random keys easily

    Add serverstats command to report NTP and command packet statistics

Bug fixes

    Fix clock correction after making step on Mac OS X

    Fix building on Solaris

20 Jan 2016: chrony-2.2.1 and chrony-1.31.2 released
Security fixes

    Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)

CVE-2016-1567: Impersonation between authenticated peers

When a server/peer was specified with a key number to enable authentication with \ 
a symmetric key, packets received from the server/peer were accepted if they \ 
were authenticated with any of the keys contained in the key file and not just \ 
the specified key.

This allowed an attacker who knew one key of a client/peer to modify packets \ 
from its servers/peers that were authenticated with other keys in a \ 
man-in-the-middle (MITM) attack. For example, in a network where each NTP \ 
association had a separate key and all hosts had only keys they needed, a client \ 
of a server could not attack other clients of the server, but it could attack \ 
the server and also attack its own clients (i.e. modify packets from other \ 
servers).

To not allow the server/peer to be authenticated with other keys, the \ 
authentication test was extended to check if the key ID in the received packet \ 
is equal to the configured key number. As a consequence, it’s no longer \ 
possible to authenticate two peers to each other with two different keys, both \ 
peers have to be configured to use the same key.

This issue was discovered by Matt Street of Cisco ASIG.
19 Oct 2015: chrony-2.2 released
Enhancements

    Add support for configuration and monitoring over Unix domain socket \ 
(accessible by root or chrony user when root privileges are dropped)

    Add support for system call filtering with seccomp on Linux (experimental)

    Add support for dropping root privileges on NetBSD

    Control frequency of system clock on FreeBSD, NetBSD, Solaris

    Add system leap second handling mode on FreeBSD, NetBSD, Solaris

    Add dynamic drift removal on Mac OS X

    Add support for setting real-time priority on Mac OS X

    Add maxdistance directive to limit source selection by root distance (3 \ 
seconds by default)

    Add refresh command to get new addresses of NTP sources

    Allow wildcard patterns in include directive

    Restore time from driftfile with -s option if later than RTC time

    Add configure option to set default hwclockfile

    Add -d option to chronyc to enable debug messages

    Allow multiple addresses to be specified for chronyc with -h option and \ 
reconnect when no valid reply is received

    Make check interval in waitsync command configurable

Bug fixes

    Fix building on NetBSD, Solaris

    Restore time from driftfile with -s option if reading RTC failed

Removed features

    Drop support for authentication with command key (run-time configuration is \ 
now allowed only for local users that can access the Unix domain socket)

23 Jun 2015: chrony-2.1.1 released
Bug fixes

    Fix clock stepping by integer number of seconds on Linux

22 Jun 2015: chrony-2.1 released
Enhancements

    Add support for Mac OS X

    Try to replace unreachable and falseticker servers/peers specified by name \ 
like pool sources

    Add leaponly option to smoothtime directive to allow synchronised leap smear \ 
between multiple servers

    Use specific reference ID when smoothing served time

    Add smoothing command to report time smoothing status

    Add smoothtime command to activate or reset time smoothing

Bug fixes

    Fix crash in source selection with preferred sources

    Fix resetting of time smoothing

    Include packet precision in peer dispersion

    Fix crash in chronyc on invalid command syntax

27 Apr 2015: chrony-2.0 released
Enhancements

    Update to NTP version 4 (RFC 5905)

    Add pool directive to specify pool of NTP servers

    Add leapsecmode directive to select how to correct clock for leap second

    Add smoothtime directive to smooth served time and enable leap smear

    Add minsources directive to set required number of selectable sources

    Add minsamples and maxsamples options for all sources

    Add tempcomp configuration with list of points

    Allow unlimited number of NTP sources, refclocks and keys

    Allow unreachable sources to remain selected

    Improve source selection

    Handle offline sources as unreachable

    Open NTP server port only when necessary (client access is allowed by allow \ 
directive/command or peer/broadcast is configured)

    Change default bindcmdaddress to loopback address

    Change default maxdelay to 3 seconds

    Change default stratumweight to 0.001

    Update adjtimex synchronisation status

    Use system headers for adjtimex

    Check for memory allocation errors

    Reduce memory usage

    Add configure options to compile without NTP, cmdmon, refclock support

    Extend makestep command to set automatic clock stepping

Bug fixes

    Add sanity checks for time and frequency offset

    Don’t report synchronised status during leap second

    Don’t combine reference clocks with close NTP sources

    Fix accepting requests from configured sources

    Fix initial fallback drift setting
   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2017-01-03 19:00:20 by Roy Marples | Files touched by this commit (1)
Log message:
chrony does not use curses.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-10-08 11:47:33 by Stephen Borrill | Files touched by this commit (2) | Package updated
Log message:
Honour chronyd in rc.conf. Prior to this, chronyd would run regardless and
could not be disabled.
Bump PKGREVISION
   2015-08-18 09:31:20 by Thomas Klausner | Files touched by this commit (282)
Log message:
Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
   2015-08-17 19:11:32 by Thomas Klausner | Files touched by this commit (178) | Package updated
Log message:
Bump PKGREVISION for ncurses shlib bump.