chrony (1.24-3+squeeze3) squeeze-lts; urgency=medium * Fix CVE-2016-1567: retrict authentication of server/peer to specified key (Closes: #812923) * debian/applied/: - Add 14_restrict-authentication-of-server-peer-to-specified-key.patch, and update the series file accordingly. -- Vincent Blut Wed, 03 Feb 2016 17:34:59 +0100 chrony (1.24-3+squeeze2) squeeze-lts; urgency=high * With the following security bugfixes (See: #782160): - Fix CVE-2015-1853: Protect authenticated symmetric NTP associations against DoS attacks. - Fix CVE-2015-1821: Fix access configuration with subnet size indivisible by 4. - Fix CVE-2015-1822: Fix initialization of reply slots for authenticated commands. -- Joachim Wiedorn Fri, 10 Apr 2015 23:26:23 +0200 chrony (1.24-3+squeeze1) oldstable-security; urgency=low * CVE-2013-4502, CVE-2013-4503 -- Moritz Muehlenhoff Sat, 21 Sep 2013 12:15:18 +0000 chrony (1.24-3) unstable; urgency=high * Applied (modifed) patch from Gregor Herrmann. Closes: #593145: fails to configure on installation Closes: #552162: chrony incorrectly thinks that it has failed to (re)start Closes: #592930: invoke-rc.d: initscript chrony, action "start" failed. -- John G. Hasler Tue, 14 Sep 2010 10:06:47 -0500 chrony (1.24-2) unstable; urgency=low * Fixed regression that caused default CHRONY_IOC_ lines to vanish from io_linux.h thereby breaking hppa and ia64. Closes: #588930: FTBFS [ia64,hppa]: "I don't know the values of the _IOC_* constants on your architecture" * $remote_fs was added in 1.24-1. Depending on networking is neither necessary nor desireable. Closes: #590888: Dependencies on init.d script insuficcient * Still need to rewrite scripts. -- John G. Hasler Fri, 30 Jul 2010 20:32:55 -0500 chrony (1.24-1) unstable; urgency=low * New upstream release. The scripts will be rewritten and many more bugs taken care of in -2. Right now I want to get 1.24 out there. * Applied patch from Petter Reinholdtsen to init.d Closes: #541806: misses syslog dependency in LSB headers * Chrony cannot be linked to libreadline6 because it is GPLv2 only. Closes: #553739 replacing libreadline5-dev build dependency with libreadline-dev * "configure" rewritten upstream, eliminating "+=". Closes: #573036: RTC support disabled (due to Bashism in configure line 293) * Removed "install-info" from scripts. Closes: #568703: dpkg warnings * client.c has been rewritten upstream. Closes: #573032 * Fixed typos. Closes: #434629: 'man chrony', 'cronyc', 'cronyd' typos: "parateters" x 2, "priviliges" * Added debian/source/format containing "1.0". -- John G. Hasler Tue, 22 Jun 2010 16:01:29 -0500 chrony (1.23-7) unstable; urgency=high * Applied patches from upstream to fix remote DOS: CVE-2010-0292 Don't reply to invalid cmdmon packets CVE-2010-0293 Limit client log memory size CVE-2010-0294 Limit rate of syslog messages -- John G. Hasler Tue, 02 Feb 2010 19:37:50 -0600 chrony (1.23-6) unstable; urgency=low * Commented out rtcfile directive in chrony.conf because it can cause lockups with certain combinations of motherboard and kernel (this is a known kernel bug). Closes: #508298: chronyd unreachable and does not work (clock drifts) * Chrony no longer uses the ppp/ip-up.d and ppp/ip-up.d files and the new init.d file won't hang if chronyc hangs. Closes: #448481: /etc/ppp/ip-up.d/chrony doesn't work when bindaddress is set. * Cannot reproduce on current version on amd64. Closes: #412961: error in tracking report (on amd64?) -- John Hasler Wed, 10 Dec 2008 14:16:37 -0600 chrony (1.23-5) unstable; urgency=low * Replaced background kill with 'timelimit' in initscript. Closes: #505094: chrony: kills random netstat processes * Added 'Recommends: udev (>= 0.124-1)' Closes: #497113: /dev/rtc renamed to /dev/rtc0 with linux-image-2.6-*/2.6.26+15 * Had previously applied patch from Nathanael Nerode to fix configure bug but forgot to close the bug. Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses -- John Hasler Sun, 09 Nov 2008 20:19:22 -0600 chrony (1.23-4) unstable; urgency=low * Fixed dependency of init script on Pppconfig ip-up.d script by moving those lines into the init script. * Added checks to try to make sure that Chronyd is really, really running. Changed Netstat call to use -n, added code to kill it if it hangs. Added code to kill Chronyc if it can't contact Chronyd. Discussed the HPET/rtc problem in NEWS.Debian. Closes: #504000: init script hangs for a while might break upgrade * Added missing initialization to create_instance() in ntp_core.c. This was why UTI_NormaliseTimeval() was being called with huge values at times. * See comment on #195620 in 1.21z-6 below. If you know of more LP64 bugs reopen #348412 with a patch. Closes: #348412: chronyc not LP64 compliant * Added comment about sources being discarded to chrony.conf as suggested by Andreas Hübner in #268289. * This is normal behavior. Closes: #287060: trimrtc takes 40 seconds to take effect -- John Hasler Thu, 06 Nov 2008 10:38:58 -0600 chrony (1.23-3) unstable; urgency=high * Rewrote UTI_NormaliseTimeval()in util.c to use divide/remainder instead of loops at the suggestion of Gabor Gombas. This prevents the problem of the loop running until the sun goes out when the function is called with a very large value for tv_usec on 64-bit architectures. Also fixed some other spots where the same loop was being used. Closes: #474294 Goes into endless loop Closes: #447011 chronyd stalls with 100% CPU usage I still don't know why the function is being called with such a large value, however. * Changed default servers in chrony,conf to Debian servers. Closes: #434483: chrony: Should use NTP servers in Debian pool -- John Hasler Sat, 26 Apr 2008 11:47:44 -0500 chrony (1.23-2) experimental; urgency=low * Added default IOC's to io_linux.h. Closes: #477043: chrony_1.23-1(ia64/experimental): FTBFS: IOC constants unknown on ia64 Closes: #476963: chrony_1.23-1(hppa/experimental): FTBFS: "I don't know the values of the _IOC_* constants for your architecture" -- John Hasler Sun, 20 Apr 2008 13:29:29 -0500 chrony (1.23-1) experimental; urgency=low * New upstream release This is 1.23 with Debian patches applied (including some for LP64). I'm uploading this to Experimental to get it tested on x86_64 to see if #474294 is fixed. -- John Hasler Sat, 19 Apr 2008 14:49:15 -0500 chrony (1.21z-6) unstable; urgency=low * Applied patches from Eric Lammerts and Goswin von Brederlow to cast the value returned by ntohl to int32_t and so cause correct sign-extension near line 1655 in client.c. Also fixed similar bugs in the same area. I'm not sure this entirely fixes the chronyc number display problem, though. I've not closed #348412 here because chrony is still not fully LP64 compliant. Closes: #195620: Strange "System time : xxx seconds slow of NTP time" output * Replaced addrfilt.c with addrfilt.c from upstream git repository. This fixes the recursive structure definition problems. * Replaced 'route' with 'netstat -r' in the initscript. * Applied patch for configure script from Nathanael Nerode to delete the superfluous "lncurses" at line 327. Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses * Added test to reject servers claiming stratum less than 1 in ntp_core.c "Test 7". Bill Unruh has run across a server that sometimes claims to be stratum 0, which causes considerable confusion. -- John Hasler Fri, 16 Feb 2007 17:47:40 -0600 chrony (1.21z-5) unstable; urgency=high * Applied postinst patch from Lionel Elie Mamane to test for the existence of old .keys and .conf files before renaming them. Closes: #397759: fails to configure: mv: cannot stat `/etc/chrony/chrony.keys.1.21-2': No such file or directory * Added burst command to /etc/ppp/ip-up.d/chrony to give chronyd a kick in the butt. Shouldn't need that, though. Initscript now calls /etc/ppp/ip-up.d/chrony if a default route exists. Closes: #397739: Not connecting to sources after reboot - dialup -- John Hasler Sun, 26 Nov 2006 08:07:20 -0600 chrony (1.21z-4) unstable; urgency=low * Added test for /usr/bin/mail to postinst. Closes: #386651: chrony: Requires /usr/bin/mail but doesn't depend on it Closes: #390280: chrony: missing dependency on mail * Added LSB headers to initscript * Corrected erroneous use of 'dpkg --compare-version' in preinst and postinst. Closes: #386733: fails to configure (bad upgrade check) * Added rm to postinst to remove keyfile possibly left by a failed install. Closes: #390278: usage of tempfile /etc/chrony/chrony.keys is doubtful -- John Hasler Sat, 7 Oct 2006 13:39:49 -0500 chrony (1.21z-3) unstable; urgency=low * Changed upstream version number from 1.21 to 1.21z to satisfy Debian archive software. * Replaced impure chrony_1.21.orig.tar.gz. Closes: #340030: chrony: Tarball is impure * Now Provides, Conflicts, Replaces time-daemon Closes: #330839: time-daemon pseudopackage * Corrected typos. Closes: #321121: chrony: typo in 'Conflicts:' field: s/ntpsimple/ntp-simple/ and s/ntprefclock/ntp-refclock/ * Rewrote postinst and postrm to use ucf. Wrote preinst to protect chrony.conf from dpkg. Closes: #351332: chrony: conffile change prompt prevents smooth upgrade from sarge to etch * Deleted last few lines of chrony.conf as they no longer apply. * Deleted .arch-ids from contrib and examples. * Fixed typo in chronyc.1 Closes: #349871: chrony: typo in chrnoyc.1 results in missing word * Corrected references in man pages. Closes: #345034: chrony: man pages refer to wrong sections * Added "allow 172.16/12" to chrony.conf. Closes: #252952: chrony: default allow should also have 172.16/12 * Channged server lines in chrony.conf to follow ntp.org current recommendation. Closes: #243534: chrony: new pool.ntp.org setup doesn't work well * Fixed FSF address in debian/copyright. -- John Hasler Fri, 1 Sep 2006 10:52:52 -0500 chrony (1.21-2) unstable; urgency=high * Patched io_linux.h to add missing architectures. Closes: #339764: chrony - FTBFS: #error "I don't know the values of the _IOC_* constants for your architecture" * Fixed brown-bag error in rules. Closes: #339853: /usr/sbin/chronyd is missing -- John Hasler Sat, 19 Nov 2005 10:12:49 -0600 chrony (1.21-1) unstable; urgency=low * New upstream release Closes: #328292: New version of chrony avalaible Closes: #301592: Fails to read RTC and floods logfiles * Enabled RTC as upstream has installed a work-around for the HPET bug. * Switched to libreadline5. Closes: #326379: please rebuild with libreadline5-dev as build dependency * Patched addrfilt.c to fix gcc 4.0 build problem. Closes: #298709: chrony: FTBFS (amd64/gcc-4.0): array type has incomplete element type * There are lots more minor things to fix but I'm uploading now to close the serious bugs. I'll upload another version with some improvements in a few weeks. -- John Hasler Tue, 15 Nov 2005 18:39:49 -0600 chrony (1.20-8) unstable; urgency=high * Added test for /usr/bin/mail in postinst. Closes: #307061: Install failure: Cannot configure on system without mailx I consider this bug serious because it can cause installation to fail and so I want to get the fix into Sarge. * Fixed typo in chrony.conf, replaced '/etc/init.d/chrony restart' with 'invoke-rc.d chrony restart'. Closes: #305090: Typo in chrony.conf, should mention invoke-rc.d * Added README.Debian explaining that rtc is off by default. -- John Hasler Sat, 30 Apr 2005 18:47:30 -0500 chrony (1.20-7) unstable; urgency=low * Added info-4 to debian/rules. Closes: #287142: chrony: Can't find chrony.info-4 * Corrected "See Also" section in chrony man page. Now mentions