[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre2-12-g25cc84d
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 25cc84d5e2d8019f2a3edf441676346f8d645a96 (commit) via f74e4cf1fecd144745e8cd2823d0943b5ea0b9d4 (commit) from 5f66722b666a0b37b6aa3d6770c7b75db6290baf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 25cc84d5e2d8019f2a3edf441676346f8d645a96 Author: Miroslav Lichvar Date: Wed Jul 26 16:36:39 2023 +0200 doc: update links to chrony website commit f74e4cf1fecd144745e8cd2823d0943b5ea0b9d4 Author: Miroslav Lichvar Date: Wed Jul 26 16:32:28 2023 +0200 doc: don't mention mailing lists in README Current information about mailing lists is available on the project's website. --- Summary of changes: README | 27 +-- doc/chrony.conf.adoc | 2 +- doc/chronyc.adoc | 2 +- doc/chronyd.adoc | 2 +- doc/faq.adoc | 4 ++-- 5 files changed, 6 insertions(+), 31 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre2-10-g5f66722
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 5f66722b666a0b37b6aa3d6770c7b75db6290baf (commit) via b31461af7a2d33fd666d28f094502af960f761fe (commit) via ae177f2742128ceb20bd1b4721bb4399d36a9259 (commit) via 1a736078df24770fa1d6057652b0d9b98244a90c (commit) via 9b46ea725558eb4ea54b448bf570ab590ad5fb5a (commit) via ff4e932f178ee2fa9db486932c5022c399c4a4d0 (commit) via 68c35a007212e7fe394d94f2eb0f476ba59317b3 (commit) via b6c634298d090f7eb9ad32a90829c5d4881485fe (commit) via 010df124591c94ce79d5ee80cde397392cfc4704 (commit) via 22ef2fbb0e016e323fb9976bb506d23730425eaf (commit) from 7a032062223853dfa9a1ba67995d3088d0dd7f43 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5f66722b666a0b37b6aa3d6770c7b75db6290baf Author: Miroslav Lichvar Date: Thu Jul 20 12:57:33 2023 +0200 update copyright years commit b31461af7a2d33fd666d28f094502af960f761fe Author: Miroslav Lichvar Date: Thu Jul 20 10:59:05 2023 +0200 doc: add more questions to FAQ commit ae177f2742128ceb20bd1b4721bb4399d36a9259 Author: Miroslav Lichvar Date: Thu Jul 20 10:58:54 2023 +0200 doc: fix typo in FAQ commit 1a736078df24770fa1d6057652b0d9b98244a90c Author: Miroslav Lichvar Date: Wed Jun 28 14:53:09 2023 +0200 doc: refer to root distance in chronyc sources report commit 9b46ea725558eb4ea54b448bf570ab590ad5fb5a Author: Miroslav Lichvar Date: Tue Jul 18 15:16:03 2023 +0200 test: make 132-logchange more reliable commit ff4e932f178ee2fa9db486932c5022c399c4a4d0 Author: Miroslav Lichvar Date: Tue Jul 18 15:15:45 2023 +0200 test: make 148-replacement more reliable commit 68c35a007212e7fe394d94f2eb0f476ba59317b3 Author: Miroslav Lichvar Date: Tue Jul 18 13:08:40 2023 +0200 test: improve ntp_sources unit test commit b6c634298d090f7eb9ad32a90829c5d4881485fe Author: Miroslav Lichvar Date: Mon Jul 17 16:22:19 2023 +0200 ntp: handle negotiated NTS-KE server in refreshment When refreshing a source, compare the newly resolved addresses with the originally resolved address instead of the current address to avoid unnecessary replacements when the address is changed due to the NTS-KE server negotiation. commit 010df124591c94ce79d5ee80cde397392cfc4704 Author: Miroslav Lichvar Date: Tue Jul 11 17:35:46 2023 +0200 nts: fix log severity for loaded server keys commit 22ef2fbb0e016e323fb9976bb506d23730425eaf Author: Miroslav Lichvar Date: Mon Jun 26 13:20:22 2023 +0200 makefile: compile getdate.o with -fwrapv option The getdate code (copied from gnulib before it was switched to GPLv3) has multiple issues with signed integer overflows. Use the -fwrapv compiler option for this object to at least make the operations defined. --- Summary of changes: Makefile.in | 4 client.c| 4 ++-- cmdmon.c| 2 +- configure | 10 - doc/chrony.conf.adoc| 2 +- doc/chronyc.adoc| 8 +++ doc/faq.adoc| 49 +++-- ntp_core.c | 2 +- ntp_io_linux.c | 2 +- ntp_sources.c | 12 +++--- nts_ke_server.c | 4 ++-- nts_ntp_server.c| 2 +- refclock_phc.c | 2 +- siv_nettle.c| 2 +- sources.c | 2 +- test/simulation/132-logchange | 2 +- test/simulation/148-replacement | 2 +- test/unit/ntp_core.c| 2 +- test/unit/ntp_sources.c | 16 -- util.c | 2 +- 20 files changed, 103 insertions(+), 28 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.4-pre2 created. 4.4-pre2
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.4-pre2 has been created at db0236df49f06d89bd1d8b22c144bf0d432b490c (tag) tagging 7a032062223853dfa9a1ba67995d3088d0dd7f43 (commit) replaces 4.4-pre1 tagged by Miroslav Lichvar on Wed Jun 21 11:46:12 2023 +0200 - Log - Second prerelease for 4.4 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmSSxukACgkQU34rdvdo DazKihAAmiDhW4/uEKAOEFmcUlnT+yjf53WNwDv5D/OWQqvy5dRpg3Wbms+Zab4R z9aEwitQtxrPyFDfJwKigj0CfgJ+CA7ZDC4EIqPP9r6Jd0HqabimdmMFXfjhj/X8 N+V1GJMLMd3s7n9e+vc+fcoeQ0Oe/sL/HAyL1B/+xX9y9X7WQDTUvqh+jQWlHceV zc6QWz/ZnBbHm+H7Iu3Chw79j7LjmQckoZdAOLr6Ufo8GGdEA7h0KUOLDIAyBHGu w8F6VtCqGqnG/4Ni+11NCE465+dbAse2N/wun+BXy+KPKz0HARi+C/N3zW71OwHH u35wuv9oqTAyiccY0dPNV4cGWprJVxpDGVAqS4L/O/+zdxfJvripM7Bm1DJ/dr76 B6zZxpnHaQUndPw9UwLp6Cs9dNIdjNoN7oLgEh+j537lZ+Wn5pq+yvtClgL3gqx7 xT57v1H5G49lI6iSwmyijM7gLahE/KpiMPWB2UC9hn+hNxV4lbcuxislUz/8wIPs 9yZVErS3EewdkkoE7q98orGnbhwThZ2dJzvWMJwumLObpyQ1ssW4wML9oQNzI2fE jvdMpBSgOdyQb8gffoi4r3vKh14NMekj+WFVfMarkamv1wmzkcchOXKZNqOUNi42 TnlMvlBujjx7SQ6ylmOB7nBwjVKozO3Us/RYimF9mDDrIgfnB38= =fDeu -END PGP SIGNATURE- Miroslav Lichvar (30): ntp: avoid unneccessary replacements on refresh command ntp: reset polling interval when replacing sources ntp: set minimum polltarget ntp: randomize address selection on all source replacements nts: initialize unused part of server key nts: remove superfluous semicolon configure: add option to disable AES-GCM-SIV support sys_linux: allow membarrier in seccomp filter doc: clarify limitation of refresh command nts: don't load zero-length keys with unsupported algorithm test: fix 010-nts test for AES-GCM-SIV support test: modify order of scfilter levels in system tests test: set root ownership of tmp directory in system tests sys_linux: allow writev and TIOCGWINSZ in seccomp filter memory: use free() instead of realloc() for size 0 client: avoid passing uninitialized address to format_name() client: check for allocation errors in tab completition ntp: add debug message for bad sources ntp: use monotonic time for replacement interval ntp: randomize replacement interval main: wait for parent process to terminate ntp: reset poll score sources: replace reachable sources in selection sources: delay source replacement examples: don't set ProcSubset=pid in systemd unit files sched: reset timer queue in finalization ntp: remove resolving timeout in finalization doc: remove out-of-date statement in server description ntp: refresh IP addresses periodically doc: update NEWS --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-30-g7a03206
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 7a032062223853dfa9a1ba67995d3088d0dd7f43 (commit)
via b86c50bb9f9062e1a02a8f35bd22b079dd5fdda9 (commit)
via 36f9b24dfed2f16ba4929efcb62e658925cdc8aa (commit)
via e0b75b87bf2b9e24a0854356c3da3b72e96e (commit)
via 6661a614864940611f36b41be39400e0d1ef506b (commit)
from bc7629175025ed1c7cf6458a0cdc79c67d9247fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 7a032062223853dfa9a1ba67995d3088d0dd7f43
Author: Miroslav Lichvar
Date: Wed Jun 21 11:27:41 2023 +0200
doc: update NEWS
commit b86c50bb9f9062e1a02a8f35bd22b079dd5fdda9
Author: Miroslav Lichvar
Date: Tue Jun 20 16:23:34 2023 +0200
ntp: refresh IP addresses periodically
Refresh NTP sources specified by hostname periodically (every 2 weeks
by default) to avoid long-running instances using a server which is no
longer intended for service, even if it is still responding correctly
and would not be replaced as unreachable, and help redistributing load
in large pools like pool.ntp.org. Only one source is refreshed at a time
to not interrupt clock updates if there are multiple selectable servers.
The refresh directive configures the interval. A value of 0 disables
the periodic refreshment.
Suggested-by: Ask Bjørn Hansen
commit 36f9b24dfed2f16ba4929efcb62e658925cdc8aa
Author: Miroslav Lichvar
Date: Tue Jun 20 15:28:07 2023 +0200
doc: remove out-of-date statement in server description
chronyc refresh no longer forces replacement of sources.
Fixes: b2dac47c8267 ("ntp: avoid unneccessary replacements on refresh
command")
commit e0b75b87bf2b9e24a0854356c3da3b72e96e
Author: Miroslav Lichvar
Date: Mon Jun 19 16:46:10 2023 +0200
ntp: remove resolving timeout in finalization
Don't assume NSR_Finalise() can be called only on exit when the
scheduler is finalized.
commit 6661a614864940611f36b41be39400e0d1ef506b
Author: Miroslav Lichvar
Date: Mon Jun 19 16:10:45 2023 +0200
sched: reset timer queue in finalization
Don't leave dangling pointers to timer queue entries when they are
freed in the scheduler finalization in case some code tried to remove
a timer later.
Fixes: 6ea1082a72d8 ("sched: free timer blocks on exit")
---
Summary of changes:
NEWS| 3 +++
conf.c | 13
conf.h | 2 ++
doc/chrony.conf.adoc| 17 ---
ntp_sources.c | 50 -
sched.c | 2 ++
test/simulation/147-refresh | 28 +
7 files changed, 111 insertions(+), 4 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-25-gbc76291
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via bc7629175025ed1c7cf6458a0cdc79c67d9247fe (commit) via 2aefadd129c57fa8169bace240accb511790aa86 (commit) via 123cb497b9df0a06861c76c22258235d880644aa (commit) via 0c38e4a6cad517b8aba4c3007789a5fafa306035 (commit) from 0db30fd0b169b01890c428a3cfba611a222e3509 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit bc7629175025ed1c7cf6458a0cdc79c67d9247fe Author: Miroslav Lichvar Date: Thu Jun 15 15:23:40 2023 +0200 examples: don't set ProcSubset=pid in systemd unit files This option seems to break detection of the FIPS mode, which is needed by gnutls. commit 2aefadd129c57fa8169bace240accb511790aa86 Author: Miroslav Lichvar Date: Thu Jun 15 12:54:32 2023 +0200 sources: delay source replacement Wait for four consecutive source selections giving a bad status (falseticker, bad distance or jittery) before triggering the source replacement. This should reduce the rate of unnecessary replacements and shorten the time needed to find a solution when unreplaceable falsetickers are preventing other sources from forming a majority due to switching back and forth to unreachable servers. commit 123cb497b9df0a06861c76c22258235d880644aa Author: Miroslav Lichvar Date: Wed Jun 14 14:52:10 2023 +0200 sources: replace reachable sources in selection Instead of waiting for the next update of reachability, trigger replacement of falsetickers, jittery and distant sources as soon as the selection status is updated in their SRC_SelectSource() call. commit 0c38e4a6cad517b8aba4c3007789a5fafa306035 Author: Miroslav Lichvar Date: Thu Jun 15 14:09:21 2023 +0200 ntp: reset poll score When the polling interval is reset (e.g. after replacement), don't forget to reset also the score impacting the next poll adjustment. --- Summary of changes: examples/chrony-wait.service| 1 - examples/chronyd-restricted.service | 1 - examples/chronyd.service| 1 - ntp_core.c | 2 ++ sources.c | 59 + test/simulation/137-pool| 19 test/simulation/148-replacement | 56 +++ 7 files changed, 105 insertions(+), 34 deletions(-) create mode 100755 test/simulation/148-replacement hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-21-g0db30fd
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 0db30fd0b169b01890c428a3cfba611a222e3509 (commit) from b90d2c084fe9ee398fcb7b8e6e636508dbc51de3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 0db30fd0b169b01890c428a3cfba611a222e3509 Author: Miroslav Lichvar Date: Mon Jun 12 16:11:10 2023 +0200 main: wait for parent process to terminate When starting the daemon, wait in the grandparent process for the parent process to terminate before exiting to avoid systemd logging a warning "Supervising process $PID which is not our child". Waiting for the pipe to be closed by the kernel when the parent process exits is not sufficient. Reported-by: Jan Pazdziora --- Summary of changes: main.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-20-gb90d2c0
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via b90d2c084fe9ee398fcb7b8e6e636508dbc51de3 (commit) via ab8da7ecb9c1680ec0cf46aba1bc34e1d27d4b14 (commit) via 05809e937c6ef00c5411869cd8c95a674fdf9745 (commit) via 8265fe2e304dd66644531b039e5b2b8e0f86e5ca (commit) via c11a0529557d48c1471c7620319ca527c6366585 (commit) via 109970f687a5f2735c913e6f28c290a93a216439 (commit) from ca10b9e0722acc5f055261e2337d48b930dbf114 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit b90d2c084fe9ee398fcb7b8e6e636508dbc51de3 Author: Miroslav Lichvar Date: Tue Jun 6 12:02:53 2023 +0200 ntp: randomize replacement interval Replacement attempts are globally rate limited to one per 7*2^8 seconds to limit the rate of DNS requests for public servers like pool.ntp.org. If multiple sources are repeatedly attempting replacement (at their polling intervals), one source can be getting all attempts for periods of time. Use a randomly generated interval to randomize the order of source replacements without changing the average rate. commit ab8da7ecb9c1680ec0cf46aba1bc34e1d27d4b14 Author: Miroslav Lichvar Date: Tue Jun 6 10:40:51 2023 +0200 ntp: use monotonic time for replacement interval Avoid errors in the measured interval due to clock steps. commit 05809e937c6ef00c5411869cd8c95a674fdf9745 Author: Miroslav Lichvar Date: Mon Jun 5 15:18:27 2023 +0200 ntp: add debug message for bad sources commit 8265fe2e304dd66644531b039e5b2b8e0f86e5ca Author: Miroslav Lichvar Date: Thu Jun 8 16:04:21 2023 +0200 client: check for allocation errors in tab completition commit c11a0529557d48c1471c7620319ca527c6366585 Author: Miroslav Lichvar Date: Mon Jun 5 16:10:46 2023 +0200 client: avoid passing uninitialized address to format_name() The clang memory sanitizer seems to trigger on an uninitialized value passed to format_name() when the source is a refclock, even though the value is not used for anything. Pass 0 in this case to avoid the error. commit 109970f687a5f2735c913e6f28c290a93a216439 Author: Miroslav Lichvar Date: Mon Jun 5 15:40:22 2023 +0200 memory: use free() instead of realloc() for size 0 valgrind 3.21.0 reports realloc() of 0 bytes as an error due to having different behavior on different systems. The only place where this can happen in chrony is the array, which doesn't care what value realloc() returns. Modify the realloc wrapper to call free() in this case to make valgrind happy. --- Summary of changes: client.c| 9 - memory.c| 7 ++- ntp_sources.c | 18 ++ sources.c | 1 + test/simulation/139-nts | 4 ++-- 5 files changed, 23 insertions(+), 16 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-14-gca10b9e
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via ca10b9e0722acc5f055261e2337d48b930dbf114 (commit) via 19da1d95a80edd9ef77aae860e9e6551c6de1b3d (commit) via 61da7d09135239f5a976b749ddb484111400c29c (commit) via 105f1f90c1fb6e2c4fca89c5add931e6ce59abfd (commit) via c9d791e02d491b9f1d46aa4b58f7394ae39d0440 (commit) from de678ff780a6902a7969db9add2e5a4b77a25f01 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ca10b9e0722acc5f055261e2337d48b930dbf114 Author: Miroslav Lichvar Date: Thu Jun 1 14:30:40 2023 +0200 sys_linux: allow writev and TIOCGWINSZ in seccomp filter Allow more syscalls for musl. Reported-by: jvoisin commit 19da1d95a80edd9ef77aae860e9e6551c6de1b3d Author: Miroslav Lichvar Date: Thu Jun 1 11:56:29 2023 +0200 test: set root ownership of tmp directory in system tests Allow the tests to be started under a non-zero GID. commit 61da7d09135239f5a976b749ddb484111400c29c Author: Miroslav Lichvar Date: Mon May 29 16:17:39 2023 +0200 test: modify order of scfilter levels in system tests Start with positive levels to get the offending system calls in the system or audit log. commit 105f1f90c1fb6e2c4fca89c5add931e6ce59abfd Author: Miroslav Lichvar Date: Thu Jun 1 14:51:38 2023 +0200 test: fix 010-nts test for AES-GCM-SIV support commit c9d791e02d491b9f1d46aa4b58f7394ae39d0440 Author: Miroslav Lichvar Date: Mon May 29 14:12:54 2023 +0200 nts: don't load zero-length keys with unsupported algorithm Don't load keys and cookies from the client's dump file if it has an unsupported algorithm and unparseable keys (matching the algorithm's expected length of zero). They would fail all SIV operations and trigger new NTS-KE session. --- Summary of changes: nts_ntp_client.c | 1 + sys_linux.c | 3 ++- test/system/010-nts | 4 ++-- test/system/099-scfilter | 2 +- test/system/199-scfilter | 2 +- test/system/test.common | 2 ++ 6 files changed, 9 insertions(+), 5 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-9-gde678ff
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via de678ff780a6902a7969db9add2e5a4b77a25f01 (commit)
via e16bcca61787788dd42fca6cbae9b87176e8a213 (commit)
via b57d7040b3c9c65abb2043de42d65a4e10820af2 (commit)
via c80858f7388afa128fa05621d4122e8fa6e210e8 (commit)
via 81bf7cdcdc0a871ef3a3a3f1430f17d0ca217b9d (commit)
via b8b3830dc4b51265d3a3e0e85fb143ad13a7dbc3 (commit)
from d4738e1259f97ee14687300ee01e6e6da4701bb4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit de678ff780a6902a7969db9add2e5a4b77a25f01
Author: Miroslav Lichvar
Date: Wed May 24 15:41:45 2023 +0200
doc: clarify limitation of refresh command
commit e16bcca61787788dd42fca6cbae9b87176e8a213
Author: Miroslav Lichvar
Date: Wed May 24 10:56:07 2023 +0200
sys_linux: allow membarrier in seccomp filter
This system call is used by musl.
Reported-by: jvoisin
commit b57d7040b3c9c65abb2043de42d65a4e10820af2
Author: Miroslav Lichvar
Date: Tue May 23 16:36:25 2023 +0200
configure: add option to disable AES-GCM-SIV support
commit c80858f7388afa128fa05621d4122e8fa6e210e8
Author: Miroslav Lichvar
Date: Tue May 23 15:40:47 2023 +0200
nts: remove superfluous semicolon
commit 81bf7cdcdc0a871ef3a3a3f1430f17d0ca217b9d
Author: Miroslav Lichvar
Date: Tue May 23 15:37:06 2023 +0200
nts: initialize unused part of server key
Initialize the unused part of shorter server NTS keys (AES-128-GCM-SIV)
loaded from ntsdumpdir to avoid sending uninitialized data in requests
to the NTS-KE helper process.
Do that also for newly generated keys in case the memory will be
allocated dynamically.
Fixes: b1230efac333 ("nts: add support for encrypting cookies with
AES-128-GCM-SIV")
commit b8b3830dc4b51265d3a3e0e85fb143ad13a7dbc3
Author: Miroslav Lichvar
Date: Mon May 22 11:58:41 2023 +0200
ntp: randomize address selection on all source replacements
If the resolver orders addresses by IP family, there is more than one
address in the preferred IP family, and they are all reachable, but
not selectable (e.g. falsetickers in a small pool which cannot remove
them from DNS), chronyd is unable to switch to addresses in the other IP
family as it follows the resolver's order.
Enable randomization of the address selection for all source
replacements and not just replacement of (unreachable) tentative
sources. If the system doesn't have connectivity in the other family,
the addresses will be skipped and no change in behavior should be
observed.
---
Summary of changes:
configure | 7 ++-
doc/chronyc.adoc| 6 +++---
ntp_sources.c | 10 +-
nts_ke_server.c | 4 +++-
sys_linux.c | 3 +++
test/compilation/003-sanitizers | 1 +
test/unit/nts_ke_server.c | 10 +++---
7 files changed, 28 insertions(+), 13 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-3-gd4738e1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via d4738e1259f97ee14687300ee01e6e6da4701bb4 (commit) via 5ba42cee45a610b15dd7fd24bb88170ee51ee830 (commit) via b2dac47c8267fb5a40320a72cd1143771fa411b8 (commit) from 6a6161dc0f854a1bd5c9c22499f7df4ffca35983 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit d4738e1259f97ee14687300ee01e6e6da4701bb4 Author: Miroslav Lichvar Date: Wed May 17 16:37:55 2023 +0200 ntp: set minimum polltarget The polltarget value is used in a floating-point division in the calculation of the poll adjustment. Set 1 as the minimum accepted polltarget value to avoid working with infinite values. commit 5ba42cee45a610b15dd7fd24bb88170ee51ee830 Author: Miroslav Lichvar Date: Tue May 16 15:11:22 2023 +0200 ntp: reset polling interval when replacing sources Set the polling interval to minpoll when changing address of a source, but only if it is reachable to avoid increasing load on server or network in case that is the reason for the source being unreachable. This shortens the time needed to replace a falseticker or unsynchronized source with a selectable source. commit b2dac47c8267fb5a40320a72cd1143771fa411b8 Author: Miroslav Lichvar Date: Mon May 15 16:26:21 2023 +0200 ntp: avoid unneccessary replacements on refresh command When the refresh command is issued, instead of trying to replace all NTP sources as if they were unreachable or falsetickers, keep using the current address if it is still returned by the resolver for the name. This avoids unnecessary loss of measurements and switching to potentially unreachable addresses. --- Summary of changes: doc/chronyc.adoc| 15 ++- ntp_core.c | 10 -- ntp_sources.c | 24 +--- test/simulation/137-pool| 19 +++ test/simulation/147-refresh | 31 +++ 5 files changed, 89 insertions(+), 10 deletions(-) create mode 100755 test/simulation/147-refresh hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.4-pre1 created. 4.4-pre1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.4-pre1 has been created at 36e03da0b7ab5396630b682c105d871cecc50ff7 (tag) tagging 6a6161dc0f854a1bd5c9c22499f7df4ffca35983 (commit) replaces 4.3 tagged by Miroslav Lichvar on Wed May 10 14:33:27 2023 +0200 - Log - First prerelease for 4.4 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmRbjx8ACgkQU34rdvdo DawbMg//QennNIO/zD6D98CKgEem+8c57Uu1ibmv1+PL6ITbIEOTW2h18tp1oNl5 gXXiiK12i6my5oHsMY3tt8b9fTUvvvC5uuF2magMlJwHznrmUBCTDAX38P4VfMdL /aiNMC+bXSzA8mcqazskpg2d8K2uX8sKb7yRlkPPke7oYtYiokodEoMqkKWF/Bhl ar2Getlz7EoZHAX3CWVz51LLlPWv7gpfmzXb5epxRA6fG/qEghssV6yN+OsEe7VN 4MTWi3dZ8Wo5SOjBtyEFAAAVH6K1bbsj0pdJ1LwfVPdF46l2VpHKIRvfvSqW5Sqk Ha5O7jv/PmfwD0BVT5uUQcWew1ziK+MwmjfkcptoDFMmRdhWXkTx5fsNK7FttuZP ROP/KMovoqece7gdw9kRwKX4uHnhdSDUxBa+pIbvnOSbdbNZkJZJX5tEsOO7NJED RGqF0nrVbXygSAuzDr7kITpKNP2Y6896XqP2oHVH8/QAXBgfmt88LlWASu7wAiPx 254iz31uCfP2j+J1chp1RhcqKhfO0liRdaQnQBnforh8vPWDaXgXEmNisF5HgtSf nIb6T376YB/VM4y1YpnMUCsYadxypeArksc1GD3g1NjTdio2NWsi2/5SVrU+hMAc QLceC+gYj4Fp3tOKr2rH3xDQOtLU3r+tN9WWs+3w4Ij7jq79qew= =u+LT -END PGP SIGNATURE- Dan Drown (1): ntp: increment sequence id in PTP messages Holger Hoffstätte (1): getdate: fix various warnings which will be errors with clang-16 Mike Ryan (1): ntp: set DSCP for IPv6 Miroslav Lichvar (77): test: add float-cast-overflow to 003-sanitizers test doc: fix wrong name of authselectmode directive doc: improve ntsrotate description siv: add support for AES-128-GCM-SIV in Nettle siv: add functions to return min and max nonce length nts: use signed lengths in NNA_DecryptAuthEF() nts: don't connect to server if missing AES-SIV-CMAC-256 nts: make sure encrypted S2C and C2S keys have equal length nts: add support for NTP authenticator field using AES-GCM-SIV nts: add client support for authentication with AES-128-GCM-SIV nts: add server support for authentication with AES-128-GCM-SIV nts: make server key access more readable nts: add support for encrypting cookies with AES-128-GCM-SIV nts: change ntskeys format to support different algorithms nts: fix number of extension fields after failed encryption nts: warn if server started without ntsdumpdir logging: support context-specific severity ntp: log added and removed sources util: add function for printing access subnets ntp+cmdmon: log allow/deny commands log more changes made by chronyc commands ntp: update comment about minimum request spacing cmdparse: add functions for parsing refclock refid and select options sources: add assertion for instance index sources: add function to modify selection options cmdmon+client: split out conversion of selection options cmdmon+client: add selectopts command examples: add chronyd-restricted.service doc: deprecate SHM refclocks in favor of SOCK refclock: convert mismatched timeval in SOCK messages refclock: fix preprocessor conditional keys+nts: warn if loading world-readable/writable key conf: warn if not having read-only access to keys examples: add AES keys to chrony.keys.example doc: add missing description of selection log field sources: increase log level of no majority message sources: enable no majority message before first selection sources: warn about detected falsetickers sourcestats: don't fudge refclock LastRx in sources report doc: describe minimum useful ntsrefresh doc: improve description of refclock filter option client: add -e option to indicate end of response nts: destroy NTS-KE client right after failed start nts: use shorter NTS-KE retry interval when network is down ntp: don't adjust poll interval when waiting for NTS-KE ntp: count missing samples when waiting for NTS-KE array: add function for removing elements test: add array unit test sys_linux: avoid blocking in reading of external PHC timestamp refclock_phc: support multiple extpps refclocks on one PHC test: update description of 106-refclock ntp: add support for multiple suspended sockets ntp: increase socket resume timeout to 1 millisecond ntp: make socket resume timeout configurable doc: mention NTP port number in FAQ doc: replace offensive words doc: add missing word in serverstats description ntp: add maximum PHC poll interval ntp: remove unnecessary check for NULL local timestamp clientlog: save source of transmit timestamps clientlog: count RX and TX timestamps for each source cmdmon: add timestamp counters to serverstats report cmdmon: def
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-81-g6a6161d
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 6a6161dc0f854a1bd5c9c22499f7df4ffca35983 (commit) via a4eb5be8ea3816a3fe3da7ff493fb48049a56ab1 (commit) via 3050e29b1d1cc6d2a7191e46be596c3728bb7a75 (commit) via fb1af6e55be91dc4ef5ac060c845ed7041ebc9c5 (commit) from 47a13ae88cec7a03ab2ba5511549ce877cef4516 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 6a6161dc0f854a1bd5c9c22499f7df4ffca35983 Author: Miroslav Lichvar Date: Wed May 10 11:42:01 2023 +0200 doc: update NEWS commit a4eb5be8ea3816a3fe3da7ff493fb48049a56ab1 Author: Miroslav Lichvar Date: Wed May 10 09:59:44 2023 +0200 doc: update list of contributors in README commit 3050e29b1d1cc6d2a7191e46be596c3728bb7a75 Author: Rupesh Patel Date: Fri Apr 28 15:31:40 2023 + examples: improve chrony.nm-dispatcher.onoffline script commit fb1af6e55be91dc4ef5ac060c845ed7041ebc9c5 Author: Miroslav Lichvar Date: Tue Apr 18 11:39:27 2023 +0200 test: add 146-offline test --- Summary of changes: NEWS| 22 ++ README | 4 ++ examples/chrony.nm-dispatcher.onoffline | 6 ++- test/simulation/146-offline | 73 + 4 files changed, 103 insertions(+), 2 deletions(-) create mode 100755 test/simulation/146-offline hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-77-g47a13ae
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 47a13ae88cec7a03ab2ba5511549ce877cef4516 (commit) from a8496658a00684360e7179d607ad7be664daec2a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 47a13ae88cec7a03ab2ba5511549ce877cef4516 Author: Miroslav Lichvar Date: Mon Apr 17 11:40:18 2023 +0200 md5: fix old-style function definitions This fixes -Wdeprecated-non-prototype clang warnings. Reported-by: Bryan Christianson --- Summary of changes: md5.c | 15 --- 1 file changed, 4 insertions(+), 11 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-76-ga849665
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via a8496658a00684360e7179d607ad7be664daec2a (commit) via 6ea1082a72d846c9de7e52e11cae79d804ed55a5 (commit) via 4f674539fddea268a1d15bf5ab2b5506b74d1f79 (commit) via 68d3fb4af8f54ce546f36c1fa70a0f0f35c5932e (commit) via 3c24f2c2edc0b114cfabffdb3ff3c10ccfa0aa83 (commit) from 0189dac7d82f89de9be07a29985371efa686637d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit a8496658a00684360e7179d607ad7be664daec2a Author: Miroslav Lichvar Date: Wed Apr 12 17:24:28 2023 +0200 test: free memory in unit tests on exit commit 6ea1082a72d846c9de7e52e11cae79d804ed55a5 Author: Miroslav Lichvar Date: Wed Apr 12 16:48:36 2023 +0200 sched: free timer blocks on exit Save pointers to allocated timer blocks and free them on exit. This fixes the long-standing annoying "possibly lost" leak reported by valgrind. commit 4f674539fddea268a1d15bf5ab2b5506b74d1f79 Author: Miroslav Lichvar Date: Wed Apr 12 12:36:49 2023 +0200 test: add 145-rtc test commit 68d3fb4af8f54ce546f36c1fa70a0f0f35c5932e Author: Miroslav Lichvar Date: Mon Apr 3 15:01:19 2023 +0200 doc: improve description of chronyd -Q option commit 3c24f2c2edc0b114cfabffdb3ff3c10ccfa0aa83 Author: Miroslav Lichvar Date: Mon Apr 3 14:36:30 2023 +0200 test: add option to dump traffic to pcaps This will be useful for debugging. --- Summary of changes: doc/chronyd.adoc| 6 ++-- sched.c | 14 - test/simulation/145-rtc | 75 + test/simulation/test.common | 6 test/unit/test.c| 1 + test/unit/util.c| 2 ++ 6 files changed, 101 insertions(+), 3 deletions(-) create mode 100755 test/simulation/145-rtc hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-71-g0189dac
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 0189dac7d82f89de9be07a29985371efa686637d (commit) via 4a11399c2ebb78c9de8b4fca256d00b82416ff32 (commit) via cf98551ea1fd3ee0fed3f079b62c07fb9e55228a (commit) via 5508b01bd8802cdd0b731fcafd42b7f64e1f18c5 (commit) via 907accec879ec073ab5c94afa1120cd80d940584 (commit) via a511029cc297fc33afe85f9b6e5786c7cc4befa0 (commit) from 0845df7684f4597ab9ff7a6e9aadf01895b93887 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 0189dac7d82f89de9be07a29985371efa686637d Author: Miroslav Lichvar Date: Tue Mar 28 15:33:50 2023 +0200 ntp: save response when waiting for HW TX timestamp Rework handling of late HW TX timestamps. Instead of suspending reading from client-only sockets that have HW TX timestamping enabled, save the whole response if it is valid and a HW TX timestamp was received for the source before. When the timestamp is received, or the configurable timeout is reached, process the saved response again, but skip the authentication test as the NTS code allows only one response per request. Only one valid response per source can be saved. If a second valid response is received while waiting for the timestamp, process both responses immediately in the order they were received. The main advantage of this approach is that it works on all sockets, i.e. even in the symmetric mode and with NTP-over-PTP, and the kernel does not need to buffer invalid responses. commit 4a11399c2ebb78c9de8b4fca256d00b82416ff32 Author: Miroslav Lichvar Date: Thu Mar 23 17:04:57 2023 +0100 ntp: rework calculation of transmit timeout Previously, in the calculation of the next transmission time corresponding to the current polling interval, the reference point was the current time in the client mode (i.e. the time when the response is processed) and the last transmission time in the symmetric mode. Rework the code to use the last transmission in both modes and make it independent from the time when the response is processed to avoid extra delays due to waiting for HW TX timestamps. commit cf98551ea1fd3ee0fed3f079b62c07fb9e55228a Author: Miroslav Lichvar Date: Thu Mar 23 14:07:44 2023 +0100 client: avoid casting to long Use the PRI*32 specifiers in printf formats to avoid casting received values to unsigned long. commit 5508b01bd8802cdd0b731fcafd42b7f64e1f18c5 Author: Miroslav Lichvar Date: Thu Mar 23 12:42:30 2023 +0100 cmdmon: switch serverstats to 64-bit integers Update the serverstats response to use the new 64-bit integers. Don't define a new value for the response as it already had an incompatible change since the latest release (new fields added for timestamp counters). commit 907accec879ec073ab5c94afa1120cd80d940584 Author: Miroslav Lichvar Date: Thu Mar 23 12:32:57 2023 +0100 clientlog: extend serverstats counters to 64 bits On a busy server the 32-bit counters included in the serverstats report may overflow every few hours or days. Extend them to 64 bits. commit a511029cc297fc33afe85f9b6e5786c7cc4befa0 Author: Miroslav Lichvar Date: Thu Mar 23 11:37:11 2023 +0100 cmdmon: define 64-bit integer Add a structure for 64-bit integers without requiring 64-bit alignment to be usable in CMD_Reply without struct packing. Add utility functions for conversion to/from network order. Avoid using be64toh() and htobe64() as they don't seem to be available on all supported systems. --- Summary of changes: candm.h | 42 +++- client.c | 165 ++-- clientlog.c | 14 ++-- cmdmon.c | 44 +++- doc/chrony.conf.adoc | 20 +++--- doc/chronyc.adoc | 4 -- ntp_core.c | 188 --- ntp_io.c | 3 - ntp_io_linux.c | 122 - ntp_io_linux.h | 2 - reports.h| 34 +- test/unit/ntp_core.c | 62 - test/unit/util.c | 5 ++ util.c | 19 ++ util.h | 3 + 15 files changed, 401 insertions(+), 326 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the su
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-65-g0845df7
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 0845df7684f4597ab9ff7a6e9aadf01895b93887 (commit)
via 2f961ab36aa080c5bc1b9992f27989beb4ff0daf (commit)
via a0cf7f7f12399684f40d795536cb7a7fd5c8955e (commit)
via a5f1a113f0d5b2430323c61a71c57e51f7145f5e (commit)
via 5160f14fdcbf7335120dc10b09f95d7a881029bf (commit)
via b0a2ad2535145ed3d79b39cf0ab4d8ca4eca4fbc (commit)
via ecdde75f8f0bce2a409b48c87beb1b9a48d051eb (commit)
via 2d80be9541c42935cde2ddad1288d939003ca12a (commit)
from ab776ed9d8040d45521bfdb5f831f48e67e101d7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 0845df7684f4597ab9ff7a6e9aadf01895b93887
Author: Miroslav Lichvar
Date: Thu Mar 16 16:59:18 2023 +0100
cmdmon: add timestamp counters to serverstats report
Add the new RX/TX daemon/kernel/hardware timestamp counters to the
serverstats report.
