CVS commit: pkgsrc/net/chrony

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/chrony
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Thu, 22 Jan 2026 10:10:19 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Jan 22 10:10:19 UTC 2026

Modified Files:
        pkgsrc/net/chrony: Makefile distinfo
        pkgsrc/net/chrony/patches: patch-client.c
            patch-examples_chrony.conf.example3

Log Message:
chrony: update to 4.8.

Provided by Thomas Kupper on pkgsrc-users.

New in version 4.8
==================

Enhancements
------------
* Add maxunreach option to limit selection of unreachable sources
* Add -u option to chronyc to drop root privileges (default chronyc
  user is set by configure script)

Bug fixes
---------
* Hide chronyc socket to mitigate unsafe permissions change
* Fix refclock extpps option to work on Linux >= 6.15
* Validate refclock samples for reachability updates

New in version 4.7
==================

Enhancements
------------
* Add opencommands directive to select remote monitoring commands
* Add interval option to driftfile directive
* Add waitsynced and waitunsynced options to local directive
* Add sanity checks for integer values in configuration
* Add support for systemd Type=notify service
* Add RTC refclock driver
* Allow PHC refclock to be specified with network interface name
* Don't require multiple refclock samples per poll to simplify
  filter configuration
* Keep refclock reachable when dropping samples with large delay
* Improve quantile-based filtering to adapt faster to larger delay
* Improve logging of selection failures
* Detect clock interference from other processes
* Try to reopen message log (-l option) on cyclelogs command

Bug fixes
---------
* Fix sourcedir reloading to not multiply sources
* Fix tracking offset after failed clock step

Removed features
----------------
* Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
* Drop support for building without POSIX threads

New in version 4.6.1
====================

Enhancements
------------
* Add ntsaeads directive to enable only selected AEAD algorithms for NTS

Workarounds
-----------
* Negotiate use of compliant NTS keys with AES-128-GCM-SIV AEAD algorithm
  (by default the keys are generated differently than in RFC 8915 for
  compatibility with chrony server and client versions 4.4, 4.5, and 4.6)
* Switch to compliant NTS keys if first response from server is NTS NAK

New in version 4.6
==================

Enhancements
------------
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report

Bug fixes
---------
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts

New in version 4.5
==================

Enhancements
------------
* Add support for AES-GCM-SIV in GnuTLS
* Add support for corrections from PTP transparent clocks
* Add support for systemd socket activation

Bug fixes
---------
* Fix presend in interleaved mode
* Fix reloading of modified sources from sourcedir

New in version 4.4
==================

Enhancements
------------
* Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS
  cookies to avoid some length-specific blocking of NTP on Internet
* Add support for multiple refclocks using extpps option on one PHC
* Add maxpoll option to hwtimestamp directive to improve PHC tracking
  with low packet rates
* Add hwtstimeout directive to configure timeout for late timestamps
* Handle late hardware transmit timestamps of NTP requests on all sockets
* Handle mismatched 32/64-bit time_t in SOCK refclock samples
* Improve source replacement
* Log important changes made by command requests (chronyc)
* Refresh address of NTP sources periodically
* Request nanosecond kernel RX timestamping on FreeBSD
* Set DSCP for IPv6 packets
* Shorten NTS-KE retry interval when network is down
* Update seccomp filter for musl
* Warn if loading keys from file with unexpected permissions
* Warn if source selection fails or falseticker is detected
* Add selectopts command to modify source-specific selection options
* Add timestamp sources to serverstats report and make its fields 64-bit
* Add -e option to chronyc to indicate end of response

New in version 4.3
==================

Enhancements
------------
* Add local option to refclock directive to stabilise system clock
  with more stable free-running clock (e.g. TCXO, OCXO)
* Add maxdelayquant option to server/pool/peer directive to replace
  maxdelaydevratio filter with long-term quantile-based filtering
* Add selection option to log directive
* Allow external PPS in PHC refclock without configurable pin
* Don't accept first interleaved response to minimise error in delay
* Don't use arc4random on Linux to avoid server performance loss
* Improve filter option to better handle missing NTP samples
* Improve stability with hardware timestamping and PHC refclock
* Update seccomp filter

Bug fixes
---------
* Fix waitsync command to reconnect when not getting response


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/net/chrony/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/chrony/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/chrony/patches/patch-client.c
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/chrony/Makefile
diff -u pkgsrc/net/chrony/Makefile:1.61 pkgsrc/net/chrony/Makefile:1.62
--- pkgsrc/net/chrony/Makefile:1.61     Wed Jan  7 08:48:14 2026
+++ pkgsrc/net/chrony/Makefile  Thu Jan 22 10:10:19 2026
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.61 2026/01/07 08:48:14 wiz Exp $
+# $NetBSD: Makefile,v 1.62 2026/01/22 10:10:19 wiz Exp $
 
-DISTNAME=      chrony-4.2
-PKGREVISION=   11
+DISTNAME=      chrony-4.8
 CATEGORIES=    net
-MASTER_SITES=  https://www.aydogan.net/distfiles/net/
+MASTER_SITES=  https://chrony-project.org/releases/
 
 MAINTAINER=    hannken%NetBSD.org@localhost
 HOMEPAGE=      https://chrony.tuxfamily.org/
@@ -31,10 +30,10 @@ SUBST_VARS.paths=   PKG_SYSCONFDIR VARBASE
 SUBST_STAGE.paths=     pre-configure
 
 post-install:
-       ${INSTALL_DATA} "${WRKSRC}/examples/chrony.conf.example3" \
-           "${DESTDIR}${EGDIR}/chrony.conf.example";
-       ${INSTALL_DATA} "${WRKSRC}/examples/chrony.keys.example" \
-           "${DESTDIR}${EGDIR}/chrony.keys.example";
+       ${INSTALL_DATA} ${WRKSRC}/examples/chrony.conf.example3 \
+           ${DESTDIR}${EGDIR}/chrony.conf.example
+       ${INSTALL_DATA} ${WRKSRC}/examples/chrony.keys.example \
+           ${DESTDIR}${EGDIR}/chrony.keys.example
 
