chrony (3.4-2) unstable; urgency=medium

  To reduce the range of operations available to chronyd, and thereby decrease
  the kernel attack surface, a system call filter is now active by default
  wherever¹ possible.
  Please, take into account that this change prevents the use of the
  “mailonchange” directive in chrony.conf as the chronyd process will not be
  allowed to fork and execute the sendmail binary. Therefore, it is fundamental
  to disable the system call filter to continue using this directive!

  To do so, edit the /etc/default/chrony file and substitute the “-F -1”
  parameter with “-F 0”. Restart chrony afterward.

  ¹Are currently excluded alpha, ia64, m68k, riscv64, sh4 and sparc64
   architectures due to lack of support in “libseccomp” and/or the Linux kernel.

 -- Vincent Blut <vincent.debian@free.fr>  Sun, 10 Feb 2019 18:44:22 +0100

chrony (2.2.1-1) unstable; urgency=medium

  In chrony versions before 2.2, the 'chrony.keys' file contained a command
  key used for run-time configuration via the 'chronyc' command-line tool.
  Starting from this version, support for this authentication method has been
  dropped in favor of a Unix domain socket accessible only *locally* by root or
  the _chrony system user. Consequently, if you refuse to use the 'chrony.keys'
  file template provided by the maintainers when upgrading, please don’t forget
  to manually remove the obsolete command key (ID 1) in the aforementioned file.

 -- Vincent Blut <vincent.debian@free.fr>  Sun, 07 Feb 2016 17:02:30 +0100

chrony (2.1.1-1) unstable; urgency=medium

  From this version, 'chronyd' will strictly act as an NTP client by default. If
  you want it to serve time to other systems, please do so by configuring the
  'allow' directive.

 -- Vincent Blut <vincent.debian@free.fr>  Mon, 12 Oct 2015 19:12:39 +0200

chrony (1.31.1-1) unstable; urgency=medium

  From now on, we use the "hwclockfile" directive in /etc/chrony/chrony.conf.
  Basically, it makes the detection of the standard (Local or UTC time) set
  in /etc/adjtime — and used by the hardware clock — clearer compared to the
  text processing method we used to use in the post install script to complete
  the same task. Note that it overrides the "rtconutc" directive.

  Also, we now create the _chrony system user to which chronyd will drop root
  privileges. For users already allowing chronyd to drop root privileges in
  favor of the user configured by the "user" directive in
  /etc/chrony/chrony.conf, your configuration will remain unchanged and will
  still work as intended.
  However, some users might use a custom init script to accomplish the same
  task by invoking chronyd with the '-u' option. We advise you to drop this
  option from your init script before upgrading, otherwise you’ll have to
  readjust the owner of the /var/l{ib,og}/chrony directories (recursively) to
  the user you configured in your init script.

 -- Vincent Blut <vincent.debian@free.fr>  Sun, 6 Sep 2015 22:14:54 +0200