commit 2f961ab36aa080c5bc1b9992f27989beb4ff0daf
Author: Miroslav Lichvar
Date: Thu Mar 16 16:56:28 2023 +0100
clientlog: count RX and TX timestamps for each source
Count served timestamps in all combinations of RX/TX and
daemon/kernel/hardware. Repurpose CLG_LogAuthNtpRequest() to update all
NTP-specific stats in one call per accepted request and response.
commit a0cf7f7f12399684f40d795536cb7a7fd5c8955e
Author: Miroslav Lichvar
Date: Thu Mar 16 16:51:12 2023 +0100
clientlog: save source of transmit timestamps
Add the timestamp source to the data kept for clients using interleaved
mode to allow extending server statistics.
commit a5f1a113f0d5b2430323c61a71c57e51f7145f5e
Author: Miroslav Lichvar
Date: Thu Mar 16 17:19:33 2023 +0100
ntp: remove unnecessary check for NULL local timestamp
After 5f4cbaab7e0e ("ntp: optimize detection of clients using
interleaved mode") the local TX timestamp is saved for all requests
indicating interleaved mode even when no previous RX timestamp is found.
commit 5160f14fdcbf7335120dc10b09f95d7a881029bf
Author: Miroslav Lichvar
Date: Tue Mar 14 12:23:21 2023 +0100
ntp: add maximum PHC poll interval
Specify maxpoll for HW timestamping (default minpoll + 1) to track the
PHC well even when there is little NTP traffic on the interface. After
each PHC reading schedule a timeout according to the maxpoll. Polling
between minpoll and maxpoll is still triggered by HW timestamps.
Wait for the first HW timestamp before adding the timeout to avoid
polling PHCs on interfaces that are enabled in the configuration but
not used for NTP. Add a new scheduling class to separate polling of
different PHCs to avoid too long intervals between processing I/O
events.
commit b0a2ad2535145ed3d79b39cf0ab4d8ca4eca4fbc
Author: Miroslav Lichvar
Date: Thu Mar 16 16:19:59 2023 +0100
doc: add missing word in serverstats description
commit ecdde75f8f0bce2a409b48c87beb1b9a48d051eb
Author: Miroslav Lichvar
Date: Tue Mar 21 16:38:10 2023 +0100
doc: replace offensive words
commit 2d80be9541c42935cde2ddad1288d939003ca12a
Author: Miroslav Lichvar
Date: Mon Mar 13 16:03:11 2023 +0100
doc: mention NTP port number in FAQ
---
Summary of changes:
candm.h | 10 -
client.c| 16 ++-
clientlog.c | 45 ++-
clientlog.h | 12 +++--
cmdmon.c| 10 -
conf.c | 9 +++-
conf.h | 1 +
doc/chrony.conf.adoc| 29 +++-
doc/chronyc.adoc| 32 --
doc/faq.adoc| 5 ++-
ntp.h | 7 +++
ntp_core.c | 19
ntp_core.h | 6 ---
ntp_io_linux.c | 97 -
pktlength.c | 3 +-
reports.h | 6 +++
sched.h | 1 +
test/simulation/110-chronyc | 8 +++-
test/simulation/133-hwtimestamp | 31 -
test/system/007-cmdmon | 8 +++-
test/unit/clientlog.c | 42 ++
21 files changed, 303 insertions(+), 94 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-57-gab776ed
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via ab776ed9d8040d45521bfdb5f831f48e67e101d7 (commit) via ccebec3eb687b36c5742e6bbe24b2e7b490ce093 (commit) via 3ea3e0efd7fed4a9193aa17c35917fce10935b3a (commit) via c3e4e3e47a443927582e77c54b962efb78e3a2cb (commit) from e949e1d9914f80160972379f9f9927356d9e8581 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ab776ed9d8040d45521bfdb5f831f48e67e101d7 Author: Miroslav Lichvar Date: Thu Mar 9 11:09:33 2023 +0100 ntp: make socket resume timeout configurable In some cases even the new timeout of 1 millisecond is not sufficient to get all HW TX timestamps. Add a new directive to allow users to specify longer timeouts. commit ccebec3eb687b36c5742e6bbe24b2e7b490ce093 Author: Miroslav Lichvar Date: Thu Mar 9 11:37:45 2023 +0100 ntp: increase socket resume timeout to 1 millisecond This seems to work significantly better on some hardware and is still shorter than burst interval at the minimum configurable poll. commit 3ea3e0efd7fed4a9193aa17c35917fce10935b3a Author: Miroslav Lichvar Date: Wed Mar 8 17:07:38 2023 +0100 ntp: add support for multiple suspended sockets With some hardware it takes milliseconds to get the HW TX timestamp. Rework the code to handle multiple suspended client-only sockets at the same time in order to allow longer timeouts, which may overlap for different sources. Instead of waiting for the first read event simply suspend the socket and create timeout when the HW TX timestamp is requested. commit c3e4e3e47a443927582e77c54b962efb78e3a2cb Author: Dan Drown Date: Tue Mar 7 16:29:19 2023 +0100 ntp: increment sequence id in PTP messages --- Summary of changes: conf.c | 13 ++ conf.h | 1 + doc/chrony.conf.adoc | 25 +++ ntp_io.c | 8 ++-- ntp_io_linux.c | 122 ++- ntp_io_linux.h | 2 - ptp.h| 7 ++- 7 files changed, 120 insertions(+), 58 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-53-ge949e1d
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via e949e1d9914f80160972379f9f9927356d9e8581 (commit)
via c8649ccb7e5d88749d588fd55d3202c5bed84eec (commit)
via 39ff7ceecaa84fdd24e9ef8507f17384174222a5 (commit)
via 06945d927b84d00dbd9e11301ae7a28b4db5f048 (commit)
via caf82b1a45c2d2ee6d22cb0a1edc2b2e2be1a0ff (commit)
via f99b2f633b989ba7b8edc500d2ea8985979a8de7 (commit)
via 6270a3eb7cf8e35673cb19ea8e12bd6c8b15ede2 (commit)
via 1daa40a2f759df30a7afe086c9f001d99fdd14a3 (commit)
via a1406eded39e3f607f5fbc5fa3a5f8720a1e5bc1 (commit)
from 1eb8994c0052ac746f5084ff375fcd9896b93452 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit e949e1d9914f80160972379f9f9927356d9e8581
Author: Miroslav Lichvar
Date: Thu Mar 2 11:29:49 2023 +0100
test: update description of 106-refclock
commit c8649ccb7e5d88749d588fd55d3202c5bed84eec
Author: Miroslav Lichvar
Date: Wed Mar 1 16:39:35 2023 +0100
refclock_phc: support multiple extpps refclocks on one PHC
The Linux kernel (as of 6.2) has a shared queue of external timestamps
for all descriptors of the same PHC. If multiple refclocks using the
same PHC and the same or different channels were specified, some
refclocks didn't receive any or most of their timestamps, depending on
the rate and timing of the events (with the previous commit avoiding
blocking reads).
Track extpps-enabled refclocks in an array. Add PHC index to the PHC
instance. When a timestamp is read from the descriptor, provide it to
all refclocks that have the same PHC index and a channel matching the
event.
Make sure the timestamp is different from the previous one in case the
kernel will be improved to duplicate the timestamps for different
descriptors.
Reported-by: Matt Corallo
commit 39ff7ceecaa84fdd24e9ef8507f17384174222a5
Author: Miroslav Lichvar
Date: Wed Mar 1 14:41:34 2023 +0100
sys_linux: avoid blocking in reading of external PHC timestamp
The kernel has a common queue for all readers of a PHC device. With
multiple PHC refclocks using the same device some reads blocked. PHC
devices don't seem to support non-blocking reads. Use poll() to check if
a timestamp is available before reading from the descriptor.
commit 06945d927b84d00dbd9e11301ae7a28b4db5f048
Author: Miroslav Lichvar
Date: Wed Mar 1 16:02:50 2023 +0100
test: add array unit test
commit caf82b1a45c2d2ee6d22cb0a1edc2b2e2be1a0ff
Author: Miroslav Lichvar
Date: Wed Mar 1 16:02:16 2023 +0100
array: add function for removing elements
commit f99b2f633b989ba7b8edc500d2ea8985979a8de7
Author: Miroslav Lichvar
Date: Mon Feb 27 15:29:44 2023 +0100
ntp: count missing samples when waiting for NTS-KE
Count missing samples for the median filter when
NAU_PrepareRequestAuth() is failing.
Fixes: 4234732b0883 ("ntp: rework filter option to count missing samples")
commit 6270a3eb7cf8e35673cb19ea8e12bd6c8b15ede2
Author: Miroslav Lichvar
Date: Mon Feb 27 15:00:50 2023 +0100
ntp: don't adjust poll interval when waiting for NTS-KE
Don't adjust the NTP polling interval and decrement the burst count when
NAU_PrepareRequestAuth() fails (e.g. no NTS-KE response received yet,
network being down, or the server refusing connections), same as if an
NTP request could not be sent. Rely on the rate limiting implemented in
the NTS code.
commit 1daa40a2f759df30a7afe086c9f001d99fdd14a3
Author: Miroslav Lichvar
Date: Thu Feb 23 13:10:11 2023 +0100
nts: use shorter NTS-KE retry interval when network is down
When chronyd configured with an NTS source not specified as offline and
resolvable without network was started before the network was up, it was
using an unnecessarily long NTS-KE retry interval, same as if the server
was refusing the connections.
When the network is down, the connect() call made from NKC_Start() on
the non-blocking TCP socket should fail with a different error than
EINPROGRESS and cause NKC_Start() to return with failure. Add a constant
2-second retry interval (matching default iburst) for this case.
commit a1406eded39e3f607f5fbc5fa3a5f8720a1e5bc1
Author: Miroslav Lichvar
Date: Thu Feb 23 14:58:29 2023 +0100
nts: destroy NTS-KE client right after failed start
When NKC_Start() fails (e.g. due to unreachable network), don't wait for
the next poll to destroy the client and another poll to create and start
it again.
---
Summary
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-44-g1eb8994
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 1eb8994c0052ac746f5084ff375fcd9896b93452 (commit) via 221e5fb5011594d12fa4b6e5f851dc70d0ae4775 (commit) via ecfbde9872e4adda7f0de03b775f55653730c825 (commit) via dec07aa844f81e275ff60d74e14e6fada3e4734a (commit) from 5b3d4dfe76679a01a920d7b45efa8b9d201fd986 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 1eb8994c0052ac746f5084ff375fcd9896b93452 Author: Miroslav Lichvar Date: Thu Feb 2 16:38:11 2023 +0100 client: add -e option to indicate end of response In a non-tty session with chronyc it is not possible to detect the end of the response without relying on timeouts, or separate responses to a repeated command if using the -c option. Add -e option to end each response with a line containing a single dot. commit 221e5fb5011594d12fa4b6e5f851dc70d0ae4775 Author: Miroslav Lichvar Date: Thu Feb 2 15:05:05 2023 +0100 doc: improve description of refclock filter option commit ecfbde9872e4adda7f0de03b775f55653730c825 Author: Miroslav Lichvar Date: Thu Feb 2 14:43:19 2023 +0100 doc: describe minimum useful ntsrefresh commit dec07aa844f81e275ff60d74e14e6fada3e4734a Author: Miroslav Lichvar Date: Thu Feb 2 11:12:31 2023 +0100 sourcestats: don't fudge refclock LastRx in sources report The sample time used in calculation of the last_meas_ago (LastRx) value in the sources report is aligned to the second to minimize the leak of the NTP receive timestamp, which could be useful in some attacks. There is no need to do that with reference clocks, which are often used with very short polling intervals and an extra second in the LastRx value can be misinterpreted as a missed sample. --- Summary of changes: client.c| 12 +++- doc/chrony.conf.adoc| 8 +++- doc/chronyc.adoc| 4 sourcestats.c | 7 --- test/simulation/110-chronyc | 12 5 files changed, 38 insertions(+), 5 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-40-g5b3d4df
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 5b3d4dfe76679a01a920d7b45efa8b9d201fd986 (commit) via dc0f0cd13420045307e54ae2bcd1ec9c0faeacdf (commit) via bd37efa52ebd174ac6ecf2cdb131042b6c643285 (commit) via c71185a0e5f80d6298b90d8758e37e20731a1b4c (commit) from f149b7b758e9dfc42eb471a38038bcd3ce87db44 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5b3d4dfe76679a01a920d7b45efa8b9d201fd986 Author: Miroslav Lichvar Date: Thu Jan 26 16:21:11 2023 +0100 sources: warn about detected falsetickers Log a warning message for each detected falseticker, but only once between changes in the selection of the best source. Don't print all sources when no majority is reached as that case has its own warning message. commit dc0f0cd13420045307e54ae2bcd1ec9c0faeacdf Author: Miroslav Lichvar Date: Thu Jan 26 16:12:26 2023 +0100 sources: enable no majority message before first selection Add a separate flag to allow the "no majority" message to be logged even before the first successful selection. commit bd37efa52ebd174ac6ecf2cdb131042b6c643285 Author: Miroslav Lichvar Date: Thu Jan 26 16:05:57 2023 +0100 sources: increase log level of no majority message When the selection fails due to no majority, log the message as a warning to get the admin's attention. commit c71185a0e5f80d6298b90d8758e37e20731a1b4c Author: Miroslav Lichvar Date: Thu Jan 26 12:03:48 2023 +0100 doc: add missing description of selection log field --- Summary of changes: doc/chrony.conf.adoc | 7 +++ sources.c| 36 +++- 2 files changed, 34 insertions(+), 9 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-36-gf149b7b
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f149b7b758e9dfc42eb471a38038bcd3ce87db44 (commit) via 883b0dde946105e0910456a0bebb24d57fecb0fc (commit) from 9cba9c8585bc5ebf19bafece118fb2362090547c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f149b7b758e9dfc42eb471a38038bcd3ce87db44 Author: Miroslav Lichvar Date: Wed Jan 25 15:58:37 2023 +0100 examples: add AES keys to chrony.keys.example commit 883b0dde946105e0910456a0bebb24d57fecb0fc Author: Miroslav Lichvar Date: Wed Jan 25 14:29:06 2023 +0100 conf: warn if not having read-only access to keys After dropping root privileges, log a warning message if chronyd doesn't have read access or has (unnecessary) write access to the files containing symmetric and server NTS keys. --- Summary of changes: conf.c | 13 + conf.h | 2 ++ examples/chrony.keys.example | 2 ++ main.c | 6 +- util.c | 11 +++ util.h | 4 6 files changed, 37 insertions(+), 1 deletion(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-34-g9cba9c8
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 9cba9c8585bc5ebf19bafece118fb2362090547c (commit) from 88e711ad9abe3a541863a78efaf8e1b6a143d129 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9cba9c8585bc5ebf19bafece118fb2362090547c Author: Miroslav Lichvar Date: Thu Jan 19 16:09:40 2023 +0100 keys+nts: warn if loading world-readable/writable key Log a warning message if the file specified by the keyfile or ntsserverkey directive is world-readable or writable, which is likely an insecure misconfiguration. There is no check of directories containing the file. --- Summary of changes: keys.c | 3 +++ nts_ke_session.c | 2 ++ util.c | 23 +++ util.h | 4 4 files changed, 32 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-32-gbadaa83
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via badaa83c319ae5a0bef872d1e7a55bf1260c1b84 (commit) from bbeec7361c339090cbca0356b83a4131f9b4502a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit badaa83c319ae5a0bef872d1e7a55bf1260c1b84 Author: Miroslav Lichvar Date: Wed Jan 18 16:14:10 2023 +0100 refclock: convert mismatched timeval in SOCK messages On 32-bit glibc-based (>=2.34) systems, allow the SOCK client to send messages with timevals using the other time_t size than chrony. If the length of the received message corresponds to the other size, convert the timeval and move the rest of the message before its processing. This is needed for compatibility with the current development version of gpsd, which forces 64-bit time_t on these systems, while chrony needs to be compiled with the same time_t as gnutls. --- Summary of changes: refclock_sock.c | 42 -- 1 file changed, 40 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-31-gbbeec73
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via bbeec7361c339090cbca0356b83a4131f9b4502a (commit) via 6fba5a4a7fbe785849c0ec759e18bce0b7e234e4 (commit) from 26889a8cb7ce661ff22998b339b95214c88c3319 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit bbeec7361c339090cbca0356b83a4131f9b4502a Author: Miroslav Lichvar Date: Thu Jan 12 15:23:21 2023 +0100 doc: deprecate SHM refclocks in favor of SOCK The NTP SHM refclock protocol has the following properties: - the memory segments have a predictable key (first segment 0x4e545030) - it's expected to work in any order of starting chronyd and the program providing samples to chronyd, i.e. both the consumer and producer need to be able to create the segment - the producer and consumer generally don't know under which user is the other side running (e.g. gpsd can create the segment as root and also as nobody after it drops root privileges) - there is no authentication of data provided via SHM - there is no way to restart the protocol This makes it difficult for chronyd to ensure it is receiving measurements from the process that the admin expects it to and not some other process that managed to create the segment before it was started. It's up to the admin to configure the system so that chronyd or the producer is started before untrusted applications or users can create the segment, or at least verify at some point later that the segment was created with the expected owner and permissions. There doesn't seem to be a backward-compatible fix of the protocol. Even if one side could detect the segment had a wrong owner or permissions, it wouldn't be able to tell the other side to reattach after recreating the segment with the expected owner and permissions, if it still had the permissions to do that. The protocol would need to specify which side is responsible for creating the segment and the start order would need to strictly follow that. As gpsd (likely the most common refclock source for chronyd) now supports in the latest version SOCK even for message-based timing, update the man page and FAQ to deprecate SHM in favor of SOCK. commit 6fba5a4a7fbe785849c0ec759e18bce0b7e234e4 Author: Miroslav Lichvar Date: Tue Jan 10 15:02:49 2023 +0100 examples: add chronyd-restricted.service This is a more restricted version of the chronyd service intended for minimal NTP/NTS client configurations. The daemon is started without root privileges and is allowed to write only to its own runtime, state, and log directories. It cannot bind to privileged ports in order to operate as an NTP server, or provide monitoring access over IPv4/IPv6. It cannot use reference clocks, HW timestamping, RTC tracking, and other features. --- Summary of changes: doc/chrony.conf.adoc| 68 +++-- doc/faq.adoc| 44 ++-- examples/chronyd-restricted.service | 59 3 files changed, 128 insertions(+), 43 deletions(-) create mode 100644 examples/chronyd-restricted.service hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-29-g26889a8
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 26889a8cb7ce661ff22998b339b95214c88c3319 (commit) via cd278d1826a72ae2ca90779e50507f6fb225abaf (commit) via 38777348143ed2f6c41ff0fedb131181606d3a1a (commit) via 19f2ab9e09adb2fbb88e8a7a3381125415714c2a (commit) via 3260dc82fe4a04bd2f851c3618af5ae66750285e (commit) via 1a98c5ffa91116af8a0ade55f5674b327a1c9863 (commit) from 8247b8525fe81779f15e7b4b6c8ed5d245903bff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 26889a8cb7ce661ff22998b339b95214c88c3319 Author: Miroslav Lichvar Date: Wed Dec 14 16:04:43 2022 +0100 cmdmon+client: add selectopts command This command uses the new source function to modify configured selection options of an NTP source or reference clock. commit cd278d1826a72ae2ca90779e50507f6fb225abaf Author: Miroslav Lichvar Date: Wed Dec 14 15:28:52 2022 +0100 cmdmon+client: split out conversion of selection options This will be shared with new command modifying the selection options. commit 38777348143ed2f6c41ff0fedb131181606d3a1a Author: Miroslav Lichvar Date: Wed Dec 14 15:15:41 2022 +0100 sources: add function to modify selection options Add a function to add new selection options or remove existing options specified in the configuration for both NTP sources and reference clocks. Provide a pair of IP address and reference ID to identify the source depending on the type. Find the source directly in the array of sources instead of going through the NSR hashtable for NTP sources to not complicate it unnecessarily. commit 19f2ab9e09adb2fbb88e8a7a3381125415714c2a Author: Miroslav Lichvar Date: Wed Dec 14 14:57:42 2022 +0100 sources: add assertion for instance index commit 3260dc82fe4a04bd2f851c3618af5ae66750285e Author: Miroslav Lichvar Date: Tue Dec 6 16:33:03 2022 +0100 cmdparse: add functions for parsing refclock refid and select options This will be used in new chronyc command working on refclocks. commit 1a98c5ffa91116af8a0ade55f5674b327a1c9863 Author: Miroslav Lichvar Date: Mon Dec 5 16:44:38 2022 +0100 ntp: update comment about minimum request spacing --- Summary of changes: candm.h | 13 +++- client.c| 72 + cmdmon.c| 46 - cmdparse.c | 45 ++-- cmdparse.h | 6 conf.c | 22 -- doc/chronyc.adoc| 17 +++ ntp_io_linux.c | 4 +-- pktlength.c | 1 + sources.c | 43 +++ sources.h | 4 +++ test/simulation/110-chronyc | 9 ++ test/system/007-cmdmon | 3 +- 13 files changed, 241 insertions(+), 44 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-23-g8247b85
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 8247b8525fe81779f15e7b4b6c8ed5d245903bff (commit) from 8901293be8b682227ccc180cab939a652e79e0f0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 8247b8525fe81779f15e7b4b6c8ed5d245903bff Author: Miroslav Lichvar Date: Thu Dec 1 14:43:45 2022 +0100 log more changes made by chronyc commands Log important changes from chronyc for auditing purposes. Add log messages for: - loaded symmetric keys and server NTS keys (logged also on start) - modified maxupdateskew and makestep - enabled/disabled local reference mode (logged also on start) - reset time smoothing (logged also on clock steps) - reset sources --- Summary of changes: keys.c | 2 ++ nts_ke_server.c | 5 +++-- reference.c | 4 smooth.c| 4 +++- sources.c | 2 ++ 5 files changed, 14 insertions(+), 3 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-22-g8901293
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 8901293be8b682227ccc180cab939a652e79e0f0 (commit) via e789b0817f393a18d1d34b0882ce7a2cc4bfbb9d (commit) via d0fd04c0a2c133f7c62a7af81a34879a3e364730 (commit) via 7122321249ce1ee90196afea6f7d78de45ce87ad (commit) via b328c8c348fce1da477a86abb520cce8342c7063 (commit) from 7b97668319f9449b4adb1a978bb1fe9b0fb22e4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 8901293be8b682227ccc180cab939a652e79e0f0 Author: Mike Ryan Date: Wed Nov 16 09:13:09 2022 -0500 ntp: set DSCP for IPv6 Chrony's dscp setting currently applies to IPv4 only. This patch sets the necessary option for IPv6 as well. commit e789b0817f393a18d1d34b0882ce7a2cc4bfbb9d Author: Miroslav Lichvar Date: Wed Nov 16 15:59:49 2022 +0100 ntp+cmdmon: log allow/deny commands Log added NTP and command access restrictions, using INFO severity if from a chronyc command, DEBUG otherwise (i.e. from the config). commit d0fd04c0a2c133f7c62a7af81a34879a3e364730 Author: Miroslav Lichvar Date: Wed Nov 16 15:57:46 2022 +0100 util: add function for printing access subnets commit 7122321249ce1ee90196afea6f7d78de45ce87ad Author: Miroslav Lichvar Date: Tue Nov 15 16:38:50 2022 +0100 ntp: log added and removed sources Log a message when a single NTP source or pool of sources is added or removed. Use the INFO severity if it's a result of a chronyc command or (re)load of sourcefiles (which are assumed to change over time), and DEBUG for other contexts, e.g. sources loaded from the config, sources removed when pruning pools after reaching maxsources, and other parts of normal operation. commit b328c8c348fce1da477a86abb520cce8342c7063 Author: Miroslav Lichvar Date: Tue Nov 15 15:05:36 2022 +0100 logging: support context-specific severity Allow messages to have severity set to INFO or DEBUG depending on the context in which they are made to allow logging important changes made from chronyc or sourcefile, but not spam the system log if those changes are normally expected (e.g. specified in the config). --- Summary of changes: cmdmon.c | 7 +++ conf.c | 4 logging.c| 29 + logging.h| 14 ++ ntp_core.c | 4 ntp_io.c | 10 -- ntp_sources.c| 29 + sys_linux.c | 3 +++ test/unit/util.c | 9 + util.c | 20 util.h | 2 ++ 11 files changed, 129 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-17-g7b97668
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 7b97668319f9449b4adb1a978bb1fe9b0fb22e4d (commit) via 6f5df7e4a437aca3014f2898ea65af5bd64acb39 (commit) from 5a39074e01a654570d3b581ae5feda9f010fd8f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 7b97668319f9449b4adb1a978bb1fe9b0fb22e4d Author: Holger Hoffstätte Date: Wed Nov 9 09:17:14 2022 +0100 getdate: fix various warnings which will be errors with clang-16 These were found by Gentoo's QA while rebuilding the world with clang-16: https://bugs.gentoo.org/880519 Signed-off-by: Holger Hoffstätte commit 6f5df7e4a437aca3014f2898ea65af5bd64acb39 Author: Miroslav Lichvar Date: Mon Oct 24 16:14:35 2022 +0200 nts: warn if server started without ntsdumpdir If an NTS server is configured without ntsdumpdir, keys will not be saved and reloaded after restart, which will cause existing cookies to be invalidated and can cause a short-term denial of service if the server has so many clients that it cannot handle them all making an NTS-KE session within one polling interval. Log a warning message if a server key+certificate is specified without ntsdumpdir. --- Summary of changes: getdate.y | 19 +++ nts_ke_server.c | 5 + 2 files changed, 12 insertions(+), 12 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-15-g5a39074
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 5a39074e01a654570d3b581ae5feda9f010fd8f2 (commit) via c8e57f43503c52d3b250490db64cde4e500099aa (commit) via b1230efac33314fe68ad8d37837919ff6f756e7d (commit) via 4e1ce8898168626d4bb54e1ac3013dc3eb6b0ee0 (commit) via 790a336eb21b4bf7e321eb6ce6342fa26110c347 (commit) via cc706b50b9f84715eba80ee99bbe3a166dad01c7 (commit) via 73042494bd4864f4379a5454a22c33a52a1f68f5 (commit) via ec89739d50226a2959e7635e5c3df01e703e6869 (commit) via 4baf999cc30b992f5cf7de7dcb5ec08ac5e61af6 (commit) via 9afd19c29b3d8097a0a1b3df20e0bd1b1e0a6991 (commit) via 5dd173c05014fc0b31bb4f407ac20bea2b0dc8cf (commit) via 5caf0ad1877170bf4773c5757ccbef9fd97b5c81 (commit) via 17d2291a84b56904e473ae7ae0ff29831059abfb (commit) via a6179261a7f2de08f9e0bd9ac2110cbe52a4fbf4 (commit) via 098e0c43fc395b33b92bf220478f4c4241253121 (commit) from 7b197953e8add5515b7e58c4638dc55aa4bb91b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5a39074e01a654570d3b581ae5feda9f010fd8f2 Author: Miroslav Lichvar Date: Wed Oct 19 14:57:16 2022 +0200 nts: fix number of extension fields after failed encryption If the authenticator SIV encryption fails (e.g. due to wrong nonce length), decrement the number of extension fields to keep the packet info consistent. commit c8e57f43503c52d3b250490db64cde4e500099aa Author: Miroslav Lichvar Date: Thu Oct 13 15:35:53 2022 +0200 nts: change ntskeys format to support different algorithms Specify the AEAD ID for each key saved in the ntskeys file instead of one ID for all keys. Keep support for loading files in the old format. This will allow servers to save their keys after upgrading to a new version with AES-128-GCM-SIV support before the loaded AES-SIV-CMAC-256 keys are rotated out. If an unsupported key is found, don't load any keys. Also, change the severity of the error message from debug to error. commit b1230efac33314fe68ad8d37837919ff6f756e7d Author: Miroslav Lichvar Date: Wed Oct 12 16:46:56 2022 +0200 nts: add support for encrypting cookies with AES-128-GCM-SIV If AES-128-GCM-SIV is available on the server, use it for encryption of cookies. This makes them shorter by 4 bytes due to shorter nonce and it might also improve the server performance. After server upgrade and restart with ntsdumpdir, the switch will happen on the second rotation of the server key. Clients should accept shorter cookies without restarting NTS-KE. The first response will have extra padding in the authenticator field to make the length symmetric. commit 4e1ce8898168626d4bb54e1ac3013dc3eb6b0ee0 Author: Miroslav Lichvar Date: Wed Oct 12 16:00:45 2022 +0200 nts: make server key access more readable Get a pointer to the server key instead of repeated indexing. commit 790a336eb21b4bf7e321eb6ce6342fa26110c347 Author: Miroslav Lichvar Date: Tue Oct 11 14:36:14 2022 +0200 nts: add server support for authentication with AES-128-GCM-SIV Keep a server SIV instance for each available algorithm. Select AES-128-GCM-SIV if requested by NTS-KE client as the first supported algorithm. Instead of encoding the AEAD ID in the cookie, select the algorithm according to the length of decrypted keys. (This can work as a long as all supported algorithms use keys with different lengths.) commit cc706b50b9f84715eba80ee99bbe3a166dad01c7 Author: Miroslav Lichvar Date: Mon Oct 10 16:35:20 2022 +0200 nts: add client support for authentication with AES-128-GCM-SIV If AES-128-GCM-SIV is available on the client, add it to the requested algorithms in NTS-KE as the first (preferred) entry. If supported on the server, it will make the cookies shorter, which will get the length of NTP messages containing only one cookie below 200 octets. This should make NTS more reliable in networks where longer NTP packets are filtered as a mitigation against amplification attacks exploiting the ntpd mode 6/7 protocol. commit 73042494bd4864f4379a5454a22c33a52a1f68f5 Author: Miroslav Lichvar Date: Mon Oct 10 15:09:01 2022 +0200 nts: add support for NTP authenticator field using AES-GCM-SIV Add support for SIV algorithms which have maximum nonce length shorter than 16 bytes. commit ec89739d50226a2959e7635e5c3df01e703e6869 Author: Miroslav Lichvar Date: Tue Oct 11 12:32:04 2022 +0200 nts: make sure encrypted S2C and C2S keys have equal length
