[chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre2-97-g828e6ce

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ] 

This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.

The branch, master has been updated
       via  828e6ce30f38560d88220f3441c59816975e3c7d (commit)
       via  dc08cbfe59fe7456530451e0fc9dfa2620da4ed8 (commit)
       via  3bdcce6903850552c1b869447497d6e0ed2dfa3b (commit)
       via  d93aa10bac6b269d6c9c431d8dc58858ba690fac (commit)
       via  de4ecc72d19418151d7760bced9c39da100f01ab (commit)
       via  db54bfc0c154f78e52601dd94d3803358c1413d1 (commit)
       via  72ee80debe4b66c591b49c327f5bf44ea0e2c532 (commit)
       via  a3436c26f0e8e2c679bc045e35d8e3905de39456 (commit)
       via  b0f5024d560aba9bf2dcef62af57336013e86cee (commit)
       via  eae4b2abe596f63b705cc0c0815efef211c9e821 (commit)
       via  ff03b813b00bf60c41725b7f3886f5d79c5e689f (commit)
      from  4e747da4b482c568e82761913ac702899c72745a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 828e6ce30f38560d88220f3441c59816975e3c7d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Jul 8 17:11:15 2020 +0200

    doc: mention automatic creation of directories

commit dc08cbfe59fe7456530451e0fc9dfa2620da4ed8
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Jul 8 17:04:47 2020 +0200

    conf: create ntsdumpdir directory
    
    Create the directory specified by the ntsdumpdir directive if it doesn't
    exist, similarly to logdir and dumpdir.

commit 3bdcce6903850552c1b869447497d6e0ed2dfa3b
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Jul 8 17:02:32 2020 +0200

    conf: restrict permissions of created directories
    
    If logdir or dumpdir doesn't exist, create the directory with no
    permissions for other users (mode 0750 instead of 0755).

commit d93aa10bac6b269d6c9c431d8dc58858ba690fac
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Jul 8 12:02:12 2020 +0200

    cmac+hash: change parameter types
    
    For consistency and safety, change the CMC and HSH functions to accept
    signed lengths and handle negative values as errors. Also, change the
    input data type to void * to not require casting in the caller.

commit de4ecc72d19418151d7760bced9c39da100f01ab
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Jul 9 13:14:55 2020 +0200

    nts: don't assume field position in NNA_DecryptAuthEF()
    
    Modify NNA_DecryptAuthEF() to not assume that the authenticator is the
    last extension field in the packet as some extension fields specified in
    future may need to be placed after the authenticator. The caller of the
    function is supposed to verify the position.

commit db54bfc0c154f78e52601dd94d3803358c1413d1
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Jul 9 13:13:13 2020 +0200

    nts: check for negative length in NNA_DecryptAuthEF()
    
    As other functions that accept a signed length, make sure it is sane in
    NNA_DecryptAuthEF() too.

commit 72ee80debe4b66c591b49c327f5bf44ea0e2c532
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Jul 7 17:55:07 2020 +0200

    nts: fix comment about message handler

commit a3436c26f0e8e2c679bc045e35d8e3905de39456
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Jul 7 12:34:29 2020 +0200

    nts: improve session code
    
    Add more comments and assertions, replace getsockopt() call with
    SCK_GetIntOption(), replace strncmp() with memcmp(), move a return
    statement for clarity, and remove an unused field from the instance
    record.

commit b0f5024d560aba9bf2dcef62af57336013e86cee
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Jul 7 12:33:46 2020 +0200

    nts: log details about failed certificate verification

commit eae4b2abe596f63b705cc0c0815efef211c9e821
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Jul 2 15:34:22 2020 +0200

    ntp: drop precompensation of TX timestamp
    
    The daemon transmit timestamps are precompensated for the time it takes
    to generate a MAC using a symmetric key (as measured on chronyd start)
    and also an average round-trip time of the Samba signing of MS-SNTP
    responses. This improves accuracy of the transmit timestamp, but it
    has some issues.
    
    The correction has a random error which is changing over time due to
    variable CPU frequency, system load, migration to a different machine,
    etc. If the measured delay is too large, the correction may cause the
    transmit timestamp to be later than the actual transmission. Also, the
    delay is measured for a packet of a minimal length with no extension
    fields, and there is no support for NTS.
    
    Drop the precompensation in favor of the interleaved mode, which now
    avoids the authentication delay even when no kernel/hardware timestamps
    are available.

commit ff03b813b00bf60c41725b7f3886f5d79c5e689f
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Jul 2 15:18:23 2020 +0200

    ntp: get TX timestamp after authentication
    
    If the daemon transmit timestamp is saved for processing of a future
    response or responding in the interleaved mode, get a more accurate
    timestamp right before calling NIO_SendPacket(). Avoid unnecessary
    reading of the clock for the transmit timestamp in the packet (i.e.
    in interleaved modes and client basic mode).
    
    This should improve accuracy and stability when authentication is
    enabled in the client and symmetric basic modes and also interleaved
    modes if kernel/hardware timestamps are not available.

-----------------------------------------------------------------------

Summary of changes:
 cmac.h                   |  8 +++---
 cmac_nettle.c            | 14 +++++-----
 conf.c                   |  6 +++--
 doc/chrony.conf.adoc     | 18 ++++++++-----
 hash.h                   |  6 ++---
 hash_intmd5.c            | 10 ++++---
 hash_nettle.c            | 10 ++++---
 hash_nss.c               | 10 ++++---
 hash_tomcrypt.c          | 10 ++++---
 keys.c                   | 60 +++---------------------------------------
 keys.h                   |  7 +++--
 ntp_auth.c               | 38 ++-------------------------
 ntp_auth.h               |  9 -------
 ntp_core.c               | 36 ++++++++++++-------------
 ntp_signd.c              | 20 --------------
 ntp_signd.h              |  3 ---
 nts_ke_session.c         | 68 +++++++++++++++++++++++++++---------------------
 nts_ke_session.h         |  2 +-
 nts_ntp_auth.c           |  5 +++-
 nts_ntp_server.c         |  5 ++++
 stubs.c                  | 15 +++--------
 test/unit/cmac.c         | 12 +++++----
 test/unit/hash.c         |  9 ++++---
 test/unit/keys.c         |  1 -
 test/unit/nts_ntp_auth.c |  4 +++
 25 files changed, 150 insertions(+), 236 deletions(-)


hooks/post-receive
-- 
chrony/chrony.git

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/