debian/0000775000000000000000000000000013402034731007165 5ustar debian/dirs0000664000000000000000000000015412255160220010047 0ustar usr/share/chrony etc/chrony etc/ppp/ip-up.d etc/ppp/ip-down.d etc/apm/event.d var/log/chrony var/lib/chrony debian/init0000664000000000000000000000520512255152710010060 0ustar #! /bin/sh # # Written by Miquel van Smoorenburg . # Modified for Debian GNU/Linux by Ian Murdock . # Modified for Debian by Christoph Lameter # Modified for chrony by John Hasler 1998-2012 ### BEGIN INIT INFO # Provides: chrony # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: $syslog $network $named $time # Should-Stop: $syslog $network $named $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Controls chronyd NTP time daemon # Description: Chronyd is the NTP time daemon in the Chrony package ### END INIT INFO PATH=/bin:/usr/bin:/sbin:/usr/sbin DAEMON=/usr/sbin/chronyd FLAGS="defaults" NAME="chronyd" DESC="time daemon" test -f $DAEMON || exit 0 . /lib/lsb/init-functions putonline () { # Do we have a default route? If so put chronyd online. if timelimit -q -s9 -t5 -- netstat -rn 2>/dev/null | grep -q '0\.0\.0\.0' then sleep 2 # Chronyd can take a while to start. KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf) PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys` # Make sure chronyc can't hang us up. if timelimit -q -s9 -t5 -- /usr/bin/chronyc > /dev/null << EOF password $PASSWORD online burst 5/10 quit EOF then touch /var/run/chrony-ppp-up echo "$NAME is running and online." else rm -f /var/run/chrony-ppp-up echo "$NAME is running and offline." fi else rm -f /var/run/chrony-ppp-up echo "$NAME is running and offline." fi } case "$1" in start) start-stop-daemon --start --verbose --exec $DAEMON case "$?" in 0) # daemon successfully started putonline ;; 1) # daemon already running ;; *) # daemon could not be started echo "$DAEMON failed to start." exit 1 ;; esac ;; stop) start-stop-daemon --stop --verbose --oknodo --exec $DAEMON rm -f /var/run/chrony-ppp-up ;; restart|force-reload) echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --exec $DAEMON sleep 1 start-stop-daemon --start --verbose --exec $DAEMON -- -r case "$?" in 0) # daemon successfully started putonline ;; 1) # still running ;; *) # daemon could not be started echo "$DAEMON failed to restart." rm -f /var/run/chrony-ppp-up exit 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; *) echo "Usage: /etc/init.d/chrony {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 debian/doc-base0000664000000000000000000000055512255160220010570 0ustar Document: chrony Title: Debian chrony Manual Author: Miroslav Lichvar Abstract: This manual describes what chrony is and how it can be used to manage online manuals on Debian systems. Section: System/Administration Format: text Files: /usr/share/doc/chrony/*.txt.gz Format: HTML Index: /usr/share/doc/chrony/chrony.html Files: /usr/share/doc/chrony/chrony.html debian/apm0000664000000000000000000000070512243711646007700 0ustar #!/bin/sh # Placed in /etc/apm/event.d by the chrony package at the instruction of # the apmd maintainer. If you don't have apm and don't intend to install # apmd you may remove it. It needs to run after 00hwclock but before any # other scripts. [ -x /usr/sbin/chronyd ] || exit 0 if [ "$1" = suspend ]; then invoke-rc.d chrony stop elif [ "$1" = standby ]; then invoke-rc.d chrony stop elif [ "$1" = resume ]; then invoke-rc.d chrony start fi debian/cron.weekly0000664000000000000000000000077512243711646011372 0ustar #!/bin/sh # Log rotation script for chrony John Hasler # This script is published under the same license as chrony. set -e [ -d /var/log/chrony/. ] || exit 0 [ -x /usr/sbin/chronyd ] || exit 0 umask 022 cd /var/log/chrony [ "`ls -1A *.log 2>/dev/null`" ] || exit 0 for FILE in *.log do savelog -c 7 $FILE > /dev/null done PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}' /etc/chrony/chrony.keys` cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d' password $PASSWORD cyclelogs EOF exit 0 debian/clean0000664000000000000000000000006512243756707010213 0ustar chrony.html chrony.info faq.html config.h config.log debian/ip-up0000664000000000000000000000105412243711646010153 0ustar #!/bin/sh # This script tells chronyd that the connection is up so that it can # contact the server. John Hasler 1998-2003 # Any possessor of a copy of this program may treat it as if it # were in the public domain. I waive all rights. /bin/pidof chronyd > /dev/null || exit 0 KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf) PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys` /usr/bin/chronyc << EOF password $PASSWORD online burst 5/10 quit EOF touch /var/run/chrony-ppp-up exit 0 debian/ip-down0000664000000000000000000000123212243711646010474 0ustar #!/bin/sh # This script tells chronyd that the connection is down # so that it won't try to contact the server. # John Hasler 1998-2003 # Any possessor of a copy of this program may treat it as if it # were in the public domain. I waive all rights. /bin/pidof chronyd > /dev/null || exit 0 # Don't mark the connection offline unless we know ppp brought it up. test -e /var/run/chrony-ppp-up || exit 0 KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf) PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys` /usr/bin/chronyc << EOF password $PASSWORD offline EOF rm -f /var/run/chrony-ppp-up exit 0 debian/README.Debian0000664000000000000000000000265612255144634011250 0ustar chrony for DEBIAN ----------------- Changes to the chrony distribution to package it for Debian: - Set directory for configuration to /etc/chrony - Created default /etc/chrony/chrony.conf, /etc/chrony/chrony.keys - Created default /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony - Created default /etc/cron.weekly/chrony Some hints: Arranged for a random password to be generated at installation time and installed in chrony.keys as key 1 (unless chrony.keys already has something in it). You may change this password if you wish. The scripts /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, and /etc/cron.weekly/chrony read key 1 from /etc/chrony/chrony.keys and use it as the password to send chronyc commands. Thus you can change the password by changing this key, but if you make the command key anything but 1 these scripts won't work without editing. The standard Debian chrony installation is designed for systems with an intermittent dial-up connection. If you have such a system the most you should need to do is edit /etc/chrony/chrony.conf a bit. If you have not such a system you should read the documentation and create an appropriate configuration (you should read the documentation anyway). If chronyd is installed, it will be started on bootup and will