diff --git a/.chrony.metadata b/.chrony.metadata new file mode 100644 index 0000000..364bef3 --- /dev/null +++ b/.chrony.metadata @@ -0,0 +1,2 @@ +fa41e595e7041a9deda76a69e970a023091474f6 SOURCES/chrony-3.4.tar.gz +b674017c26433870107fb18e160c7d88d7d2eb86 SOURCES/clknetsim-8b4842.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9db88b6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/chrony-3.4.tar.gz +SOURCES/clknetsim-8b4842.tar.gz diff --git a/SOURCES/chrony-defconfig.patch b/SOURCES/chrony-defconfig.patch new file mode 100644 index 0000000..c1b067d --- /dev/null +++ b/SOURCES/chrony-defconfig.patch @@ -0,0 +1,26 @@ +diff -up chrony-3.2/examples/chrony.conf.example2.defconfig chrony-3.2/examples/chrony.conf.example2 +--- chrony-3.2/examples/chrony.conf.example2.defconfig 2017-09-15 08:32:09.000000000 +0200 ++++ chrony-3.2/examples/chrony.conf.example2 2017-09-18 12:48:08.688020942 +0200 +@@ -28,9 +28,6 @@ rtcsync + # Specify file containing keys for NTP authentication. + #keyfile /etc/chrony.keys + +-# Get TAI-UTC offset and leap seconds from the system tz database. +-#leapsectz right/UTC +- + # Specify directory for log files. + logdir /var/log/chrony + +--- chrony-3.4/examples/chrony.keys.example 2018-09-19 16:38:15.000000000 +0200 ++++ chrony-3.4/examples/chrony.keys.example 2017-09-15 08:32:09.000000000 +0200 +@@ -1,7 +1,6 @@ +-# This is an example chrony keys file. It enables authentication of NTP +-# packets with symmetric keys when its location is specified by the keyfile +-# directive in chrony.conf(5). It should be readable only by root and the +-# user under which chronyd is running. ++# This is an example chrony keys file. It is used for NTP authentication with ++# symmetric keys. It should be readable only by root or the user to which ++# chronyd is configured to switch to after start. + # + # Don't use the example keys! It's recommended to generate random keys using + # the chronyc keygen command. diff --git a/SOURCES/chrony-dnssrv@.service b/SOURCES/chrony-dnssrv@.service new file mode 100644 index 0000000..139ed28 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.service @@ -0,0 +1,8 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chronyd.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/chrony-helper update-dnssrv-servers %I diff --git a/SOURCES/chrony-dnssrv@.timer b/SOURCES/chrony-dnssrv@.timer new file mode 100644 index 0000000..8495e01 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/SOURCES/chrony-service-helper.patch b/SOURCES/chrony-service-helper.patch new file mode 100644 index 0000000..9035356 --- /dev/null +++ b/SOURCES/chrony-service-helper.patch @@ -0,0 +1,11 @@ +diff -up chrony-3.1/examples/chronyd.service.service-helper chrony-3.1/examples/chronyd.service +--- chrony-3.1/examples/chronyd.service.service-helper 2017-01-31 12:12:01.863772826 +0100 ++++ chrony-3.1/examples/chronyd.service 2017-01-31 12:12:30.371860064 +0100 +@@ -10,6 +10,7 @@ Type=forking + PIDFile=/var/run/chrony/chronyd.pid + EnvironmentFile=-/etc/sysconfig/chronyd + ExecStart=/usr/sbin/chronyd $OPTIONS ++ExecStartPost=/usr/libexec/chrony-helper update-daemon + PrivateTmp=yes + ProtectHome=yes + ProtectSystem=full diff --git a/SOURCES/chrony-timestamping.patch b/SOURCES/chrony-timestamping.patch new file mode 100644 index 0000000..971d7a4 --- /dev/null +++ b/SOURCES/chrony-timestamping.patch @@ -0,0 +1,19 @@ +diff -up chrony-3.2/doc/chrony.conf.man.in.timestamping chrony-3.2/doc/chrony.conf.man.in +--- chrony-3.2/doc/chrony.conf.man.in.timestamping 2017-09-15 10:17:41.000000000 +0200 ++++ chrony-3.2/doc/chrony.conf.man.in 2017-09-19 13:52:59.544187046 +0200 +@@ -3201,13 +3201,12 @@ timestamping. If the server or peer supp + be enabled by the \fBxleave\fP option in the \fBserver\fP or the + \fBpeer\fP directive. + .sp +-This directive is supported on Linux 3.19 and newer. The NIC must support HW ++This directive is supported on Linux. The NIC must support HW + timestamping, which can be verified with the \fBethtool \-T\fP command. The list of + capabilities should include \fISOF_TIMESTAMPING_RAW_HARDWARE\fP, + \fISOF_TIMESTAMPING_TX_HARDWARE\fP, and \fISOF_TIMESTAMPING_RX_HARDWARE\fP. Receive + filter \fIHWTSTAMP_FILTER_ALL\fP, or \fIHWTSTAMP_FILTER_NTP_ALL\fP, is necessary for +-timestamping of received packets. Timestamping of packets received from bridged +-and bonded interfaces is supported on Linux 4.13 and newer. When \fBchronyd\fP is ++timestamping of received packets. When \fBchronyd\fP is + running, no other process (e.g. a PTP daemon) should be working with the NIC + clock. + .sp diff --git a/SOURCES/chrony.dhclient b/SOURCES/chrony.dhclient new file mode 100644 index 0000000..8b12441 --- /dev/null +++ b/SOURCES/chrony.dhclient @@ -0,0 +1,20 @@ +#!