[chrony-users] chrony-2.2-pre1 released

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


The first prerelease for chrony-2.2 is now available.

The most significant change is support for the command and monitoring
protocol over Unix domain socket, which replaces authentication with
the command key. This simplifies the configuration and it should also
make the protocol more secure as only few monitoring commands can now
be allowed for remote hosts. Users that need to configure chronyd
remotely or locally as an ordinary user should consider using ssh
and/or sudo to run chronyc on the server under the root user or the
user under which chronyd is running when configured to drop the root
privileges.

The sources can be downloaded here:
http://download.tuxfamily.org/chrony/chrony-2.2-pre1.tar.gz

MD5 and SHA1 sums:
cb9381ec832e937fe4324aceea681060  RELEASES/chrony-2.2-pre1.tar.gz
131e5ed17167e6b28607d3bc8c73f27a6add917a  RELEASES/chrony-2.2-pre1.tar.gz

Changes since version 2.1.1:

Enhancements
------------
* Add support for configuration and monitoring over Unix domain socket
  (accessible by root or chrony user when root privileges are dropped)
* Add support for system call filtering with seccomp on Linux
* Add support for dropping root privileges on NetBSD
* Control frequency of system clock on FreeBSD, NetBSD, Solaris
* Add system leap second handling mode on FreeBSD, NetBSD, Solaris
* Add dynamic drift removal on Mac OS X
* Add support for setting real-time priority on Mac OS X
* Add maxdistance directive to limit source selection by root distance
* Add refresh command to get new addresses of NTP sources
* Allow wildcard patterns in include directive
* Add -d option to chronyc to enable debug messages
* Allow multiple addresses to be specified for chronyc with -h option
  and reconnect when no valid reply is received

Bug fixes
---------
* Fix building on Solaris
* Restore time from driftfile with -s option if reading RTC failed

Removed features
----------------
* Drop support for authentication with command key (run-time configuration
  is now allowed only for local users that can access the Unix domain socket)

-- 
Miroslav Lichvar

Attachment: pgpOTJaD5pptJ.pgp
Description: PGP signature



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/