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.3 created. 4.3
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.3 has been created at 1e0a9b6b9a618576a2c11434bc650090806cfd80 (tag) tagging 7b197953e8add5515b7e58c4638dc55aa4bb91b7 (commit) replaces 4.3-pre1 tagged by Miroslav Lichvar on Wed Aug 31 11:40:18 2022 +0200 - Log - Release 4.3 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmMPLIYACgkQU34rdvdo Day2gBAAx2OhKx7g3Hk+ZWjVwH+wGB6YW490dnpcOmAMqxj0zVpCDup+iUt4jtS3 mTIWs35mdIv6shdNimlEl1sO22pNd3P35nPconnznACj6urS1Mvbt/Z5MDc+IiJc ulZdPWe6GAG9TIkH22QgTkSA5FBtp1HEINu7Pn3zj1UMzwnzIC4ALhZVSzzuQe66 M/a2To8kUo6yqGWS3DuVaVY6ve0A/FSr+Q8fW+8aubBNU4DQrreCuOmvlC8drk+4 MG8cRaLqSUPjBVYtJNmUwAp6wbgXqsPO1MEE4UvShryGyQCl1+6yd12ffYzVfH+G ONHtwUep1q/l5MtzbdNiDto1od9up8PBnLsPG1B0nTX9anaeILPbHzFqVDu+Jtfq aSFeVCcIhnUvM0vhoimD2YTuHGa+WUG/+x0+UNs0FKCI/q/7pJTXYhzi5EXoGVBk 3mwv34oxFWAiS2kp1Sb14Ia0qCZEFmc1uTVZljJIKlB7BygNt8V90FwPpSfJ0ZD6 FLw1Wieyn5+yeL4/+yRWAXn9BhLiCz6s4ke1R6CSERt9mIAgHSX4zY5jkD7k6LEt nRvIIdb9fQRED2I2lnVXvEq8tGS4bZdZCcmH4vODc4tVMM82lXIETsdvsHUAXOLl Jqq/EE8b/ET3q3XL6k4ZIykMBj8wqaHYcHjH9zxzH8GmFvMeolE= =Gdb2 -END PGP SIGNATURE- Miroslav Lichvar (5): ntp: initialize remote address in ntpdata report cmdmon: add good responses to ntpdata report doc: improve description of system time in tracking report doc: improve description of server directive update copyright years --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-pre1-5-g7b19795
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 7b197953e8add5515b7e58c4638dc55aa4bb91b7 (commit) via 9dcace0fc481fc0a277d88aeed8a9067561b6ef3 (commit) via a07ac383318c9539a00e7bcf641cb0f35d5ff941 (commit) from 166e43b13e8311eeb53161d148c04c8d3874574b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 7b197953e8add5515b7e58c4638dc55aa4bb91b7 Author: Miroslav Lichvar Date: Mon Aug 29 15:04:33 2022 +0200 update copyright years commit 9dcace0fc481fc0a277d88aeed8a9067561b6ef3 Author: Miroslav Lichvar Date: Mon Aug 29 12:08:45 2022 +0200 doc: improve description of server directive commit a07ac383318c9539a00e7bcf641cb0f35d5ff941 Author: Miroslav Lichvar Date: Mon Aug 29 12:07:10 2022 +0200 doc: improve description of system time in tracking report --- Summary of changes: client.c | 2 +- doc/chrony.conf.adoc | 24 +++- doc/chronyc.adoc | 24 ++-- doc/faq.adoc | 2 +- hwclock.c| 2 +- ntp_core.c | 2 +- ntp_io_linux.c | 2 +- refclock.c | 2 +- reference.c | 2 +- test/unit/hwclock.c | 2 +- test/unit/sources.c | 2 +- 11 files changed, 38 insertions(+), 28 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.3-pre1 created. 4.3-pre1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.3-pre1 has been created at 0fb0259d5617903fb72e08ab2f24f391b0ad1b16 (tag) tagging f323c814affdec7cb41f5604fa7c28f94abe029d (commit) replaces 4.2 tagged by Miroslav Lichvar on Thu Aug 11 10:36:11 2022 +0200 - Log - First prerelease for 4.3 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmL0v4EACgkQU34rdvdo DawX3Q/8Dp//nRK+qSnjBGoVJgfUBKCj0CZlNyoAiQqB2kuvjjbQvy3Otn01Uvey epnINE2ZX1JqaoVYmNolS7nPam6Ob5/9OpmvMOh1LIpeoB2NkfQUyF9KcjiOS4Wr Yolj5bGqbcZx/ckQ8s05aAkGyVCHv5PpuOUc7sdp/iD/PGLphZcGPn6PtptdYLyu kLPKKjoX7YIBoe7hj93glldZQPGFOXNmbcHjMQQ63rBVzllvmhShUxccqp9gtKRR tuJrPRyYW7vjiDYcj0fT2hSQIvUigAM/uScaAcBYxTbHBWW5rpOskcgsU3jCHh2m t58yqiToJUm05c/hSGGzu2WF6eoZK4ertmBADmYoHD4EEgxD73BRkGlN5dCcPt3T AlZFuSa/KiIyqC8dO8TlRMhMNnQcq/4iKIiEgO0BgSrb3NfBkY6DUWHqHuGamirg rwLythPMKHhq2OpBnR3a7kdkZDInqQFVXkH2F6QNii9cf/TkXlD+eWHjwrkB0bUQ 22r/PSOSyoL70mpCLruryWxbHeZ/bRx318DDldXhp1GiypxLZk49ivHERNbckBmT zhV9IRcJvrO4r2rb+9SHkxqQHCfF1o6EhERxLfgmN6DR9BdFPJ4GY8YPSuhVAixk 4933xQH54QfczEkxI02VF7MoQSoa1F/Go3u0ThB91sHGSFzpejQ= =k5KT -END PGP SIGNATURE- Michael Hudson-Doyle (1): sys_linux: allow rseq in seccomp filter Miroslav Lichvar (66): client: fix waitsync command to reconnect to server examples: support DHCPv6 NTP servers in NM dispatcher script examples: handle more actions in NM dispatcher script sourcestats: use constant for required number of samples sourcestats: clamp minsamples and maxsamples in initialization sourcestats: add function to get minsamples sources: handle unsynchronized sources in selection reference: allow clock adjustments without updating reference refclock: add local option refclock: improve precision with large offset sys_linux: don't require configurable pin for external PPS samplefilt: add function to correct accumulated offsets refclock: trim offset in local mode sources: improve debug messages test: extend sources unit test test: update 007-cmdmon system test for recent changes ntp: split out conf_id allocation ntp: keep original source IP address doc: include gnutls in libraries providing SECHASH feature examples: replace grep command in NM dispatcher script client: rework command catenation nts: don't exit if initialization of priority cache fails doc: improve maxchange description doc: improve description of chronyc -h option siv: set key directly with gnutls samplefilt: drop last sample in SPF_DropSamples() refclock: fix invalid warning in local mode refclock: restart local mode after losing lock refclock: set minimum maxlockage in local mode local: cancel remaining correction after external step sourcestats: don't load samples from future sources: add selection log doc: improve hwtimestamp description sys_linux: increase number of PHC readings ntp: convert HW timestamp even if PHC reading fails hwclock: refactor processing of PHC readings quantiles: add support for quantile estimation hwclock: improve filtering of readings test: improve 133-hwtimestamp test sys_generic: rename slew constants sys_generic: damp slew oscillation due to delayed stop doc: improve and add more questions to FAQ test: fix server interleaved mode in ntp_core unit test ntp: don't use first response in interleaved mode doc: improve description of test A in measurements log main: add log message for timeout reached with -t option client: check for stdout errors ntp: fix initial poll to follow non-LAN minimum ntp: enable sub-second poll sooner with filter option samplefilt: add function to get maximum number of samples samplefilt: add debug message for selected samples ntp: rework filter option to count missing samples ntp: change minimum allowed poll to -7 test: extend 101-poll and 127-filter tests quantiles: add function to get minimum k doc: improve description of maxdelay* options ntp: add maxdelayquant option test: fix sources unit test to call SRC_ReportSource() correctly test: fix ntp_core unit test to disable source selection test: catch definite leaks with valgrind doc: suggest self-signed certificates for NTS in FAQ configure: avoid -Wnonnull warnings configure: disable arc4random on Linux test: extend 106-refclock test doc: mention maxdelayquant in FAQ doc: update NEWS Vincent Blut (1): test: ensure awk commands in 008-ntpera return an integer Yury Vostrikov (1): refclock: remove unused struct Me
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-69-gf323c81
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f323c814affdec7cb41f5604fa7c28f94abe029d (commit) via 19b47dcbc9f07d028ac19e25bb8998a6cef5d9c3 (commit) via 5edeadcbd980ac1c91bfb19df608fcf0a7c74271 (commit) from d91ae2094fa87094430392acd9fd54b4132ba9f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f323c814affdec7cb41f5604fa7c28f94abe029d Author: Miroslav Lichvar Date: Thu Aug 11 09:36:40 2022 +0200 doc: update NEWS commit 19b47dcbc9f07d028ac19e25bb8998a6cef5d9c3 Author: Miroslav Lichvar Date: Wed Aug 10 15:32:54 2022 +0200 doc: mention maxdelayquant in FAQ commit 5edeadcbd980ac1c91bfb19df608fcf0a7c74271 Author: Miroslav Lichvar Date: Tue Aug 9 16:53:12 2022 +0200 test: extend 106-refclock test --- Summary of changes: NEWS | 21 + doc/faq.adoc | 9 + test/simulation/106-refclock | 11 +-- 3 files changed, 39 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-66-gd91ae20
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via d91ae2094fa87094430392acd9fd54b4132ba9f1 (commit)
via 30a584509895a29a573c9546bdede13d877ce13e (commit)
via 0f367efac53c45157807c99de45ce7e721960cf3 (commit)
via 24c011d4a61c889b2ee3c955318a874c75b6864b (commit)
via 0c2cdd2fb14652b9274a09291452fd22c54d5116 (commit)
via cd1a666e1bee6ce0e14278106e2f937430ada91c (commit)
from 070b4f69d0c2e2037102a64abd9e385fad45a33b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit d91ae2094fa87094430392acd9fd54b4132ba9f1
Author: Miroslav Lichvar
Date: Wed Aug 3 13:17:42 2022 +0200
configure: disable arc4random on Linux
In glibc 2.36 was added the arc4random family of functions. However,
unlike on other supported systems, it is not a user-space PRNG
implementation. It just wraps the getrandom() system call with no
buffering, which causes a performance loss on NTP servers due to
the function being called twice for each response to add randomness
to the RX and TX timestamp below the clock precision.
Don't check for arc4random on Linux to keep using the buffered
getrandom().
commit 30a584509895a29a573c9546bdede13d877ce13e
Author: Miroslav Lichvar
Date: Tue Aug 2 15:09:38 2022 +0200
configure: avoid -Wnonnull warnings
Replace NULL in test code of functions which have (at least in glibc) or
could have arguments marked as nonnull to avoid the -Wnonnull warnings,
which breaks the detection with the -Werror option.
commit 0f367efac53c45157807c99de45ce7e721960cf3
Author: Miroslav Lichvar
Date: Tue Aug 2 16:51:48 2022 +0200
doc: suggest self-signed certificates for NTS in FAQ
commit 24c011d4a61c889b2ee3c955318a874c75b6864b
Author: Miroslav Lichvar
Date: Tue Aug 2 14:45:18 2022 +0200
test: catch definite leaks with valgrind
commit 0c2cdd2fb14652b9274a09291452fd22c54d5116
Author: Miroslav Lichvar
Date: Mon Aug 1 16:20:13 2022 +0200
test: fix ntp_core unit test to disable source selection
If the randomly generated timestamps are close to the current time, the
source can be selected for synchronization, which causes a crash when
logging the source name due to uninitialized ntp_sources.
Specify the source with the noselect option to prevent selection.
commit cd1a666e1bee6ce0e14278106e2f937430ada91c
Author: Miroslav Lichvar
Date: Mon Aug 1 13:04:00 2022 +0200
test: fix sources unit test to call SRC_ReportSource() correctly
Call the function with current time instead of latest sample of the
first source to avoid undefined conversion of negative double to long
int.
Fixes: 07600cbd714f ("test: extend sources unit test")
---
Summary of changes:
configure | 35 ---
doc/faq.adoc| 12
test/compilation/003-sanitizers | 6 --
test/unit/ntp_core.c| 2 +-
test/unit/sources.c | 1 +
5 files changed, 38 insertions(+), 18 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-49-g7daf346
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 7daf34675a5a2487895c74d1578241ca91a4eb70 (commit)
from de598c23109cb1d416a123bb297902a7c120c525 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 7daf34675a5a2487895c74d1578241ca91a4eb70
Author: Yury Vostrikov
Date: Mon Jul 4 19:37:52 2022 +0200
refclock: remove unused struct MedianFilter
Filtering was moved to a separate source file in commit
c498c21fad35 ("refclock: split off median filter). It looks like
MedianFilter struct somehow survived the split. Remove it to reduce
confusion.
---
Summary of changes:
refclock.c | 15 ---
1 file changed, 15 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-48-gde598c2
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via de598c23109cb1d416a123bb297902a7c120c525 (commit) via 91cc4dbb1218ba67e8a9e5573b0ceb68bad4e2cd (commit) via 0ae6f2485b9784d3d2881d31372831128a7781b1 (commit) via 52ec694d2b96eadf5e01489f819b3f9343f9944f (commit) from e2e07af8a45c23d2a1db1d750cb11e43e4fc270c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit de598c23109cb1d416a123bb297902a7c120c525 Author: Miroslav Lichvar Date: Thu Jun 30 11:52:40 2022 +0200 main: add log message for timeout reached with -t option This should make it more clear why chronyd exits if -q/-Q does not finish before the timeout is reached. commit 91cc4dbb1218ba67e8a9e5573b0ceb68bad4e2cd Author: Miroslav Lichvar Date: Thu Jun 30 10:19:40 2022 +0200 doc: improve description of test A in measurements log commit 0ae6f2485b9784d3d2881d31372831128a7781b1 Author: Miroslav Lichvar Date: Thu Jun 30 10:18:48 2022 +0200 ntp: don't use first response in interleaved mode With the first interleaved response coming after a basic response the client is forced to select the four timestamps covering most of the last polling interval, which makes measured delay very sensitive to the frequency offset between server and client. To avoid corrupting the minimum delay held in sourcestats (which can cause testC failures), reject the first interleaved response in the client/server mode as failing the test A. This does not change anything for the symmetric mode, where both sets of the four timestamps generally cover a significant part of the polling interval. commit 52ec694d2b96eadf5e01489f819b3f9343f9944f Author: Miroslav Lichvar Date: Tue Jun 28 14:41:28 2022 +0200 test: fix server interleaved mode in ntp_core unit test --- Summary of changes: doc/chrony.conf.adoc | 4 +++- main.c | 2 ++ ntp_core.c | 7 ++- test/simulation/122-xleave | 4 +++- test/unit/ntp_core.c | 10 +- 5 files changed, 23 insertions(+), 4 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-44-ge2e07af
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via e2e07af8a45c23d2a1db1d750cb11e43e4fc270c (commit) from 2ed88c31c7a495fe819fc82cb3a4509d0a01f4a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit e2e07af8a45c23d2a1db1d750cb11e43e4fc270c Author: Miroslav Lichvar Date: Wed Jun 22 17:02:05 2022 +0200 doc: improve and add more questions to FAQ --- Summary of changes: doc/faq.adoc | 117 ++- 1 file changed, 115 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-43-g2ed88c3
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 2ed88c31c7a495fe819fc82cb3a4509d0a01f4a2 (commit) via af8e4a511557cd1d129d8ec7bf7a2696de7cc208 (commit) from f503a9a4901d60ffa02cbb16d1faf236eb368732 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 2ed88c31c7a495fe819fc82cb3a4509d0a01f4a2 Author: Miroslav Lichvar Date: Tue Jun 14 16:31:22 2022 +0200 sys_generic: damp slew oscillation due to delayed stop If the computer is overloaded so much that chronyd cannot stop a slew within one second of the scheduled end and the actual duration is more than doubled (2 seconds with the minimum duration of 1 second), the overshoot will be larger than the intended correction. If these conditions persist, the oscillation will grow up to the maximum offset allowed by maxslewrate and the delay in stopping. Monitor the excess duration as an exponentially decaying maximum value and don't allow any slews shorter than 5 times the value to damp the oscillation. Ignore delays longer than 100 seconds, assuming they have a different cause (e.g. the system was suspended and resumed) and are already handled in the scheduler by triggering cancellation of the ongoing slew. This should also make it safer to shorten the minimum duration if needed. Reported-by: Daniel Franke commit af8e4a511557cd1d129d8ec7bf7a2696de7cc208 Author: Miroslav Lichvar Date: Tue Jun 14 16:02:06 2022 +0200 sys_generic: rename slew constants --- Summary of changes: sys_generic.c | 62 --- 1 file changed, 46 insertions(+), 16 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-41-gf503a9a
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f503a9a4901d60ffa02cbb16d1faf236eb368732 (commit) via 9c64fbb9c4dd98b01c53460714741ddb7051199c (commit) via b428f901c7574df1a26304461a0eadf825955972 (commit) via 09b7f77f9a61a3906ad621737ecafd429fe64a99 (commit) via c23c0b84841e2710a8cd04746ef8cc3a0697903c (commit) via d5300559170c15647f49f36d826dfc051b7ca074 (commit) from f41d09e19f436985b15bccb913165f52e38aca40 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f503a9a4901d60ffa02cbb16d1faf236eb368732 Author: Miroslav Lichvar Date: Thu Jun 9 13:56:46 2022 +0200 test: improve 133-hwtimestamp test commit 9c64fbb9c4dd98b01c53460714741ddb7051199c Author: Miroslav Lichvar Date: Thu Jun 9 12:21:38 2022 +0200 hwclock: improve filtering of readings Estimate the 1st and 2nd 10-quantile of the reading delay and accept only readings between them unless the error of the offset predicted from previous samples is larger than the minimum reading error. With the 25 PHC readings per ioctl it should combine about 2-3 readings. This should improve hwclock tracking and synchronization stability when a PHC reading delay occasionally falls below the normal expected minimum, or all readings in the batch are delayed significantly (e.g. due to high PCIe load). commit b428f901c7574df1a26304461a0eadf825955972 Author: Miroslav Lichvar Date: Wed May 18 12:16:33 2022 +0200 quantiles: add support for quantile estimation Add estimation of quantiles using the Frugal-2U streaming algorithm (https://arxiv.org/pdf/1407.1121v1.pdf). It does not need to save previous samples and adapts to changes in the distribution. Allow multiple estimates of the same quantile and select the median for better stability. commit 09b7f77f9a61a3906ad621737ecafd429fe64a99 Author: Miroslav Lichvar Date: Tue Jun 7 15:03:14 2022 +0200 hwclock: refactor processing of PHC readings Move processing of PHC readings from sys_linux to hwclock, where statistics can be collected and filtering improved. In the PHC refclock driver accumulate the samples even if not in the external timestamping mode to update the context which will be needed for improved filtering. commit c23c0b84841e2710a8cd04746ef8cc3a0697903c Author: Miroslav Lichvar Date: Wed Jun 8 15:30:05 2022 +0200 ntp: convert HW timestamp even if PHC reading fails Reading of PHC can fail occasionally on some hardware. If that happens, don't abort the conversion of the timestamp that triggered the reading. commit d5300559170c15647f49f36d826dfc051b7ca074 Author: Miroslav Lichvar Date: Thu Jun 2 16:06:04 2022 +0200 sys_linux: increase number of PHC readings Increase the number of requested readings from 10 to 25 - the maximum accepted by the PTP_SYS_OFFSET* ioctls. This should improve stability of HW clock tracking and PHC refclock. --- Summary of changes: configure | 4 +- hwclock.c | 109 +- hwclock.h | 7 +- ntp_io_linux.c | 31 --- quantiles.c | 201 sys_macosx.h => quantiles.h | 22 ++--- refclock_phc.c | 28 -- sys_linux.c | 112 +++--- sys_linux.h | 4 +- test/simulation/133-hwtimestamp | 33 +-- test/unit/hwclock.c | 49 -- test/unit/quantiles.c | 66 + 12 files changed, 531 insertions(+), 135 deletions(-) create mode 100644 quantiles.c copy sys_macosx.h => quantiles.h (66%) create mode 100644 test/unit/quantiles.c hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-35-gf41d09e
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f41d09e19f436985b15bccb913165f52e38aca40 (commit) via 46030d9d3e4dac9646439f1930abfb4025941b29 (commit) via 02ccd3a3c7c86c2d197ee3cae1b069109326bbff (commit) via 9cc609c4b0679f6a22d08da4ea3644ea96035d9d (commit) from a0a496dcb423387e5faa3ab41e14dd6cf7743776 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f41d09e19f436985b15bccb913165f52e38aca40 Author: Miroslav Lichvar Date: Thu May 19 10:09:08 2022 +0200 doc: improve hwtimestamp description Latest versions of ethtool print only the shorter lower-case names of capabilities and filters. Explain that chronyd doesn't synchronize the PHC and refer to the new vclock feature of the kernel, which should be used by applications that need a synchronized PHC (e.g. ptp4l and phc2sys) in order to not interfere with chronyd. commit 46030d9d3e4dac9646439f1930abfb4025941b29 Author: Miroslav Lichvar Date: Thu May 19 08:23:05 2022 +0200 sources: add selection log Add an option to enable selection log, capturing some data from the selectdata report. commit 02ccd3a3c7c86c2d197ee3cae1b069109326bbff Author: Miroslav Lichvar Date: Wed May 18 16:30:19 2022 +0200 sourcestats: don't load samples from future When loading a dumped file, make sure there are no sample times in future relative to the current system time (e.g. after reboot with missing RTC). commit 9cc609c4b0679f6a22d08da4ea3644ea96035d9d Author: Miroslav Lichvar Date: Thu May 12 11:53:15 2022 +0200 local: cancel remaining correction after external step Instead of the generic clock driver silently zeroing the remaining offset after detecting an external step, cancel it properly with the slew handlers in order to correct timestamps that are not reset in handling of the unknown step (e.g. the NTP local TX). --- Summary of changes: conf.c | 11 ++ conf.h | 1 + doc/chrony.conf.adoc| 89 - local.c | 2 ++ sources.c | 25 ++ sourcestats.c | 1 + sys_generic.c | 7 +--- test/simulation/134-log | 4 ++- 8 files changed, 125 insertions(+), 15 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-31-ga0a496d
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via a0a496dcb423387e5faa3ab41e14dd6cf7743776 (commit) via 8d08486edf93269bdbd1eb4ef933c9cc5f6dd609 (commit) via a3b376cf0a5369ba0722d1d287fbc3506f4933ad (commit) via e66f1df89d56983de0f7d1a70aa6e3ae0fe62730 (commit) via 35220aac9dee4b7101dbd415dda34750e4998f7d (commit) from 5b04f3ca902e5d10aa5948fb7587d30b43941049 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit a0a496dcb423387e5faa3ab41e14dd6cf7743776 Author: Miroslav Lichvar Date: Wed May 11 11:53:07 2022 +0200 refclock: set minimum maxlockage in local mode Use 3 as the minimum maxlockage in the local mode to avoid disruptions due to losing the lock when a single sample is missed, e.g. when the PPS driver polling interval is slightly longer than the pulse interval and a pulse is skipped. commit 8d08486edf93269bdbd1eb4ef933c9cc5f6dd609 Author: Miroslav Lichvar Date: Wed May 11 11:36:57 2022 +0200 refclock: restart local mode after losing lock A refclock in the local mode is locked to itself. When the maxlockage check failed after missing some samples, it failed permanently and the refclock was not able to accumulate any new samples. When the check fails, drop all samples and reset the source to start from scratch. Reported-by: Dan Drown commit a3b376cf0a5369ba0722d1d287fbc3506f4933ad Author: Miroslav Lichvar Date: Mon May 9 16:41:27 2022 +0200 refclock: fix invalid warning in local mode A refclock in the local mode is locked to itself by design. Reported-by: Dan Drown commit e66f1df89d56983de0f7d1a70aa6e3ae0fe62730 Author: Miroslav Lichvar Date: Wed May 11 11:04:52 2022 +0200 samplefilt: drop last sample in SPF_DropSamples() When SPF_DropSamples() is called, don't keep the last sample to be retrieved by SPF_GetLastSample(). It should be kept only after filtering. commit 35220aac9dee4b7101dbd415dda34750e4998f7d Author: Miroslav Lichvar Date: Wed May 11 08:57:22 2022 +0200 siv: set key directly with gnutls A new function is provided by the latest gnutls (should be in 3.7.5) to set the key of an AEAD cipher. If available, use it to avoid destroying and creating a new SIV instance with each key change. This improves the server NTS-NTP performance if using gnutls for SIV. --- Summary of changes: configure | 6 ++ refclock.c | 13 ++--- samplefilt.c | 16 +--- siv_gnutls.c | 18 +++--- test/unit/samplefilt.c | 1 + 5 files changed, 45 insertions(+), 9 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-26-g5b04f3c
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 5b04f3ca902e5d10aa5948fb7587d30b43941049 (commit) via beb1c361364d70d4c19c3ff0a35f5fb7dfe2cbc3 (commit) via da3495c47226dff0419400d0f55aa7eaa8c6f7ef (commit) via 356771c0c3c2b8040ba2ae83394460d1402d487b (commit) from fca8966adaaf8376536af86ba2afe02501463588 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5b04f3ca902e5d10aa5948fb7587d30b43941049 Author: Miroslav Lichvar Date: Thu May 5 12:14:26 2022 +0200 doc: improve description of chronyc -h option commit beb1c361364d70d4c19c3ff0a35f5fb7dfe2cbc3 Author: Miroslav Lichvar Date: Thu May 5 11:50:00 2022 +0200 doc: improve maxchange description commit da3495c47226dff0419400d0f55aa7eaa8c6f7ef Author: Miroslav Lichvar Date: Wed May 4 14:17:34 2022 +0200 nts: don't exit if initialization of priority cache fails Initialization of the gnutls priority cache can fail depending on the system crypto policy (e.g. disabled TLS1.3). Log an error mentioning TLS, but continue to run without the server/client credentials. commit 356771c0c3c2b8040ba2ae83394460d1402d487b Author: Miroslav Lichvar Date: Tue May 3 13:25:11 2022 +0200 client: rework command catenation Use snprintf() instead of strcat() and don't try to parse commands longer than 2048 characters to make it consistent with the chrony.conf parser, avoid memory allocation, and not rely on the system ARG_MAX to keep the length sane. --- Summary of changes: client.c | 35 ++- doc/chrony.conf.adoc | 16 ++-- doc/chronyc.adoc | 15 +-- nts_ke_session.c | 17 - 4 files changed, 45 insertions(+), 38 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-22-gfca8966
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via fca8966adaaf8376536af86ba2afe02501463588 (commit) via 25f80a1a9d134e37173ab7f8a2c0d822e75fd2e1 (commit) from 1219f99935ca9597eb0e4f4c6039e536462cf1a6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit fca8966adaaf8376536af86ba2afe02501463588 Author: Miroslav Lichvar Date: Wed Mar 23 15:17:03 2022 +0100 examples: replace grep command in NM dispatcher script Some grep implementations detect binary data and return success without matching whole line. This might be an issue for the DHCPv6 NTP FQDN check. The GNU grep in the C locale seems to check only for the NUL character, which cannot be passed in an environment variable, but other implementations might behave differently and there doesn't seem to be a portable way to force matching the whole line. Instead of the grep command, check for invalid characters by comparing the length of the input passed through "tr -d -c". commit 25f80a1a9d134e37173ab7f8a2c0d822e75fd2e1 Author: Miroslav Lichvar Date: Wed Mar 16 14:46:13 2022 +0100 doc: include gnutls in libraries providing SECHASH feature --- Summary of changes: doc/chrony.conf.adoc | 2 +- doc/installation.adoc | 2 +- examples/chrony.nm-dispatcher.dhcp | 6 +- 3 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-20-g1219f99
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 1219f99935ca9597eb0e4f4c6039e536462cf1a6 (commit)
via 33a1fe7a9ce223d6287ab7b11bca3208e9255cdd (commit)
via eed0a0de564bc204dbf2f401dab01017c137bd2b (commit)
via 07600cbd714fb12d992554499705334f9b1f0074 (commit)
via f2e341b5ed1bbaa45d496272700c797ef182a69a (commit)
from 55717c1ccdf75aaa7b30570ac3478237a66a89f1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 1219f99935ca9597eb0e4f4c6039e536462cf1a6
Author: Miroslav Lichvar
Date: Wed Mar 9 15:34:16 2022 +0100
ntp: keep original source IP address
When an added source is specified by IP address, save the original
string instead of formatting a new string from the parsed address, which
can be different (e.g. compressed vs expanded IPv6 address).
