Subject: CVS commit: [pkgsrc-2018Q3] pkgsrc/net/chrony
From: S.P.Zeidler
Date: 2018-10-06 14:08:32
Message id: 20181006120832.B9E30FBEE@cvs.NetBSD.org

Log Message:
Pullup ticket #5838 - requested by nia
net/chrony: security update

Revisions pulled up:
- net/chrony/Makefile                                           1.36
- net/chrony/PLIST                                              1.7
- net/chrony/distinfo                                           1.12
- net/chrony/patches/patch-Makefile.in                          1.2
- net/chrony/patches/patch-conf.c                               deleted
- net/chrony/patches/patch-doc_Makefile.in                      1.1
- net/chrony/patches/patch-examples_chrony.conf.example3        1.1
- net/chrony/patches/patch-examples_chrony.keys.example         deleted
- net/chrony/patches/patch-ntp__io.c                            deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Oct  1 15:53:58 UTC 2018

   Modified Files:
   	pkgsrc/net/chrony: Makefile PLIST distinfo
   	pkgsrc/net/chrony/patches: patch-Makefile.in
   Added Files:
   	pkgsrc/net/chrony/patches: patch-doc_Makefile.in
   	    patch-examples_chrony.conf.example3
   Removed Files:
   	pkgsrc/net/chrony/patches: patch-conf.c
   	    patch-examples_chrony.keys.example patch-ntp__io.c

   Log Message:
   net/chrony: update to version 3.4.

   Changes:

   19 Sep 2018: chrony-3.4 released
   Enhancements

       Add filter option to server/pool/peer directive

       Add minsamples and maxsamples options to hwtimestamp directive

       Add support for faster frequency adjustments in Linux 4.19

       Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \ 
without root privileges to remove it on exit

       Disable sub-second polling intervals for distant NTP sources

       Extend range of supported sub-second polling intervals

       Get/set IPv4 destination/source address of NTP packets on FreeBSD

       Make burst options and command useful with short polling intervals

       Modify auto_offline option to activate when sending request failed

       Respond from interface that received NTP request if possible

       Add onoffline command to switch between online and offline state \ 
according to current system network configuration

       Improve example NetworkManager dispatcher script

   Bug fixes

       Avoid waiting in Linux getrandom system call

       Fix PPS support on FreeBSD and NetBSD

   4 Apr 2018: chrony-3.3 released
   Enhancements

       Add burst option to server/pool directive

       Add stratum and tai options to refclock directive

       Add support for Nettle crypto library

       Add workaround for missing kernel receive timestamps on Linux

       Wait for late hardware transmit timestamps

       Improve source selection with unreachable sources

       Improve protection against replay attacks on symmetric mode

       Allow PHC refclock to use socket in /var/run/chrony

       Add shutdown command to stop chronyd

       Simplify format of response to manual list command

       Improve handling of unknown responses in chronyc

   Bug fixes

       Respond to NTPv1 client requests with zero mode

       Fix -x option to not require CAP_SYS_TIME under non-root user

       Fix acquisitionport directive to work with privilege separation

       Fix handling of socket errors on Linux to avoid high CPU usage

       Fix chronyc to not get stuck in infinite loop after clock step

   15 Sep 2017: chrony-3.2 released
   Enhancements

       Improve stability with NTP sources and reference clocks

       Improve stability with hardware timestamping

       Improve support for NTP interleaved modes

       Control frequency of system clock on macOS 10.13 and later

       Set TAI-UTC offset of system clock with leapsectz directive

       Minimise data in client requests to improve privacy

       Allow transmit-only hardware timestamping

       Add support for new timestamping options introduced in Linux 4.13

       Add root delay, root dispersion and maximum error to tracking log

       Add mindelay and asymmetry options to server/peer/pool directive

       Add extpps option to PHC refclock to timestamp external PPS signal

       Add pps option to refclock directive to treat any refclock as PPS

       Add width option to refclock directive to filter wrong pulse edges

       Add rxfilter option to hwtimestamp directive

       Add -x option to disable control of system clock

       Add -l option to log to specified file instead of syslog

       Allow multiple command-line options to be specified together

       Allow starting without root privileges with -Q option

       Update seccomp filter for new glibc versions

       Dump history on exit by default with dumpdir directive

       Use hardening compiler options by default

   Bug fixes

       Don’t drop PHC samples with low-resolution system clock

       Ignore outliers in PHC tracking, RTC tracking, manual input

       Increase polling interval when peer is not responding

       Exit with error message when include directive fails

       Don’t allow slash after hostname in allow/deny directive/command

       Try to connect to all addresses in chronyc before giving up

   31 Jan 2017: chrony-3.1 released
   Enhancements

       Add support for precise cross timestamping of PHC on Linux

       Add minpoll, precision, nocrossts options to hwtimestamp directive

       Add rawmeasurements option to log directive and modify measurements \ 
option to log only valid measurements from synchronised sources