chronyc(1), chronyd(8), and chrony.conf(5). Closes: #287444: chrony.1.gz: SEE ALSO on man page has wrong section. * Edited chrony.conf to disable rtc by default and explain why: on some systems that use genrtc or the HPET real-time clock it fails and causes chronyd to fill up the log. The failure is probably due to a kernel bug, bug the logging should be throttled. * Added more explanatory comments at the servers directive in chrony.conf. * The postinst script now sends a message to root saying where the password is, whether Chrony is assuming UTC or local time, that rtc updating is disabled, why, and how to change it. * Added missing '#' to "Can't tell how your clock is set: assuming local time." in postinst. -- John Hasler Tue, 12 Apr 2005 17:59:13 -0500 chrony (1.20-6) unstable; urgency=low * Fixed error in chrony.conf where the non-existent 'online' directive was mentioned. Closes: #257235 misleading instructions in chrony.conf * Patched Makefile.in to generate faq.html. Closes: #265936 /usr/share/doc/chrony/faq.txt.gz: how to read? -- John Hasler Sat, 4 Dec 2004 17:47:31 -0600 chrony (1.20-5) unstable; urgency=low * Put pool.ntp.org servers in chrony.conf as defaults. * Fixed erroneous references to chronyd(1) in some man pages. Closes: #241746 SEE ALSO chronyd(1) should be (8) * I got a new motherboard and can no longer reproduce this. If you can please reopen the bug. Closes: #223518 Rtc stuff is broken * Edited chrony.conf(5). Closes: #241745 many more features have been added * Edited chrony.conf to add logchange and mailonchange and to enable rtc by default. Closes: #226644 /etc/chrony/chrony.conf: rtc; not all options are noted in conf file * Fixed upstream: see NEWS. Closes: #124089 mistake in the chrony manual Closes: #177366: trailing blank on log lines Closes: #195618 failure to use /dev/misc/rtc floods logfiles Closes: #53066 "acquisitionport" directive and doc fixes [patch] Closes: #100880 RFE: don't use /proc when uname(2) will do Closes: #163470: different bindaddresses for ntp port and control port Closes: #200174: Chrony breaks under Kernel 2.5 (two bugs) -- John Hasler Sat, 10 Apr 2004 22:00:00 -0500 chrony (1.20-4) unstable; urgency=low * Added '#include ' to rtc_linux.c to fix Alpha build problem. Also removed spinlock stuff from configure. -- John Hasler Fri, 26 Dec 2003 21:00:00 -0600 chrony (1.20-3) unstable; urgency=low * Removed all inclusions of kernel headers. Hopefully Chrony will now build on m68k. -- John Hasler Tue, 23 Dec 2003 19:00:00 -0600 chrony (1.20-2) unstable; urgency=low * Removed spinlock.h and mc146818.h from rtc_linux.c. linux/rtc.h and RTC_UIE=0x10 provide everything needed now. Closes: #223134 FTBFS: Errors in kernel headers * However, rtc is now broken (and appears to have been broken for some time) on 440BX chipsets with 2.4 kernels. -- John Hasler Fri, 12 Dec 2003 13:00:00 -0600 chrony (1.20-1) unstable; urgency=low * New upstream release. * Frank Otto's patch to sys_linux.c, function guess_hz_and_shift_hz now incorporated upstream. Closes: #198557 Fatal error: chronyd can't determine hz for kernel with HZ=200 * Security and 64 bit patches are now incorporated upstream along with most non-i386 architecture patches. * Put correct links in /usr/share/doc/chrony/timeservers. Closes: #189686 /usr/share/doc/timeservers links are broken * Put correct links in chrony.conf. Closes: #210886 bad link in chrony.conf * Put missing newlines in apm and chrony.keys. Closes: #211604 Build-warning: some files misses final newline * Removed conflict with ntpdate. -- John Hasler Tue, 7 Oct 2003 22:00:00 -0500 chrony (1.19-10) unstable; urgency=low * Put linux/linkage.h ahead of linux/spinlock.h as I meant to in the first place. -- John Hasler Sun, 13 Jul 2003 7:00:00 -0500 chrony (1.19-9) unstable; urgency=low * Added "#include " to