This fixes the chronyc sourcename command and -N option to print the IP
address exactly as it was specified in the configuration file or chronyc
add command.
commit 33a1fe7a9ce223d6287ab7b11bca3208e9255cdd
Author: Miroslav Lichvar
Date: Wed Mar 9 15:30:16 2022 +0100
ntp: split out conf_id allocation
commit eed0a0de564bc204dbf2f401dab01017c137bd2b
Author: Miroslav Lichvar
Date: Mon Mar 7 15:54:08 2022 +0100
test: update 007-cmdmon system test for recent changes
The new unsynchronised source state is now reported in selectdata before
the first measurement.
Fixes: c29fc767 ("sources: handle unsynchronized sources in selection")
commit 07600cbd714fb12d992554499705334f9b1f0074
Author: Miroslav Lichvar
Date: Mon Feb 28 16:22:32 2022 +0100
test: extend sources unit test
commit f2e341b5ed1bbaa45d496272700c797ef182a69a
Author: Miroslav Lichvar
Date: Thu Feb 24 14:48:24 2022 +0100
sources: improve debug messages
Print source status as char and print the name instead of index in
combining.
---
Summary of changes:
ntp_sources.c | 35 +++
sources.c | 12 +++-
test/system/007-cmdmon | 2 +-
test/unit/sources.c| 46 +-
4 files changed, 72 insertions(+), 23 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-13-g3196630
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 3196630fb9ae06f5199a9705d450a439d0b4af18 (commit) via 663dde1ad70107a024a8fe440867f4b6ff063259 (commit) via 62757cda4920097e6f82a18579f3a9ee65409884 (commit) via af6ae9186b8d2aad14c7d4bd974ee1676b9af422 (commit) via 4c29fc767b4438b62c55ece1ae36e85daea9 (commit) via d06ae4a60e2856b30ee32321e9d99b231c83af3e (commit) via f9af2f97339e219d6cf3a26291f82047705aa529 (commit) via 43ae0131cdcb76b048922cbd557582ef2cbb65eb (commit) from 8bb8f15a7d049ed26c69d95087065b381f76ec4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 3196630fb9ae06f5199a9705d450a439d0b4af18 Author: Miroslav Lichvar Date: Wed Feb 23 11:31:24 2022 +0100 sys_linux: don't require configurable pin for external PPS Some PHCs that have a PPS input don't have configurable pins (their function is hardcoded). Accept a negative pin index to skip the pin configuration before requesting external timestamping. commit 663dde1ad70107a024a8fe440867f4b6ff063259 Author: Miroslav Lichvar Date: Wed Feb 23 10:23:18 2022 +0100 refclock: improve precision with large offset If a SHM or PHC refclock has a very large offset compensated by the offset option, or ignored with the pps or local option, there is a persistent loss of precision in the calculation of the sample offset using the double format. Rework the code to delay the calculation of the accumulated offset to include the specificed compensation and remaining correction of the system clock, where the calculation can be split to improve the precision. In the pps mode ignore integer seconds competely. The precision of the SOCK refclock is now limited to 1 nanosecond due to the extra double->timespec->double conversion. commit 62757cda4920097e6f82a18579f3a9ee65409884 Author: Miroslav Lichvar Date: Tue Feb 22 11:24:00 2022 +0100 refclock: add local option Add "local" option to specify that the reference clock is an unsynchronized clock which is more stable than the system clock (e.g. TCXO, OCXO, or atomic clock) and it should be used as a local standard to stabilize the system clock. Handle the local refclock as a PPS refclock locked to itself which gives the unsynchronized status to be ignored in the source selection. Wait for the refclock to get at least minsamples samples and adjust the clock directly to follow changes in the refclock's sourcestats frequency and offset. There should be at most one refclock specified with this option. commit af6ae9186b8d2aad14c7d4bd974ee1676b9af422 Author: Miroslav Lichvar Date: Tue Feb 22 11:00:27 2022 +0100 reference: allow clock adjustments without updating reference Add support for accumulating frequency and time offset without changing the reference parameters and calling the local parameter change handlers. This will allow an unsynchronized source to operate below other sources in order to stabilize the clock. commit 4c29fc767b4438b62c55ece1ae36e85daea9 Author: Miroslav Lichvar Date: Mon Feb 14 10:55:22 2022 +0100 sources: handle unsynchronized sources in selection Allow sources to accumulate samples with the leap status set to not synchronized. Define a new state for them to be ignored in the selection. This is intended for sources that are never synchronized and will be used only for stabilization. commit d06ae4a60e2856b30ee32321e9d99b231c83af3e Author: Miroslav Lichvar Date: Thu Feb 10 16:38:50 2022 +0100 sourcestats: add function to get minsamples commit f9af2f97339e219d6cf3a26291f82047705aa529 Author: Miroslav Lichvar Date: Thu Feb 10 15:24:25 2022 +0100 sourcestats: clamp minsamples and maxsamples in initialization Don't leave the variables set to values outside their effective range. This has no functional impact, but makes it clear what is the precedence of the two settings. commit 43ae0131cdcb76b048922cbd557582ef2cbb65eb Author: Miroslav Lichvar Date: Thu Feb 10 15:16:08 2022 +0100 sourcestats: use constant for required number of samples --- Summary of changes: client.c | 12 +++--- conf.c | 7 +++- doc/chrony.conf.adoc | 13 +- doc/chronyc.adoc | 1 + local.c | 18 + local.h | 5 +++ refclock.c | 95 ++
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-5-g8bb8f15
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 8bb8f15a7d049ed26c69d95087065b381f76ec4d (commit) from e55f174bd3a7ae82fb24afd43443d0b55d5536cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 8bb8f15a7d049ed26c69d95087065b381f76ec4d Author: Michael Hudson-Doyle Date: Wed Feb 9 09:06:13 2022 +0100 sys_linux: allow rseq in seccomp filter Libc 2.35 will use rseq syscalls [1][2] by default and thereby break chrony in seccomp isolation. [1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html Tested-by: Christian Ehrhardt Reviewed-by: Christian Ehrhardt Signed-off-by: Michael Hudson-Doyle Signed-off-by: Christian Ehrhardt --- Summary of changes: sys_linux.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-4-ge55f174
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via e55f174bd3a7ae82fb24afd43443d0b55d5536cf (commit) via 5bd13c8d593a74ad168057efe94dd2b3aeeffe14 (commit) from 759580aa6f32fcc591ff357c12b54c22a8e03b91 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit e55f174bd3a7ae82fb24afd43443d0b55d5536cf Author: Miroslav Lichvar Date: Mon Feb 7 13:27:48 2022 +0100 examples: handle more actions in NM dispatcher script Run the chronyc onoffline command also when the connectivity-change and dhcp6-change actions are reported by the NetworkManager dispatcher. The latter should not be necessary, but there currently doesn't seem to be any action for IPv6 becoming routable after duplicate address detection, so at least in networks using DHCPv6, IPv6 NTP servers should not be stuck in the offline state from a previously reported action. commit 5bd13c8d593a74ad168057efe94dd2b3aeeffe14 Author: Miroslav Lichvar Date: Mon Feb 7 13:27:25 2022 +0100 examples: support DHCPv6 NTP servers in NM dispatcher script Latest NetworkManager code provides NTP servers from the DHCPv6 NTP option (RFC 5908) in the DHCP6_DHCP6_NTP_SERVERS variable to dispatcher scripts. Check for invalid characters (which can come from the FQDN suboption) and include the servers in the interface-specific sources file. --- Summary of changes: examples/chrony.nm-dispatcher.dhcp | 28 +++- examples/chrony.nm-dispatcher.onoffline | 14 -- 2 files changed, 27 insertions(+), 15 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-2-g759580a
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 759580aa6f32fcc591ff357c12b54c22a8e03b91 (commit) from b61cbed6895fcd3eae4c8458a69995870a22a5e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 759580aa6f32fcc591ff357c12b54c22a8e03b91 Author: Miroslav Lichvar Date: Wed Jan 26 16:00:36 2022 +0100 client: fix waitsync command to reconnect to server If chronyc waitsync was started before chronyd, it would try all addresses (Unix socket, IPv4, IPv6) and get stuck with no address, not getting any response later when chronyd was running. Reset the address index in open_io() when returning with failure to allow the next call to start with the first address again. Reported-by: Jan Mikkelsen --- Summary of changes: client.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-1-gb61cbed
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via b61cbed6895fcd3eae4c8458a69995870a22a5e0 (commit) from 2ac22477563581ae3bc39c4ff28464059c0a73be (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit b61cbed6895fcd3eae4c8458a69995870a22a5e0 Author: Vincent Blut Date: Wed Jan 12 18:08:34 2022 +0100 test: ensure awk commands in 008-ntpera return an integer Some awk interpreters (e.g. mawk) print long integers in exponential notation skewing the test result. --- Summary of changes: test/simulation/008-ntpera | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.2 created. 4.2
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.2 has been created at d91e1e56086f00b127a8ec480c968c1a446bfc8b (tag) tagging 2ac22477563581ae3bc39c4ff28464059c0a73be (commit) replaces 4.2-pre1 tagged by Miroslav Lichvar on Thu Dec 16 13:17:47 2021 +0100 - Log - Release 4.2 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmG7Lm4ACgkQU34rdvdo Dax6aQ/+NLXFpce8LLMC6kJy1x+QdV7DfffvwzD6pJSAZOYJWzdxqkKks3A4pq6R HgfQ/nogfpnyg9bcNFzBPk300JsVBCi8e5pYFGRHbtbRZNnOPOc0LD40jQ883ZuM FXH49edcDUJbaBDaVfg7fR5+YuI/kRW/0shESRWQkTSYJLc4P3I0tHQbzId3+Xxk BnHGDCTVk7wzvUvu24EFBe2TttktZpeTHlJ9HIgqOooNsbLRRVF0Qsnd1rwmkm0g z2dCl8BN5/lum8ZBzdo7RDgh8x3LMUwPYnDpAoLSWpaW6sTpJyg5z0ZCPEXInq3r VkRvVIpc4a7obgzYw/pfBpnxd5jySZT9LkmthIJ78k6xMG/iNZvpSgllKeFrbYaL sAlFb5JWAWg0mbewIwDtzDOSWtZXT8czteMBwzru5ypdh4k9o3ztfBn8lK7YxSFu Qkl1IsahVTx1WVfEO/9Vz30MmEaY3eD+UGX2eZwGezdhEKI65eZC0SN7RrMujT63 BTTVnW+uKlfzM6H8zTEJo/IPe8e8FHXMWoYUkBtxx3n3zC7rG+apw4DjXLeHcurj 5NmHyoiZlYt4zsb/DYKQJK+KBKeV7KvATqIYqPUgCG49b7icTVeJDYKjuxoAqQyL ZuvYcfNzINQZEoQEE3xqyroso1TQxMEuntlHGNUH3mBF6CxfUhk= =wneq -END PGP SIGNATURE- Miroslav Lichvar (11): sys_solaris: disable kernel dosynctodr doc: switch Solaris support to illumos doc: describe use case for leapsecmode ignore option ntp: fix typo in comment ntp: avoid unnecessary source lookups clientlog: remove unnecessary operation in timestamp conversion socket: zero sockaddr_un to initialize sa_len cmdmon: fix transmit_reply() to not read uninitialized data ntp: set local address on PTP socket on FreeBSD update copyright years doc: update NEWS --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-pre1-11-g2ac2247
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 2ac22477563581ae3bc39c4ff28464059c0a73be (commit)
via 55f48b14b720a7cfcfb0687bc50f0f6e36c95964 (commit)
via 3dfac338582c3c557405b4aed1726a46db76f13e (commit)
via d5f2401421b59cbc50147fc30cd33233d7a388f2 (commit)
via fb0570cc737169bea5d6d4d7e5b241195b2b7dbc (commit)
from 43936ba0d138ba88bcf132030c8aca48963c2178 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 2ac22477563581ae3bc39c4ff28464059c0a73be
Author: Miroslav Lichvar
Date: Thu Dec 16 09:56:20 2021 +0100
doc: update NEWS
commit 55f48b14b720a7cfcfb0687bc50f0f6e36c95964
Author: Miroslav Lichvar
Date: Thu Dec 16 09:54:11 2021 +0100
update copyright years
commit 3dfac338582c3c557405b4aed1726a46db76f13e
Author: Miroslav Lichvar
Date: Thu Dec 16 13:08:19 2021 +0100
ntp: set local address on PTP socket on FreeBSD
Fix the FreeBSD-specific code checking for a bound IPv4 socket to
include the new PTP port. This should fix a multihomed server to respond
to NTP-over-PTP requests from the address which received the request.
Fixes: be3158c4e5b2 ("ntp: add support for NTP over PTP")
commit d5f2401421b59cbc50147fc30cd33233d7a388f2
Author: Miroslav Lichvar
Date: Thu Dec 16 11:36:26 2021 +0100
cmdmon: fix transmit_reply() to not read uninitialized data
In the FreeBSD-specific code checking for a bound IPv4 socket, make
sure it is not a Unix domain address to avoid reading uninitialized
IP-specific fields.
This fixes an error reported by valgrind.
commit fb0570cc737169bea5d6d4d7e5b241195b2b7dbc
Author: Miroslav Lichvar
Date: Thu Dec 16 10:41:31 2021 +0100
socket: zero sockaddr_un to initialize sa_len
Zero the whole sockaddr struct before calling bind() and connect() to
initialize the FreeBSD-specific sa_len field.
This fixes errors reported by valgrind.
---
Summary of changes:
NEWS | 5 +
clientlog.c | 2 +-
cmdmon.c | 3 ++-
cmdparse.c| 2 +-
ntp_core.c| 2 +-
ntp_io.c | 4 ++--
socket.c | 4
sources.c | 2 +-
test/unit/clientlog.c | 2 +-
util.c| 2 +-
10 files changed, 19 insertions(+), 9 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-pre1-6-g43936ba
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 43936ba0d138ba88bcf132030c8aca48963c2178 (commit) via f2ba20f2932e3fcd76f5bd5d0d53248a560e51ef (commit) via fcd384523b2e20d89800e92cd8aacf3fa2bde007 (commit) from 48bce351bfea7e4a0c3aa2012b5e64bc773494da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 43936ba0d138ba88bcf132030c8aca48963c2178 Author: Miroslav Lichvar Date: Tue Dec 14 10:41:08 2021 +0100 clientlog: remove unnecessary operation in timestamp conversion commit f2ba20f2932e3fcd76f5bd5d0d53248a560e51ef Author: Miroslav Lichvar Date: Tue Dec 14 10:04:39 2021 +0100 ntp: avoid unnecessary source lookups Avoid searching the hash table of sources when a packet in the client mode is received. It cannot be a response from our source. Analogously, avoid source lookups for transmitted packets in the server mode. This doesn't change anything for packets in symmetric modes, which can be requests and responses at the same time. This slightly improves the maximum packet rate handled as a server. commit fcd384523b2e20d89800e92cd8aacf3fa2bde007 Author: Miroslav Lichvar Date: Mon Dec 13 15:54:43 2021 +0100 ntp: fix typo in comment --- Summary of changes: clientlog.c | 2 +- ntp_core.c | 2 +- ntp_sources.c | 12 test/unit/ntp_sources.c | 9 ++--- 4 files changed, 16 insertions(+), 9 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-pre1-3-g48bce35
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 48bce351bfea7e4a0c3aa2012b5e64bc773494da (commit) via 25f93875d950334bc96020103efc828ec5a2ef6e (commit) from ebc610fcb365dd0f62800ddbb9e1c4c9cc379a66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 48bce351bfea7e4a0c3aa2012b5e64bc773494da Author: Miroslav Lichvar Date: Thu Dec 9 17:13:09 2021 +0100 doc: describe use case for leapsecmode ignore option commit 25f93875d950334bc96020103efc828ec5a2ef6e Author: Miroslav Lichvar Date: Thu Dec 9 13:27:50 2021 +0100 doc: switch Solaris support to illumos For a long time, the Solaris support in chrony wasn't tested on a real Solaris system, but on illumos/OpenIndiana, which was forked from OpenSolaris when it was discontinued in 2010. While Solaris and illumos might have not diverged enough to make a difference for chrony, replace Solaris in the documentation with illumos to make it clear which system is actually supported by the chrony project. --- Summary of changes: README | 2 +- configure| 2 +- doc/chrony.conf.adoc | 16 ++-- doc/chronyd.adoc | 8 sys_solaris.c| 2 +- 5 files changed, 17 insertions(+), 13 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.2-pre1-1-gebc610f
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via ebc610fcb365dd0f62800ddbb9e1c4c9cc379a66 (commit)
from 264957a443f5b1573aeb130356dbfa5c762fac79 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit ebc610fcb365dd0f62800ddbb9e1c4c9cc379a66
Author: Miroslav Lichvar
Date: Tue Dec 7 11:32:54 2021 +0100
sys_solaris: disable kernel dosynctodr
The dosynctodr kernel variable needs to be set to 0 to block automatic
synchronization of the system clock to the hardware clock. chronyd used
to disable dosynctodr on Solaris versions before 2.6, but it seems it is
now needed even on current versions as the clock driver sets frequency
only without calling adjtime() or setting the ntp_adjtime() PLL offset.
This issue was reproduced and fix tested on current OpenIndiana.
