[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre2-97-g828e6ce |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 828e6ce30f38560d88220f3441c59816975e3c7d (commit)
via dc08cbfe59fe7456530451e0fc9dfa2620da4ed8 (commit)
via 3bdcce6903850552c1b869447497d6e0ed2dfa3b (commit)
via d93aa10bac6b269d6c9c431d8dc58858ba690fac (commit)
via de4ecc72d19418151d7760bced9c39da100f01ab (commit)
via db54bfc0c154f78e52601dd94d3803358c1413d1 (commit)
via 72ee80debe4b66c591b49c327f5bf44ea0e2c532 (commit)
via a3436c26f0e8e2c679bc045e35d8e3905de39456 (commit)
via b0f5024d560aba9bf2dcef62af57336013e86cee (commit)
via eae4b2abe596f63b705cc0c0815efef211c9e821 (commit)
via ff03b813b00bf60c41725b7f3886f5d79c5e689f (commit)
from 4e747da4b482c568e82761913ac702899c72745a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 828e6ce30f38560d88220f3441c59816975e3c7d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 8 17:11:15 2020 +0200
doc: mention automatic creation of directories
commit dc08cbfe59fe7456530451e0fc9dfa2620da4ed8
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 8 17:04:47 2020 +0200
conf: create ntsdumpdir directory
Create the directory specified by the ntsdumpdir directive if it doesn't
exist, similarly to logdir and dumpdir.
commit 3bdcce6903850552c1b869447497d6e0ed2dfa3b
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 8 17:02:32 2020 +0200
conf: restrict permissions of created directories
If logdir or dumpdir doesn't exist, create the directory with no
permissions for other users (mode 0750 instead of 0755).
commit d93aa10bac6b269d6c9c431d8dc58858ba690fac
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 8 12:02:12 2020 +0200
cmac+hash: change parameter types
For consistency and safety, change the CMC and HSH functions to accept
signed lengths and handle negative values as errors. Also, change the
input data type to void * to not require casting in the caller.
commit de4ecc72d19418151d7760bced9c39da100f01ab
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Jul 9 13:14:55 2020 +0200
nts: don't assume field position in NNA_DecryptAuthEF()
Modify NNA_DecryptAuthEF() to not assume that the authenticator is the
last extension field in the packet as some extension fields specified in
future may need to be placed after the authenticator. The caller of the
function is supposed to verify the position.
commit db54bfc0c154f78e52601dd94d3803358c1413d1
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Jul 9 13:13:13 2020 +0200
nts: check for negative length in NNA_DecryptAuthEF()
As other functions that accept a signed length, make sure it is sane in
NNA_DecryptAuthEF() too.
commit 72ee80debe4b66c591b49c327f5bf44ea0e2c532
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Jul 7 17:55:07 2020 +0200
nts: fix comment about message handler
commit a3436c26f0e8e2c679bc045e35d8e3905de39456
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Jul 7 12:34:29 2020 +0200
nts: improve session code
Add more comments and assertions, replace getsockopt() call with
SCK_GetIntOption(), replace strncmp() with memcmp(), move a return
statement for clarity, and remove an unused field from the instance
record.
commit b0f5024d560aba9bf2dcef62af57336013e86cee
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Jul 7 12:33:46 2020 +0200
nts: log details about failed certificate verification
commit eae4b2abe596f63b705cc0c0815efef211c9e821
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Jul 2 15:34:22 2020 +0200
ntp: drop precompensation of TX timestamp
The daemon transmit timestamps are precompensated for the time it takes
to generate a MAC using a symmetric key (as measured on chronyd start)
and also an average round-trip time of the Samba signing of MS-SNTP
responses. This improves accuracy of the transmit timestamp, but it
has some issues.
The correction has a random error which is changing over time due to
variable CPU frequency, system load, migration to a different machine,
etc. If the measured delay is too large, the correction may cause the
transmit timestamp to be later than the actual transmission. Also, the
delay is measured for a packet of a minimal length with no extension
fields, and there is no support for NTS.
Drop the precompensation in favor of the interleaved mode, which now
avoids the authentication delay even when no kernel/hardware timestamps
are available.
commit ff03b813b00bf60c41725b7f3886f5d79c5e689f
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Jul 2 15:18:23 2020 +0200
ntp: get TX timestamp after authentication
If the daemon transmit timestamp is saved for processing of a future
response or responding in the interleaved mode, get a more accurate
timestamp right before calling NIO_SendPacket(). Avoid unnecessary
reading of the clock for the transmit timestamp in the packet (i.e.
in interleaved modes and client basic mode).
This should improve accuracy and stability when authentication is
enabled in the client and symmetric basic modes and also interleaved
modes if kernel/hardware timestamps are not available.
-----------------------------------------------------------------------
Summary of changes:
cmac.h | 8 +++---
cmac_nettle.c | 14 +++++-----
conf.c | 6 +++--
doc/chrony.conf.adoc | 18 ++++++++-----
hash.h | 6 ++---
hash_intmd5.c | 10 ++++---
hash_nettle.c | 10 ++++---
hash_nss.c | 10 ++++---
hash_tomcrypt.c | 10 ++++---
keys.c | 60 +++---------------------------------------
keys.h | 7 +++--
ntp_auth.c | 38 ++-------------------------
ntp_auth.h | 9 -------
ntp_core.c | 36 ++++++++++++-------------
ntp_signd.c | 20 --------------
ntp_signd.h | 3 ---
nts_ke_session.c | 68 +++++++++++++++++++++++++++---------------------
nts_ke_session.h | 2 +-
nts_ntp_auth.c | 5 +++-
nts_ntp_server.c | 5 ++++
stubs.c | 15 +++--------
test/unit/cmac.c | 12 +++++----
test/unit/hash.c | 9 ++++---
test/unit/keys.c | 1 -
test/unit/nts_ntp_auth.c | 4 +++
25 files changed, 150 insertions(+), 236 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.