| [chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.4-pre1-9-gde678ff |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via de678ff780a6902a7969db9add2e5a4b77a25f01 (commit)
via e16bcca61787788dd42fca6cbae9b87176e8a213 (commit)
via b57d7040b3c9c65abb2043de42d65a4e10820af2 (commit)
via c80858f7388afa128fa05621d4122e8fa6e210e8 (commit)
via 81bf7cdcdc0a871ef3a3a3f1430f17d0ca217b9d (commit)
via b8b3830dc4b51265d3a3e0e85fb143ad13a7dbc3 (commit)
from d4738e1259f97ee14687300ee01e6e6da4701bb4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit de678ff780a6902a7969db9add2e5a4b77a25f01
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed May 24 15:41:45 2023 +0200
doc: clarify limitation of refresh command
commit e16bcca61787788dd42fca6cbae9b87176e8a213
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed May 24 10:56:07 2023 +0200
sys_linux: allow membarrier in seccomp filter
This system call is used by musl.
Reported-by: jvoisin <julien.voisin@xxxxxxxxxx>
commit b57d7040b3c9c65abb2043de42d65a4e10820af2
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue May 23 16:36:25 2023 +0200
configure: add option to disable AES-GCM-SIV support
commit c80858f7388afa128fa05621d4122e8fa6e210e8
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue May 23 15:40:47 2023 +0200
nts: remove superfluous semicolon
commit 81bf7cdcdc0a871ef3a3a3f1430f17d0ca217b9d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue May 23 15:37:06 2023 +0200
nts: initialize unused part of server key
Initialize the unused part of shorter server NTS keys (AES-128-GCM-SIV)
loaded from ntsdumpdir to avoid sending uninitialized data in requests
to the NTS-KE helper process.
Do that also for newly generated keys in case the memory will be
allocated dynamically.
Fixes: b1230efac333 ("nts: add support for encrypting cookies with AES-128-GCM-SIV")
commit b8b3830dc4b51265d3a3e0e85fb143ad13a7dbc3
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Mon May 22 11:58:41 2023 +0200
ntp: randomize address selection on all source replacements
If the resolver orders addresses by IP family, there is more than one
address in the preferred IP family, and they are all reachable, but
not selectable (e.g. falsetickers in a small pool which cannot remove
them from DNS), chronyd is unable to switch to addresses in the other IP
family as it follows the resolver's order.
Enable randomization of the address selection for all source
replacements and not just replacement of (unreachable) tentative
sources. If the system doesn't have connectivity in the other family,
the addresses will be skipped and no change in behavior should be
observed.
-----------------------------------------------------------------------
Summary of changes:
configure | 7 ++++++-
doc/chronyc.adoc | 6 +++---
ntp_sources.c | 10 +++++-----
nts_ke_server.c | 4 +++-
sys_linux.c | 3 +++
test/compilation/003-sanitizers | 1 +
test/unit/nts_ke_server.c | 10 +++++++---
7 files changed, 28 insertions(+), 13 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.