Fixes: 8feb37df2b48 ("sys_solaris: use timex driver")
---
Summary of changes:
configure | 2 +-
sys_solaris.c | 31 +++
2 files changed, 32 insertions(+), 1 deletion(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.2-pre1 created. 4.2-pre1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.2-pre1 has been created at 4085fd95e9084c54579ecf7c2a2865e421bdf6b9 (tag) tagging 264957a443f5b1573aeb130356dbfa5c762fac79 (commit) replaces 4.1 tagged by Miroslav Lichvar on Thu Dec 2 11:48:08 2021 +0100 - Log - First prerelease for 4.2 -BEGIN PGP SIGNATURE- iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmGopG0ACgkQU34rdvdo DayIAhAAkXJUeSXSAHlXDbnMqY2yF70AdZIEQ2RoSod4n/Cg80wn+0dhSgBIjKhA q7b9TbbXMUWguBmEVC9saRIeSJeifHaB1QeFe3DU5ZaE+RMS5UQYn9GRaNWBo6z7 si/w4ltwKyonczJyrHrIs1vecl+VY/n10oUTTGDgHiIhBVtZx1UqOAEsrQAJWU3G RtKD6jLLJuAeLn5h0X7FdeBPZRAkEr3Neor3dyZUJWrjM3MqB0Z67TbHKEo2OkKG cbHBhSEs5auVXRfDM/xXhd+9QeplZpFyQKuP/136WAn+b5E3cV+23bsda5CnGS+C Fp26GE7LoH3b6IMcbPMn1dRfc2r4WCjnXSD+3TgFQle4LKBCLzC/4R+61wsOzvGd 8zl5lGu9U36ltBBgsizqxs3WrKvNxm57COPP0NJCnaqoJ7Jyc2FRueNyx/x2wkGg n38hAS4ritKPI/0MwjSbW9lul1XK2QqZ2u6o1f8YBR9uodVBXmY2WAUn94tE0Ajl EZYq+GUFYTY6PElT7wi08F9CfjsZVjO6qlYk3OntbH7rdX2kba8+sakSYcWQoksh PxVhapKfZN1BzXWHc5Q9QgcjopPHjAWY0f3q4QY3LEslmPl/7+3Dx577K0frvb14 E74rs/U4v0Q08JlCdOu75NqOr0Qg0mnOBkdEl90+UG9f3cRfsFU= =S9WE -END PGP SIGNATURE- Miroslav Lichvar (76): doc: improve ntsserverkey/cert description rtc: avoid printing and scanning time_t sys_linux: allow clone3 and pread64 in seccomp filter ntp: provide remote port to NIO_OpenServerSocket() ntp: add PTP rxfilter ntp: add support for NTP over PTP test: add 142-ptpport test doc: shorten lock_all description doc: remove obsolete comment in maxslewrate description doc: improve ptpport example privops: allow binding to PTP port siv: deinit gnutls on unsupported SIV configure: fix SIV detection in gnutls hash: add gnutls support hash: allow non-security MD5 use in FIPS mode cmac: add gnutls support test: update compilation tests test: fix 002-scanbuild test test: enable chronyc to use Unix domain socket test: add 143-manual test test: fix chronyc test with disabled IPv6 support test: extend 110-chronyc test cmdmon: move comment to make its scope clearer conf: rework allow/deny parser client: replace allow/deny parser test: fix incorrect use of RAND_MAX use round() for rounding doc: show arguments of ratelimit options ntp: print stratum 1 refid in ASCII in debug message ntp: check software timestamps on Linux examples: harden systemd services examples: improve chronyd service sys_linux: fix seccomp filter for BINDTODEVICE option clientlog: fix debug message for maximum number of records clientlog: separate NTP timestamps from IP addresses ntp: move authentication calls in transmit_packet() ntp: optimize detection of clients using interleaved mode doc: improve clientloglimit description ntp: don't capture TX timestamps if clientlog is disabled test: improve clientlog unit test cmdmon: add interleaved stats to serverstats ntp: initialize saved TX timestamp ntp: don't save timestamps if transmit_packet() failed clientlog: undo clock adjustments in updated TX timestamps test: extend 122-xleave test ntp: use previous root delay/disp in interleaved mode socket: increase message buffer length ntp: move initial packet parsing from ntp_auth to ntp_core ntp: prepare for non-authentication extension fields ntp: add pre-NTPv5 experimental extension field util: add function to subtract NTP timestamps util: add functions for converting new root delay/dispersion ntp: add server support for experimental extension field sourcestats: add function to correct accumulated offsets ntp: add client support for experimental extension field test: add 144-exp1 test ntp: add special value to experimental root delay/disp ntp: suppress monotonic timestamp if smoothing is enabled ntp: limit interleaved responses to NTPv4 ntp: make default NTP version with xleave to be always 4 ntp: fix exp1 EF search in process_response() util: reset GetRandom functions in helpers after fork main: add assertions for timespec signedness test: update 110-chronyc test ntp: improve check for PTP socket doc: update FAQ rtc: remove unnecessary variable initializations rtc: drop rtc_trim array rtc: don't drop first sample after initial trim ntp: check for zero timestamp in initial TX timeout reference: check for unset leap_when in is_leap_close() test: fix 008-ntpera test for arbitrary NTP era split test: allow another inaccuracy in util unit test test: update and improve 003-sanitizers test ntp: limit total
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-77-g264957a
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 264957a443f5b1573aeb130356dbfa5c762fac79 (commit) via af611b5842a6d107d1668cd4f5d6d6c8b3079c1c (commit) from 1c1ca1d12f1a517b69f5419e9fbb2917747d38ab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 264957a443f5b1573aeb130356dbfa5c762fac79 Author: Miroslav Lichvar Date: Thu Dec 2 11:19:40 2021 +0100 doc: update NEWS commit af611b5842a6d107d1668cd4f5d6d6c8b3079c1c Author: Miroslav Lichvar Date: Thu Dec 2 10:56:26 2021 +0100 ntp: limit total monotonic offset correction In addition to the 16s limit in per-response change in the monotonic offset, don't allow the total accumulated offset injected in sourcestats to be larger than 16 seconds. --- Summary of changes: NEWS | 19 +++ ntp_core.c | 4 ++-- 2 files changed, 21 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-75-g1c1ca1d
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 1c1ca1d12f1a517b69f5419e9fbb2917747d38ab (commit) via c506b9aac8b75c1b8535ff72c69ed32800989bd3 (commit) via 2eefa61f103c4ffdb94425d966ee1abbea6e4f7b (commit) via 89a5e21e4d9765ba1339c20af8fbb48653506800 (commit) via 6a79771898e518cf98242d56084f1db26ecca73e (commit) via 53353529cf585ce6605e868d3a94faf3397cafae (commit) via 22bfdf204fe21792c3f49c9b48a0c8346e216a8b (commit) via fc28e9ae5659b94fca2fa3e5b13b02c0e9cade4c (commit) from 17e6258694e0b612bc59851c5a289631a869b0ac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 1c1ca1d12f1a517b69f5419e9fbb2917747d38ab Author: Miroslav Lichvar Date: Wed Dec 1 10:13:14 2021 +0100 test: update and improve 003-sanitizers test commit c506b9aac8b75c1b8535ff72c69ed32800989bd3 Author: Miroslav Lichvar Date: Wed Dec 1 09:26:41 2021 +0100 test: allow another inaccuracy in util unit test A 1ns error in UTI_AdjustTimespec() was observed with an i686 build. commit 2eefa61f103c4ffdb94425d966ee1abbea6e4f7b Author: Miroslav Lichvar Date: Wed Dec 1 09:24:13 2021 +0100 test: fix 008-ntpera test for arbitrary NTP era split commit 89a5e21e4d9765ba1339c20af8fbb48653506800 Author: Miroslav Lichvar Date: Wed Dec 1 09:14:34 2021 +0100 reference: check for unset leap_when in is_leap_close() Check that the leap_when variable is set before testing a timestamp for being close to a leap second. This allows the first measurement to be accepted if starting at the Unix epoch (e.g. in a test). commit 6a79771898e518cf98242d56084f1db26ecca73e Author: Miroslav Lichvar Date: Wed Dec 1 09:11:09 2021 +0100 ntp: check for zero timestamp in initial TX timeout Calculate the delay since the previous transmission only if the TX timestamp is actually set. This removes an unnecessary delay when starting at the Unix epoch in 1970 (e.g. in a test). commit 53353529cf585ce6605e868d3a94faf3397cafae Author: Miroslav Lichvar Date: Mon Nov 29 12:30:09 2021 +0100 rtc: don't drop first sample after initial trim It seems there is no longer an issue with the first sample after the initial trim and it can be accumulated. It might have been a workaround for an unrelated bug which was fixed since then. This fixes the number of samples reported in rtcdata briefly jumping to 65535 and also brings back the expectation that n_samples is never negative. commit 22bfdf204fe21792c3f49c9b48a0c8346e216a8b Author: Miroslav Lichvar Date: Mon Nov 29 12:15:25 2021 +0100 rtc: drop rtc_trim array It always contained zero values and had no effect on anything. commit fc28e9ae5659b94fca2fa3e5b13b02c0e9cade4c Author: Miroslav Lichvar Date: Mon Nov 29 11:55:24 2021 +0100 rtc: remove unnecessary variable initializations --- Summary of changes: ntp_core.c | 15 +++ reference.c | 3 ++- rtc_linux.c | 31 +- test/compilation/003-sanitizers | 44 +-- test/simulation/008-ntpera | 58 - test/unit/util.c| 4 +-- 6 files changed, 80 insertions(+), 75 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-67-g17e6258
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 17e6258694e0b612bc59851c5a289631a869b0ac (commit)
via d7a444593fb9469b224cd656dc052b2d0ed51ce7 (commit)
via 701b9415a506c11f9fd993bba6f25211a3235ffa (commit)
via d5894c073812e18ab8358cda0a7dcf4afd81d79c (commit)
via a0a9560258cef3fa7dcd16e5f24eb087867641a0 (commit)
via 09067e06d386b25f3c841dcae32b1d8602d46742 (commit)
from dbbdd5af0661bdbe51c0d35e5c93668275b5b60a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 17e6258694e0b612bc59851c5a289631a869b0ac
Author: Miroslav Lichvar
Date: Tue Nov 23 16:05:16 2021 +0100
doc: update FAQ
commit d7a444593fb9469b224cd656dc052b2d0ed51ce7
Author: Miroslav Lichvar
Date: Wed Nov 24 15:05:15 2021 +0100
ntp: improve check for PTP socket
Check for INVALID_SOCK_FD in case the PTP port is enabled, but opening
one of the PTP sockets failed.
commit 701b9415a506c11f9fd993bba6f25211a3235ffa
Author: Miroslav Lichvar
Date: Wed Nov 24 12:10:46 2021 +0100
test: update 110-chronyc test
commit d5894c073812e18ab8358cda0a7dcf4afd81d79c
Author: Miroslav Lichvar
Date: Tue Nov 23 14:41:08 2021 +0100
main: add assertions for timespec signedness
Some of the code (e.g. util and clientlog) may work with negative
values. Require that time_t and the tv_nsec types are signed. This seems
to be the case on all supported systems, but it it is not required by
POSIX.
commit a0a9560258cef3fa7dcd16e5f24eb087867641a0
Author: Miroslav Lichvar
Date: Tue Nov 23 13:17:26 2021 +0100
util: reset GetRandom functions in helpers after fork
Close /dev/urandom and drop cached getrandom() data after forking helper
processes to avoid them getting the same sequence of random numbers
(e.g. two NTS-KE helpers generating cookies with identical nonces).
arc4random() is assumed to be able to detect forks and reseed
automatically.
This is not strictly necessary with the current code, which does not use
the GetRandom functions before the NTS-KE helper processes are forked,
but that could change in future.
Also, call the reset function before exit to close /dev/urandom in order
to avoid valgrind reporting the file object as "still reachable".
commit 09067e06d386b25f3c841dcae32b1d8602d46742
Author: Miroslav Lichvar
Date: Tue Nov 23 10:35:22 2021 +0100
ntp: fix exp1 EF search in process_response()
Don't ignore the magic field when searching for the exp1 extension
field in a received response. If there were two exp1 fields in the
packet, and only one of them had the expected magic value, it should
pick the right one.
Fixes: 2319f72b29a9 ("ntp: add client support for experimental extension
field")
---
Summary of changes:
doc/faq.adoc| 17 -
main.c | 9 +
ntp_core.c | 4 +++-
ntp_io.c| 3 ++-
nts_ke_server.c | 4
privops.c | 2 ++
test/simulation/110-chronyc | 2 +-
test/unit/util.c| 10 ++
util.c | 35 ++-
util.h | 4
10 files changed, 77 insertions(+), 13 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-61-gdbbdd5a
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via dbbdd5af0661bdbe51c0d35e5c93668275b5b60a (commit) via 7f984cf7fa0eaaeb18557d84b4b8663d2436ec97 (commit) via 8df49b799fb171a69f8d9a0fc036961cafc64559 (commit) via e7c2f71cea2f9eb8e6d107baa5908a546de25805 (commit) from 219085b8f67e019cf483d18d98ced07c4457d1d5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit dbbdd5af0661bdbe51c0d35e5c93668275b5b60a Author: Miroslav Lichvar Date: Mon Nov 22 16:44:24 2021 +0100 ntp: make default NTP version with xleave to be always 4 If the xleave option is enabled, ignore the key option and the hash length. Always use version 4 as the default to get interleaved responses from new chrony servers. commit 7f984cf7fa0eaaeb18557d84b4b8663d2436ec97 Author: Miroslav Lichvar Date: Mon Nov 22 16:33:46 2021 +0100 ntp: limit interleaved responses to NTPv4 The interleaved modes are being specified for NTPv4 only. As a server, detect interleaved requests only in NTPv4 packets. Clients and peers can still send interleaved requests in lower-version packets if configured with the version option. commit 8df49b799fb171a69f8d9a0fc036961cafc64559 Author: Miroslav Lichvar Date: Mon Nov 22 15:52:01 2021 +0100 ntp: suppress monotonic timestamp if smoothing is enabled Frequency transfer and time smoothing are conflicting features. Set the monotonic timestamp in the experimental extension field to zero (invalid) if time smoothing is activated. commit e7c2f71cea2f9eb8e6d107baa5908a546de25805 Author: Miroslav Lichvar Date: Mon Nov 22 11:39:29 2021 +0100 ntp: add special value to experimental root delay/disp The maximum value of the new 32-bit fields is slightly less than 16, which can cause the NTP test #7 to pass for a server which has a zero root delay but maximum root dispersion. Interpret the maximum value as the maximum value of the original 32-bit fields (~65536.0 seconds) for better compatibility with NTPv4. --- Summary of changes: doc/chrony.conf.adoc | 9 + ntp_core.c | 12 test/unit/util.c | 2 ++ util.c | 8 +++- 4 files changed, 22 insertions(+), 9 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-57-g219085b
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 219085b8f67e019cf483d18d98ced07c4457d1d5 (commit)
via 2319f72b29a97059c759902bab410a425a9035e9 (commit)
via 72f7d09f58cbd869e022dca38a9a68a5f8091ef8 (commit)
via 0bf39c0ab93f0ed4a9b235b1187762586d24b688 (commit)
via 2e126ed2b53bab906c315b5f3e144b29f203d2f4 (commit)
via a652ce7d0efaa0074dc52b857de7a9b3cb6eea96 (commit)
via a97ca73704c3add23e52fafe0fa87aca7aaa254e (commit)
via 125d7a5c320c58429586135dab393767f5375917 (commit)
via 36356ef03392a4f09cbbec448c7233b656574ee0 (commit)
from a2d1569455aa10a273e41eba5f79ca6210934d68 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 219085b8f67e019cf483d18d98ced07c4457d1d5
Author: Miroslav Lichvar
Date: Mon Nov 15 10:11:03 2021 +0100
test: add 144-exp1 test
commit 2319f72b29a97059c759902bab410a425a9035e9
Author: Miroslav Lichvar
Date: Mon Nov 15 10:08:34 2021 +0100
ntp: add client support for experimental extension field
Add "extfield F323" option to include the new extension field in
requests. If the server responds with this field, use the root
delay/dispersion and monotonic timestamp. Accumulate changes in the
offset between the monotonic and real-time receive timestamps and use
it for the correction of previous offsets in sourcestats. In the
interleaved mode, cancel out the latest change in the offset in
timestamps of the previous request and response, which were captured
before the change actually happened.
commit 72f7d09f58cbd869e022dca38a9a68a5f8091ef8
Author: Miroslav Lichvar
Date: Wed Nov 10 15:34:26 2021 +0100
sourcestats: add function to correct accumulated offsets
This will be needed to follow server time corrections in order to
better estimate frequency.
commit 0bf39c0ab93f0ed4a9b235b1187762586d24b688
Author: Miroslav Lichvar
Date: Wed Nov 10 14:56:31 2021 +0100
ntp: add server support for experimental extension field
Maintain a server monotonic timescale needed for the experimental
extension field. It follows the best estimate of frequency without
time corrections. Implement it as an offset relative to the NTP time,
starting at zero, using a slew handler to cancel time corrections of the
NTP clock. The 32-bit epoch ID is set to a random value on start and
every step of the system clock.
commit 2e126ed2b53bab906c315b5f3e144b29f203d2f4
Author: Miroslav Lichvar
Date: Mon Nov 15 10:25:35 2021 +0100
util: add functions for converting new root delay/dispersion
commit a652ce7d0efaa0074dc52b857de7a9b3cb6eea96
Author: Miroslav Lichvar
Date: Wed Nov 10 14:28:53 2021 +0100
util: add function to subtract NTP timestamps
This will be needed to work with monotonic timestamps, which don't have
a stable epoch and cannot be converted to timespec.
commit a97ca73704c3add23e52fafe0fa87aca7aaa254e
Author: Miroslav Lichvar
Date: Wed Nov 10 14:52:04 2021 +0100
ntp: add pre-NTPv5 experimental extension field
Add an experimental extension field for some features that were proposed
for NTPv5. Higher-resolution root delay and dispersion (using 28-bit
fraction) are added. A monotonic receive timestamp will allow a
frequency transfer between the server and client. The client will be
able to separate the server's time corrections from frequency
corrections by tracking the offset between the real-time and monotonic
receive timestamps.
The field has a type of 0xF323 from the new experimental range proposed
by the NTP working group. Include a magic 32-bit value in the field to
avoid interoperability issues if a different implementation choses the
same type for its own experimental field. The value will be changed on
incompatible changes to avoid issues between two different chrony
versions.
commit 125d7a5c320c58429586135dab393767f5375917
Author: Miroslav Lichvar
Date: Mon Nov 8 16:35:47 2021 +0100
ntp: prepare for non-authentication extension fields
Add a new variable to the packet info structure with flags for extension
fields included in received packets and add a new parameter to
transmit_packet() to add the fields to transmitted packets.
commit 36356ef03392a4f09cbbec448c7233b656574ee0
Author: Miroslav Lichvar
Date: Mon Nov 8 16:06:03 2021 +0100
ntp: move initial packet parsing from ntp_auth to ntp_core
Since commit fdfcabd79bd3 ("ntp: drop support for long NTPv4 MACs"), the
parser doesn't need to check validify of MACs in NTPv4 packets to
distinguish th
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-48-ga2d1569
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via a2d1569455aa10a273e41eba5f79ca6210934d68 (commit)
via 952c3b2528aacbdd8d82c4c6045810bdb00557a3 (commit)
via d92d24ad7fbdb29cc37e5411d4cb568c1b6312cb (commit)
via bc33e1cda11c93097dfa726d7dd7870dec172158 (commit)
via 189bf9c53612998515c3f131925c95f0fcf9de52 (commit)
via c5dde9b66a9b2b7f6885c4b4d4493ac6d21a2fd7 (commit)
from 1fb60f8db80ded51691786397c72de755d22f977 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit a2d1569455aa10a273e41eba5f79ca6210934d68
Author: Miroslav Lichvar
Date: Tue Oct 26 15:40:09 2021 +0200
socket: increase message buffer length
Add extra space to the socket message buffer to be able to receive
maximum-length NTP-over-PTP SW/HW-timestamped messages from the Linux
error queue (which are looped back as layer-2 frames).
commit 952c3b2528aacbdd8d82c4c6045810bdb00557a3
Author: Miroslav Lichvar
Date: Tue Oct 26 14:41:49 2021 +0200
ntp: use previous root delay/disp in interleaved mode
When calculating the root delay and dispersion of a sample measured in
the interleaved mode, use the root delay and dispersion values from
the previous response (to which the TX timestamp corresponds). If the TX
timestamp is combined with the RX timestamp of the latest response (e.g.
in the symmetric mode), use the maximum of the previous and latest root
delay/dispersion.
commit d92d24ad7fbdb29cc37e5411d4cb568c1b6312cb
Author: Miroslav Lichvar
Date: Tue Oct 26 12:22:55 2021 +0200
test: extend 122-xleave test
commit bc33e1cda11c93097dfa726d7dd7870dec172158
Author: Miroslav Lichvar
Date: Mon Oct 25 17:00:28 2021 +0200
clientlog: undo clock adjustments in updated TX timestamps
When the server clock was updated between saving of the RX timestamp and
updating the TX timestamp, a client using interleaved mode with the four
timestamps which minimize error in measured delay (e.g. chrony) had the
server clock adjustment included in the measured delay, which could
disrupt the sample filtering and weighting.
Add a handler to track the slew epoch and remember the last offset. Undo
the adjustment in TX timestamps which have their RX timestamp in the
previous epoch to fix the delay observed by the clients.
If an unknown clock step is detected, drop all timestamps.
commit 189bf9c53612998515c3f131925c95f0fcf9de52
Author: Miroslav Lichvar
Date: Mon Oct 25 10:23:41 2021 +0200
ntp: don't save timestamps if transmit_packet() failed
Don't save server RX and TX timestamp to clientlog if the transmission
or authentication failed (e.g. packet is handled in ntp_signd). They
will not be needed.
commit c5dde9b66a9b2b7f6885c4b4d4493ac6d21a2fd7
Author: Miroslav Lichvar
Date: Mon Oct 25 10:18:27 2021 +0200
ntp: initialize saved TX timestamp
Zero the initial TX timestamp which is saved for the interleaved
mode in case there is no previous timestamp saved in clientlog and
transmit_packet() does not generate a new one (e.g. due to failure in
authentication).
Fixes: 5f4cbaab7e0e ("ntp: optimize detection of clients using interleaved
mode")
---
Summary of changes:
clientlog.c| 50 +-
clientlog.h| 1 +
ntp_core.c | 45 +
socket.c | 15 +-
test/simulation/122-xleave | 22
test/unit/clientlog.c | 36 -
6 files changed, 149 insertions(+), 20 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-42-g1fb60f8
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 1fb60f8db80ded51691786397c72de755d22f977 (commit)
via 2f05287e152add6f263b805b8e99d2b9808d97bf (commit)
via 61226cda8cdfa343b1c1b44b65e8a6977c5b5580 (commit)
from 26b51d841e4c276ab890db697c184f47873eb705 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 1fb60f8db80ded51691786397c72de755d22f977
Author: Miroslav Lichvar
Date: Wed Oct 20 16:10:21 2021 +0200
cmdmon: add interleaved stats to serverstats
Report the number of received interleaved requests and current timestamp
count with their span.
Expand the serverstats description in chronyc man page.
commit 2f05287e152add6f263b805b8e99d2b9808d97bf
Author: Miroslav Lichvar
Date: Mon Oct 18 12:25:47 2021 +0200
test: improve clientlog unit test
Test also timestamp maps with smaller maximum sizes.
commit 61226cda8cdfa343b1c1b44b65e8a6977c5b5580
Author: Miroslav Lichvar
Date: Mon Oct 18 11:29:58 2021 +0200
ntp: don't capture TX timestamps if clientlog is disabled
When responding to a request, don't waste time with TX timestamping
if the timestamp will not be saved (i.e. clientlog is disabled).
Fixes: 5f4cbaab7e0e ("ntp: optimize detection of clients using interleaved
mode")
---
Summary of changes:
candm.h | 6 +-
client.c| 10 +++--
clientlog.c | 10 +
cmdmon.c| 5 -
doc/chronyc.adoc| 50 ++---
ntp_core.c | 2 +-
pktlength.c | 3 ++-
reports.h | 3 +++
test/simulation/110-chronyc | 5 -
test/system/007-cmdmon | 5 -
test/unit/clientlog.c | 5 -
11 files changed, 88 insertions(+), 16 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-39-g26b51d8
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 26b51d841e4c276ab890db697c184f47873eb705 (commit) via 5f4cbaab7e0e01c165fff657f2b53489c949fee4 (commit) via 7a80647fb44a733ba5895898003376c319aea888 (commit) via 14b8df37024f7d4c6270804ec64dfca45c6cad1e (commit) via 5cb469b2049daad410c68ab28aab5c16228ee751 (commit) from 29d7d3176d9d1b208039a9d2ca3f26bc3cc5a387 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 26b51d841e4c276ab890db697c184f47873eb705 Author: Miroslav Lichvar Date: Thu Oct 14 12:29:47 2021 +0200 doc: improve clientloglimit description commit 5f4cbaab7e0e01c165fff657f2b53489c949fee4 Author: Miroslav Lichvar Date: Thu Oct 14 12:03:49 2021 +0200 ntp: optimize detection of clients using interleaved mode Use the lowest bit of the server RX and TX timestamp as a flag indicating RX timestamp. This allows the server to detect potential interleaved requests without having to save all its RX timestamps. It significantly reduces the amount of memory needed to support clients using the interleaved mode if most of the server's clients are using the basic mode (e.g. a public server). Capture the TX timestamp on the first response to the request which has the flag set to not further delay the first interleaved response. False positives are possible with broken clients which set the origin timestamp to something else than zero or the server RX or TX timestamp. This causes an unnecessary RX timestamp to be saved and TX timestamp captured and saved. commit 7a80647fb44a733ba5895898003376c319aea888 Author: Miroslav Lichvar Date: Thu Oct 14 11:52:21 2021 +0200 ntp: move authentication calls in transmit_packet() Move the calls resetting and generating authentication data out of the loop checking for unique TX timestamp. This allows the timestamps to be manipulated after the check. commit 14b8df37024f7d4c6270804ec64dfca45c6cad1e Author: Miroslav Lichvar Date: Mon Oct 11 13:27:35 2021 +0200 clientlog: separate NTP timestamps from IP addresses Instead of keeping one pair of RX and TX timestamp for each address, add a separate RX->TX map using an ordered circular buffer. Save the RX timestamps as 64-bit integers and search them with a combined linear interpolation and binary algorithm. This enables the server to support multiple interleaved clients sharing the same IP address (e.g. NAT) and it will allow other improvements to be implemented later. A drawback is that a single broken client sending interleaved requests at a high rate (without spoofing the source address) can now prevent clients on other addresses from getting interleaved responses. The total number of saved timestamps does not change. It's still determined by the clientloglimit directive. A new option may be added later if needed. The whole buffer is allocated at once, but only on first use to not waste memory on client-only configurations. commit 5cb469b2049daad410c68ab28aab5c16228ee751 Author: Miroslav Lichvar Date: Thu Oct 14 12:31:52 2021 +0200 clientlog: fix debug message for maximum number of records --- Summary of changes: clientlog.c| 338 +++-- clientlog.h| 7 +- doc/chrony.conf.adoc | 9 +- ntp_core.c | 101 +++--- test/simulation/122-xleave | 12 ++ test/unit/clientlog.c | 169 ++- 6 files changed, 565 insertions(+), 71 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-34-g29d7d31
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 29d7d3176d9d1b208039a9d2ca3f26bc3cc5a387 (commit)
via 76a905d652cafccfac1023f74d12ffa7facc4832 (commit)
from 83f96efdfd2d42a8de51ac3b05120acf5292bb00 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 29d7d3176d9d1b208039a9d2ca3f26bc3cc5a387
Author: Miroslav Lichvar
Date: Wed Oct 6 10:02:34 2021 +0200
sys_linux: fix seccomp filter for BINDTODEVICE option
The BINDTODEVICE socket option is the first option in the seccomp filter
setting a string instead of int. Remove the length check from the
setsockopt rules to allow a device name longer than 3 characters.
This was reported in Debian bug #995207.
Fixes: b9f5ce83b02e ("sys_linux: allow BINDTODEVICE option in seccomp
filter")
commit 76a905d652cafccfac1023f74d12ffa7facc4832
Author: Miroslav Lichvar
Date: Mon Oct 4 10:54:40 2021 +0200
examples: improve chronyd service
Allow writing logfiles (enabled by logdir or -l option) to /var/log and
don't require /var/spool to exist.
---
Summary of changes:
examples/chronyd.service | 4 ++--
sys_linux.c | 5 ++---
2 files changed, 4 insertions(+), 5 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-32-g83f96ef
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 83f96efdfd2d42a8de51ac3b05120acf5292bb00 (commit) from 127826a399826b048c3b13d04771129b6f4f373d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 83f96efdfd2d42a8de51ac3b05120acf5292bb00 Author: Miroslav Lichvar Date: Wed Sep 29 15:25:48 2021 +0200 examples: harden systemd services Add various settings to the example chronyd and chrony-wait services to decrease the exposure reported by the "systemd-analyze security" command. The original exposure was high as the analyzer does not check the actual process (e.g. that it dropped the root privileges or that it has its own seccomp filter). Limit read-write access to /run, /var/lib/chrony, and /var/spool. Access to /run (instead of /run/chrony) is needed for the refclock socket expected by gpsd. The mailonchange directive is most likely to break as it executes /usr/sbin/sendmail, which can do unexpected operations depending on the implementation. It should work with a setuid/setgid binary, but it is not expected to write outside of /var/spool and the private /tmp. --- Summary of changes: examples/chrony-wait.service | 27 +++ examples/chronyd.service | 33 - 2 files changed, 59 insertions(+), 1 deletion(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-31-g127826a
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 127826a399826b048c3b13d04771129b6f4f373d (commit) via 7ee5f4888e59f46539b3a965c82a511c64bb44e2 (commit) via 9ed1d1afc26960194c96f57977dbc3d866a7bddf (commit) via d0d9a3fa435a1bb508c52aedf4c23f88af3ba4e9 (commit) via 9600993c282d15353987f35b2b0f7475b37da5c4 (commit) via 5e6f8458ffae79f45546cbee60247b1d060b5887 (commit) via f5fe5452f6bc8bcf7ee9945f70dab651c3910c5c (commit) via 3ac6a0c26cce479949ac4a675465338fd38e5f6c (commit) via c2872d1e123b1afb8549ab6bec58f83ae562c60e (commit) via e47e7e36616e7e438ccaf15a7cd826444ce9d678 (commit) via d8f14ec59b0b7b8f5cdc217aaa4682cf4902fead (commit) via 274a51bc38b743e3f540ac81d9eb8ac87253ad54 (commit) via 92700e194ca3b34d1f0a2466cfcd65f41f003d12 (commit) from 87df2687236f1b3d87b96f6242cd531657a1de6c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 127826a399826b048c3b13d04771129b6f4f373d Author: Miroslav Lichvar Date: Thu Sep 23 13:00:24 2021 +0200 ntp: check software timestamps on Linux Apparently some routers with hardware NAT acceleration have a bug causing the kernel timestamps to be corrupted and break NTP. Similarly to the sanity check applied to hardware timestamps, require the kernel/driver timestamps to be within one second of the daemon timestamp to be accepted. commit 7ee5f4888e59f46539b3a965c82a511c64bb44e2 Author: Miroslav Lichvar Date: Thu Sep 23 12:39:54 2021 +0200 ntp: print stratum 1 refid in ASCII in debug message commit 9ed1d1afc26960194c96f57977dbc3d866a7bddf Author: Miroslav Lichvar Date: Thu Sep 23 10:08:07 2021 +0200 doc: show arguments of ratelimit options commit d0d9a3fa435a1bb508c52aedf4c23f88af3ba4e9 Author: Miroslav Lichvar Date: Thu Sep 23 10:01:50 2021 +0200 use round() for rounding Replace casting of values incremented by +0.5/-0.5 with round(). commit 9600993c282d15353987f35b2b0f7475b37da5c4 Author: Miroslav Lichvar Date: Thu Sep 23 09:34:47 2021 +0200 test: fix incorrect use of RAND_MAX On some systems (e.g. Solaris/OpenIndiana) rand() and random() have different ranges. RAND_MAX is the maximum value returned by rand(), but random() should always have a range of 0 through 2^31-1. This fixes multiple failures in different tests. commit 5e6f8458ffae79f45546cbee60247b1d060b5887 Author: Miroslav Lichvar Date: Wed Sep 22 17:06:38 2021 +0200 client: replace allow/deny parser Use the new cmdparse function for parsing the (cmd)allow/deny commands and refactor the code a bit to reduce the number of functions needed for all the (cmd)allow/deny(all) combinations. commit f5fe5452f6bc8bcf7ee9945f70dab651c3910c5c Author: Miroslav Lichvar Date: Wed Sep 22 15:54:50 2021 +0200 conf: rework allow/deny parser Refactor the (cmd)allow/deny parser and make it more strict in what input it accepts. Check the scanned numbers and require whole input to be processed. Move the parser to cmdparse to make it available to the client. commit 3ac6a0c26cce479949ac4a675465338fd38e5f6c Author: Miroslav Lichvar Date: Wed Sep 22 10:34:51 2021 +0200 cmdmon: move comment to make its scope clearer commit c2872d1e123b1afb8549ab6bec58f83ae562c60e Author: Miroslav Lichvar Date: Wed Sep 22 09:59:03 2021 +0200 test: extend 110-chronyc test commit e47e7e36616e7e438ccaf15a7cd826444ce9d678 Author: Miroslav Lichvar Date: Tue Sep 21 15:42:07 2021 +0200 test: fix chronyc test with disabled IPv6 support commit d8f14ec59b0b7b8f5cdc217aaa4682cf4902fead Author: Miroslav Lichvar Date: Mon Sep 20 17:40:09 2021 +0200 test: add 143-manual test commit 274a51bc38b743e3f540ac81d9eb8ac87253ad54 Author: Miroslav Lichvar Date: Wed Sep 15 16:57:09 2021 +0200 test: enable chronyc to use Unix domain socket commit 92700e194ca3b34d1f0a2466cfcd65f41f003d12 Author: Miroslav Lichvar Date: Thu Sep 23 14:48:25 2021 +0200 test: fix 002-scanbuild test --- Summary of changes: candm.h | 3 +- client.c| 200 +++ cmdparse.c | 79 + cmdparse.h | 3 + conf.c | 102 ++-- doc/chrony.conf.adoc| 6 +- ntp_core.c | 5 +- ntp_io_linux.c | 27 - refclock.c | 5 +- sys_linux.c | 17 +-- test/compi
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-18-g87df268
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 87df2687236f1b3d87b96f6242cd531657a1de6c (commit)
via 17a9caf5c88e2cfdfc3ce18565a23f86407a2a3f (commit)
via 36441fabde4be126d6f3d3c2c5b84f212119667b (commit)
via f363998517e377a7cd27a2046909682f3b503552 (commit)
via 6fc30baba8419e7183a9e1ad63663fc40f384b06 (commit)
via 70a0f18d52b1a4a8964cdbb64a6c04e2a9a5bd72 (commit)
via 0ad5f5ea89f0bbe4bdb9cb0ebc65be9699241098 (commit)
via d676f39b847028f4d25988c8160408d802df6a43 (commit)
from 31690261f51939e7c9caac09bf5b6e12989b371d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 87df2687236f1b3d87b96f6242cd531657a1de6c
Author: Miroslav Lichvar
Date: Wed Sep 1 16:33:41 2021 +0200
test: update compilation tests
commit 17a9caf5c88e2cfdfc3ce18565a23f86407a2a3f
Author: Miroslav Lichvar
Date: Thu Sep 2 09:56:48 2021 +0200
cmac: add gnutls support
Similarly to hashing, add support for AES-CMAC in gnutls to avoid
linking directly with nettle.