/bin/bash + +SERVERFILE=$SAVEDIR/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + if [ "$PEERNTP" != "no" ]; then + for server in $new_ntp_servers; do + echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE + done + /usr/libexec/chrony-helper update-daemon || : + fi +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + /usr/libexec/chrony-helper update-daemon || : + fi +} diff --git a/SOURCES/chrony.helper b/SOURCES/chrony.helper new file mode 100644 index 0000000..c150ff6 --- /dev/null +++ b/SOURCES/chrony.helper @@ -0,0 +1,251 @@ +#!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. The script can also list +# and set static sources in the chronyd configuration file. + +chronyc=/usr/bin/chronyc +chrony_conf=/etc/chrony.conf +chrony_service=chronyd.service +helper_dir=/var/run/chrony-helper +added_servers_file=$helper_dir/added_servers + +network_sysconfig_file=/etc/sysconfig/network +dhclient_servers_files=/var/lib/dhclient/chrony.servers.* +dnssrv_servers_files=$helper_dir/dnssrv@* +dnssrv_timer_prefix=chrony-dnssrv@ + +chrony_command() { + $chronyc -a -n -m "$1" +} + +is_running() { + chrony_command "tracking" &> /dev/null +} + +is_update_needed() { + for file in $dhclient_servers_files $dnssrv_servers_files \ + $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 +} + +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$( + cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) + + all_servers=$( + echo "$all_servers_with_args" | + while read server serverargs; do + echo "$server" + done | sort -u) + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | + while read server; do + chrony_command "delete $server" &> /dev/null + done + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || + rm -f $added_servers_file +} + +get_dnssrv_servers() { + local name=$1 + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + ( + . $network_sysconfig_file &> /dev/null + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) + [ $? -ne 0 ] && return 0 + + echo "$output" | while read prio weight port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port ${NTPSERVERARGS:-iburst}" + done + ) +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" | + while read -r name; do + systemd-escape --unescape "$name" + done +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +is_source_line() { + local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+" + [[ "$1" =~ $pattern ]] +} + +list_static_sources() { + while read line; do + is_source_line "$line" && echo "$line" || : + done < $chrony_conf +} + +set_static_sources() { + local new_config tmp_conf + + new_config=$( + sources=$( + while read line; do + is_source_line "$line" && echo "$line" + done) + + while read line; do + if ! is_source_line "$line"; then + echo "$line" + continue + fi + + tmp_sources=$( + local removed=0 + + echo "$sources" | while read line2; do + [ "$removed" -ne 0 -o "$line" != "$line2" ] && \ + echo "$line2" || removed=1 + done) + + [ "$sources" == "$tmp_sources" ] && continue + sources=$tmp_sources + echo "$line" + done < $chrony_conf + + echo "$sources" + ) + + tmp_conf=${chrony_conf}.tmp + + cp -a $chrony_conf $tmp_conf && + echo "$new_config" > $tmp_conf && + mv $tmp_conf $chrony_conf || return 1 + + systemctl try-restart $chrony_service +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " list-static-sources" + echo " set-static-sources < sources.list" + echo " is-running" + echo " command CHRONYC-COMMAND" +} + +case "$1" in + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon + ;; + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers + ;; + list-static-sources) + list_static_sources + ;; + set-static-sources) + set_static_sources + ;; + is-running) + is_running + ;; + command|forced-command) + chrony_command "$2" + ;; + *) + print_help + exit 2 +esac + +exit $? diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec new file mode 100644 index 0000000..d2b5658 --- /dev/null +++ b/SPECS/chrony.spec @@ -0,0 +1,394 @@ +%global _hardened_build 