-
chrony (2.1.1-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Remote attackers to conduct impersonation attacks via
an arbitrary trusted key, aka a "skeleton key".
- debian/patches/CVE-2016-1567.patch: restrict authentication of
server/peer to specified key.
- CVE-2016-1567
-- Eduardo Barretto <email address hidden> Wed, 05 Dec 2018 18:51:33 -0200
-
chrony (2.1.1-1) unstable; urgency=medium
* Import upstream version 2.0 and 2.1.1:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
* debian/:
- Rename ppp scripts from ip-{up,down} to chrony.ppp.ip-{up,down}.
Necessary to let dh_installppp do its magic.
* debian/chrony.conf:
- Use the new 'pool' directive to specify the pool of NTP servers.
- Use the iburst option to speed up the initial synchronization.
- Drop the minpoll option. There is no point to deviate from upstream here.
Consequently, the default minimum polling interval is now 64 seconds
instead of 256 seconds.
- Enable kernel synchronization of the RTC via the 'rtcsync' directive.
- Drop the commented out 'rtcfile' directive in the configuration file.
- Stricly act as an NTP client by default. Serving time to other systems
should be the decision of the administrator(s). (Closes: #778770)
- Clarify some comments.
- Improve comment about the 'commandkey' directive.
* debian/control:
- Drop 'Recommends: udev (>= 0.124-1)' since it predates Debian squeeze.
* debian/copyright:
- Update copyright years.
- Various cleanups.
- Update relative to sys_macosx.{c,h} files.
- The test/simulation/test.common file is under the GPL-2+ license.
Thanks to Paul Gevers <email address hidden> for catching it.
* debian/NEWS:
- Comment the deactivation of the NTP server capability by default.
* debian/patches/:
- Refresh 01_do-not-install-copying-file.patch.
* debian/README.Debian:
- Fix misleading information.
* debian/rules:
- No need to install ppp scripts from the 'rules' script. Let dh_installppp
handle that.
-- Vincent Blut <email address hidden> Wed, 18 Nov 2015 00:11:23 +0100
-
chrony (1.31.1-2) unstable; urgency=medium
* Rename the NEWS.Debian file to NEWS. dh_installchangelogs doesn’t seems
to be able to deal with the former name.
-- Vincent Blut <email address hidden> Thu, 17 Sep 2015 21:50:30 +0200
-
chrony (1.30-2) unstable; urgency=medium
* With the following security bugfixes (Closes: #782160):
- Fix CVE-2015-1853: Protect authenticated symmetric NTP
associations against DoS attacks.
- Fix CVE-2015-1821: Fix access configuration with subnet
size indivisible by 4.
- Fix CVE-2015-1822: Fix initialization of reply slots for
authenticated commands.
* debian/control:
- Update e-mail address of myself.
- Add Vincent Blut as co-maintainer.
-- Joachim Wiedorn <email address hidden> Fri, 10 Apr 2015 11:41:31 +0200