rtc_linux.c to fix mips build failure. Closes: #200165 chrony doesn't build on mips and mipsel -- John Hasler Sat, 12 Jul 2003 10:00:00 -0500 chrony (1.19-8) unstable; urgency=low * Added bison to build-depends because of addition of getdate.y -- John Hasler Tue, 3 Jun 2003 10:00:00 -0500 chrony (1.19-7) unstable; urgency=high * Closes: #186498 chronyc hangs if no chronyd is running Added test for running daemon to ip-{up|down} scripts. Disabled trimrtc for ALPHA Closes: #195615 GPL violation - generated file without source * Added a copy of getdate.y to source. -- John Hasler Sun, 1 Jun 2003 7:00:00 -0500 chrony (1.19-6) unstable; urgency=low * Closes: #179842 "CROAK" redefined Added '#undef CROAK' before CROAK redefiniton in pktlength.h, added '-DALPHA' to 'alpha' condition in configure, added 'ifdef ALPHA' around CROAK redefinition. * Replaced many signed and unsigned longs as well as some ints, shorts, and chars with stdint.h types in candm.h, md5.h, ntp.h, clientlog.h, and ntp_io.c. This should fix all 64-bit problems. -- John Hasler Fri, 14 Mar 2003 19:00:00 -0600 chrony (1.19-5) unstable; urgency=high * Closes: #184065 Assertion `sizeof(NTP_int32) == 4' failed on alpha Fixed several spots where the author assumed that a long is 32 bits. There are many more misuses of long as well as several of short and char but I think I got the only ones likely to cause trouble. -- John Hasler Fri, 14 Mar 2003 11:00:00 -0600 chrony (1.19-4) unstable; urgency=low * Closes: #179538 FTBFS: missing build-depends on makeinfo Added texinfo to build-depends. * CLoses: #179508: chrony(c|d) show wrong version numbers Removed spurious version.h. -- John Hasler Sun, 2 Feb 2003 19:00:00 -0600 chrony (1.19-3) unstable; urgency=low * Updated author's address in copyright file. * Closes: #163446 patch, that scripts can handle all commandkeys Applied debugged patch. * Closes: #107863 doesn't know about APM Put apm script in debian/ and added rules to copy it to etc/apm/event.d as instructed by the apmd maintainer. -- John Hasler Fri, 31 Jan 2003 18:00:00 -0600 chrony (1.19-2) unstable; urgency=low * Closes: #100879 unnecessary dependency on libm Applied patch from Zack Weinberg * Closes: #124091 the force-reload command of /etc/init.d/chrony should use the -r option. Added -r option. -- John Hasler Wed, 29 Jan 2003 10:00:00 -0600 chrony (1.19-1) unstable; urgency=low * New upstream release. * Closes: #178338 New upstream version fixes crashes caused by adjtimex failure * Closes: #178101 /etc/ppp/ip-{up,down}.d/chrony installed with incorrect permissions This bug was previously reported and fixed in 18-1 * Closes: #176130 got an error when I use ppp_on_boot Changed 'update-rc.d chrony defaults 83' to 'update-rc.d chrony defaults 14' in init.d so that chrony will come up before ppp. * Added code to postinst to read /etc/default/rcS and set rtconutc appropriately in chrony.conf. * Rewrote password generator in postinst. * Closes: #100879 unnecessary dependency on libm I don't know why this wasn't closed months ago. * Closes: #103447 typo in "/etc/init.d/chrony" * Closes: #124087 problems with /etc/init.d/chrony Fixed script. * Closes: #161350 /etc/ppp/ip-down.d/chrony cat unnecessary Fixed scripts. * Closes: #113840 ntp has been split - add conflicts? Added ntp-simple and ntp-refclock to conflicts. -- John Hasler Sun, 26 Jan 2003 15:00:00 -0600 chrony (1.18-2) unstable; urgency=low * Corrects error in changelog which resulted in uploads being erroneously classified as NMUs. * Closes: #138142, #104774, #142670, #105344, #101039 * Closes: #162427, #56756, #98951, #99799, #139633 * Closes: #163469, #163408, #167416 -- John Hasler Sun, 3 Nov 2002 20:00:00 -0600 chrony (1.18-1) unstable; urgency=low * New upstream release. * Closes: #138142 new upstream release * Added Mark Brown's Alpha and PowerPC