commit 36441fabde4be126d6f3d3c2c5b84f212119667b
Author: Miroslav Lichvar
Date: Thu Sep 2 11:44:15 2021 +0200
hash: allow non-security MD5 use in FIPS mode
gnutls running in the FIPS140-2 mode does not allow MD5 to be
initialized, which breaks chronyd using MD5 to calculate reference ID
of IPv6 addresses. Specify a new hash algorithm for non-security MD5 use
and temporarily switch to the lax mode when initializing the hash
function.
commit f363998517e377a7cd27a2046909682f3b503552
Author: Miroslav Lichvar
Date: Wed Sep 1 14:46:38 2021 +0200
hash: add gnutls support
Add support for crypto hash functions in gnutls (internally using
nettle). This can be useful to avoid directly linking with nettle to
avoid ABI breaks.
commit 6fc30baba8419e7183a9e1ad63663fc40f384b06
Author: Miroslav Lichvar
Date: Thu Sep 2 10:36:03 2021 +0200
configure: fix SIV detection in gnutls
gnutls_aead_cipher_init() is declared in gnutls/crypto.h. If the
compiler handles implicit declarations as errors, the SIV support was
not detected. Fix the check to use the correct header.
commit 70a0f18d52b1a4a8964cdbb64a6c04e2a9a5bd72
Author: Miroslav Lichvar
Date: Thu Sep 2 09:56:58 2021 +0200
siv: deinit gnutls on unsupported SIV
commit 0ad5f5ea89f0bbe4bdb9cb0ebc65be9699241098
Author: Miroslav Lichvar
Date: Thu Sep 2 13:27:23 2021 +0200
privops: allow binding to PTP port
Fixes: be3158c4e5b2 ("ntp: add support for NTP over PTP")
commit d676f39b847028f4d25988c8160408d802df6a43
Author: Miroslav Lichvar
Date: Wed Sep 1 14:44:48 2021 +0200
doc: improve ptpport example
---
Summary of changes:
cmac_gnutls.c | 189
configure | 39 +++--
doc/chrony.conf.adoc| 2 +-
hash.h | 1 +
hash_gnutls.c | 145 ++
hash_intmd5.c | 2 +-
hash_nettle.c | 3 +
hash_nss.c | 3 +
hash_tomcrypt.c | 3 +
privops.c | 4 +-
siv_gnutls.c| 5 +-
test/compilation/002-scanbuild | 1 +
test/compilation/003-sanitizers | 3 +-
test/unit/hash.c| 9 +-
util.c | 2 +-
15 files changed, 397 insertions(+), 14 deletions(-)
create mode 100644 cmac_gnutls.c
create mode 100644 hash_gnutls.c
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-10-g3169026
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 31690261f51939e7c9caac09bf5b6e12989b371d (commit) via 93326488a35f8c0bda72f806d3da3b8845c51f0c (commit) via d5ca98eaaa224c46a7079a2c71a1ce5b0e9c97b9 (commit) via be3158c4e5b2a88b199d5dce172e0bbb327a7dab (commit) via 2f1d5d9255211ac961ecf9327dfbcefa6c49e7ab (commit) via b2c2132e4b2e18e237d1e1823bde2bfa693505e8 (commit) from aab6d1b153b4adc9835540b9542bc8f780b2dc76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 31690261f51939e7c9caac09bf5b6e12989b371d Author: Miroslav Lichvar Date: Wed Aug 18 14:38:16 2021 +0200 doc: remove obsolete comment in maxslewrate description commit 93326488a35f8c0bda72f806d3da3b8845c51f0c Author: Miroslav Lichvar Date: Wed Aug 18 14:35:00 2021 +0200 doc: shorten lock_all description commit d5ca98eaaa224c46a7079a2c71a1ce5b0e9c97b9 Author: Miroslav Lichvar Date: Wed Aug 18 12:57:40 2021 +0200 test: add 142-ptpport test commit be3158c4e5b2a88b199d5dce172e0bbb327a7dab Author: Miroslav Lichvar Date: Wed Aug 18 12:42:07 2021 +0200 ntp: add support for NTP over PTP Allow NTP messages to be exchanged as a payload of PTP messages to enable full hardware timestamping on NICs that can timestamp PTP packets only. Implemented is the protocol described in this draft (version 00): https://datatracker.ietf.org/doc/draft-mlichvar-ntp-over-ptp/ This is an experimental feature. It can be changed or removed in future. The used PTP domain is 123 and the NTP TLV type is 0x2023 from the "do not propagate" experimental range. The ptpport directive enables NTP-over-PTP as a server and as a client for all sources that have the port option set to the PTP port. The port should be the PTP event port (319) to trigger timestamping in the hardware. The implementation is contained to ntp_io. It is transparent to ntp_core. commit 2f1d5d9255211ac961ecf9327dfbcefa6c49e7ab Author: Miroslav Lichvar Date: Wed Aug 18 10:44:48 2021 +0200 ntp: add PTP rxfilter Setting rxfilter to ptp enables timestamping of PTPv2 packets (UDP or all transports). It will be needed for NTP-over-PTP support. commit b2c2132e4b2e18e237d1e1823bde2bfa693505e8 Author: Miroslav Lichvar Date: Mon Aug 16 14:51:01 2021 +0200 ntp: provide remote port to NIO_OpenServerSocket() This will allow selection of different protocols based on the remote port. Zero means the default (NTP). --- Summary of changes: conf.c | 15 + conf.h | 3 + doc/chrony.conf.adoc| 57 +++- ntp_core.c | 2 + ntp_io.c| 154 ntp_io.h| 4 ++ ntp_io_linux.c | 13 +++- addressing.h => ptp.h | 69 ++-- socket.c| 2 + test/simulation/142-ptpport | 41 10 files changed, 292 insertions(+), 68 deletions(-) copy addressing.h => ptp.h (57%) create mode 100755 test/simulation/142-ptpport hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-4-gaab6d1b
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via aab6d1b153b4adc9835540b9542bc8f780b2dc76 (commit) via bbbd80bf03223f181d4abf5c8e5fe6136ab6129a (commit) from f27d719a4e2e983aea23058a29729a200b070dc6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit aab6d1b153b4adc9835540b9542bc8f780b2dc76 Author: Stefan R. Filipek Date: Sat Aug 7 10:35:15 2021 -0400 doc: fix chronyd platform support for -P and -m A while back, support for memory locking and real-time scheduling was added to more platforms. The chronyd documentation wasn't updated at that time (chronyd.conf was). This patch fixes that. commit bbbd80bf03223f181d4abf5c8e5fe6136ab6129a Author: Miroslav Lichvar Date: Mon Aug 9 11:48:21 2021 +0200 sys_linux: allow clone3 and pread64 in seccomp filter These seem to be needed with the latest glibc. --- Summary of changes: doc/chronyd.adoc | 10 +- sys_linux.c | 4 2 files changed, 9 insertions(+), 5 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-2-gf27d719
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f27d719a4e2e983aea23058a29729a200b070dc6 (commit) from 789817cd91695cbb9e8b4f1e90a0393c147c2c70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f27d719a4e2e983aea23058a29729a200b070dc6 Author: Miroslav Lichvar Date: Thu Aug 5 14:07:17 2021 +0200 rtc: avoid printing and scanning time_t With the latest glibc it's now possible to define _TIME_BITS=64 to get 64-bit time_t on 32-bit Linux systems. This breaks the %ld printf/scanf modifier used with the RTC drift timestamp. Process it as a double. --- Summary of changes: rtc_linux.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-1-g789817c
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 789817cd91695cbb9e8b4f1e90a0393c147c2c70 (commit) from 885e7774fd87ce1a27d42371ea6adf2ce2a8e383 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 789817cd91695cbb9e8b4f1e90a0393c147c2c70 Author: Miroslav Lichvar Date: Wed Jul 7 16:45:46 2021 +0200 doc: improve ntsserverkey/cert description The files are read after dropping root privileges. They need to be readable by the chrony user. The error message "Could not set credentials : Error while reading file." does not make this requirement very obvious. --- Summary of changes: doc/chrony.conf.adoc | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.1 created. 4.1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.1 has been created at 9241cfb5cdff11d6225191b839320d67490860f3 (tag) tagging 885e7774fd87ce1a27d42371ea6adf2ce2a8e383 (commit) replaces 4.1-pre1 tagged by Miroslav Lichvar on Thu May 13 12:48:05 2021 +0200 - Log - Release 4.1 -BEGIN PGP SIGNATURE- iHIEABECADIWIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUCYJ0D6hQcbWxpY2h2YXJA cmVkaGF0LmNvbQAKCRBf8G8puh4BO2dkAJ9Vl54c9AE7/gqGwjPj8G8FBKJC5QCg iVJIClzvKdMwx2Ak6krzWWXIEug= =IfZd -END PGP SIGNATURE- Miroslav Lichvar (21): nts: fix handling of long server negotiation record nts: avoid assumption about cookie record doc: warn about -F and mailonchange in chronyd man page sys_linux: allow BINDTODEVICE option in seccomp filter test: rework seccomp testing test: extend configuration in system tests test: remove logs before chronyd start in system tests test: fix date use in 010-nts system test nts: ignore long non-critical records nts: close file after loading cookies conf: log error when source cannot be added source: don't print duplicated address in selection message sourcestats: check samples loaded from dump files sys_linux: allow getuid32 in seccomp filter sys_linux: add second scfilter level sys_linux: check if execveat is defined test: disable privdrop in nts test test: allow inaccurate math in util unit test test: make 007-cmdmon test more reliable update copyright years doc: update NEWS --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-pre1-21-g885e777
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 885e7774fd87ce1a27d42371ea6adf2ce2a8e383 (commit) via 883b7eed8a67a4a461633f268d7e40ee1d2ea74d (commit) via 4049ed8766af811bd5bdd806c775517ad79df278 (commit) via f9f6803b8a8f7829b5916addcb5e0a7ac4b59eab (commit) via 385f7ebfd97478f7278b27020eb6530cfc532858 (commit) from f9cbc4803d338dd2745157d2041a5b44c3316320 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 885e7774fd87ce1a27d42371ea6adf2ce2a8e383 Author: Miroslav Lichvar Date: Thu May 6 16:31:33 2021 +0200 doc: update NEWS commit 883b7eed8a67a4a461633f268d7e40ee1d2ea74d Author: Miroslav Lichvar Date: Mon May 10 15:47:10 2021 +0200 update copyright years commit 4049ed8766af811bd5bdd806c775517ad79df278 Author: Miroslav Lichvar Date: Wed May 12 13:03:45 2021 +0200 test: make 007-cmdmon test more reliable Reorder the local off command with respect to offline and online to prevent the client from getting an unsynchronized response. commit f9f6803b8a8f7829b5916addcb5e0a7ac4b59eab Author: Miroslav Lichvar Date: Mon May 10 18:08:33 2021 +0200 test: allow inaccurate math in util unit test Don't require timespec/timeval-double conversion tests to produce correctly rounded results to handle x86 and other archs with wider intermediate results. commit 385f7ebfd97478f7278b27020eb6530cfc532858 Author: Miroslav Lichvar Date: Mon May 10 15:09:38 2021 +0200 test: disable privdrop in nts test They are unrelated features. Not setting privdrop avoids a skip due to the nobody user not having access to the test directory. --- Summary of changes: NEWS| 2 +- client.c| 4 ++-- cmdmon.c| 2 +- configure | 2 +- doc/chrony.conf.adoc| 2 +- doc/faq.adoc| 2 +- ntp_sources.c | 2 +- nts_ke_client.c | 2 +- nts_ke_session.c| 2 +- sourcestats.c | 2 +- test/system/007-cmdmon | 6 +++--- test/system/010-nts | 2 -- test/unit/ntp_sources.c | 2 +- test/unit/util.c| 12 ++-- 14 files changed, 21 insertions(+), 23 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-pre1-16-gf9cbc48
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f9cbc4803d338dd2745157d2041a5b44c3316320 (commit) from 97973b1833e5f17126382c304ee78a22fce7eb51 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f9cbc4803d338dd2745157d2041a5b44c3316320 Author: Miroslav Lichvar Date: Thu May 6 15:41:52 2021 +0200 sys_linux: check if execveat is defined The syscall is missing on older systems. --- Summary of changes: sys_linux.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-pre1-15-g97973b1
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 97973b1833e5f17126382c304ee78a22fce7eb51 (commit)
via 9cdfc15e310887d86c74beb0d6b748572624201c (commit)
via fc993172910f75bbfa26cf5928b43d4ce9bc5f85 (commit)
via bb9ba3e4bd31692674cb0ff1fcfe8ff6c1f05edb (commit)
via 649f54a1e6ae5b17e6dd4c0a42ad1d540e8be3a3 (commit)
via 4070d7ffa6f7288c660a35ed1d1d1dffe4998653 (commit)
via 0493abb68a072b053bceabedf2e8f3c072ab42b3 (commit)
from 8c1e16711dad83cc4d76b17cf18257b1d0b2d8a3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 97973b1833e5f17126382c304ee78a22fce7eb51
Author: Miroslav Lichvar
Date: Wed May 5 11:21:39 2021 +0200
sys_linux: add second scfilter level
Add level "2" to enable a filter which blocks only specific system calls
like fork and exec* instead of blocking everything unknown. It should
be reliable with respect to changes in libraries, but it provides only a
very limited protection.
commit 9cdfc15e310887d86c74beb0d6b748572624201c
Author: Miroslav Lichvar
Date: Thu Apr 29 16:53:40 2021 +0200
sys_linux: allow getuid32 in seccomp filter
This was triggered on x86 in an NTS test.
commit fc993172910f75bbfa26cf5928b43d4ce9bc5f85
Author: Miroslav Lichvar
Date: Tue May 4 14:06:33 2021 +0200
sourcestats: check samples loaded from dump files
When loading a dump file with the -r option, check also sanity of the
sample time, offset, peer/root delay/dispersion, and the sample order to
better handle corrupted files.
commit bb9ba3e4bd31692674cb0ff1fcfe8ff6c1f05edb
Author: Miroslav Lichvar
Date: Tue May 4 11:49:54 2021 +0200
source: don't print duplicated address in selection message
Don't print the original IP address in parentheses in the "Selected
source ..." message if it is identical to the current address. That is
expected to be the usual case for sources specified by IP address.
commit 649f54a1e6ae5b17e6dd4c0a42ad1d540e8be3a3
Author: Miroslav Lichvar
Date: Tue May 4 11:08:59 2021 +0200
conf: log error when source cannot be added
Log an error message when adding of a source fails, e.g. due to the new
limit on number of sources, or when the same address is specified
multiple times.
commit 4070d7ffa6f7288c660a35ed1d1d1dffe4998653
Author: Miroslav Lichvar
Date: Mon May 3 14:15:28 2021 +0200
nts: close file after loading cookies
Don't forget to close the file with cookies in ntsdumpdir if
successfully loaded.
Fixes: 2fa83b541c36 ("nts: save and load cookies on client")
commit 0493abb68a072b053bceabedf2e8f3c072ab42b3
Author: Miroslav Lichvar
Date: Mon May 3 12:48:23 2021 +0200
nts: ignore long non-critical records
In the NTS-KE client don't reject the response if it has non-critical
records that are too long for the processing buffer. This is not
expected to happen with the current specification, but it might be
needed with future extensions.
Fixes: 7925ed39b81f ("nts: fix handling of long server negotiation record")
---
Summary of changes:
conf.c | 14 +++--
doc/chronyd.adoc | 33 +
nts_ke_client.c | 7 +++--
nts_ntp_client.c | 2 ++
sources.c| 2 +-
sourcestats.c| 14 +
sys_linux.c | 76 +++-
test/system/099-scfilter | 2 +-
test/system/199-scfilter | 2 +-
9 files changed, 118 insertions(+), 34 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.1-pre1-8-g8c1e167
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 8c1e16711dad83cc4d76b17cf18257b1d0b2d8a3 (commit)
via 1d03908646ce24682a6dbea99911f837a92c4af3 (commit)
via 49d718c025c9a1d8675f41992c445a7016fd2812 (commit)
via c536b2561bb4b2b15e869e20fcde5c7e5301474f (commit)
via b9f5ce83b02e765ad5a65a264e88352528d6b2b3 (commit)
via 8baab00ae0a8a11874a45acbe8aff7443537867f (commit)
via d01cb5af46caedb8a4a6529c8b80eef9976cef8d (commit)
via 7925ed39b81f394083e939c96d18a652f977d315 (commit)
from 9d869d87097cdedb007c5a7a9684a790b867d268 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 8c1e16711dad83cc4d76b17cf18257b1d0b2d8a3
Author: Miroslav Lichvar
Date: Thu Apr 29 14:45:30 2021 +0200
test: fix date use in 010-nts system test
Avoid using nonportable -d option of date.
commit 1d03908646ce24682a6dbea99911f837a92c4af3
Author: Miroslav Lichvar
Date: Thu Apr 29 13:15:03 2021 +0200
test: remove logs before chronyd start in system tests
commit 49d718c025c9a1d8675f41992c445a7016fd2812
Author: Miroslav Lichvar
Date: Thu Apr 29 13:14:11 2021 +0200
test: extend configuration in system tests
commit c536b2561bb4b2b15e869e20fcde5c7e5301474f
Author: Miroslav Lichvar
Date: Thu Apr 29 13:18:39 2021 +0200
test: rework seccomp testing
Instead of a single test with enabled seccomp, rerun all other
non-destructive and destructive tests for each seccomp level.
commit b9f5ce83b02e765ad5a65a264e88352528d6b2b3
Author: Miroslav Lichvar
Date: Thu Apr 29 12:35:49 2021 +0200
sys_linux: allow BINDTODEVICE option in seccomp filter
Fixes: 4ef944b73436 ("socket: add support for binding sockets to device")
commit 8baab00ae0a8a11874a45acbe8aff7443537867f
Author: Miroslav Lichvar
Date: Thu Apr 29 09:18:49 2021 +0200
doc: warn about -F and mailonchange in chronyd man page
commit d01cb5af46caedb8a4a6529c8b80eef9976cef8d
Author: Miroslav Lichvar
Date: Tue Apr 27 15:39:59 2021 +0200
nts: avoid assumption about cookie record
The cookie record is currently assumed to be the longest record that
needs to be accepted by the client, but that does not have to be always
the case. Define the processing buffer using the maximum body record
constant instead and add an assertion to make sure it's not smaller than
the maximum accepted cookie length.
commit 7925ed39b81f394083e939c96d18a652f977d315
Author: Miroslav Lichvar
Date: Tue Apr 27 11:18:04 2021 +0200
nts: fix handling of long server negotiation record
Recent change in handling of the NTPv4 server negotiation record (commit
754097944be2) increased the length of the instance name buffer to make
room for the trailing dot. This allowed a record with body truncated in
the processing buffer to be accepted and caused an over-read of 1 byte
in the memcpy() call saving the name to the instance buffer.
Modify the client to accept only records that fit in the processing
buffer.
Fixes: 754097944be2 ("nts: handle negotiated server as FQDN")
---
Summary of changes:
doc/chronyd.adoc | 2 ++
nts_ke_client.c | 11 +--
sys_linux.c | 3 +++
test/system/005-scfilter | 17 -
test/system/010-nts | 6 ++
test/system/099-scfilter | 24
test/system/199-scfilter | 24
test/system/test.common | 6 ++
8 files changed, 70 insertions(+), 23 deletions(-)
delete mode 100755 test/system/005-scfilter
create mode 100755 test/system/099-scfilter
create mode 100755 test/system/199-scfilter
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.1-pre1 created. 4.1-pre1
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.1-pre1 has been created at 33b52778001d291ee53873a743288f9d089049bd (tag) tagging 9d869d87097cdedb007c5a7a9684a790b867d268 (commit) replaces 4.0 tagged by Miroslav Lichvar on Thu Apr 22 12:57:48 2021 +0200 - Log - First prerelease for 4.1 -BEGIN PGP SIGNATURE- iHIEABECADIWIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUCYIFWsRQcbWxpY2h2YXJA cmVkaGF0LmNvbQAKCRBf8G8puh4BO+5CAJ0XB6YyS/0bjeDHY8JJ0gf+IqqdKQCf UQzirr0IGzeai6MMr89DpFvvN8A= =Hvxl -END PGP SIGNATURE- Baruch Siach (1): sys_linux: fix build with older kernel headers Bryan Christianson (1): sys_timex: remove workaround for broken ntp_adjtime on macOS Christian Ehrhardt (1): sys_linux: allow statx and fstatat64 in seccomp filter Foster Snowhill (1): sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp Kamil Dudka (1): configure: use well-known file name conftest.c Michael Witten (2): doc: diagnose problem with RTC interrupts on Linux rtc: log error message when driver initialisation fails Miroslav Lichvar (82): doc: fix ntsntpserver reference in chrony.conf man page sched: improve infinite loop detection sched: stop dispatching timeouts on exit socket: check length of received control messages socket: add debug message for unexpected control message test: make 120-selectoptions more reliable test: fix port selection to disable grep output test: support ss as netstat replacement ntp: fix NULL pointer ntp: allow replacement of sources specified by IP address nts: support servers specified by IP address test: improve NTS tests main: cancel clock correction before dumping sources main: fix typo in comment sourcestats: move stratum to sources sources: update stratum with leap status sources: improve handling of dump files and their format sources: set reference after loading dump files test: extend 129-reload test ntp: require port match in address update ntp: avoid recursive update of address nts: rework update of NTP server address nts: load cookies early nts: reset NTP address/port if removed in NTS-KE ntp: limit number of sources ntp: simplify NSR_Finalise() client: fix sourcename command to accept ID addresses nts: split creating server and client credentials nts: define type for credentials nts: allow multiple server keys and certificates nts: allow multiple files with trusted certificates nts: allow ntstrustedcerts to specify directory configure: check for O_NOFOLLOW flag nts: add support for multiple sets of trusted certificates conf: add set selection to ntstrustedcerts conf: add certset option to NTP sources cmdmon: set certset for new sources test: extend 139-nts test ntp: restart resolving on online command refclock: warn if maxlockage is too small refclock: warn if lock refid is invalid main: warn if running with root privileges sys_linux: check if statx syscall is defined main: suppress info messages with -p option cmdmon: fix responding to IPv4 addresses on FreeBSD nameserv: require getaddrinfo() and getnameinfo() nameserv: avoid unnecessary getaddrinfo() calls util: require inet_pton() test: extend 007-cmdmon system test test: use env shebang in all bash scripts test: extend util unit test client: report invalid values in doffset and dfreq commands local: return status from offset accumulation cmdmon: convert doffset request to float cmdmon: return error if doffset command fails test: drop logging suspension test: extend ntp_sources unit test declare variables set from signal handlers as volatile refclock: increase PPS lock limit test: extend 106-refclock test test: enable valgrind in more tests test: extend 103-initstepslew test doc: improve FAQ doc: improve chrony.conf man page ntp: fix loop test for special reference modes ntp: don't update source status with unsynchronized data ntp: clamp remote stratum ntp: add copy option test: update and extend 110-chronyc test test: make system tests more reliable conf: require sourcedir files to be terminated by newline doc: improve FAQ doc: improve description of allow directive test: extend 106-refclock test nts: handle negotiated server as FQDN sources: don't print NULL string to dump file sources: fix loading of refclock dump files test: extend 129-reload test nameserv: avoid sockaddr_in6 with disabled IPv6 support ntp: f
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-90-g9d869d8
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 9d869d87097cdedb007c5a7a9684a790b867d268 (commit)
via 4f94e22b4bd0ddf26d0a748a19b5a022a0073c6b (commit)
via d9b720471d97c87e4e9c7f1ac9d0963bc54ad54a (commit)
via 039b388c82b159479df6a6a02efe124b28fafbde (commit)
via 3f6528da778f715311c49b5e9ea0fbca911f5e44 (commit)
via 4f43c060a387139534b77fa76f0997f83af15e67 (commit)
via 3e55fe69193abded07a9848a679921a83095c214 (commit)
via 754097944be27f3efe5fc1792ea8a318e09dc854 (commit)
via dd6a25edf2df2375696f9cb65e702fc5b9f994db (commit)
via e697833976025387ea6e413c47bbc2c11be90fc7 (commit)
via 40d80624f6179bba02af7a0b819b0ec5d5ab270f (commit)
from 9a716cc28417031704283505cba204861d8773c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 9d869d87097cdedb007c5a7a9684a790b867d268
Author: Miroslav Lichvar
Date: Tue Apr 20 14:16:11 2021 +0200
doc: update NEWS
commit 4f94e22b4bd0ddf26d0a748a19b5a022a0073c6b
Author: Miroslav Lichvar
Date: Tue Apr 20 12:37:40 2021 +0200
doc: update README
commit d9b720471d97c87e4e9c7f1ac9d0963bc54ad54a
Author: Miroslav Lichvar
Date: Wed Apr 21 15:56:51 2021 +0200
ntp: fix address in error message
commit 039b388c82b159479df6a6a02efe124b28fafbde
Author: Miroslav Lichvar
Date: Wed Apr 21 14:40:12 2021 +0200
nameserv: avoid sockaddr_in6 with disabled IPv6 support
Fixes: 10c760a80c15 ("nameserv: require getaddrinfo() and getnameinfo()")
commit 3f6528da778f715311c49b5e9ea0fbca911f5e44
Author: Miroslav Lichvar
Date: Wed Apr 21 12:50:47 2021 +0200
test: extend 129-reload test
commit 4f43c060a387139534b77fa76f0997f83af15e67
Author: Miroslav Lichvar
Date: Wed Apr 21 12:52:17 2021 +0200
sources: fix loading of refclock dump files
Allow zero stratum in loaded dump files.
Fixes: f8610d69f08f ("sources: improve handling of dump files and their
format")
commit 3e55fe69193abded07a9848a679921a83095c214
Author: Miroslav Lichvar
Date: Wed Apr 21 12:51:07 2021 +0200
sources: don't print NULL string to dump file
For reference clocks, which don't have a name, print "." instead of
NULL.
Fixes: f8610d69f08f ("sources: improve handling of dump files and their
format")
commit 754097944be27f3efe5fc1792ea8a318e09dc854
Author: Miroslav Lichvar
Date: Wed Apr 21 09:37:40 2021 +0200
nts: handle negotiated server as FQDN
The NTS RFC requires the recipient of the Server Negotiation NTS-KE
record to handle the name as a fully qualified domain name. Add a
trailing dot if not present to force the name to be resolved as one.
commit dd6a25edf2df2375696f9cb65e702fc5b9f994db
Author: Miroslav Lichvar
Date: Tue Apr 20 17:43:20 2021 +0200
test: extend 106-refclock test
commit e697833976025387ea6e413c47bbc2c11be90fc7
Author: Miroslav Lichvar
Date: Tue Apr 20 09:54:52 2021 +0200
doc: improve description of allow directive
Prefer CIDR notation, clarify use of hostnames and order of allow/deny
directives, refer to the accheck command.
commit 40d80624f6179bba02af7a0b819b0ec5d5ab270f
Author: Bryan Christianson
Date: Tue Apr 20 09:32:52 2021 +1200
sys_timex: remove workaround for broken ntp_adjtime on macOS
Early beta releases of macOS Big Sur had a signed/unsigned error in
Apple's implementation of ntp_adjtime. Apple have since fixed this error
and the workaround is no longer required.