attempt to contact the default server whenever you connect to your ISP. -- Joachim Wiedorn Fri, 20 Dec 2013 23:35:25 +0100 debian/chrony.conf0000664000000000000000000000662512243711646011360 0ustar # This the default chrony.conf file for the Debian chrony package. After # editing this file use the command 'invoke-rc.d chrony restart' to make # your changes take effect. John Hasler 1998-2008 # See www.pool.ntp.org for an explanation of these servers. Please # consider joining the project if possible. If you can't or don't want to # use these servers I suggest that you try your ISP's nameservers. We mark # the servers 'offline' so that chronyd won't try to connect when the link # is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc # commands to switch it on when a dialup link comes up and off when it goes # down. Code in /etc/init.d/chrony attempts to determine whether or not # the link is up at boot time and set the online status accordingly. If # you have an always-on connection such as cable omit the 'offline' # directive and chronyd will default to online. # # Note that if Chrony tries to go "online" and dns lookup of the servers # fails they will be discarded. Thus under some circumstances it is # better to use IP numbers than host names. server 0.debian.pool.ntp.org offline minpoll 8 server 1.debian.pool.ntp.org offline minpoll 8 server 2.debian.pool.ntp.org offline minpoll 8 server 3.debian.pool.ntp.org offline minpoll 8 # Look here for the admin password needed for chronyc. The initial # password is generated by a random process at install time. You may # change it if you wish. keyfile /etc/chrony/chrony.keys # Set runtime command key. Note that if you change the key (not the # password) to anything other than 1 you will need to edit # /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony # and /etc/cron.weekly/chrony as these scripts use it to get the password. commandkey 1 # I moved the driftfile to /var/lib/chrony to comply with the Debian # filesystem standard. driftfile /var/lib/chrony/chrony.drift # Comment this line out to turn off logging. log tracking measurements statistics logdir /var/log/chrony # Stop bad estimates upsetting machine clock. maxupdateskew 100.0 # Dump measurements when daemon exits. dumponexit # Specify directory for dumping measurements. dumpdir /var/lib/chrony # Let computer be a server when it is unsynchronised. local stratum 10 # Allow computers on the unrouted nets to use the server. allow 10/8 allow 192.168/16 allow 172.16/12 # This directive forces `chronyd' to send a message to syslog if it # makes a system clock adjustment larger than a threshold value in seconds. logchange 0.5 # This directive defines an email address to which mail should be sent # if chronyd applies a correction exceeding a particular threshold to the # system clock. # mailonchange root@localhost 0.5 # This directive tells chrony to regulate the real-time clock and tells it # Where to store related data. It may not work on some newer motherboards # that use the HPET real-time clock. It requires enhanced real-time # support in the kernel. I've commented it out because with certain # combinations of motherboard and kernel it is reported to cause lockups. # rtcfile /var/lib/chrony/chrony.rtc # If the last line of this file reads 'rtconutc' chrony will assume that # the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent # chrony will assume local time. The line (if any) was written by the # chrony postinst based on what it found in /etc/default/rcS. You may # change it if necessary. debian/patches/0000775000000000000000000000000013402034742010616 5ustar debian/patches/05_disable-installation-of-license.patch0000664000000000000000000000150512250726021020266 0ustar Package: chrony Subject: disable installation of license Author: Joachim Wiedorn Forwarded: no Last-Update: 2013-11-22 For Debian the file COPYING is not needed. The right license does exist at the system. --- diff -urN s04/Makefile.in s05/Makefile.in --- s04/Makefile.in 2013-11-22 22:23:51.692184662 +0100 +++ s05/Makefile.in 2013-11-22 23:00:54.991695779 +0100 @@ -110,8 +110,8 @@ chmod 755 $(DESTDIR)$(BINDIR)/chronyc cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt - cp COPYING $(DESTDIR)$(DOCDIR)/COPYING - chmod 644 $(DESTDIR)$(DOCDIR)/COPYING +# cp COPYING $(DESTDIR)$(DOCDIR)/COPYING +# chmod 644 $(DESTDIR)$(DOCDIR)/COPYING cp README $(DESTDIR)$(DOCDIR)/README chmod 644 $(DESTDIR)$(DOCDIR)/README cp chrony.1 $(DESTDIR)$(MANDIR)/man1 debian/patches/CVE-2016-1567.patch0000664000000000000000000000500213402033155013234 0ustar From df46e5ca5d70be1c0ae037f96b4b038362703832 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Fri, 8 Jan 2016 15:03:09 +0100 Subject: ntp: restrict authentication of server/peer to specified key When a server/peer was specified with a key number to enable authentication with a symmetric key, packets received from the server/peer were accepted if they were authenticated with any of the keys contained in the key file and not just the specified key. This allowed an attacker who knew one key of a client/peer to modify packets from its servers/peers that were authenticated with other keys in a man-in-the-middle (MITM) attack. For example, in a network where each NTP association had a separate key and all hosts had only keys they needed, a client of a server could not attack other clients of the server, but it could attack the server and also attack its own clients (i.e. modify packets from other servers). To not allow the server/peer to be authenticated with other keys extend the authentication test to check if the key ID in the received packet is equal to the configured key number. As a consequence, it's no longer possible to authenticate two peers to each other with two different keys, both peers have to be configured to use the same key. This issue was discovered by Matt Street of Cisco ASIG. --- chrony.texi.in | 3 +++ ntp_core.