-
chrony (3.5-6ubuntu6.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-14367.patch: add functions for common file
operations and switch to new util file functions in
logging.c, main.c, sysincl.h, util.c, util.h.
- CVE-2020-14367
* Fix test for NTP era split
- debian/patches/test-fix-util-unit-test-for-NTP-era-split.patch: in
test/unit/util.c.
-- <email address hidden> (Leonidas S. Barbosa) Tue, 25 Aug 2020 11:47:23 -0300
-
chrony (3.5-6ubuntu6.1) focal; urgency=medium
* d/patches/: Add allow-some-*time64-syscalls-in-seccomp-filter.patch
(LP: #1878005) Thanks to Vincent Blut
- backport time64 fix to 3.5-6 level
-- Christian Ehrhardt <email address hidden> Wed, 20 May 2020 10:16:34 +0200
-
chrony (3.5-6ubuntu6) focal; urgency=medium
* d/postrm: Reinstate the remove target (LP: #1873810)
-- Christian Ehrhardt <email address hidden> Mon, 20 Apr 2020 15:58:52 +0200
-
chrony (3.5-6ubuntu5) focal; urgency=medium
* d/t/control: harden time-sources-from-dhcp-servers test for systemd change
(LP: #1873031)
chrony (3.5-6ubuntu4) focal; urgency=medium
* debian/postrm:
- Stop starting systemd-timesyncd in postrm. This is no longer relevant
since systemd-timesyncd is a standalone package declaring
Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 18:23:10 +0200
-
chrony (3.5-6ubuntu4) focal; urgency=medium
* debian/postrm:
- Stop starting systemd-timesyncd in postrm. This is no longer relevant
since systemd-timesyncd is a standalone package declaring
Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 09:01:30 +0200
-
chrony (3.5-6ubuntu3) focal; urgency=medium
* avoid multiple time services running concurrently (LP: #1870144).
This fixes the autopkgtests vs chrond itself, the issue of concurrent
systemd-timesyncd will be fixed in systemd by (LP 1849156)
- d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
- d/t/upstream-system-tests: fix stderr in case services do not exist
-- Christian Ehrhardt <email address hidden> Wed, 01 Apr 2020 09:25:45 +0200
-
chrony (3.5-6ubuntu2) focal; urgency=medium
* fix capsh usage in focal avoiding to always fall back to -x (LP: #1867036)
- d/control: add versioned dependency to libcap2-bin new enough to
support --has-p
- d/chronyd-starter.sh: update capsh usage to use --has-p
-- Christian Ehrhardt <email address hidden> Tue, 31 Mar 2020 10:19:20 +0200
-
chrony (3.5-6ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1866753). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
-- Christian Ehrhardt <email address hidden> Thu, 12 Mar 2020 11:02:33 +0100
-
chrony (3.5-5ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1859969). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
* Dropped changes:
- d/t/control: destructive_system_tests only work on amd64 and s390x right
now [fixed by backporting fixes from upstream in 3.5-5 ]
- d/t/upstream-simulation-test-suite: ignore warnings on stderr while
running clksim make
[ in Debian 3.5-5 ]
chrony (3.5-5) unstable; urgency=medium
* debian/control:
- Bump standard-version to 4.4.1 (no change required).
* debian/install:
- Install 50-chrony.list in /usr/lib/systemd/ntp-units.d.
* debian/ntp-units.d/50-chrony.list:
- Allow timedated to interact with chronyd.
* debian/patches/*:
- Cherry-pick upstream commits to better manage RTCs that don't support
interrupts. This fixes an issue exhibited when a specific upstream system
test is run on the Ubuntu CI. Thank to Christian Ehrhardt for working
with Miroslav Lichvar to address this problem.
* debian/tests/control:
- Use @builddeps@ as a test dependency for upstream_system_tests.
[ Christian Ehrhardt ]
* debian/tests/upstream-simulation-test-suite:
- Redirect stderr on make call to stdout. On some architectures (e.g. armhf)
the clksim tests compile but throw some warnings. (MR: !2)
-- Christian Ehrhardt <email address hidden> Thu, 16 Jan 2020 12:55:32 +0100
-
chrony (3.5-4ubuntu2) focal; urgency=medium
* d/t/control: destructive_system_tests only work on amd64 and s390x right
now
* d/t/upstream-simulation-test-suite: ignore warnings on stderr while
running clksim make
-- Christian Ehrhardt <email address hidden> Tue, 03 Dec 2019 14:50:50 +0100
-
chrony (3.5-4ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1854328). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
* Dropped changes:
- d/t/control: allow stderr for recent changes in resolved/iproute
(LP 1836882) [no more needed]
chrony (3.5-4) unstable; urgency=medium
* debian/tests/control:
- Add @builddeps@ to the list of dependencies needed by the
upstream-simulation-test-suite test.
chrony (3.5-3) unstable; urgency=medium
* debian/chrony.lintian-overrides:
- Override package-supports-alternative-init-but-no-init.d-script. This
is a false positive. chrony-dnssrv@.service isn’t a daemon but a oneshot
service, not started at boot, whose role is to lookup for _ntp._udp DNS SRV
records.