patch. * Closes: #104774 hppa build failure Applied patch. * Closes: #142670 compilation errors on sparc Applied patch. * Closes: #105344 ip-{up, down}.d/chrony not executable Fixed debian/rules. * Closes: #101039 does not run on Alpha Fixed by above mentioned Mark Brown patch. * Closes: #162427 description should mention NTP Fixed description. * Closes: #56756 README.debian should caution about hwclock Fixed README.debian. * Closes: #98951 no chrony.keys file installed Not reproducible, probable user error. * Closes: #99799 logs world readable Added umask 022 to log script. * Closes: #139633 documentation error Added rtconutc to chrony.conf. * Closes: #163469 no default case in init.d script Corrected typo. * Closes: #163408 PIDFILE wrongly defined in ip-{up,down} No chrony script uses any such variable. * Closes: #167416 needs Build-Depends: libreadline4-dev -- Sun, 3 Nov 2002 10:00:00 -0600 chrony (1.14-7) unstable; urgency=medium * Changed rtc_linux.c to not include linux/mc146818rtc.h when building for sparc, because Moshe Zadka says this will allow chrony to build there. * Closes: #142670 -- Wed, 17 Apr 2002 17:00:00 -0500 chrony (1.14-6) unstable; urgency=low * Changed architecture back to 'any'. * Applied portability patch from LaMont Jones. * Closes: #104774 -- Mon, 1 Apr 2002 21:00:00 -0600 chrony (1.14-5) unstable; urgency=low * Changed architecture from 'any' to 'i386 sparc'. Neither I nor the author can test on anything but i386. If you want chrony on anything else send me a tested patch. * Closes: #101039 * Closes: #104774 -- Fri, 28 Dec 2001 20:10:00 -0600 chrony (1.14-4) unstable; urgency=low * Fixed bug in man pages. * Closes: #95134 -- Tue, 24 Apr 2001 20:10:00 -0500 chrony (1.14-3) unstable; urgency=low * Replaced in rtc_linux.c with typedef int spinlock_t as suggested by Paul Slootman. * Put #define CROAK(message) assert(0) in pktlength.h to fix Alpha build problem. * Closes: #86991 -- Sat, 24 Feb 2001 22:45:00 -0600 chrony (1.14-2) unstable; urgency=low * Closes: #84597 -- Sat, 3 Feb 2001 21:25:00 -0600 chrony (1.14-1) unstable; urgency=low * New upstream release. * Fixed more sprintfs. * Closes: #50793, #52570, #48216, #65209, #62924, #70377, #61485, #76661 -- Mon, 20 Nov 2000 20:25:00 -0600 chrony (1.10-3) unstable; urgency=low * Patched cron,weekly script with (corrected) patch from Rene H. Larsen . * Updated author address in copyright file. * Compiled with egcs. * Closes: #41885, #41551 -- Sun, 25 July 1999 12:14:00 -0500 chrony (1.10-2) unstable; urgency=low * Patched rtc_linux.c with patch for SPARC from bmc@visi.net. -- Mon, 17 May 1999 22:30:00 -0500 chrony (1.10-1) unstable; urgency=low * New upstream release. * Upstream version number is 1.1. Debian version number is 1.10 because previous upstream number was 1.02. -- Wed, 12 May 1999 20:30:00 -0500 chrony (1.02-7) unstable; urgency=low * Changed configure to permit building on non-Intel. -- Wed, 5 May 1999 18:00:00 -0500 chrony (1.02-6) unstable; urgency=low * Fixed postrm bug. -- Thur, 29 Apr 1999 18:00:00 -0500 chrony (1.02-5) unstable; urgency=low * Fixed bugs 34954 and 36921. * Moved to priority extra. * Added README.debian text about rtc. -- Thur, 15 Apr 1999 21:30:00 -0500 chrony (1.02-4) unstable; urgency=low * Replaced sprintf's with snprintf's. -- Sun, 28 Feb 1999 16:53:00 -0600 chrony (1.02-3) unstable; urgency=low * Fixed bugs in cron.weekly, ip-up.d, and ip-down.d. * Bug 29981 is also fixed. -- Sun, 6 Dec 1998 9:53:00 -0600 chrony (1.02-2) unstable; urgency=low * Added cron.weekly. * Changed ip-up.d, ip-down.d, and cron.weekly to read the password from chrony.keys. * Added code to postinst to generate a random password and put it in chrony.keys. -- Thur, 3 Dec 1998 19:00:08 -0600 chrony (1.02-1) unstable; urgency=low * Initial Release. -- Fri, 6 Nov 1998 23:00:08 -0600