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/chrony.texi.in b/chrony.texi.in index 8ce658b..56b2758 100644 --- a/chrony.texi.in +++ b/chrony.texi.in @@ -2424,5 +2424,9 @@ The syntax of this directive is identical to that for the @code{server} directive (@pxref{server directive}), except that it is used to specify an NTP peer rather than an NTP server. + +When a key is specified by the @code{key} option to enable authentication, both +peers must be configured to use the same key and the same key number. + @c }}} @c {{{ pidfile @node pidfile directive diff --git a/ntp_core.c b/ntp_core.c index e654c88..9594c7e 100644 --- a/ntp_core.c +++ b/ntp_core.c @@ -990,7 +990,8 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins if (!KEY_KeyKnown(auth_key_id)) { test5 = 0; } else { - test5 = check_packet_auth(message, auth_key_id, auth_len); + test5 = check_packet_auth(message, auth_key_id, auth_len) && + auth_key_id == inst->auth_key_id; } } else { /* If we expect authenticated info from this peer/server and the packet -- cgit v0.12 debian/patches/04_do-not-look-for-ncurses.patch0000664000000000000000000000202612250726021016546 0ustar Package: chrony Subject: do not look for ncurses Author: Sven Joachim Bug-Debian: http://bugs.debian.org/646732 Forwarded: no Last-Update: 2013-11-22 Patch the configure script to not look for ncurses, because it is useless (upstream build system erroneously believes that ncurses is necessary for linking with readline). --- diff -urNa s03/configure s04/configure --- s03/configure 2013-08-08 15:58:07.000000000 +0200 +++ s04/configure 2013-11-22 22:39:10.988986429 +0100 @@ -487,12 +487,12 @@ if [ "x$READLINE_LINK" = "x" ] && [ $try_readline = "1" ]; then if test_code readline 'stdio.h readline/readline.h readline/history.h' \ - "$readline_inc" "$readline_lib $ncurses_lib -lreadline" \ + "$readline_inc" "$readline_lib -lreadline" \ 'add_history(readline("prompt"));' then add_def FEAT_READLINE READLINE_COMPILE="$readline_inc" - READLINE_LINK="$readline_lib $ncurses_lib -lreadline" + READLINE_LINK="$readline_lib -lreadline" fi fi debian/patches/01_fix-small-typo-in-manpages.patch0000664000000000000000000000125312250726021017220 0ustar Package: chrony Subject: fix small typo in manpage Author: Joachim Wiedorn Forwarded: no Last-Update: 2013-11-22 --- diff -urNa s00/chronyd.8.in s01/chronyd.8.in --- s00/chronyd.8.in 2013-08-08 16:35:32.000000000 +0200 +++ s01/chronyd.8.in 2013-11-22 22:07:42.129110068 +0100 @@ -72,7 +72,7 @@ .B \-R When this option is used, the \fIinitstepslew\fR directive and the \fImakestep\fR directive used with a positive limit will be ignored. This -option is useful when restarting \fBchronyd\fR and can be used in conjuction +option is useful when restarting \fBchronyd\fR and can be used in conjunction with the \fB-r\fR option. .TP .B \-s debian/patches/CVE-2015-1821.patch0000664000000000000000000000250513402027063013232 0ustar From cf19042ecb656b8afec0cc4906e7dd3ea9266ac8 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 30 Mar 2015 14:41:37 +0200 Subject: addrfilt: fix access configuration with subnet size indivisible by 4 When NTP or cmdmon access was configured (from chrony.conf or via authenticated cmdmon) with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder (e.g. 192.168.15.0/22 or f000::/3), the new setting was written to an incorrect location, possibly outside the allocated array. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could exploit this to crash chronyd or possibly execute arbitrary code with the privileges of the chronyd process. --- addrfilt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/addrfilt.c b/addrfilt.c index 0930289..4b8879a 100644 --- a/addrfilt.c +++ b/addrfilt.c @@ -199,7 +199,10 @@ set_subnet(TableNode *start_node, /* How many subnet entries to set : 1->8, 2->4, 3->2 */ N = 1 << (NBITS-bits_to_go); - subnet = get_subnet(ip, bits_consumed); + + subnet = get_subnet(ip, bits_consumed) & ~(N - 1); + assert(subnet + N <= TABLE_SIZE); + if (!(node->extended)) { open_node(node); } -- cgit v0.12 debian/patches/series0000664000000000000000000000034113402027255012032 0ustar 01_fix-small-typo-in-manpages.patch 03_recreate-always-getdate-c.patch 04_do-not-look-for-ncurses.patch 05_disable-installation-of-license.patch CVE-2015-1821.patch CVE-2015-1822.patch CVE-2015-1853.patch CVE-2016-1567.patch debian/patches/CVE-2015-1853.patch0000664000000000000000000000566413402027627013256 0ustar From d856bd34c4862398411d29200520e3a3b1d4569e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 5 Mar 2015 12:44:30 +0100 Subject: ntp: protect authenticated symmetric associations against DoS attacks An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet with random timestamps to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other. It is a denial-of-service attack. According to [1], NTP authentication is supposed to protect symmetric associations against this attack, but in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905) specifications the state variables are updated before the authentication check is performed, which means the association is vulnerable to the attack even when authentication is enabled. To fix this problem, save the originate and local timestamps only when the authentication check (test5) passed. [1] https://www.eecis.udel.edu/~mills/onwire.html --- ntp_core.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/ntp_core.c b/ntp_core.c index ebb6a7c..e654c88 100644 --- a/ntp_core.c +++ b/ntp_core.c @@ -852,9 +852,6 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins /* ==================== */ - /* Save local receive timestamp */ - inst->local_rx = *now; - pkt_leap = (message->lvm >> 6) & 0x3; if (pkt_leap == 0x3) { source_is_synchronized = 0; @@ -886,14 +883,6 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins test2 = 1; /* Success */ } - /* Regardless of any validity checks we apply, we are required to - save this field from the packet into the ntp source - instance record. See RFC1305 section 3.4.4, peer.org <- pkt.xmt - & peer.peerpoll <- pkt.poll. Note we can't do this assignment - before test1 has been carried out!! */ - - inst->remote_orig = message->transmit_ts; - /* Test 3 requires that pkt.org != 0 and pkt.rec != 0. If either of these are true it means the association is not properly 'up'. */ @@ -1070,6 +1059,14 @@ receive_packet(NTP_Packet *message, struct timeval *now, double now_err, NCR_Ins kod_rate = 1; } + /* The transmit timestamp and local receive timestamp must not be saved when + the authentication test failed to prevent denial-of-service attacks on + symmetric associations using authentication */ + if (test5) { + inst->remote_orig = message->transmit_ts; + inst->local_rx = *now; + } + valid_kod = test1 && test2 && test5; valid_data = test1 && test2 && test3 && test4 && test4a && test4b; -- cgit v0.12 debian/patches/03_recreate-always-getdate-c.patch0000664000000000000000000000144612250726021017067 0ustar Package: chrony Subject: recreate always getdate.c Author: John G. Hasler Forwarded: no Last-Update: 2013-11-22 Source file getdate.c should always be created new. And remove it in "clean". --- diff -urNa s02/Makefile.in s03/Makefile.in --- s02/Makefile.in 2013-08-08 15:58:07.000000000 +0200 +++ s03/Makefile.in 2013-11-22 22:23:51.692184662 +0100 @@ -82,11 +82,11 @@ -rm -f chrony.conf.5 chrony.texi chronyc.1 chronyd.8 clean : - -rm -f *.o *.s chronyc chronyd core *~ chrony.info chrony.html chrony.txt + -rm -f *.o *.s chronyc chronyd core getdate.c *~ + -rm -f chrony.info chrony.html chrony.txt -rm -rf .deps -getdate.c : ; -getdate : +getdate.c : bison -o getdate.c getdate.y # For install, don't use the install command, because its switches debian/patches/CVE-2015-1822.patch0000664000000000000000000000214113402027362013231 0ustar From 79eacdb7e694c7e6681b68006425df3faca51aec Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 30 Mar 2015 15:13:27 +0200 Subject: cmdmon: fix initialization of allocated reply slots When allocating memory to save unacknowledged replies to authenticated command requests, the last "next" pointer was not initialized to NULL. When all allocated reply slots were used, the next reply could be written to an invalid memory instead of allocating a new slot for it. