This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
- Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
- Add source-specific configuration of trusted certificates
- Allow multiple files and directories with trusted certificates
- Allow multiple pairs of server keys and certificates
- Add copy option to server/pool directive
- Increase PPS lock limit to 40% of pulse interval
- Perform source selection immediately after loading dump files
- Reload dump files for addresses negotiated by NTS-KE server
- Update seccomp filter and add less restrictive level
- Restart ongoing name resolution on online command
- Fix dump files to not include uncorrected offset
- Fix initstepslew to accept time from own NTP clients
- Reset NTP address and port when no longer negotiated by NTS-KE
server
-
Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
-
Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
-
Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
-
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start...