---
Summary of changes:
NEWS | 24 +++
README | 7 -
doc/chrony.conf.adoc | 71
doc/chronyc.adoc | 14 +++--
nameserv.c | 10 +--
ntp_sources.c| 2 +-
nts_ke_client.c | 13 +++-
sources.c| 4 +--
sys_timex.c | 7 -
test/simulation/106-refclock | 45
test/simulation/129-reload | 51 +++
11 files changed, 190 insertions(+), 58 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-79-g9a716cc
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 9a716cc28417031704283505cba204861d8773c1 (commit)
via 13a78ecd2f2804e2c14b1e33cdf99a48ed4f6573 (commit)
via a9f0c681cb427ade46ee53b57ff08be6e5fbd98d (commit)
via 862aa285a2d8199f8445f04c572d3351cea4042c (commit)
via 84d2811800ea690e11154ffde391575dbd5a6abb (commit)
via 635a9d3f5a7c7ed35bf11c57105252ce8cbccfa6 (commit)
via 81f7f6ddf08011d3b3f7bd02662e76dfa7855d78 (commit)
from aa22c515ceecf2f1e5f29742720da99977364b92 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 9a716cc28417031704283505cba204861d8773c1
Author: Miroslav Lichvar
Date: Tue Apr 13 12:07:38 2021 +0200
doc: improve FAQ
commit 13a78ecd2f2804e2c14b1e33cdf99a48ed4f6573
Author: Miroslav Lichvar
Date: Thu Apr 15 09:43:01 2021 +0200
conf: require sourcedir files to be terminated by newline
When reading a *.sources file require that each line is termined by the
newline character to avoid processing an unfinished line, e.g. due to an
unexpected call of the reload command when the file is being written in
place.
commit a9f0c681cb427ade46ee53b57ff08be6e5fbd98d
Author: Miroslav Lichvar
Date: Thu Apr 15 11:26:29 2021 +0200
test: make system tests more reliable
commit 862aa285a2d8199f8445f04c572d3351cea4042c
Author: Miroslav Lichvar
Date: Tue Apr 13 16:34:34 2021 +0200
test: update and extend 110-chronyc test
commit 84d2811800ea690e11154ffde391575dbd5a6abb
Author: Miroslav Lichvar
Date: Wed Apr 14 15:58:51 2021 +0200
ntp: add copy option
When separate client and server instances of chronyd are running on one
computer (e.g. for security or performance reasons) and are synchronized
to each other, the server instance provides a reference ID based on the
local address used for synchronization of its NTP clock, which breaks
detection of synchronization loops for its own clients.
Add a "copy" option to specify that the server and client are closely
related, no loop can form between them, and the client should assume the
reference ID and stratum of the server to fix detection of loops between
the server and clients of the client.
commit 635a9d3f5a7c7ed35bf11c57105252ce8cbccfa6
Author: Miroslav Lichvar
Date: Wed Apr 14 12:36:28 2021 +0200
ntp: clamp remote stratum
Don't set the remote stratum (used for polling adjustments) to values
larger than 16.
commit 81f7f6ddf08011d3b3f7bd02662e76dfa7855d78
Author: Miroslav Lichvar
Date: Wed Apr 14 12:17:22 2021 +0200
ntp: don't update source status with unsynchronized data
Don't update the leap and stratum used in source selection if they
indicate an unsynchronized source.
Fixes: 2582be8754ab ("sources: separate update of leap status")
---
Summary of changes:
candm.h | 1 +
client.c| 1 +
cmdmon.c| 1 +
cmdparse.c | 3 +
conf.c | 5 +-
doc/chrony.conf.adoc| 14 -
doc/faq.adoc| 134
ntp_core.c | 16 +-
srcparams.h | 1 +
test/simulation/110-chronyc | 21 ++-
test/simulation/141-copy| 19 +++
test/system/007-cmdmon | 8 +--
test/system/008-confload| 5 +-
test/system/010-nts | 4 +-
test/system/test.common | 17 +-
15 files changed, 186 insertions(+), 64 deletions(-)
create mode 100755 test/simulation/141-copy
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-72-gaa22c51
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via aa22c515ceecf2f1e5f29742720da99977364b92 (commit) from 2ca2c853655801488f7cafac57f94965d0d2ce65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit aa22c515ceecf2f1e5f29742720da99977364b92 Author: Uwe Kleine-König Date: Fri Apr 9 08:12:27 2021 +0200 refclock: drop return after LOG_FATAL The LOG_FATAL macro expands to (emitting the message and then) exit(1). So a return after LOG_FATAL isn't reached. Drop all those to simplify the code a bit. --- Summary of changes: refclock_phc.c | 4 +--- refclock_pps.c | 31 +-- 2 files changed, 10 insertions(+), 25 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-71-g2ca2c85
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 2ca2c853655801488f7cafac57f94965d0d2ce65 (commit)
via 966e6fd939df724235a93e7a89dd7cf67178f99d (commit)
via 4f0dd72cf092d6a98629949555b1d3f2aa7bc6e1 (commit)
via 69aa2eff991160165b03dc7fa51eb81631ac71f3 (commit)
via 3e1ec36ca5a8b1a52de01480101882fbeed1c850 (commit)
via 224ab8ddb184d1f035d2a93c3150f4a62e3db816 (commit)
from 307c2ec70f7a34cb7227527b4eace39d09548f62 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 2ca2c853655801488f7cafac57f94965d0d2ce65
Author: Miroslav Lichvar
Date: Tue Apr 6 18:05:54 2021 +0200
ntp: fix loop test for special reference modes
It is not sufficient to check for disabled server sockets as they are
not open only after the special reference modes end (e.g. initstepslew).
Fixes: 004986310d2a ("ntp: skip loop test if no server socket is open")
commit 966e6fd939df724235a93e7a89dd7cf67178f99d
Author: Foster Snowhill
Date: Sun Apr 4 15:12:17 2021 +0200
sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp
This system call is required by the DSCP marking feature introduced in
commit
6a5665ca5877 ("conf: add dscp directive").
Before this change, enabling seccomp filtering (chronyd -F 1) and
specifying a
custom DSCP value in the configuration (for example "dscp 46") caused the
process to be killed by seccomp due to IP_TOS not being allowed by the
filter.
Tested before and after the change on Ubuntu 21.04, kernel
5.11.0-13-generic.
IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it.
Signed-off-by: Foster Snowhill
commit 4f0dd72cf092d6a98629949555b1d3f2aa7bc6e1
Author: Miroslav Lichvar
Date: Wed Apr 7 16:37:11 2021 +0200
doc: improve chrony.conf man page
commit 69aa2eff991160165b03dc7fa51eb81631ac71f3
Author: Miroslav Lichvar
Date: Tue Apr 6 16:28:56 2021 +0200
doc: improve FAQ
Add new questions, fix typos and version-specific information.
commit 3e1ec36ca5a8b1a52de01480101882fbeed1c850
Author: Miroslav Lichvar
Date: Tue Apr 6 16:38:34 2021 +0200
test: extend 103-initstepslew test
commit 224ab8ddb184d1f035d2a93c3150f4a62e3db816
Author: Miroslav Lichvar
Date: Wed Mar 24 17:50:33 2021 +0100
test: enable valgrind in more tests
---
Summary of changes:
doc/chrony.conf.adoc | 181 ---
doc/faq.adoc | 177 +-
ntp_core.c | 5 +-
sys_linux.c | 2 +-
test/compilation/003-sanitizers | 7 +-
test/simulation/103-initstepslew | 31 +++
6 files changed, 308 insertions(+), 95 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-65-g307c2ec
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 307c2ec70f7a34cb7227527b4eace39d09548f62 (commit) via 5381fb4ee99d6ed0d1ef10fa7a8018b3b89ad90c (commit) via 3812ec2aa277ea65258ff4c5eb501e1e2b1f1b2f (commit) via 4e7690ebec7794bdc9ffb877e4f711254f42c310 (commit) from cf3d976a680379c61855941068badb0f22cd84da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 307c2ec70f7a34cb7227527b4eace39d09548f62 Author: Miroslav Lichvar Date: Thu Mar 18 17:37:13 2021 +0100 test: extend 106-refclock test commit 5381fb4ee99d6ed0d1ef10fa7a8018b3b89ad90c Author: Miroslav Lichvar Date: Thu Mar 18 11:49:08 2021 +0100 refclock: increase PPS lock limit Increase the maximum acceptable offset of the PPS lock reference from 20% to 40% of the PPS interval to not require the refclock offset to be specified in configuration so accurately, or enable operation with a highly unstable reference clock. commit 3812ec2aa277ea65258ff4c5eb501e1e2b1f1b2f Author: Miroslav Lichvar Date: Wed Mar 17 09:21:42 2021 +0100 declare variables set from signal handlers as volatile Make sure variables set from signal handlers are not cached in registers. commit 4e7690ebec7794bdc9ffb877e4f711254f42c310 Author: Kamil Dudka Date: Mon Mar 15 10:27:40 2021 +0100 configure: use well-known file name conftest.c ... for configuration checks. Compiler wrappers check for this name in order to skip any instrumentation of the build that is intended for regular source files only. --- Summary of changes: client.c | 2 +- configure| 12 ++-- refclock.c | 5 - sched.c | 3 ++- test/simulation/106-refclock | 32 +++- 5 files changed, 44 insertions(+), 10 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-61-gcf3d976
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via cf3d976a680379c61855941068badb0f22cd84da (commit) via 26fc28c0569359295741999633e4d63f44c2ba79 (commit) from d2117ab6973632483cb470c89697daabd32effde (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit cf3d976a680379c61855941068badb0f22cd84da Author: Miroslav Lichvar Date: Tue Mar 9 14:10:48 2021 +0100 test: extend ntp_sources unit test commit 26fc28c0569359295741999633e4d63f44c2ba79 Author: Miroslav Lichvar Date: Tue Mar 9 12:34:41 2021 +0100 test: drop logging suspension Instead of selectively suspending logging by redirecting messages to /dev/null, increase the default minimum log severity to FATAL. In the debug mode, all messages are printed. --- Summary of changes: test/unit/ntp_auth.c| 10 -- test/unit/ntp_core.c| 3 - test/unit/ntp_sources.c | 273 +--- test/unit/test.c| 16 +-- test/unit/test.h| 3 - test/unit/util.c| 2 - 6 files changed, 266 insertions(+), 41 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-59-gd2117ab
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via d2117ab6973632483cb470c89697daabd32effde (commit)
via 52b29f673f76c0faa7d9bf8ca68183b1d369cb05 (commit)
via e86b60a9d7e7dde95a85e7839aad43bdfa40c973 (commit)
via 53501b743f6cfa0032e0f3cddc5d1f004aa1820a (commit)
via c61ddb70da19af2dbc6c88e8e72cf30cf8e43286 (commit)
via 9339766bfe49d0895b0f48f39fc0eb83a07dd395 (commit)
via f60410016a4d990dbf5d977c476ebfc601b8e555 (commit)
via 7a023716982431df14deda031f901a9fbc349d40 (commit)
via 579d8c9907e3c2a536d68662f06aaf08b7d8fecf (commit)
via 10c760a80c1568b733e4db59f5a2735562aa4136 (commit)
via 2d39a12f514673dd2ea2001a33e815956e49cba1 (commit)
via 517b1ae29a426321e6673ff93fbfe941a5828a73 (commit)
via b7347d931bcd089763687612f6dcc37ba189cfb3 (commit)
from 4f878ba144dee853405e4a22fc9658c40d37678a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit d2117ab6973632483cb470c89697daabd32effde
Author: Miroslav Lichvar
Date: Thu Mar 4 10:06:22 2021 +0100
cmdmon: return error if doffset command fails
commit 52b29f673f76c0faa7d9bf8ca68183b1d369cb05
Author: Miroslav Lichvar
Date: Wed Mar 3 18:18:54 2021 +0100
cmdmon: convert doffset request to float
commit e86b60a9d7e7dde95a85e7839aad43bdfa40c973
Author: Miroslav Lichvar
Date: Thu Mar 4 09:59:25 2021 +0100
local: return status from offset accumulation
Change the functions accumulating offset to return success or failure.
commit 53501b743f6cfa0032e0f3cddc5d1f004aa1820a
Author: Miroslav Lichvar
Date: Wed Mar 3 18:06:50 2021 +0100
client: report invalid values in doffset and dfreq commands
commit c61ddb70da19af2dbc6c88e8e72cf30cf8e43286
Author: Miroslav Lichvar
Date: Wed Mar 3 17:22:26 2021 +0100
test: extend util unit test
commit 9339766bfe49d0895b0f48f39fc0eb83a07dd395
Author: Miroslav Lichvar
Date: Wed Mar 3 12:09:38 2021 +0100
test: use env shebang in all bash scripts
This allows the scripts to be executed on systems that don't have bash
in /bin. This fixes "make check".
commit f60410016a4d990dbf5d977c476ebfc601b8e555
Author: Miroslav Lichvar
Date: Wed Mar 3 11:31:53 2021 +0100
test: extend 007-cmdmon system test
commit 7a023716982431df14deda031f901a9fbc349d40
Author: Miroslav Lichvar
Date: Tue Mar 2 17:28:02 2021 +0100
util: require inet_pton()
Always use inet_pton() for converting IP addresses. It should be
available on all currently supported systems.
commit 579d8c9907e3c2a536d68662f06aaf08b7d8fecf
Author: Miroslav Lichvar
Date: Tue Mar 2 17:24:09 2021 +0100
nameserv: avoid unnecessary getaddrinfo() calls
Check if the name passed to DNS_Name2IPAddress() is an IP address
before calling getaddrinfo(), which can be much slower and work
differently on different systems.
commit 10c760a80c1568b733e4db59f5a2735562aa4136
Author: Miroslav Lichvar
Date: Tue Mar 2 16:55:37 2021 +0100
nameserv: require getaddrinfo() and getnameinfo()
Remove support for the long-deprecated gethostbyname() and
gethostbyaddr() functions.
commit 2d39a12f514673dd2ea2001a33e815956e49cba1
Author: Miroslav Lichvar
Date: Tue Mar 2 13:10:13 2021 +0100
cmdmon: fix responding to IPv4 addresses on FreeBSD
On FreeBSD, the source address cannot be specified when sending a
message on a socket bound to a non-any IPv4 address, e.g. in default
configuration 127.0.0.1. In this case, make the address unspecified.
This is similar to commit 6af39d63aa93 ("ntp: don't use IP_SENDSRCADDR
on bound socket").
Fixes: f06c1cfa97f8 ("cmdmon: respond from same address")
commit 517b1ae29a426321e6673ff93fbfe941a5828a73
Author: Miroslav Lichvar
Date: Tue Mar 2 12:21:52 2021 +0100
main: suppress info messages with -p option
Log (to stderr) only warnings and higher when printing the
configuration to suppress the "chronyd starting" message.
commit b7347d931bcd089763687612f6dcc37ba189cfb3
Author: Miroslav Lichvar
Date: Mon Mar 1 10:13:19 2021 +0100
sys_linux: check if statx syscall is defined
statx seems to be missing in older kernel and libseccomp headers, still
used on some supported systems.
---
Summary of changes:
candm.h | 8 +-
client.c | 37 ++--
cmdmon.c | 30 ++-
configure| 5 +-
local.c | 12 +-
loc
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-46-g4f878ba
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 4f878ba144dee853405e4a22fc9658c40d37678a (commit) via 8acdb5d1e208d2712daf01e512ad345d2ce5bd7e (commit) via 62f2d5736daac8d72ded5dbb6e65e83d489b03bb (commit) via dc22df93f55a33e6097388860f6b67330f72a136 (commit) from d898bd246b01aa869846b5c25923924ffdaf5c17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 4f878ba144dee853405e4a22fc9658c40d37678a Author: Miroslav Lichvar Date: Thu Feb 25 17:04:01 2021 +0100 main: warn if running with root privileges Log a warning message if the main process has not dropped the root privileges, i.e. when the compiled-in user or user specified by the user directive or -u option is root. commit 8acdb5d1e208d2712daf01e512ad345d2ce5bd7e Author: Miroslav Lichvar Date: Thu Feb 25 16:59:27 2021 +0100 refclock: warn if lock refid is invalid Log a warning message if the specified lock refid doesn't match any existing refclock or it matches the refclock which has the lock option itself. commit 62f2d5736daac8d72ded5dbb6e65e83d489b03bb Author: Miroslav Lichvar Date: Thu Feb 25 16:51:23 2021 +0100 refclock: warn if maxlockage is too small Log a warning message if the interval covered by the maxlockage at the PPS rate of a refclock is shorter than driver poll of the locked refclock. Reported-by: Matt Corallo commit dc22df93f55a33e6097388860f6b67330f72a136 Author: Miroslav Lichvar Date: Wed Feb 24 13:04:27 2021 +0100 ntp: restart resolving on online command If the online command is received when the resolver is running, start it again as soon as it finishes instead of waiting for the timer. This should reduce the time needed to get all sources resolved on boot if chronyd is started before the network is online and the chronyc online command is issued before the first round of resolving can finish, e.g. due to an unreachable DNS server in resolv.conf. --- Summary of changes: main.c| 3 +++ ntp_sources.c | 13 - refclock.c| 34 ++ 3 files changed, 41 insertions(+), 9 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-42-gd898bd2
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via d898bd246b01aa869846b5c25923924ffdaf5c17 (commit) via ebf0ff2c0d98acbfcf8e931f51d04bb3c48b8055 (commit) via cc77b0e9fd0853627a6322398de05fe3f52bf609 (commit) via a8bc25e5431b68ecc7ca204e8c3c377e1121ff9c (commit) via 6615bb1b78de5bcc46ae6111ea8f0a3b2579cb67 (commit) from f650b8c5153440aa7a7e256c832fa30df894bdb2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit d898bd246b01aa869846b5c25923924ffdaf5c17 Author: Miroslav Lichvar Date: Thu Feb 18 17:31:29 2021 +0100 test: extend 139-nts test commit ebf0ff2c0d98acbfcf8e931f51d04bb3c48b8055 Author: Miroslav Lichvar Date: Thu Feb 18 17:22:23 2021 +0100 cmdmon: set certset for new sources Add the new certset option to the cmdmon protocol. commit cc77b0e9fd0853627a6322398de05fe3f52bf609 Author: Miroslav Lichvar Date: Thu Feb 18 17:18:15 2021 +0100 conf: add certset option to NTP sources Allow the set of trusted certificates to be selected for each NTP source individually. commit a8bc25e5431b68ecc7ca204e8c3c377e1121ff9c Author: Miroslav Lichvar Date: Thu Feb 18 17:15:10 2021 +0100 conf: add set selection to ntstrustedcerts Add an optional set-ID argument to the ntstrustedcerts directive to enable multiple sets of trusted certificates to be specified. commit 6615bb1b78de5bcc46ae6111ea8f0a3b2579cb67 Author: Miroslav Lichvar Date: Thu Feb 18 16:53:36 2021 +0100 nts: add support for multiple sets of trusted certificates Modify the session, NTS-KE, and NTS-NTP code to support multiple sets of trusted certificates and identify the sets by a 32-bit ID. --- Summary of changes: candm.h | 3 +- client.c| 1 + cmdmon.c| 1 + cmdparse.c | 4 ++ conf.c | 26 ++- conf.h | 2 +- doc/chrony.conf.adoc| 35 +++-- ntp_auth.c | 5 +- ntp_auth.h | 2 +- ntp_core.c | 3 +- nts_ke_client.c | 47 + nts_ke_client.h | 2 +- nts_ke_session.c| 20 -- nts_ke_session.h| 5 +- nts_ntp_client.c| 7 +- nts_ntp_client.h| 2 +- srcparams.h | 2 + stubs.c | 3 +- test/simulation/110-chronyc | 2 +- test/simulation/139-nts | 168 ++-- test/unit/ntp_auth.c| 2 +- test/unit/nts_ke_client.c | 2 +- test/unit/nts_ke_session.c | 4 +- test/unit/nts_ntp_client.c | 4 +- 24 files changed, 281 insertions(+), 71 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-37-gf650b8c
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via f650b8c5153440aa7a7e256c832fa30df894bdb2 (commit) from ae2e0318d1b18534061706fe51528be1f484594c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f650b8c5153440aa7a7e256c832fa30df894bdb2 Author: Miroslav Lichvar Date: Tue Feb 16 13:54:42 2021 +0100 configure: check for O_NOFOLLOW flag If the O_NOFOLLOW flag used by open() is not defined, try it with _GNU_SOURCE. This is needed with glibc-2.11 and earlier. Reported-by: Marius Rohde --- Summary of changes: configure | 14 ++ 1 file changed, 14 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-36-gae2e031
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via ae2e0318d1b18534061706fe51528be1f484594c (commit) from 26ce610155d0bf856ea592389f602a9182b727fc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ae2e0318d1b18534061706fe51528be1f484594c Author: Christian Ehrhardt Date: Fri Feb 12 10:19:55 2021 +0100 sys_linux: allow statx and fstatat64 in seccomp filter With glibc 2.33 on armhf statx and fstatat64 are triggered. Allow this call to un-break chrony on such platforms. Without this e.g. test 005-scfilter fails and with ltrace -rTS reports: a) 0.001684 SYS_397(11, 0xf75def08, 6144, 2047 0.759239 +++ killed by SIGSYS +++ b) 0.003749 SYS_327(-100, 0xffdbcc3c, 0xffdbcb50, 0) 0.000821 --- SIGSYS (Bad system call) --- Current armhf syscalls from: https://github.com/torvalds/linux/blob/v5.10/arch/arm/tools/syscall.tbl Signed-off-by: Christian Ehrhardt --- Summary of changes: sys_linux.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-35-g26ce610
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 26ce610155d0bf856ea592389f602a9182b727fc (commit) via 316d47e3b40c28c9d6e38fe18900b7828f497649 (commit) via 90557cf1babe6830bf775cdfb96f3e49ad4c555d (commit) via 80e627c86ba9927801a4c08f0fe12dd3a3d8bd81 (commit) via 0e4995e10b71c2de7df7ef1464bd1e3c33464651 (commit) via a598983f9b59de2303755850594e831e2f440eef (commit) via 27641876c57348e700acc31ef618723a19e4502e (commit) via 4d139eeca6579975ddae1f3f2bf7f67c1d625511 (commit) via 3f2806c19c7e0c7bd5cae6e8f5104a4d9c156c66 (commit) via e297df78e4a49b52b56a046d80459e1fde8c8960 (commit) via c1d56ede3ffb4c49bc0b73a0a0d81ba0f3bbca1f (commit) via 2e52aca3bf99b316fe78e6ac17d14838c3e8c86a (commit) via b0fc5832f4bac39e879495a7e2f8c0268fb83cdb (commit) from cf6af112e100afaa496ea21cd0b50f25233b3e03 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 26ce610155d0bf856ea592389f602a9182b727fc Author: Miroslav Lichvar Date: Thu Feb 11 15:43:49 2021 +0100 nts: allow ntstrustedcerts to specify directory If the specified path is a directory, load all certificates in the directory. commit 316d47e3b40c28c9d6e38fe18900b7828f497649 Author: Miroslav Lichvar Date: Thu Feb 11 12:20:59 2021 +0100 nts: allow multiple files with trusted certificates Allow the ntstrustedcerts directive to be specified multiple times. commit 90557cf1babe6830bf775cdfb96f3e49ad4c555d Author: Miroslav Lichvar Date: Thu Feb 11 12:26:35 2021 +0100 nts: allow multiple server keys and certificates Allow the ntsservercert and ntsserverkey directives to be specified multiple times to enable the NTS-KE server to operate under multiple names. commit 80e627c86ba9927801a4c08f0fe12dd3a3d8bd81 Author: Miroslav Lichvar Date: Thu Feb 11 11:05:25 2021 +0100 nts: define type for credentials Add a NKSN_Credentials type to avoid referring to it as void *. commit 0e4995e10b71c2de7df7ef1464bd1e3c33464651 Author: Miroslav Lichvar Date: Thu Feb 11 10:52:06 2021 +0100 nts: split creating server and client credentials commit a598983f9b59de2303755850594e831e2f440eef Author: Miroslav Lichvar Date: Wed Feb 10 12:16:18 2021 +0100 client: fix sourcename command to accept ID addresses Fix the command to print the name corresponding to an unresolved address. commit 27641876c57348e700acc31ef618723a19e4502e Author: Miroslav Lichvar Date: Wed Feb 10 13:35:51 2021 +0100 ntp: simplify NSR_Finalise() commit 4d139eeca6579975ddae1f3f2bf7f67c1d625511 Author: Miroslav Lichvar Date: Wed Feb 10 13:21:37 2021 +0100 ntp: limit number of sources Don't rely on assertions and running out of memory to terminate if an extremely large number of sources is added. Set the maximum number to 65536 to have a practical limit where chronyd still has a chance to appear functional with some operations having a quadratic time complexity. commit 3f2806c19c7e0c7bd5cae6e8f5104a4d9c156c66 Author: Miroslav Lichvar Date: Wed Feb 10 16:15:15 2021 +0100 nts: reset NTP address/port if removed in NTS-KE When an NTS-KE server stops providing the NTP address or port, change them to the original values to avoid the client getting stuck with a non-responding address/port. commit e297df78e4a49b52b56a046d80459e1fde8c8960 Author: Miroslav Lichvar Date: Wed Feb 10 12:23:13 2021 +0100 nts: load cookies early Instead of waiting for the first request, try to load the cookies as soon as the instance is created, or the NTS address is changed. This enables loading of dump files for servers that are negotiated in NTS-KE. commit c1d56ede3ffb4c49bc0b73a0a0d81ba0f3bbca1f Author: Miroslav Lichvar Date: Tue Feb 9 17:40:17 2021 +0100 nts: rework update of NTP server address In the NTS-NTP client instance, maintain a local copy of the NTP address instead of using a pointer to the NCR's address, which may change at unexpected times. Also, change the NNC_CreateInstance() to accept only the NTP port to make it clear the initial NTP address is the same as the NTS-KE address and to make it consistent with NNC_ChangeAddress(), which accepts only one address. commit 2e52aca3bf99b316fe78e6ac17d14838c3e8c86a Author: Miroslav Lichvar Date: Tue Feb 9 16:06:36 2021 +0100 ntp: avoid recursive update of address Allow NSR_UpdateSourceNtpAddress() to be (indirectly) called from NCR_CreateInstance() and NCR_ChangeRemoteAddress(). In these cases, save the
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-22-gcf6af11
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via cf6af112e100afaa496ea21cd0b50f25233b3e03 (commit) via fa3052e776d6031cfb39b0ccec19669241f0da25 (commit) via f8610d69f08fa63d7ef18c6728774fa98599f227 (commit) via 1a8dcce84fe5a7983d053a5285e4368096a7e5c2 (commit) via f74eb675670a4007e9a03f16d68e8028c287ed77 (commit) via 144fcdde34bd7e11f1bbb6b1114e3247e8ac8375 (commit) via 3cef7f975cd2ecdceb62c72dd31f96c515744acc (commit) from a2372b0c3abfc85d11c1684c0fb6370cc329e5c4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit cf6af112e100afaa496ea21cd0b50f25233b3e03 Author: Miroslav Lichvar Date: Thu Feb 4 12:32:32 2021 +0100 test: extend 129-reload test commit fa3052e776d6031cfb39b0ccec19669241f0da25 Author: Miroslav Lichvar Date: Wed Feb 3 17:41:39 2021 +0100 sources: set reference after loading dump files After loading the dump files with the -r option, immediately perform a source selection with forced setting of the reference. This shortens the interval when a restarted server doesn't respond with synchronized time. It no longer needs to wait for the first measurement from the best source (which had to pass all the filters). commit f8610d69f08fa63d7ef18c6728774fa98599f227 Author: Miroslav Lichvar Date: Wed Feb 3 17:13:39 2021 +0100 sources: improve handling of dump files and their format Check for write errors when saving dump files. Don't save files with no samples. Add more sanity checks for loaded data. Extend the file format to include an identifier, the reachability register, leap status, name, and authentication flag. Avoid loading unauthenticated data after switching authentication on. Change format and order of some fields to simplify parsing. Drop fields that were kept only for compatibility. The dump files now contain all information needed to perform the source selection and update the reference. There is no support kept for the old file format. Loading of old dump files will fail after upgrading to new version. commit 1a8dcce84fe5a7983d053a5285e4368096a7e5c2 Author: Miroslav Lichvar Date: Wed Feb 3 13:29:14 2021 +0100 sources: update stratum with leap status Remove stratum from the NTP sample and update it together with the leap status. This enables a faster update when samples are dropped by the NTP filters. commit f74eb675670a4007e9a03f16d68e8028c287ed77 Author: Miroslav Lichvar Date: Wed Feb 3 12:54:08 2021 +0100 sourcestats: move stratum to sources The stratum value is not needed in sourcestats. Keep it in the source itself. commit 144fcdde34bd7e11f1bbb6b1114e3247e8ac8375 Author: Miroslav Lichvar Date: Wed Feb 3 17:36:19 2021 +0100 main: fix typo in comment commit 3cef7f975cd2ecdceb62c72dd31f96c515744acc Author: Miroslav Lichvar Date: Wed Feb 3 10:25:41 2021 +0100 main: cancel clock correction before dumping sources On exit, cancel the remaining clock correction before measurements are saved to dumpdir to fix them for the state in which chronyd will start again. --- Summary of changes: local.c| 13 local.h| 3 + main.c | 3 +- ntp.h | 1 - ntp_core.c | 3 +- refclock.c | 16 ++--- samplefilt.c | 1 - sources.c | 172 + sources.h | 4 +- sourcestats.c | 112 + sourcestats.h | 3 +- test/simulation/129-reload | 32 + test/unit/samplefilt.c | 2 - test/unit/sources.c| 3 +- 14 files changed, 224 insertions(+), 144 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-15-ga2372b0