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could exploit this to crash chronyd or possibly execute arbitrary code with the privileges of the chronyd process. --- cmdmon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cmdmon.c b/cmdmon.c index 58a6c90..343baf4 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -545,6 +545,7 @@ get_more_replies(void) for (i=1; i Source: http://download.tuxfamily.org/chrony/ Files: * Copyright: 2008-2013, Miroslav Lichvar 2008-2009, John Hasler 1997-2007, Richard P. Curnow License: GPL-2 Files: debian/* Copyright: 2012-2013, Joachim Wiedorn 2000-2012, John Hasler License: GPL-2 License: GPL-2 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. debian/postrm0000664000000000000000000000142512255145133010442 0ustar #!/bin/sh # postrm script for chrony # # see: dh_installdeb(1) set -e # targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear case "$1" in purge) rm -f /var/lib/chrony/* rm -f /etc/chrony/chrony.conf if `which ucf >/dev/null` then ucf --purge /etc/chrony/chrony.conf fi rm -rf /etc/chrony rm -rf /var/lib/chrony rm -rf /var/log/chrony ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) rm -f /var/lib/chrony/* ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/source/0000775000000000000000000000000012243722776010504 5ustar debian/source/format0000664000000000000000000000001412243754356011711 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000007444113402034731011051 0ustar chrony (1.29-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2015-1821.patch: Fix access configuration with subnet size indivisible by 4. - CVE-2015-1821 * SECURITY UPDATE: DoS (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. - debian/patches/CVE-2015-1822.patch: Fix initialization of allocated reply slots. - CVE-2015-1822 * SECURITY UPDATE: Authentication doesn't protect symmetric associations against DoS attacks - debian/patches/CVE-2015-1853.patch: Protect authenticated symmetric associations against DoS attacks. - CVE-2015-1853 * SECURITY UPDATE: Remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key". - debian/patches/CVE-2016-1567.patch: restrict authentication of server/peer to specified key. - CVE-2016-1567 -- Eduardo Barretto Wed, 05 Dec 2018 17:57:24 -0200 chrony (1.29-1) unstable; urgency=medium * New upstream release with some bugfixes: - Closes: #719132: new upstream version, fixes security bugs. - Closes: #719203: Fixing vulnerabilities: CVE-2012-4502 - Buffer overflow, CVE-2012-4503 - Uninitialized data. * debian/control: - Set myself as new maintainer. Closes: #705768 - Bump to Standards-Version 3.9.5. - Move to debhelper >= 9 and compat level 9. - Update package descriptions. - Add Vcs fields to new git repository. - Add dependency to lsb-base (for init script). - Add build dependency to libtomcrypt-dev. * Move to source format 3.0 (quilt). * Add the following patch files: (Closes: #637514) - 01_fix-small-typo-in-manpages - 03_recreate-always-getdate-c - 04_do-not-look-for-ncurses (Closes: #646732) - 05_disable-installation-of-license * debian/rules: - Move to dh-based rules file. - Enable parallel builds. * Add debian/watch file. * Full update of debian/copyright file. * Add debian/doc-base file. * Full update of debian/README.Debian file. * Update debian/postinst, debian/postrm, debian/prerm. * Remove obsolete debian/preinst. Reduce mailing within postinst. * Do not use old md5sum file anymore for ucf in postinst script. * Add status action in init script (debian/init). Closes: #652207 * Add debian/install file for installing example of chrony.conf. * Reduce debian/dirs file for use with debhelper 9. -- Joachim Wiedorn Fri, 20 Dec 2013 23:35:25 +0100 chrony (1.26-4) unstable; urgency=low * QA upload. * Depend on net-tools, for netstat (closes: #707260). -- Colin Watson Mon, 08 Jul 2013 18:00:45 +0100 chrony (1.26-3) unstable; urgency=low * Orphaned. -- John G. Hasler Fri, 19 Apr 2013 13:08:31 -0500 chrony (1.26-2) unstable; urgency=low * Fixed Makefile.in so that getdate.c gets made (and removed in "clean"). This will go upstream. Moved faq stuff in rules from binary-indep to binary-arch. * Restored accidently deleted nmu changelog entry. * Applied patch from Moritz Muehlenhoff Closes: #655123 Please enabled hardened build flags * Fixed upstream. Closes: #518385 Chrony segfaults on startup (narrowed down to chronyc and "burst") * Added DEB_BUILD_OPTIONS=noopt to rules. Added build-arch and build-indep to rules. Prefix is now 'usr'. Changed to dh_installman. Fixed "clean:" target. Closes: #479389 Improvements for debian/rules * Fixed upstream. Closes: #195620 Strange "System time : xxx seconds slow of NTP time" output * Upstream changes should have fixed this. Closes:#294030 chronyd makes the whole system briefly (< 1 second) freeze * Fixed by upstream changes and new LSB headers. Closes: #407466 Chrony won't access hardware clock but prevents hwclock from doing so either -- John G. Hasler Sun, 01 Jul 2012 22:05:56 -0500 chrony (1.26-1) unstable; urgency=low * New upstream release Closes: #348554: chrony and hwclock packages not coordinated. Closes: #572964: RTC support is missing. Closes: #642209: add RTC support for linux 3.0. Closes: #644241: new upstream version 1.26 available. * Applied patches from Joachim Wiedorn : Fixed several typos in man pages and README. Added version.h. Moved default chrony.conf to debian/ . Renamed cron and init files. Removed debian/NEWS.Debian, debian/info. Added debian/clean. Updated debian/copyright. COPYING stays. Upstream requires it. Fixed debian/menu, debian/control, updated debian/compat. Added "--without-readline" to debian/rules: rewrite later. Minor fixes to initscript: rewrite later. Closes: #646732 Move from readline support to editline support. Closes: #598253 Fix typo in LSB init headers ($hwclock to $time). Closes: #600403 Fix init check with PPP connection. -- John G. Hasler Sun, 17 Jun 2012 21:55:47 -0500 chrony (1.24-3.1) unstable; urgency=low * Non-maintainer upload. * Add patch (directly over