       Allow sub-second polling interval with NTP sources

   Bug fixes

       Fix time smoothing in interleaved mode

   16 Jan 2017: chrony-3.0 released
   Enhancements

       Add support for software and hardware timestamping on Linux

       Add support for client/server and symmetric interleaved modes

       Add support for MS-SNTP authentication in Samba

       Add support for truncated MACs in NTPv4 packets

       Estimate and correct for asymmetric network jitter

       Increase default minsamples and polltarget to improve stability with very \ 
low jitter

       Add maxjitter directive to limit source selection by jitter

       Add offset option to server/pool/peer directive

       Add maxlockage option to refclock directive

       Add -t option to chronyd to exit after specified time

       Add partial protection against replay attacks on symmetric mode

       Don’t reset polling interval when switching sources to online state

       Allow rate limiting with very short intervals

       Improve maximum server throughput on Linux and NetBSD

       Remove dump files after start

       Add tab-completion to chronyc with libedit/readline

       Add ntpdata command to print details about NTP measurements

       Allow all source options to be set in add server/peer command

       Indicate truncated addresses/hostnames in chronyc output

       Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 \ 
addresses

   Bug fixes

       Fix crash with disabled asynchronous name resolving

   21 Nov 2016: chrony-2.4.1 released
   Bug fixes

       Fix processing of kernel timestamps on non-Linux systems

       Fix crash with smoothtime directive

       Fix validation of refclock sample times

       Fix parsing of refclock directive

   7 Jun 2016: chrony-2.4 released
   Enhancements

       Add orphan option to local directive for orphan mode compatible with ntpd

       Add distance option to local directive to set activation threshold (1 \ 
second by default)

       Add maxdrift directive to set maximum allowed drift of system clock

       Try to replace NTP sources exceeding maximum distance

       Randomise source replacement to avoid getting stuck with bad sources

       Randomise selection of sources from pools on start

       Ignore reference timestamp as ntpd doesn’t always set it correctly

       Modify tracking report to use same values as seen by NTP clients

       Add -c option to chronyc to write reports in CSV format

       Provide detailed manual pages

   Bug fixes

       Fix SOCK refclock to work correctly when not specified as last refclock

       Fix initstepslew and -q/-Q options to accept time from own NTP clients

       Fix authentication with keys using 512-bit hash functions

       Fix crash on exit when multiple signals are received

       Fix conversion of very small floating-point numbers in command packets

   Removed features

       Drop documentation in Texinfo format

   16 Feb 2016: chrony-2.3 released
   Enhancements

       Add support for NTP and command response rate limiting

       Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris

       Add require and trust options for source selection

       Enable logchange by default (1 second threshold)

       Set RTC on Mac OS X with rtcsync directive

       Allow binding to NTP port after dropping root privileges on NetBSD

       Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled

       Resolve names in separate process when seccomp filter is enabled

       Replace old records in client log when memory limit is reached

       Don’t reveal local time and synchronisation state in client packets

       Don’t keep client sockets open for longer than necessary

       Ignore poll in KoD RATE packets as ntpd doesn’t always set it correctly

       Warn when using keys shorter than 80 bits

       Add keygen command to generate random keys easily

       Add serverstats command to report NTP and command packet statistics

   Bug fixes

       Fix clock correction after making step on Mac OS X

       Fix building on Solaris

   20 Jan 2016: chrony-2.2.1 and chrony-1.31.2 released
   Security fixes

       Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)

   CVE-2016-1567: Impersonation between authenticated peers

   When a server/peer was specified with a key number to enable authentication \ 
with a symmetric key, packets received from the server/peer were accepted if \ 
they were authenticated with any of the keys contained in the key file and not \ 
just the specified key.

   This allowed an attacker who knew one key of a client/peer to modify packets \ 
from its servers/peers that were authenticated with other keys in a \ 
man-in-the-middle (MITM) attack. For example, in a network where each NTP \ 
association had a separate key and all hosts had only keys they needed, a client \ 
of a server could not attack other clients of the server, but it could attack \ 
the server and also attack its own clients (i.e. modify packets from other \ 
servers).

   To not allow the server/peer to be authenticated with other keys, the \ 
authentication test was extended to check if the key ID in the received packet \ 
is equal to the configured key number. As a consequence, it’s no longer \ 
possible to authenticate two peers to each other with two different keys, both \ 
peers have to be configured to use the same key.