1 +%global clknetsim_ver 8b4842 +%bcond_without debug + +Name: chrony +Version: 3.4 +Release: 1%{?dist} +Summary: An NTP client/server + +Group: System Environment/Daemons +License: GPLv2 +URL: https://chrony.tuxfamily.org +Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +Source1: chrony.dhclient +Source2: chrony.helper +Source3: chrony-dnssrv@.service +Source4: chrony-dnssrv@.timer +# simulator for test suite +Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz + +# add NTP servers from DHCP when starting service +Patch1: chrony-service-helper.patch +# remove upstream kernel versions in documentation of HW timestamping +Patch2: chrony-timestamping.patch +# revert upstream changes in packaged configuration examples +Patch3: chrony-defconfig.patch + +BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel +%ifarch %{ix86} x86_64 %{arm} aarch64 ppc64 ppc64le s390 s390x +BuildRequires: libseccomp-devel +%endif +BuildRequires: bison systemd-units +# require kernel headers with supported HW-timestamping features +BuildRequires: kernel-headers > 3.10.0-742 + +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +A client/server for the Network Time Protocol, this program keeps your +computer's clock accurate. It was specially designed to support +systems with intermittent internet connections, but it also works well +in permanently connected environments. It can use also hardware reference +clocks, system real-time clock or manual input as time references. + +%if 0%{!?vendorzone:1} +%global vendorzone %(source /etc/os-release && echo ${ID}.) +%endif + +%prep +%setup -q -n %{name}-%{version}%{?prerelease} -a 10 +%patch1 -p1 -b .service-helper +%patch2 -p1 -b .timestamping +%patch3 -p1 -b .defconfig + +# review changes in packaged configuration files and scripts +md5sum -c <<-EOF | (! grep -v 'OK$') + 47ad7eccc410b981d2f2101cf5682616 examples/chrony-wait.service + 58978d335ec3752ac2c38fa82b48f0a5 examples/chrony.conf.example2 + ba6bb05c50e03f6b5ab54a2b7914800d examples/chrony.keys.example + 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate + 8748a663f0b1943ea491858f414a6b26 examples/chrony.nm-dispatcher + 921b354e94f5e3db124cb50d11cd560f examples/chronyd.service +EOF + +# don't allow empty vendor zone +test -n "%{vendorzone}" + +# use our vendor zone and replace the pool directive with server +# directives as some configuration tools don't support it yet +sed -e 's|^\(pool \)\(pool.ntp.org.*\)|'\ +'server 0.%{vendorzone}\2\nserver 1.%{vendorzone}\2\n'\ +'server 2.%{vendorzone}\2\nserver 3.%{vendorzone}\2|' \ + < examples/chrony.conf.example2 > chrony.conf + +touch -r examples/chrony.conf.example2 chrony.conf + +# regenerate the file from getdate.y +rm -f getdate.c + +mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim + +%build +%configure \ +%{?with_debug: --enable-debug} \ + --enable-ntp-signd \ + --enable-scfilter \ + --docdir=%{_docdir} \ + --without-nettle \ + --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ + --with-user=chrony \ + --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-sendmail=%{_sbindir}/sendmail +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT + +rm -rf $RPM_BUILD_ROOT%{_docdir} + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d +mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} + +install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf + +install -m 640 -p examples/chrony.keys.example \ + $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys +install -m 755 -p examples/chrony.nm-dispatcher \ + $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +install -m 755 -p %{SOURCE1} \ + $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +install -m 644 -p examples/chrony.logrotate \ + $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony + +install -m 644 -p examples/chronyd.service \ + $RPM_BUILD_ROOT%{_unitdir}/chronyd.service +install -m 644 -p examples/chrony-wait.service \ + $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service +install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service +install -m 644 -p %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer + +install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper + +cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd < \ + $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list + +%check +# set random seed to get deterministic results +export CLKNETSIM_RANDOM_SEED=24502 +make %{?