the source...), to work with kernels > 3.0.0, by Paul Martin at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628919#15. (Closes: #628919) * Fix readline build-depends from "libreadline5-dev | libreadline-dev" to libreadline-gplv2-dev because chrony is GPLv2 only. (Closes: #634447) * Update copyright file to say that chrony is GPLv2 only. (Closes: #637526) -- Ana Beatriz Guerrero Lopez Fri, 12 Aug 2011 12:32:26 +0200 chrony (1.24-3) unstable; urgency=high * Applied (modifed) patch from Gregor Herrmann. Closes: #593145: fails to configure on installation Closes: #552162: chrony incorrectly thinks that it has failed to (re)start Closes: #592930: invoke-rc.d: initscript chrony, action "start" failed. -- John G. Hasler Tue, 14 Sep 2010 10:06:47 -0500 chrony (1.24-2) unstable; urgency=low * Fixed regression that caused default CHRONY_IOC_ lines to vanish from io_linux.h thereby breaking hppa and ia64. Closes: #588930: FTBFS [ia64,hppa]: "I don't know the values of the _IOC_* constants on your architecture" * $remote_fs was added in 1.24-1. Depending on networking is neither necessary nor desireable. Closes: #590888: Dependencies on init.d script insuficcient * Still need to rewrite scripts. -- John G. Hasler Fri, 30 Jul 2010 20:32:55 -0500 chrony (1.24-1) unstable; urgency=low * New upstream release. The scripts will be rewritten and many more bugs taken care of in -2. Right now I want to get 1.24 out there. * Applied patch from Petter Reinholdtsen to init.d Closes: #541806: misses syslog dependency in LSB headers * Chrony cannot be linked to libreadline6 because it is GPLv2 only. Closes: #553739 replacing libreadline5-dev build dependency with libreadline-dev * "configure" rewritten upstream, eliminating "+=". Closes: #573036: RTC support disabled (due to Bashism in configure line 293) * Removed "install-info" from scripts. Closes: #568703: dpkg warnings * client.c has been rewritten upstream. Closes: #573032 * Fixed typos. Closes: #434629: 'man chrony', 'cronyc', 'cronyd' typos: "parateters" x 2, "priviliges" * Added debian/source/format containing "1.0". -- John G. Hasler Tue, 22 Jun 2010 16:01:29 -0500 chrony (1.23-7) unstable; urgency=high * Applied patches from upstream to fix remote DOS: CVE-2010-0292 Don't reply to invalid cmdmon packets CVE-2010-0293 Limit client log memory size CVE-2010-0294 Limit rate of syslog messages -- John G. Hasler Tue, 02 Feb 2010 19:37:50 -0600 chrony (1.23-6) unstable; urgency=low * Commented out rtcfile directive in chrony.conf because it can cause lockups with certain combinations of motherboard and kernel (this is a known kernel bug). Closes: #508298: chronyd unreachable and does not work (clock drifts) * Chrony no longer uses the ppp/ip-up.d and ppp/ip-up.d files and the new init.d file won't hang if chronyc hangs. Closes: #448481: /etc/ppp/ip-up.d/chrony doesn't work when bindaddress is set. * Cannot reproduce on current version on amd64. Closes: #412961: error in tracking report (on amd64?) -- John Hasler Wed, 10 Dec 2008 14:16:37 -0600 chrony (1.23-5) unstable; urgency=low * Replaced background kill with 'timelimit' in initscript. Closes: #505094: chrony: kills random netstat processes * Added 'Recommends: udev (>= 0.124-1)' Closes: #497113: /dev/rtc renamed to /dev/rtc0 with linux-image-2.6-*/2.6.26+15 * Had previously applied patch from Nathanael Nerode to fix configure bug but forgot to close the bug. Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses -- John Hasler Sun, 09 Nov 2008 20:19:22 -0600 chrony (1.23-4) unstable; urgency=low * Fixed dependency of init script on Pppconfig ip-up.d script by moving those lines into the init script. * Added checks to try to make sure that Chronyd is really, really running. Changed Netstat call to use -n, added code to kill it if it hangs. Added code to kill Chronyc if it can't contact Chronyd. Discussed the HPET/rtc problem in NEWS.Debian. Closes: #504000: init script hangs for a while might break upgrade * Added missing initialization to create_instance() in ntp_core.c. This was why UTI_NormaliseTimeval() was being called with huge values at times. * See comment on #195620 in 1.21z-6 below. If you know of more LP64 bugs reopen #348412 with a patch. Closes: #348412: chronyc not LP64 compliant * Added comment about sources being discarded to chrony.conf as suggested by Andreas Hübner in #268289. * This is normal behavior. Closes: #287060: trimrtc takes 40 seconds to take effect -- John Hasler Thu, 06 Nov 2008 10:38:58 -0600 chrony (1.23-3) unstable; urgency=high * Rewrote UTI_NormaliseTimeval()in util.c to use divide/remainder instead of loops at the suggestion of Gabor Gombas. This prevents the problem of the loop running until the sun goes out when the function is called with a very large value for tv_usec on 64-bit architectures. Also fixed some other spots where the same loop was being used. Closes: #474294 Goes into endless loop Closes: #447011 chronyd stalls with 100% CPU usage I still don't know why the function is being called with such a large value, however. * Changed default servers in chrony,conf to Debian servers. Closes: #434483: chrony: Should use NTP servers in Debian pool -- John Hasler Sat, 26 Apr 2008 11:47:44 -0500 chrony (1.23-2) experimental; urgency=low * Added default IOC's to io_linux.h. Closes: #477043: chrony_1.23-1(ia64/experimental): FTBFS: IOC constants unknown on ia64 Closes: #476963: chrony_1.23-1(hppa/experimental): FTBFS: "I don't know the values of the _IOC_* constants for your architecture" -- John Hasler Sun, 20 Apr 2008 13:29:29 -0500 chrony (1.23-1) experimental; urgency=low * New upstream release This is 1.23 with Debian patches applied (including some for LP64). I'm uploading this to Experimental to get it tested on x86_64 to see if #474294 is fixed. -- John Hasler Sat, 19 Apr 2008 14:49:15 -0500 chrony (1.21z-6) unstable; urgency=low * Applied patches from Eric Lammerts and Goswin von Brederlow to cast the value returned by ntohl to int32_t and so cause correct sign-extension near line 1655 in client.c. Also fixed similar bugs in the same area. I'm not sure this entirely fixes the chronyc number display problem, though. I've not closed #348412 here because chrony is still not fully LP64 compliant. Closes: #195620: Strange "System time : xxx seconds slow of NTP time" output * Replaced addrfilt.c with addrfilt.c from upstream git repository. This fixes the recursive structure definition problems. * Replaced 'route' with 'netstat -r' in the initscript. * Applied patch for configure script from Nathanael Nerode to delete the superfluous "lncurses" at line 327. Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses * Added test to reject servers claiming stratum less than 1 in ntp_core.c "Test 7". Bill Unruh has run across a server that sometimes claims to be stratum 0, which causes considerable confusion. -- John Hasler Fri, 16 Feb 2007 17:47:40 -0600 chrony (1.21z-5) unstable; urgency=high * Applied postinst patch from Lionel Elie Mamane to test for the existence of old .keys and .conf files before renaming them. Closes: #397759: fails to configure: mv: cannot stat `/etc/chrony/chrony.keys.1.21-2': No such file or directory * Added burst command to /etc/ppp/ip-up.d/chrony to give chronyd a kick in the butt. Shouldn't need that, though. Initscript now calls /etc/ppp/ip-up.d/chrony if a default route exists. Closes: #397739: Not connecting to sources after reboot - dialup -- John Hasler Sun, 26 Nov 2006 08:07:20 -0600 chrony (1.21z-4) unstable; urgency=low * Added test for /usr/bin/mail to postinst. Closes: #386651: chrony: Requires /usr/bin/mail but doesn't depend on it Closes: #390280: chrony: missing dependency on mail * Added LSB headers to initscript * Corrected erroneous use of 'dpkg --compare-version' in preinst and postinst. Closes: #386733: fails to configure (bad upgrade check) * Added rm to postinst to remove keyfile possibly left by a failed install. Closes: #390278: usage of tempfile /etc/chrony/chrony.keys is doubtful -- John Hasler Sat, 7 Oct 2006 13:39:49 -0500 chrony (1.21z-3) unstable; urgency=low * Changed upstream version number from 1.21 to 1.21z to satisfy Debian archive software. * Replaced impure chrony_1.21.orig.tar.gz. Closes: #340030: chrony: Tarball is impure * Now Provides, Conflicts, Replaces time-daemon Closes: #330839: time-daemon pseudopackage * Corrected typos. Closes: #321121: chrony: typo in 'Conflicts:' field: s/ntpsimple/ntp-simple/ and s/ntprefclock/ntp-refclock/ * Rewrote postinst and postrm to use ucf. Wrote preinst to protect chrony.conf from dpkg. Closes: #351332: chrony: conffile change prompt prevents smooth upgrade from sarge to etch * Deleted last few lines of chrony.conf as they no longer apply. * Deleted .arch-ids from contrib and examples. * Fixed typo in chronyc.1 Closes: #349871: chrony: typo in chrnoyc.1 results in missing word * Corrected references in man pages. Closes: #345034: chrony: man pages refer to wrong sections * Added "allow 172.16/12" to chrony.conf. Closes: #252952: chrony: default allow should also have 172.16/12 * Channged server lines in chrony.conf to follow ntp.org current recommendation. Closes: #243534: chrony: new pool.ntp.org setup doesn't work well * Fixed FSF address in debian/copyright. -- John Hasler Fri, 1 Sep 2006 10:52:52 -0500 chrony (1.21-2) unstable; urgency=high * Patched io_linux.h to add missing architectures. Closes: #339764: chrony - FTBFS: #error "I don't know the values of the _IOC_* constants for your architecture" * Fixed brown-bag error in rules. Closes: #339853: /usr/sbin/chronyd is missing -- John Hasler Sat, 19 Nov 2005 10:12:49 -0600 chrony (1.21-1) unstable; urgency=low * New upstream release Closes: #328292: New version of chrony avalaible Closes: #301592: Fails to read RTC and floods logfiles * Enabled RTC as upstream has installed a work-around for the HPET bug. * Switched to libreadline5. Closes: #326379: please rebuild with libreadline5-dev as build dependency * Patched addrfilt.c to fix gcc 4.0 build problem. Closes: #298709: chrony: FTBFS (amd64/gcc-4.0): array type has incomplete element type * There are lots more minor things to fix but I'm uploading now to close the serious bugs. I'll upload another version with some improvements in a few weeks. -- John Hasler Tue, 15 Nov 2005 18:39:49 -0600 chrony (1.20-8) unstable; urgency=high * Added test for /usr/bin/mail in postinst. Closes: #307061: Install failure: Cannot configure on system without mailx I consider this bug serious because it can cause installation to fail and so I want to get the fix into Sarge. * Fixed typo in chrony.conf, replaced '/etc/init.d/chrony restart' with 'invoke-rc.d chrony restart'. Closes: #305090: Typo in chrony.conf, should mention invoke-rc.d * Added README.Debian explaining that rtc is off by default. -- John Hasler Sat, 30 Apr 2005 18:47:30 -0500 chrony (1.20-7) unstable; urgency=low * Added info-4 to debian/rules. Closes: #287142: chrony: Can't find chrony.info-4 * Corrected "See Also" section in chrony man page. Now mentions chronyc(1), chronyd(8), and chrony.conf(5). Closes: #287444: chrony.1.gz: SEE ALSO on man page has wrong section. * Edited chrony.conf to disable rtc by default and explain why: on some systems that use genrtc or the HPET real-time clock it fails and causes chronyd to fill up the log. The failure is probably due to a kernel bug, bug the logging should be throttled. * Added more explanatory comments at the servers directive in chrony.conf. * The postinst script now sends a message to root saying where the password is, whether Chrony is assuming UTC or local time, that rtc updating is disabled, why, and how to change it. * Added missing '#' to "Can't tell how your clock is set: assuming local time." in postinst. -- John Hasler Tue, 12 Apr 2005 17:59:13 -0500 chrony (1.20-6) unstable; urgency=low * Fixed error in chrony.conf where the non-existent 'online' directive was mentioned. Closes: #257235 misleading instructions in chrony.conf * Patched Makefile.in to generate faq.html. Closes: #265936 /usr/share/doc/chrony/faq.txt.gz: how to read? -- John Hasler Sat, 4 Dec 2004 17:47:31 -0600 chrony (1.20-5) unstable; urgency=low * Put pool.ntp.org servers in chrony.conf as defaults. * Fixed erroneous references to chronyd(1) in some man pages. Closes: #241746 SEE ALSO chronyd(1) should be (8) * I got a new motherboard and can no longer reproduce this. If you can please reopen the bug. Closes: #223518 Rtc stuff is broken * Edited chrony.conf(5). Closes: #241745 many more features have been added * Edited chrony.conf to add logchange and mailonchange and to enable rtc by default. Closes: #226644 /etc/chrony/chrony.conf: rtc; not all options are noted in conf file * Fixed upstream: see NEWS. Closes: #124089 mistake in the chrony manual Closes: #177366: trailing blank on log lines Closes: #195618 failure to use /dev/misc/rtc floods logfiles Closes: #53066 "acquisitionport" directive and doc fixes [patch] Closes: #100880 RFE: don't use /proc when uname(2) will do Closes: #163470: different bindaddresses for ntp port and control port Closes: #200174: Chrony breaks under Kernel 2.5 (two bugs) -- John Hasler Sat, 10 Apr 2004 22:00:00 -0500 chrony (1.20-4) unstable; urgency=low * Added '#include ' to rtc_linux.c to fix Alpha build problem. Also removed spinlock stuff from configure. -- John Hasler Fri, 26 Dec 2003 21:00:00 -0600 chrony (1.20-3) unstable; urgency=low * Removed all inclusions of kernel headers. Hopefully Chrony