* debian/chrony.service:
- Pull in time-sync.target and order chrony before it as recommended in
systemd.special(7).
* debian/control:
- Bump standard-version to 4.4.0 (no changes required).
* debian/.gitlab-ci.yml:
- Switch to standard Salsa Pipeline.
- Skip the reprotest job for as long as it is run as root due to problems
with chrony system tests.
* debian/tests/*:
- Revamp the upstream-simulation-test-suite test.
- Adjust dpkg dependencies for upstream-simulation-test-suite.
- Adjust restrictions for upstream-simulation-test-suite.
- Introduce upstream-system-tests. Add a new set of tests for testing
basic chronyd functionality. Destructive tests are run in a virtual
machine.
- Add ethtool to the list of dependencies needed by
run_destructive_system_tests.
- exit 77 if upstream-simulation-test-suite is run on non-Linux and mark
the test as skippable. Thanks to Paul Gevers <email address hidden> for the
suggestion.
- Make artifacts() exit 1. Again, thanks to Paul Gevers.
-- Christian Ehrhardt <email address hidden> Thu, 28 Nov 2019 10:31:36 +0100
-
chrony (3.5-2ubuntu3) focal; urgency=medium
* No-change rebuild against libnettle7
-- Steve Langasek <email address hidden> Thu, 31 Oct 2019 22:07:56 +0000
-
chrony (3.5-2ubuntu2) eoan; urgency=medium
* d/t/control: allow stderr for recent changes in resolved/iproute
(LP: #1836882)
chrony (3.5-2ubuntu1) eoan; urgency=medium
* Merge with Debian experimental (LP: #1835046). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
* Dropped changes (accepted in Debian now):
- d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
- d/postrm: respect policy-rc.d when restoring systemd-timesyncd
(LP 1771994)
chrony (3.5-2) unstable; urgency=medium
* Merge branch “experimental” into “master”.
* debian/chrony.dhcp:
- Fix shellcheck warnings. Patch imported from Fedora.
* debian/chrony-helper:
- Fix shellcheck warnings. Patch imported from Fedora.
* debian/clean:
- Drop obsolete entries.
* debian/copyright:
- Update copyright years.
- Update copyright holder for the configure script.
* debian/patches/*:
- Add update_processing_of_packet_log.patch. This fixes a regression in
the simulation tests exhibited by the recent clknetsim changes.
(Closes: #931181)
* debian/rules:
- Use dh_missing --fail-missing.
* debian/tests/upstream-simulation-test-suite:
- Use a known good clknetsim commit. This should prevent regressions from
on-going “clknetsim” development.
* debian/usr.sbin.chronyd:
- Grant access rights only to the ntp_signd socket. (Closes: #928170)
[ Christian Ehrhardt ]
* debian/postrm:
- Re-establish systemd-timesyncd on removal. (MR: !1)
chrony (3.5-1) experimental; urgency=medium
* Import upstream version 3.5:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* debian/control:
- Ignore net-tools and procps build-dependencies if the profile nocheck is
active.
* debian/rules:
- No test suite should be run if nocheck is passed to DEB_BUILD_OPTIONS.
chrony (3.5~pre1-1) experimental; urgency=medium
* Import upstream version 3.5-pre1:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* debian/.gitlab-ci.yml:
- Use .build-package template job instead of .build-unstable. The latter
is deprecated.
* debian/chrony.keys:
- Fix the comment about the location of the list of supported hash
functions and output encoding. These information are now available by
consulting the “keyfile” directive in the chrony.conf(5) man page.
* debian/control:
- Drop dependency on lsb-base. Is is required when booting with sysvinit
and initscripts, however initscripts already Depends on lsb-base.
- Build-depend on net-tools and procps. kill, netstat and ps are needed
for the new system tests executed at build time (iff building as root).
* debian/copyright:
- Add an entry for test/system/* files.
* debian/patches/*:
- Drop all patches, they have been applied upstream.
* debian/postinst:
- Drop migration code from pre-stretch.
* debian/README.Debian:
- Fix information related to the chrony.keys file.
-- Christian Ehrhardt <email address hidden> Wed, 17 Jul 2019 12:41:58 +0200