_smp_mflags} -C test/simulation/clknetsim +make quickcheck + +%pre +getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony +getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ + -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony +: + +%post +# fix PIDFile in local chronyd.service on upgrades from chrony < 3.3-2 +if grep -q 'PIDFile=%{_localstatedir}/run/chronyd.pid' \ + %{_sysconfdir}/systemd/system/chronyd.service 2> /dev/null && \ + ! grep -qi '^[ '$'\t'']*pidfile' %{_sysconfdir}/chrony.conf 2> /dev/null +then + sed -i '/PIDFile=/s|/run/|/run/chrony/|' \ + %{_sysconfdir}/systemd/system/chronyd.service +fi +# workaround for late reload of unit file (#1614751) +%{_bindir}/systemctl daemon-reload +%systemd_post chronyd.service chrony-wait.service + +%preun +%systemd_preun chronyd.service chrony-wait.service + +%postun +%systemd_postun_with_restart chronyd.service + +%files +%doc COPYING FAQ NEWS README +%config(noreplace) %{_sysconfdir}/chrony.conf +%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys +%config(noreplace) %{_sysconfdir}/logrotate.d/chrony +%config(noreplace) %{_sysconfdir}/sysconfig/chronyd +%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +%{_bindir}/chronyc +%{_sbindir}/chronyd +%{_libexecdir}/chrony-helper +%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_unitdir}/chrony*.service +%{_unitdir}/chrony*.timer +%{_mandir}/man[158]/%{name}*.[158]* +%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc +%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony + +%changelog +* Thu Jan 10 2019 Miroslav Lichvar 3.4-1 +- update to 3.4 (#1636117, #1565544, #1565548, #1596239, #1600882) +- drop support for HW timestamping on kernels < 3.10.0-613 + +* Tue Dec 05 2017 Miroslav Lichvar 3.2-2 +- fix chronyc getting stuck in infinite loop after clock step (#1520884) + +* Tue Sep 19 2017 Miroslav Lichvar 3.2-1 +- update to 3.2 (#1482565 #1462081 #1454765) +- use ID from /etc/os-release to set pool.ntp.org vendor zone + +* Mon Apr 24 2017 Miroslav Lichvar 3.1-2 +- don't drop PHC samples with zero delay (#1443342) + +* Fri Feb 03 2017 Miroslav Lichvar 3.1-1 +- update to 3.1 (#1387223 #1274250 #1350669 #1406445) +- don't start chronyd without capability to set system clock (#1306046) +- fix chrony-helper to escape names of systemd units (#1418968) +- package chronyd sysconfig file (#1396840) + +* Fri Nov 18 2016 Miroslav Lichvar 2.1.1-4 +- fix crash with smoothtime leaponly directive (#1392793) + +* Tue Jun 28 2016 Miroslav Lichvar 2.1.1-3 +- fix chrony-helper to exit with correct status (#1350531) + +* Wed May 25 2016 Miroslav Lichvar 2.1.1-2 +- extend chrony-helper to allow management of static sources (#1331655) + +* Tue Jun 23 2015 Miroslav Lichvar 2.1.1-1 +- update to 2.1.1 (#1117882) +- add -n option to gzip command to not save timestamp + +* Mon Jun 22 2015 Miroslav Lichvar 2.1-1 +- update to 2.1 (#1117882 #1169353 #1206504 #1209568 CVE-2015-1821 + CVE-2015-1822 CVE-2015-1853) +- extend chrony-helper to allow using servers from DNS SRV records (#1211600) +- add servers from DHCP with iburst option by default (#1219492) +- execute test suite + +* Tue Feb 04 2014 Miroslav Lichvar 1.29.1-1 +- update to 1.29.1 (#1053022, CVE-2014-0021) +- fix selecting of sources with prefer option (#1061048) +- fix potential bug in writing of drift files (#1061106) +- replace hardening build flags with _hardened_build (#1061036) + +* Fri Jan 24 2014 Daniel Mach - 1.29-4 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.29-3 +- Mass rebuild 2013-12-27 + +* Thu Oct 03 2013 Miroslav Lichvar 1.29-2 +- add ordering dependency to not start chronyd before ntpd stopped (#1011968) + +* Fri Aug 09 2013 Miroslav Lichvar 1.29-1 +- update to 1.29 (#995373, CVE-2012-4502, CVE-2012-4503) + +* Wed Jul 17 2013 Miroslav Lichvar 1.28-1 +- update to 1.28 +- change default makestep limit to 10 seconds + +* Mon Jun 24 2013 Miroslav Lichvar 1.28-0.2.pre1 +- buildrequire systemd-units + +* Fri Jun 21 2013 Miroslav Lichvar 1.28-0.1.pre1 +- update to 1.28-pre1 +- listen for commands only on localhost by default + +* Thu May 09 2013 Miroslav Lichvar 1.27-3 +- disable chrony-wait service by default (#961047) +- drop old systemd scriptlets +- don't own ntp-units.d directory +- move files from /lib +- remove unncessary dependency on syslog target + +* Tue Mar 12 2013 Miroslav Lichvar 1.27-2 +- suppress error messages from tr when generating key (#907914) +- fix delta calculation with extreme frequency offsets + +* Fri Feb 01 2013 Miroslav Lichvar 1.27-1 +- update to 1.27 +- start chrony-wait service with chronyd +- start chronyd service after sntp +- remove obsolete macros + +* Tue Sep 11 2012 Miroslav Lichvar 1.27-0.5.pre1.git1ca844 +- update to git snapshot 1ca844 +- update systemd integration (#846303) +- use systemd macros if available (#850151) +- use correct vendor pool.ntp.org zone on RHEL (#845981) +- don't log output of chrony-wait service + +* Wed Jul 18 2012 Fedora Release Engineering - 1.27-0.4.