will now build on m68k. -- John Hasler Tue, 23 Dec 2003 19:00:00 -0600 chrony (1.20-2) unstable; urgency=low * Removed spinlock.h and mc146818.h from rtc_linux.c. linux/rtc.h and RTC_UIE=0x10 provide everything needed now. Closes: #223134 FTBFS: Errors in kernel headers * However, rtc is now broken (and appears to have been broken for some time) on 440BX chipsets with 2.4 kernels. -- John Hasler Fri, 12 Dec 2003 13:00:00 -0600 chrony (1.20-1) unstable; urgency=low * New upstream release. * Frank Otto's patch to sys_linux.c, function guess_hz_and_shift_hz now incorporated upstream. Closes: #198557 Fatal error: chronyd can't determine hz for kernel with HZ=200 * Security and 64 bit patches are now incorporated upstream along with most non-i386 architecture patches. * Put correct links in /usr/share/doc/chrony/timeservers. Closes: #189686 /usr/share/doc/timeservers links are broken * Put correct links in chrony.conf. Closes: #210886 bad link in chrony.conf * Put missing newlines in apm and chrony.keys. Closes: #211604 Build-warning: some files misses final newline * Removed conflict with ntpdate. -- John Hasler Tue, 7 Oct 2003 22:00:00 -0500 chrony (1.19-10) unstable; urgency=low * Put linux/linkage.h ahead of linux/spinlock.h as I meant to in the first place. -- John Hasler Sun, 13 Jul 2003 7:00:00 -0500 chrony (1.19-9) unstable; urgency=low * Added "#include " to rtc_linux.c to fix mips build failure. Closes: #200165 chrony doesn't build on mips and mipsel -- John Hasler Sat, 12 Jul 2003 10:00:00 -0500 chrony (1.19-8) unstable; urgency=low * Added bison to build-depends because of addition of getdate.y -- John Hasler Tue, 3 Jun 2003 10:00:00 -0500 chrony (1.19-7) unstable; urgency=high * Closes: #186498 chronyc hangs if no chronyd is running Added test for running daemon to ip-{up|down} scripts. Disabled trimrtc for ALPHA Closes: #195615 GPL violation - generated file without source * Added a copy of getdate.y to source. -- John Hasler Sun, 1 Jun 2003 7:00:00 -0500 chrony (1.19-6) unstable; urgency=low * Closes: #179842 "CROAK" redefined Added '#undef CROAK' before CROAK redefiniton in pktlength.h, added '-DALPHA' to 'alpha' condition in configure, added 'ifdef ALPHA' around CROAK redefinition. * Replaced many signed and unsigned longs as well as some ints, shorts, and chars with stdint.h types in candm.h, md5.h, ntp.h, clientlog.h, and ntp_io.c. This should fix all 64-bit problems. -- John Hasler Fri, 14 Mar 2003 19:00:00 -0600 chrony (1.19-5) unstable; urgency=high * Closes: #184065 Assertion `sizeof(NTP_int32) == 4' failed on alpha Fixed several spots where the author assumed that a long is 32 bits. There are many more misuses of long as well as several of short and char but I think I got the only ones likely to cause trouble. -- John Hasler Fri, 14 Mar 2003 11:00:00 -0600 chrony (1.19-4) unstable; urgency=low * Closes: #179538 FTBFS: missing build-depends on makeinfo Added texinfo to build-depends. * CLoses: #179508: chrony(c|d) show wrong version numbers Removed spurious version.h. -- John Hasler Sun, 2 Feb 2003 19:00:00 -0600 chrony (1.19-3) unstable; urgency=low * Updated author's address in copyright file. * Closes: #163446 patch, that scripts can handle all commandkeys Applied debugged patch. * Closes: #107863 doesn't know about APM Put apm script in debian/ and added rules to copy it to etc/apm/event.d as instructed by the apmd maintainer. -- John Hasler Fri, 31 Jan 2003 18:00:00 -0600 chrony (1.19-2) unstable; urgency=low * Closes: #100879 unnecessary dependency on libm Applied patch from Zack Weinberg * Closes: #124091 the force-reload command of /etc/init.d/chrony should use the -r option. Added -r option. -- John Hasler Wed, 29 Jan 2003 10:00:00 -0600 chrony (1.19-1) unstable; urgency=low * New upstream release. * Closes: #178338 New upstream version fixes crashes caused by adjtimex failure * Closes: #178101 /etc/ppp/ip-{up,down}.d/chrony installed with incorrect permissions This bug was previously reported and fixed in 18-1 * Closes: #176130 got an error when I use ppp_on_boot Changed 'update-rc.d chrony defaults 83' to 'update-rc.d chrony defaults 14' in init.d so that chrony will come up before ppp. * Added code to postinst to read /etc/default/rcS and set rtconutc appropriately in chrony.conf. * Rewrote password generator in postinst. * Closes: #100879 unnecessary dependency on libm I don't know why this wasn't closed months ago. * Closes: #103447 typo in "/etc/init.d/chrony" * Closes: #124087 problems with /etc/init.d/chrony Fixed script. * Closes: #161350 /etc/ppp/ip-down.d/chrony cat unnecessary Fixed scripts. * Closes: #113840 ntp has been split - add conflicts? Added ntp-simple and ntp-refclock to conflicts. -- John Hasler Sun, 26 Jan 2003 15:00:00 -0600 chrony (1.18-2) unstable; urgency=low * Corrects error in changelog which resulted in uploads being erroneously classified as NMUs. * Closes: #138142, #104774, #142670, #105344, #101039 * Closes: #162427, #56756, #98951, #99799, #139633 * Closes: #163469, #163408, #167416 -- John Hasler Sun, 3 Nov 2002 20:00:00 -0600 chrony (1.18-1) unstable; urgency=low * New upstream release. * Closes: #138142 new upstream release * Added Mark Brown's Alpha and PowerPC patch. * Closes: #104774 hppa build failure Applied patch. * Closes: #142670 compilation errors on sparc Applied patch. * Closes: #105344 ip-{up, down}.d/chrony not executable Fixed debian/rules. * Closes: #101039 does not run on Alpha Fixed by above mentioned Mark Brown patch. * Closes: #162427 description should mention NTP Fixed description. * Closes: #56756 README.debian should caution about hwclock Fixed README.debian. * Closes: #98951 no chrony.keys file installed Not reproducible, probable user error. * Closes: #99799 logs world readable Added umask 022 to log script. * Closes: #139633 documentation error Added rtconutc to chrony.conf. * Closes: #163469 no default case in init.d script Corrected typo. * Closes: #163408 PIDFILE wrongly defined in ip-{up,down} No chrony script uses any such variable. * Closes: #167416 needs Build-Depends: libreadline4-dev -- Sun, 3 Nov 2002 10:00:00 -0600 chrony (1.14-7) unstable; urgency=medium * Changed rtc_linux.c to not include linux/mc146818rtc.h when building for sparc, because Moshe Zadka says this will allow chrony to build there. * Closes: #142670 -- Wed, 17 Apr 2002 17:00:00 -0500 chrony (1.14-6) unstable; urgency=low * Changed architecture back to 'any'. * Applied portability patch from LaMont Jones. * Closes: #104774 -- Mon, 1 Apr 2002 21:00:00 -0600 chrony (1.14-5) unstable; urgency=low * Changed architecture from 'any' to 'i386 sparc'. Neither I nor the author can test on anything but i386. If you want chrony on anything else send me a tested patch. * Closes: #101039 * Closes: #104774 -- Fri, 28 Dec 2001 20:10:00 -0600 chrony (1.14-4) unstable; urgency=low * Fixed bug in man pages. * Closes: #95134 -- Tue, 24 Apr 2001 20:10:00 -0500 chrony (1.14-3) unstable; urgency=low * Replaced in rtc_linux.c with typedef int spinlock_t as suggested by Paul Slootman. * Put #define CROAK(message) assert(0) in pktlength.h to fix Alpha build problem. * Closes: #86991 -- Sat, 24 Feb 2001 22:45:00 -0600 chrony (1.14-2) unstable; urgency=low * Closes: #84597 -- Sat, 3 Feb 2001 21:25:00 -0600 chrony (1.14-1) unstable; urgency=low * New upstream release. * Fixed more sprintfs. * Closes: #50793, #52570, #48216, #65209, #62924, #70377, #61485, #76661 -- Mon, 20 Nov 2000 20:25:00 -0600 chrony (1.10-3) unstable; urgency=low * Patched cron,weekly script with (corrected) patch from Rene H. Larsen . * Updated author address in copyright file. * Compiled with egcs. * Closes: #41885, #41551 -- Sun, 25 July 1999 12:14:00 -0500 chrony (1.10-2) unstable; urgency=low * Patched rtc_linux.c with patch for SPARC from bmc@visi.net. -- Mon, 17 May 1999 22:30:00 -0500 chrony (1.10-1) unstable; urgency=low * New upstream release. * Upstream version number is 1.1. Debian version number is 1.10 because previous upstream number was 1.02. -- Wed, 12 May 1999 20:30:00 -0500 chrony (1.02-7) unstable; urgency=low * Changed configure to permit building on non-Intel. -- Wed, 5 May 1999 18:00:00 -0500 chrony (1.02-6) unstable; urgency=low * Fixed postrm bug. -- Thur, 29 Apr 1999 18:00:00 -0500 chrony (1.02-5) unstable; urgency=low * Fixed bugs 34954 and 36921. * Moved to priority extra. * Added README.debian text about rtc. -- Thur, 15 Apr 1999 21:30:00 -0500 chrony (1.02-4) unstable; urgency=low * Replaced sprintf's with snprintf's. -- Sun, 28 Feb 1999 16:53:00 -0600 chrony (1.02-3) unstable; urgency=low * Fixed bugs in cron.weekly, ip-up.d, and ip-down.d. * Bug 29981 is also fixed. -- Sun, 6 Dec 1998 9:53:00 -0600 chrony (1.02-2) unstable; urgency=low * Added cron.weekly. * Changed ip-up.d, ip-down.d, and cron.weekly to read the password from chrony.keys. * Added code to postinst to generate a random password and put it in chrony.keys. -- Thur, 3 Dec 1998 19:00:08 -0600 chrony (1.02-1) unstable; urgency=low * Initial Release. -- Fri, 6 Nov 1998 23:00:08 -0600 debian/control0000664000000000000000000000302613402034735010575 0ustar Source: chrony Section: admin Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Joachim Wiedorn Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9), texinfo, bison, libedit-dev, libnss3-dev, libtomcrypt-dev, dpkg-dev (>= 1.16.1~) Homepage: http://chrony.tuxfamily.org Vcs-Git: git://anonscm.debian.org/collab-maint/chrony.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/chrony.git Package: chrony Architecture: linux-any Depends: ${misc:Depends}, ${shlibs:Depends}, ucf, timelimit, install-info, net-tools, lsb-base Recommends: udev (>= 0.124-1) Conflicts: time-daemon, ntp Provides: time-daemon Replaces: time-daemon Description: Set the computer clock from time servers on the Net It consists of a pair of programs: . chronyd: This is a daemon which runs in background on the system. It obtains measurements (e.g. via the network) of the system's offset relative to other systems and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using 'chronyc'). In either case 'chronyd' determines the rate at which the computer gains or loses time, and compensates for this. Chronyd implements the NTP protocol and can act as either a client or a server. . chronyc: This is a command-line driven control and monitoring program. An administrator can use this to fine-tune various parameters within the daemon, add or delete servers etc whilst the daemon is running. debian/rules0000775000000000000000000000124612243761464010264 0ustar #!/usr/bin/make -f # -*- makefile -*- BASE=debian/chrony %: dh $@ --parallel override_dh_auto_configure: dh_auto_configure -- --mandir=/usr/share/man \ --sysconfdir=/etc/chrony --without-readline override_dh_auto_build: dh_auto_build make docs override_dh_installchangelogs: dh_installchangelogs NEWS override_dh_install: dh_install install -m 0755 -T debian/apm $(BASE)/etc/apm/event.d/01chrony install -m 0755 -T debian/ip-up $(BASE)/etc/ppp/ip-up.d/chrony install -m 0755 -T debian/ip-down $(BASE)/etc/ppp/ip-down.d/chrony override_dh_installinit: # set boot sequence number for old sysv-rc style dh_installinit --update-rcd-params="defaults 83" debian/watch0000664000000000000000000000015012250731541010215 0ustar # watch control file for uscan version=3 http://download.tuxfamily.org/chrony/chrony-(\d\.\d+)\.tar\.gz debian/prerm0000664000000000000000000000065212255145133010244 0ustar #!/bin/sh # prerm script for chrony # # see: dh_installdeb(1) set -e # targets: remove|upgrade|deconfigure|failed-upgrade case "$1" in remove|upgrade|deconfigure) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/compat0000664000000000000000000000000212243754174010377 0ustar 9 debian/docs0000664000000000000000000000004712250730632010044 0ustar README faq.txt chrony.txt chrony.html debian/postinst0000664000000000000000000000373612255145273011015 0ustar #!/bin/sh # postinst script for chrony # # see: dh_installdeb(1) set -e # targets: configure|abort-upgrade|abort-remove|abort-deconfigure case "$1" in configure) cp /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf.new MAILUTC="" # look for real-time clock . /etc/default/rcS case "$UTC" in no|"") echo "# rtconutc" >> /etc/chrony/chrony.conf.new ;; yes) echo "rtconutc" >> /etc/chrony/chrony.conf.new ;; *) echo "# rtconutc" >> /etc/chrony/chrony.conf.new MAILUTC="Chrony do not know how your clock is set: assuming local time. If this is not correct edit /etc/chrony/chrony.conf. The comments explain what to do." ;; esac if [ -z "$2" ] then # As this is a new install, generate a key. # Remove any keyfile left by a failed install. rm -rf /etc/chrony/chrony.keys KEYFILE=`tempfile -m 640 -n /etc/chrony/chrony.keys` PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` echo "1 $PASSWORD" > $KEYFILE MAILPASSWORD="The password for chronyc is in $KEYFILE." if [ `echo $MAILUTC | wc -m` -gt 10 ] then # And tell root about the rtc setting if `which mail >/dev/null` then echo "$MAILUTC" | mail -s "Chrony" root fi fi fi if `which ucf >/dev/null` then ucf /etc/chrony/chrony.conf.new /etc/chrony/chrony.conf rm /etc/chrony/chrony.conf.new fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/menu0000664000000000000000000000017412243711646010067 0ustar ?package(chrony):needs="text" section="Applications/System/Administration"\ title="chronyc"\ command="/usr/bin/chronyc" debian/install0000664000000000000000000000004712255154445010571 0ustar debian/chrony.conf usr/share/chrony