   This issue was discovered by Matt Street of Cisco ASIG.
   19 Oct 2015: chrony-2.2 released
   Enhancements

       Add support for configuration and monitoring over Unix domain socket \ 
(accessible by root or chrony user when root privileges are dropped)

       Add support for system call filtering with seccomp on Linux (experimental)

       Add support for dropping root privileges on NetBSD

       Control frequency of system clock on FreeBSD, NetBSD, Solaris

       Add system leap second handling mode on FreeBSD, NetBSD, Solaris

       Add dynamic drift removal on Mac OS X

       Add support for setting real-time priority on Mac OS X

       Add maxdistance directive to limit source selection by root distance (3 \ 
seconds by default)

       Add refresh command to get new addresses of NTP sources

       Allow wildcard patterns in include directive

       Restore time from driftfile with -s option if later than RTC time

       Add configure option to set default hwclockfile

       Add -d option to chronyc to enable debug messages

       Allow multiple addresses to be specified for chronyc with -h option and \ 
reconnect when no valid reply is received

       Make check interval in waitsync command configurable

   Bug fixes

       Fix building on NetBSD, Solaris

       Restore time from driftfile with -s option if reading RTC failed

   Removed features

       Drop support for authentication with command key (run-time configuration \ 
is now allowed only for local users that can access the Unix domain socket)

   23 Jun 2015: chrony-2.1.1 released
   Bug fixes

       Fix clock stepping by integer number of seconds on Linux

   22 Jun 2015: chrony-2.1 released
   Enhancements

       Add support for Mac OS X

       Try to replace unreachable and falseticker servers/peers specified by \ 
name like pool sources

       Add leaponly option to smoothtime directive to allow synchronised leap \ 
smear between multiple servers

       Use specific reference ID when smoothing served time

       Add smoothing command to report time smoothing status

       Add smoothtime command to activate or reset time smoothing

   Bug fixes

       Fix crash in source selection with preferred sources

       Fix resetting of time smoothing

       Include packet precision in peer dispersion

       Fix crash in chronyc on invalid command syntax

   27 Apr 2015: chrony-2.0 released
   Enhancements

       Update to NTP version 4 (RFC 5905)

       Add pool directive to specify pool of NTP servers

       Add leapsecmode directive to select how to correct clock for leap second

       Add smoothtime directive to smooth served time and enable leap smear

       Add minsources directive to set required number of selectable sources

       Add minsamples and maxsamples options for all sources

       Add tempcomp configuration with list of points

       Allow unlimited number of NTP sources, refclocks and keys

       Allow unreachable sources to remain selected

       Improve source selection

       Handle offline sources as unreachable

       Open NTP server port only when necessary (client access is allowed by \ 
allow directive/command or peer/broadcast is configured)

       Change default bindcmdaddress to loopback address

       Change default maxdelay to 3 seconds

       Change default stratumweight to 0.001

       Update adjtimex synchronisation status

       Use system headers for adjtimex

       Check for memory allocation errors

       Reduce memory usage

       Add configure options to compile without NTP, cmdmon, refclock support

       Extend makestep command to set automatic clock stepping

   Bug fixes

       Add sanity checks for time and frequency offset

       Don’t report synchronised status during leap second

       Don’t combine reference clocks with close NTP sources

       Fix accepting requests from configured sources

       Fix initial fallback drift setting

   To generate a diff of this commit:
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/chrony/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/chrony/PLIST
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/chrony/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/chrony/patches/patch-Makefile.in
   cvs rdiff -u -r1.1 -r0 pkgsrc/net/chrony/patches/patch-conf.c \
       pkgsrc/net/chrony/patches/patch-examples_chrony.keys.example
   cvs rdiff -u -r0 -r1.1 pkgsrc/net/chrony/patches/patch-doc_Makefile.in \
       pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3
   cvs rdiff -u -r1.2 -r0 pkgsrc/net/chrony/patches/patch-ntp__io.c

Files:
RevisionActionfile
1.35.2.1modifypkgsrc/net/chrony/Makefile
1.6.40.1modifypkgsrc/net/chrony/PLIST
1.11.26.1modifypkgsrc/net/chrony/distinfo
1.1.32.1modifypkgsrc/net/chrony/patches/patch-Makefile.in
1.1.2.2addpkgsrc/net/chrony/patches/patch-doc_Makefile.in
1.1.2.2addpkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3
1.1removepkgsrc/net/chrony/patches/patch-conf.c
1.1removepkgsrc/net/chrony/patches/patch-examples_chrony.keys.example
1.2removepkgsrc/net/chrony/patches/patch-ntp__io.c