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via a2372b0c3abfc85d11c1684c0fb6370cc329e5c4 (commit) from 362d7c517d3e18b26fbe0c7768c360159c2a7266 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit a2372b0c3abfc85d11c1684c0fb6370cc329e5c4 Author: Baruch Siach Date: Thu Jan 28 15:11:31 2021 +0200 sys_linux: fix build with older kernel headers The renameat2 system call was introduced in kernel version 3.15. Fix build against older headers. --- Summary of changes: sys_linux.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-14-g362d7c5
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via 362d7c517d3e18b26fbe0c7768c360159c2a7266 (commit) via 62389b7e50b2be1d93ecffc0e250ca95f2304820 (commit) via eb9e6701fd44479eb33371da5c73b594d61a1041 (commit) via b585954b2187eaabba2e3a09a144d27bdbfa9109 (commit) via 82ddc6a883e49a22976965a44cf4858507dd7c3e (commit) via 624b76e86ea7f0f110f10f11299ffe91100af282 (commit) via 4dd0aece02e823a85cae2d8b26991dab560a51c9 (commit) via e85fb0c25e07f3f412e32798e93298422144bc7a (commit) via fc8783a93340d38378bdf6702f8ad56e26d9171a (commit) via e7897eb9ccbccab6e1b94b63225044c039ba2fcd (commit) via 59e8b790341f344e07cb4d5124e7dc89de6665a1 (commit) from fb7475bf5902e823100a443bd242cad242a5c6c0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 362d7c517d3e18b26fbe0c7768c360159c2a7266 Author: Miroslav Lichvar Date: Thu Jan 14 16:54:04 2021 +0100 test: improve NTS tests commit 62389b7e50b2be1d93ecffc0e250ca95f2304820 Author: Miroslav Lichvar Date: Thu Jan 14 16:31:07 2021 +0100 nts: support servers specified by IP address Certificates can include IP addresses as alternative names to enable clients to verify such certificates without knowing the hostname. Accept an IP address as a name in the NTS-NTP client and modify the session code to not set the SNI in this case. commit eb9e6701fd44479eb33371da5c73b594d61a1041 Author: Miroslav Lichvar Date: Thu Jan 14 14:12:54 2021 +0100 ntp: allow replacement of sources specified by IP address For sources specified by an IP address, keep the original address as the source's name and pass it to the NCR instance. Allow the sources to go through the replacement process if their address has changed. This will be useful with NTS-KE negotiation. The IP-based source names are now provided via cmdmon. This means chronyc -n and -N can show two different addresses for a source. commit b585954b2187eaabba2e3a09a144d27bdbfa9109 Author: Miroslav Lichvar Date: Thu Jan 14 17:31:40 2021 +0100 ntp: fix NULL pointer commit 82ddc6a883e49a22976965a44cf4858507dd7c3e Author: Miroslav Lichvar Date: Wed Jan 13 17:01:01 2021 +0100 test: support ss as netstat replacement netstat is considered obsolete on Linux. It is replaced by ss from iproute. Support both tools for the test port selection. commit 624b76e86ea7f0f110f10f11299ffe91100af282 Author: Miroslav Lichvar Date: Wed Jan 13 16:59:17 2021 +0100 test: fix port selection to disable grep output commit 4dd0aece02e823a85cae2d8b26991dab560a51c9 Author: Miroslav Lichvar Date: Wed Jan 13 16:25:08 2021 +0100 test: make 120-selectoptions more reliable Remove packet interval checks with long delays as the tests are much more likely to end when the client is waiting for a response. Increase the base delay to make selection with two sources more reliable. Reported-by: Christian Ehrhardt commit e85fb0c25e07f3f412e32798e93298422144bc7a Author: Miroslav Lichvar Date: Wed Jan 13 13:57:37 2021 +0100 socket: add debug message for unexpected control message commit fc8783a93340d38378bdf6702f8ad56e26d9171a Author: Miroslav Lichvar Date: Wed Jan 13 13:36:13 2021 +0100 socket: check length of received control messages Make sure each processed control messages has the expected length. Beside improved safety, this should prevent potential issues with broken timestamps on systems that support both 64-bit and 32-bit time_t. commit e7897eb9ccbccab6e1b94b63225044c039ba2fcd Author: Miroslav Lichvar Date: Wed Jan 13 12:51:57 2021 +0100 sched: stop dispatching timeouts on exit Check in the dispatch loop whether the need_to_exit flag was set. commit 59e8b790341f344e07cb4d5124e7dc89de6665a1 Author: Miroslav Lichvar Date: Wed Jan 13 12:32:38 2021 +0100 sched: improve infinite loop detection The "infinite loop in scheduling" fatal error was observed on a system running out of memory. Presumably, the execution of the process slowed down due to memory thrashing so much that the dispatching loop wasn't able to break with a single server polled at a 16-second interval. To allow recovery in such a case, require for the error more than 20 handled timeouts and a rate higher than 100 per second. Reported-by: Jamie Gruener --- Summary of changes: doc/chronyc.adoc | 9 ++-- ntp_sources.c | 42 +---
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-3-gfb7475b
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via fb7475bf5902e823100a443bd242cad242a5c6c0 (commit) via cd98516cae6bf6d28dea3ed800f1b167598d3b4f (commit) via e399d8dd1f15d17fec21570d73767e3cfcf974ae (commit) from d327cfea5a4b5f7385056be8b18f4c5fab01ad13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit fb7475bf5902e823100a443bd242cad242a5c6c0 Author: Michael Witten Date: Tue Dec 15 10:44:19 2020 +0100 rtc: log error message when driver initialisation fails commit cd98516cae6bf6d28dea3ed800f1b167598d3b4f Author: Michael Witten Date: Mon Dec 14 23:02:00 2020 + doc: diagnose problem with RTC interrupts on Linux This commit updates the FAQ with a new entry. chronyd's Linux RTC driver (rtc_linux.c) requires the following ioctl requests to be functional: RTC_UIE_ON RTC_UIE_OFF However, a Linux system's RTC driver does not necessarily implement them, as noted in these previous commits: d66b2f2b2423bfbd3de4d69895024dac7eefb306 rtc: handle RTCs that don't support interrupts Tue Dec 10 17:45:28 2019 +0100 bff3f51d13c3f41e2ead2cfff5bfe0b8c22ef44a rtc: extend check for RTCs that don't support interrupts Thu Dec 12 12:50:19 2019 +0100 Fortunately, the Linux kernel can be built with software emulation of these hardware requests, by enabling the following config variable: CONFIG_RTC_INTF_DEV_UIE_EMUL Provides an emulation for RTC_UIE if the underlying rtc chip driver does not expose RTC_UIE ioctls. Those requests generate once-per-second update interrupts, used for synchronization. The emulation code will read the time from the hardware clock several times per second, please enable this option only if you know that you really need it. This commit records these facts for the benefit of the user. commit e399d8dd1f15d17fec21570d73767e3cfcf974ae Author: Miroslav Lichvar Date: Thu Nov 26 15:09:38 2020 +0100 doc: fix ntsntpserver reference in chrony.conf man page Fix the name of ntsntpserver directive in ntsrotate description. Reported-By: Phil Roberts --- Summary of changes: doc/chrony.conf.adoc | 2 +- doc/faq.adoc | 13 + rtc.c| 2 ++ 3 files changed, 16 insertions(+), 1 deletion(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.0 created. 4.0
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.0 has been created at 26e9ed04a624231f7130909d54def4044d5fbce1 (tag) tagging d327cfea5a4b5f7385056be8b18f4c5fab01ad13 (commit) replaces 4.0-pre4 tagged by Miroslav Lichvar on Wed Oct 7 17:29:13 2020 +0200 - Log - Release 4.0 -BEGIN PGP SIGNATURE- iHIEABECADIWIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUCX33ezRQcbWxpY2h2YXJA cmVkaGF0LmNvbQAKCRBf8G8puh4BOz1oAJ96hJ2bACry9mlH39SolDnNiFxxtQCf ds9EEHe9t3mqeQXtrDIY0XHlAXw= =p6KZ -END PGP SIGNATURE- Miroslav Lichvar (31): ntp: update comments with new RFCs ntp: improve NTS check in NAU_DestroyInstance() nts: reset packet length after failed auth encryption test: include CMAC keys in ntp_core unit test doc: document long options main: improve help message client: improve help message doc+examples: update http links to https nts: update client state earlier nts: save server name in client dump file nts: fix server kod setting nts: handle invalid algorithm in TLS key export util: fix UTI_BytesToHex() to handle zero-length input client: drop unnecessary function test: make 007-cmdmon test more reliable socket: always process control messages socket: process all message headers cmdmon: fix link-local address check sched: include unexpected jumps in monotonic time cmdmon: add leap status to selectdata report test: improve sources unit test configure: don't check for getrandom when arc4random is present sys: specify process context for dropping root sys: don't start privops helper for NTS-KE helper sys_netbsd: don't check access to /dev/clockctl with -x doc: improve ntsrotate description doc: improve FAQ fix compiler warnings ntp: avoid unnecessary replacement attempts conf: free refclock strings on exit nts: save new server keys on start --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre4-31-gd327cfe
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via d327cfea5a4b5f7385056be8b18f4c5fab01ad13 (commit) via c94e7c72e7323cc2086252703e508093acfe0eee (commit) via f3aea33ad43045098d2af3379ae420f24bb67cac (commit) via 48709d9c4a1786c1131f11b45f2b8b874931b22c (commit) from 4779adcb501d9d2a99d2fa40b646fe7f0899792f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit d327cfea5a4b5f7385056be8b18f4c5fab01ad13 Author: Miroslav Lichvar Date: Wed Oct 7 15:26:40 2020 +0200 nts: save new server keys on start If ntsdumpdir is specified and the server NTS keys are not reloaded from the file, save the generated keys on start instead of waiting for the first rotation or exit. This allows the keys to be shared with another server without having to use the dump command. commit c94e7c72e7323cc2086252703e508093acfe0eee Author: Miroslav Lichvar Date: Wed Oct 7 13:18:34 2020 +0200 conf: free refclock strings on exit Free driver name and parameter of configured refclocks in helpers on exit. commit f3aea33ad43045098d2af3379ae420f24bb67cac Author: Miroslav Lichvar Date: Wed Oct 7 09:37:41 2020 +0200 ntp: avoid unnecessary replacement attempts In the initial resolving of pool sources try to assign each address only once. If it fails, it means the address is already used (DNS provided the same address) or the address is not connectable. The same result can be expected for other unresolved sources of the pool as they don't have a real address yet. commit 48709d9c4a1786c1131f11b45f2b8b874931b22c Author: Miroslav Lichvar Date: Tue Oct 6 08:59:56 2020 +0200 fix compiler warnings Fix -Wchar-subscripts warnings on NetBSD and warnings about pointer aliasing and uninitialized values with an older compiler. --- Summary of changes: client.c| 2 +- clientlog.c | 2 +- conf.c | 10 +- ntp_sources.c | 9 + nts_ke_client.c | 2 +- nts_ke_server.c | 16 ++-- refclock.c | 4 +--- socket.c| 10 ++ 8 files changed, 34 insertions(+), 21 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre4-27-g4779adc
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 4779adcb501d9d2a99d2fa40b646fe7f0899792f (commit)
via 01e29ec6856d1748921666e7905ded4006842764 (commit)
via e4115dcdd8ec093055fae554a0062edf3606 (commit)
via 8e9716d5d4777c7bca2194bae275290eeeafd75e (commit)
via a96d288027cb04ab41323b906e456133e730a977 (commit)
via 545d2563ef20c36e5106bed922d683ca610ccd8f (commit)
via 1494ef1df34685d307b37549c1392655686dbae1 (commit)
via 698f270b5bb5c7a3dcbf79d8e959108c791b469f (commit)
via f15f6a86b05c67d2317694447edd66b064b9d17a (commit)
via 5d60d611ae63590cfafd6aa0e0501a24171f396c (commit)
via 6e71e902c89855de176be8eb33cfe511f113cb00 (commit)
via 473cb3c9689ad888e8bba6d9042b314341e4c195 (commit)
from df43ebe9e0347fbf7975a53a3015af2c54de94c5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 4779adcb501d9d2a99d2fa40b646fe7f0899792f
Author: Miroslav Lichvar
Date: Mon Oct 5 13:09:29 2020 +0200
doc: improve FAQ
commit 01e29ec6856d1748921666e7905ded4006842764
Author: Miroslav Lichvar
Date: Mon Oct 5 11:15:03 2020 +0200
doc: improve ntsrotate description
commit e4115dcdd8ec093055fae554a0062edf3606
Author: Miroslav Lichvar
Date: Mon Oct 5 18:25:50 2020 +0200
sys_netbsd: don't check access to /dev/clockctl with -x
With the -x option there is no need for write access to /dev/clockctl.
commit 8e9716d5d4777c7bca2194bae275290eeeafd75e
Author: Miroslav Lichvar
Date: Mon Oct 5 18:14:23 2020 +0200
sys: don't start privops helper for NTS-KE helper
The NTS-KE helper doesn't need to bind sockets or adjust the clock.
Don't start the privops helper, or keep the capabilities, when dropping
root privileges in its context.
commit a96d288027cb04ab41323b906e456133e730a977
Author: Miroslav Lichvar
Date: Mon Oct 5 18:10:35 2020 +0200
sys: specify process context for dropping root
Similarly to enabling the syscall filter, specify what kind of chronyd
process is dropping the root privileges.
commit 545d2563ef20c36e5106bed922d683ca610ccd8f
Author: Miroslav Lichvar
Date: Mon Oct 5 16:17:45 2020 +0200
configure: don't check for getrandom when arc4random is present
On FreeBSD 12, both functions seem to be available. Prefer arc4random.
commit 1494ef1df34685d307b37549c1392655686dbae1
Author: Miroslav Lichvar
Date: Mon Oct 5 14:06:27 2020 +0200
test: improve sources unit test
commit 698f270b5bb5c7a3dcbf79d8e959108c791b469f
Author: Miroslav Lichvar
Date: Mon Oct 5 11:05:37 2020 +0200
cmdmon: add leap status to selectdata report
commit f15f6a86b05c67d2317694447edd66b064b9d17a
Author: Miroslav Lichvar
Date: Mon Oct 5 10:16:53 2020 +0200
sched: include unexpected jumps in monotonic time
Update the monotonic time before the timestamps are corrected for
unexpected jumps, e.g. due to the computer being suspended and resumed,
and switch to the raw timestamps. This should allow the NTS refresh
interval to better follow real time, but it will not be corrected for
a frequency offset if the clock is not synchronized (e.g. with -x).
commit 5d60d611ae63590cfafd6aa0e0501a24171f396c
Author: Miroslav Lichvar
Date: Mon Oct 5 09:58:31 2020 +0200
cmdmon: fix link-local address check
Don't check for a link-local address on path of a Unix domain socket.
Fixes: 4e747da4b482 ("ntp+cmdmon: fix responding to link-local addresses")
commit 6e71e902c89855de176be8eb33cfe511f113cb00
Author: Miroslav Lichvar
Date: Mon Oct 5 09:51:52 2020 +0200
socket: process all message headers
If multiple messages were received, don't stop their processing if some
header fails.
Fixes: 86a3ef9ed192 ("socket: add new socket support")
commit 473cb3c9689ad888e8bba6d9042b314341e4c195
Author: Miroslav Lichvar
Date: Mon Oct 5 09:39:11 2020 +0200
socket: always process control messages
Even if a received message will not be returned to the caller (e.g.
because it is truncated), process its control messages to avoid leaking
received descriptors.
Fixes: f231efb811ee ("socket: add support for sending and receiving
descriptors")
---
Summary of changes:
candm.h| 3 ++-
client.c | 17 +++---
cmdmon.c | 4 +++-
configure | 10
doc/chrony.conf.adoc | 9 ---
doc/chronyc.adoc | 16 +
doc/faq.adoc | 37 +++--
main.c
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre4-15-gdf43ebe
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via df43ebe9e0347fbf7975a53a3015af2c54de94c5 (commit) via 642173e86433de28c3299bb22bac5d557cf2170b (commit) via 944cf6e31858f8181252ee0556acce58126cfb7f (commit) via a655eab34f664404224104783460640f6cca3ad8 (commit) via f020d479e0228bc93694e02e8c664b24942509d5 (commit) via de752b28decd26d804477f80a169ddc69d888158 (commit) via f41d370e6a328fd27bc42927b7f57a8ad1efe366 (commit) from a97830d9d68cb24e2b449551983eda4577799c59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit df43ebe9e0347fbf7975a53a3015af2c54de94c5 Author: Miroslav Lichvar Date: Thu Oct 1 10:19:46 2020 +0200 test: make 007-cmdmon test more reliable commit 642173e86433de28c3299bb22bac5d557cf2170b Author: Miroslav Lichvar Date: Wed Sep 30 16:30:36 2020 +0200 client: drop unnecessary function Replace cvt_to_sec_usec() with a UTI_DoubleToTimespec() call. commit 944cf6e31858f8181252ee0556acce58126cfb7f Author: Miroslav Lichvar Date: Wed Sep 30 14:07:04 2020 +0200 util: fix UTI_BytesToHex() to handle zero-length input commit a655eab34f664404224104783460640f6cca3ad8 Author: Miroslav Lichvar Date: Wed Sep 30 14:29:37 2020 +0200 nts: handle invalid algorithm in TLS key export commit f020d479e0228bc93694e02e8c664b24942509d5 Author: Miroslav Lichvar Date: Wed Sep 30 12:40:47 2020 +0200 nts: fix server kod setting Set the response kod value to zero even if NTS server is disabled. commit de752b28decd26d804477f80a169ddc69d888158 Author: Miroslav Lichvar Date: Tue Sep 29 14:59:35 2020 +0200 nts: save server name in client dump file Save the NTS-KE server name and require it to match the name of the instance loading the file. commit f41d370e6a328fd27bc42927b7f57a8ad1efe366 Author: Miroslav Lichvar Date: Tue Sep 29 14:49:27 2020 +0200 nts: update client state earlier Generate a new uniq ID on each client poll to invalidate responses to the previous request, even if a new request cannot be generated (e.g. due to missing cookies). Reset the NAK indicator earlier in the request sequence. Also, drop the cookie even if it's not included in the request to prevent the client from getting stuck with a cookie that has an invalid length. Rely on the exponentially increasing interval to avoid frequent NTS-KE sessions due to a client bug. --- Summary of changes: client.c| 29 + nts_ke_session.c| 22 ++ nts_ntp_client.c| 40 nts_ntp_server.c| 4 ++-- test/simulation/139-nts | 4 ++-- test/system/007-cmdmon | 4 ++-- test/unit/util.c| 3 +++ util.c | 5 + 8 files changed, 57 insertions(+), 54 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre4-8-ga97830d
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The branch, master has been updated via a97830d9d68cb24e2b449551983eda4577799c59 (commit) via ea4fc47cda0f40c8e71d1e283caf132c721f25b6 (commit) via 0e08ca7c89a9c84050e609fade96b2579fb13b28 (commit) via 068cd3c311910d650fcaa4c8b94140cc263dfae3 (commit) via 455b8e4b44ac21ed4675ea8992fd687d94a619e6 (commit) via d9a363606bef67d9790c2a1969380749b8c6c2e4 (commit) via 59ad433b6bc07b4f15b7f1304052a423161385cb (commit) via 35b3a42ed9ca535297db01e1c39f2acc888bc0c3 (commit) from 063920561762e77b2ef5ce54e6d093959221b87f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit a97830d9d68cb24e2b449551983eda4577799c59 Author: Miroslav Lichvar Date: Wed Sep 23 11:03:45 2020 +0200 doc+examples: update http links to https commit ea4fc47cda0f40c8e71d1e283caf132c721f25b6 Author: Miroslav Lichvar Date: Tue Sep 22 17:10:16 2020 +0200 client: improve help message Describe all chronyc options in the help message. commit 0e08ca7c89a9c84050e609fade96b2579fb13b28 Author: Miroslav Lichvar Date: Tue Sep 22 17:09:51 2020 +0200 main: improve help message Describe all chronyd options in the help message. commit 068cd3c311910d650fcaa4c8b94140cc263dfae3 Author: Miroslav Lichvar Date: Tue Sep 22 17:01:29 2020 +0200 doc: document long options Document the --version and --help options in chronyd and chronyc man page. commit 455b8e4b44ac21ed4675ea8992fd687d94a619e6 Author: Miroslav Lichvar Date: Tue Sep 22 11:55:10 2020 +0200 test: include CMAC keys in ntp_core unit test commit d9a363606bef67d9790c2a1969380749b8c6c2e4 Author: Miroslav Lichvar Date: Mon Sep 21 15:29:37 2020 +0200 nts: reset packet length after failed auth encryption If encryption of the NTS authenticator field fails, don't leave uninitialized data in the packet in case a bug causes the packet to be sent. commit 59ad433b6bc07b4f15b7f1304052a423161385cb Author: Miroslav Lichvar Date: Wed Sep 23 14:59:22 2020 +0200 ntp: improve NTS check in NAU_DestroyInstance() Check the mode instead of the nts pointer to make it clear the pointer is not expected to be NULL in an NTS instance (unless the NTS support is stubbed). commit 35b3a42ed9ca535297db01e1c39f2acc888bc0c3 Author: Miroslav Lichvar Date: Mon Sep 21 14:06:10 2020 +0200 ntp: update comments with new RFCs --- Summary of changes: client.c | 20 +--- doc/chrony.conf.adoc | 4 ++-- doc/chronyc.adoc | 6 +- doc/chronyd.adoc | 5 - doc/faq.adoc | 2 +- doc/installation.adoc | 2 +- examples/chrony.conf.example2 | 2 +- main.c| 32 +--- ntp.h | 5 +++-- ntp_auth.c| 2 +- nts_ntp_auth.c| 1 + test/unit/ntp_core.c | 2 +- test/unit/ntp_core.keys | 2 ++ 13 files changed, 68 insertions(+), 17 deletions(-) hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git annotated tag 4.0-pre4 created. 4.0-pre4
This is an automated email from git. It was generated because a ref change was pushed to the "chrony/chrony.git" repository. The annotated tag, 4.0-pre4 has been created at 5b18be317e6f9eff56f6342c388a4594eb09ee86 (tag) tagging 063920561762e77b2ef5ce54e6d093959221b87f (commit) replaces 4.0-pre3 tagged by Miroslav Lichvar on Wed Sep 16 12:12:15 2020 +0200 - Log - Fourth prerelease for 4.0 -BEGIN PGP SIGNATURE- iHIEABECADIWIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUCX2HlBxQcbWxpY2h2YXJA cmVkaGF0LmNvbQAKCRBf8G8puh4BO7n2AKClF0nUL6Zdb/xoc4O76JlCSEYTWgCf UBrVEAB1CTuxpLHgyVbJIpyz2zk= =JqKn -END PGP SIGNATURE- Bryan Christianson (2): sys_timex: add workaround for broken ntp_adjtime() on macOS test: extend frequency in ntp_adjtime() test Miroslav Lichvar (28): sys_linux: allow lstat and readlink in seccomp filter conf: add clockprecision directive examples: improve chrony-wait service cmdmon: check response length before sending cmdmon: remove unused test code nts: log early client NTS-KE socket errors configure: fix building with -NTP -CMDMON +SCFILTER sources: don't report untrusted sources as selectable cmdmon: rename status constants client: improve help message for sources command nts: improve NTP client code siv: return error if key is not set ntp: drop support for long NTPv4 MACs test: improve ntp_core unit test doc: improve chronyc man page doc: improve chrony.conf man page test: fix ntp_core unit test test: add ntp_auth unit test configure: require TLS1.3 support in gnutls ntp: log error when SIOCSHWTSTAMP fails with EPERM sys_linux: don't keep NET_RAW on new kernels sys_linux: don't keep NET_BIND_SERVICE for unprivileged port main: add option to disable check for root doc: improve chronyd man page doc: update and improve FAQ client: drop support for GNU readline update copyright years doc: update NEWS Vincent Blut (1): sys_linux: allow readlinkat in seccomp filter --- hooks/post-receive -- chrony/chrony.git -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre3-31-g0639205
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 063920561762e77b2ef5ce54e6d093959221b87f (commit)
via 3916c3366b5d6394996e0f2f4b8735fcb997ee5d (commit)
via f0a33e7b286a1004493fa9f5f634730af92bd202 (commit)
via c9b8f8bc702538f76083f5c7bb07d0b675277a0e (commit)
via 983b0723f694b0a981f1438770e20fbff56f01e3 (commit)
via 02c38934ead76aa94e9a10b24dcf6aaf81c33076 (commit)
via c28c2cde43cee41d560b18defe8aed9b06ede254 (commit)
via 349323dec7f2285d7e802605c8f222d488b99cbe (commit)
via ddfaf2e5424abe7b7c901e991c3df1b9cf5835f0 (commit)
via 3177474ae89716b5dc49a95fb3bb3b7b4f625ac0 (commit)
via cc535632d1ff1306d540b33c4dd40263eea55b8a (commit)
via cb8ee57b9ef488a2f2b9761765ef9fe87329a535 (commit)
from c0b19b3fea0c18a7a64672aea82ba4afb6835ab3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 063920561762e77b2ef5ce54e6d093959221b87f
Author: Miroslav Lichvar
Date: Wed Sep 16 11:39:01 2020 +0200
doc: update NEWS
commit 3916c3366b5d6394996e0f2f4b8735fcb997ee5d
Author: Miroslav Lichvar
Date: Wed Sep 16 10:01:50 2020 +0200
update copyright years
commit f0a33e7b286a1004493fa9f5f634730af92bd202
Author: Miroslav Lichvar
Date: Wed Sep 16 09:45:59 2020 +0200
client: drop support for GNU readline
GNU readline switched to GPLv3+ in version 6.0, which is incompatible
with the chrony's GPLv2 license.
Drop support for the readline library. Only editline is supported now.
commit c9b8f8bc702538f76083f5c7bb07d0b675277a0e
Author: Miroslav Lichvar
Date: Tue Sep 15 18:06:28 2020 +0200
doc: update and improve FAQ
commit 983b0723f694b0a981f1438770e20fbff56f01e3
Author: Miroslav Lichvar
Date: Tue Sep 15 12:12:41 2020 +0200
doc: improve chronyd man page
commit 02c38934ead76aa94e9a10b24dcf6aaf81c33076
Author: Miroslav Lichvar
Date: Tue Sep 15 12:11:08 2020 +0200
main: add option to disable check for root
The -U option can be used to start chronyd under a non-root user if it
is provided with all capabilities and access to files, directories, and
devices, needed to operate correctly in the specified configuration. It
is not recommended in cases where the configuration is unknown.
commit c28c2cde43cee41d560b18defe8aed9b06ede254
Author: Miroslav Lichvar
Date: Tue Sep 15 12:02:49 2020 +0200
sys_linux: don't keep NET_BIND_SERVICE for unprivileged port
Don't keep the NET_BIND_SERVICE capability if the configured NTP port is
not privileged (i.e. not smaller than 1024).
commit 349323dec7f2285d7e802605c8f222d488b99cbe
Author: Miroslav Lichvar
Date: Tue Sep 15 11:57:17 2020 +0200
sys_linux: don't keep NET_RAW on new kernels
It seems the NET_RAW capability is no longer needed to bind a socket to
a device since Linux 5.7.
commit ddfaf2e5424abe7b7c901e991c3df1b9cf5835f0
Author: Miroslav Lichvar
Date: Tue Sep 15 10:52:41 2020 +0200
ntp: log error when SIOCSHWTSTAMP fails with EPERM
Increase the severity of the log message to "error" when
the SIOCSHWTSTAMP ioctl fails due missing the NET_ADMIN capability.
commit 3177474ae89716b5dc49a95fb3bb3b7b4f625ac0
Author: Miroslav Lichvar
Date: Mon Sep 14 11:00:29 2020 +0200
configure: require TLS1.3 support in gnutls
Before enabling NTS support, explicitly check for TLS1.3 support in
gnutls, which is required by NTS.
commit cc535632d1ff1306d540b33c4dd40263eea55b8a
Author: Miroslav Lichvar
Date: Mon Sep 14 17:47:23 2020 +0200
test: add ntp_auth unit test
commit cb8ee57b9ef488a2f2b9761765ef9fe87329a535
Author: Miroslav Lichvar
Date: Mon Sep 14 10:19:10 2020 +0200
test: fix ntp_core unit test
Fix setting of key_id in the response.
Fixes: f6625717cdb0 ("test: improve ntp_core unit test")
---
Summary of changes:
NEWS | 9 +-
client.c | 11 +-
cmdmon.c | 2 +-
conf.c| 2 +-
configure | 54 +
doc/chrony.conf.adoc | 2 +-
doc/chronyc.adoc | 2 +-
doc/chronyd.adoc | 24 ++--
doc/faq.adoc | 248 ++--
doc/installation.adoc | 39 +--
keys.c| 2 +-
logging.c | 2 +-
main.c| 14 ++-
ntp_auth.c| 2 +-
ntp_core.c| 2 +-
ntp_ext.c | 2 +-
ntp_io.c | 2 +-
ntp_io_linux.c| 3 +-
ntp_sources.c | 2 +-
reference.c | 2 +-
socket.c