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Miroslav Lichvar 1.27-0.3.pre1 +- update service file for systemd-timedated-ntp target (#816493) + +* Fri Apr 06 2012 Miroslav Lichvar 1.27-0.2.pre1 + use systemctl is-active instead of status in chrony-helper (#794771) + +* Tue Feb 28 2012 Miroslav Lichvar 1.27-0.1.pre1 +- update to 1.27-pre1 +- generate SHA1 command key instead of MD5 + +* Wed Feb 15 2012 Miroslav Lichvar 1.26-6.20110831gitb088b7 +- remove old servers on DHCP update (#787042) + +* Fri Feb 10 2012 Miroslav Lichvar 1.26-5.20110831gitb088b7 +- improve chrony-helper to keep track of servers added from DHCP (#787042) +- fix dhclient script to always return with zero exit code (#767859) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.26-4.20110831gitb088b7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Sep 06 2011 Miroslav Lichvar 1.26-3.20110831gitb088b7 +- update to git snapshot 20110831gitb088b7 +- on first start generate password with 16 chars +- change systemd service type to forking +- add forced-command to chrony-helper (#735821) + +* Mon Aug 15 2011 Miroslav Lichvar 1.26-2 +- fix iburst with very high jitters and long delays +- use timepps header from pps-tools-devel + +* Wed Jul 13 2011 Miroslav Lichvar 1.26-1 +- update to 1.26 +- read options from sysconfig file if it exists + +* Fri Jun 24 2011 Miroslav Lichvar 1.26-0.1.pre1 +- update to 1.26-pre1 +- fix service name in %%triggerun +- drop SysV init script +- add chrony-wait service + +* Fri May 06 2011 Bill Nottingham 1.25-2 +- fix systemd scriptlets for the upgrade case + +* Wed May 04 2011 Miroslav Lichvar 1.25-1 +- update to 1.25 + +* Wed Apr 20 2011 Miroslav Lichvar 1.25-0.3.pre2 +- update to 1.25-pre2 +- link with -Wl,-z,relro,-z,now options + +* Tue Feb 08 2011 Fedora Release Engineering - 1.25-0.2.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Miroslav Lichvar 1.25-0.1.pre1 +- update to 1.25-pre1 +- use iburst, four pool servers, rtcsync, stratumweight in default config +- add systemd support +- drop sysconfig file +- suppress install-info errors + +* Thu Apr 29 2010 Miroslav Lichvar 1.24-4.20100428git73d775 +- update to 20100428git73d775 +- replace initstepslew directive with makestep in default config +- add NetworkManager dispatcher script +- add dhclient script +- retry server/peer name resolution at least once to workaround + NetworkManager race condition on boot +- don't verify chrony.keys + +* Fri Mar 12 2010 Miroslav Lichvar 1.24-3.20100302git5fb555 +- update to snapshot 20100302git5fb555 +- compile with PPS API support + +* Thu Feb 04 2010 Miroslav Lichvar 1.24-1 +- update to 1.24 (#555367, CVE-2010-0292 CVE-2010-0293 CVE-2010-0294) +- modify default config + - step clock on start if it is off by more than 100 seconds + - disable client log +- build with -fPIE on sparc + +* Tue Dec 15 2009 Miroslav Lichvar 1.24-0.1.pre1 +- update to 1.24-pre1 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.23-7.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 17 2009 Miroslav Lichvar 1.23-6.20081106gitbe42b4 +- switch to editline +- support arbitrary chronyc commands in init script + +* Mon Jun 08 2009 Dan Horak 1.23-5.20081106gitbe42b4 +- add patch with support for s390/s390x + +* Mon Mar 09 2009 Miroslav Lichvar 1.23-4.20081106gitbe42b4 +- fix building with broken libcap header (#483548) + +* Mon Feb 23 2009 Fedora Release Engineering - 1.23-3.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Nov 19 2008 Miroslav Lichvar 1.23-2.20081106gitbe42b4 +- fix info uninstall +- generate random command key in init script +- support cyclelogs, online, offline commands in init script +- add logrotate script + +* Tue Nov 11 2008 Miroslav Lichvar 1.23-1.20081106gitbe42b4 +- initial release