 CONF_FILES+=   ${EGDIR}/chrony.conf.example \
                ${PKG_SYSCONFDIR}/chrony.conf

Index: pkgsrc/net/chrony/distinfo
diff -u pkgsrc/net/chrony/distinfo:1.19 pkgsrc/net/chrony/distinfo:1.20
--- pkgsrc/net/chrony/distinfo:1.19     Tue Apr 12 14:19:55 2022
+++ pkgsrc/net/chrony/distinfo  Thu Jan 22 10:10:19 2026
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.19 2022/04/12 14:19:55 nia Exp $
+$NetBSD: distinfo,v 1.20 2026/01/22 10:10:19 wiz Exp $
 
-BLAKE2s (chrony-4.2.tar.gz) = 15ae796007e985ff0588afd847d1aaf9ce3681eb6818425d0e87d6fd3ff71bc5
-SHA512 (chrony-4.2.tar.gz) = 7f946b27de605b3ebea62cf23916dfad77c99e8b2338ba239ede6b8216ce436b3d4d87770f371c8d8e006507c51d5c831b51f067957abd2935adfdec3f5aa67d
-Size (chrony-4.2.tar.gz) = 578411 bytes
+BLAKE2s (chrony-4.8.tar.gz) = 34eafb5ca35d3b21b1e3fc496a3b1e5ec1721bbab1d1cf0db8da5a4e8e53859e
+SHA512 (chrony-4.8.tar.gz) = 949b796bb34db32a5c1b9e6b53be6a22e51c59f24a316d585b8a52a52ab1f61bdf0378dc58b282bb0ba4fac1f05e1e99fbe37cb4259aa2b359e7bf679c176aab
+Size (chrony-4.8.tar.gz) = 649368 bytes
 SHA1 (patch-Makefile.in) = 42ebfcdbce472a173890571625efc4fef583d5b6
-SHA1 (patch-client.c) = 4155d6de9899ed599ace4a516f62847dfa723f53
+SHA1 (patch-client.c) = 483c71fc734192002bb0eaaefcb0f73c9aaaa941
 SHA1 (patch-configure) = bf8ab3d81dafafb329402dd0eb4ac276eed10a2f
 SHA1 (patch-doc_Makefile.in) = 8e9902690ff431fd47429d53346faf2ac8f1b923
-SHA1 (patch-examples_chrony.conf.example3) = e26c69b806b970a2e958c94725531e7cbbcfae1c
+SHA1 (patch-examples_chrony.conf.example3) = 52ab12ded077447b79601c0f07257740dd2ec926

Index: pkgsrc/net/chrony/patches/patch-client.c
diff -u pkgsrc/net/chrony/patches/patch-client.c:1.1 pkgsrc/net/chrony/patches/patch-client.c:1.2
--- pkgsrc/net/chrony/patches/patch-client.c:1.1        Fri Mar 12 09:57:18 2021
+++ pkgsrc/net/chrony/patches/patch-client.c    Thu Jan 22 10:10:19 2026
@@ -1,9 +1,9 @@
-$NetBSD: patch-client.c,v 1.1 2021/03/12 09:57:18 nia Exp $
+$NetBSD: patch-client.c,v 1.2 2026/01/22 10:10:19 wiz Exp $
 
 NetBSD provides libedit-as-readline, but chrony wants libedit.
 just include the fake readline header.
 
---- client.c.orig      2020-10-07 15:27:34.000000000 +0000
+--- client.c.orig      2025-08-27 12:05:31.000000000 +0000
 +++ client.c
 @@ -44,7 +44,7 @@
  #include "util.h"
@@ -13,4 +13,4 @@ just include the fake readline header.
 +#include <readline.h>
  #endif
  
- /* ================================================== */
+ #define MAX_UNIX_SOCKET_LENGTH (sizeof ((struct sockaddr_un *)NULL)->sun_path)

Index: pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3
diff -u pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3:1.2 pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3:1.3
--- pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3:1.2   Fri Mar 12 09:57:18 2021
+++ pkgsrc/net/chrony/patches/patch-examples_chrony.conf.example3       Thu Jan 22 10:10:19 2026
@@ -1,8 +1,8 @@
-$NetBSD: patch-examples_chrony.conf.example3,v 1.2 2021/03/12 09:57:18 nia Exp $
+$NetBSD: patch-examples_chrony.conf.example3,v 1.3 2026/01/22 10:10:19 wiz Exp $
 
 Prepare for SUBST, not processed by configure.
 
---- examples/chrony.conf.example3.orig 2020-10-07 15:27:34.000000000 +0000
+--- examples/chrony.conf.example3.orig 2025-08-27 12:05:31.000000000 +0000
 +++ examples/chrony.conf.example3
 @@ -1,7 +1,7 @@
  #######################################################################
@@ -13,7 +13,7 @@ Prepare for SUBST, not processed by conf
  # want to enable.  The more obscure options are not included.  Refer
  # to the documentation for these.
  #
-@@ -79,12 +79,12 @@
+@@ -81,12 +81,12 @@
  # immediately so that it doesn't gain or lose any more time.  You
  # generally want this, so it is uncommented.
  
@@ -28,7 +28,7 @@ Prepare for SUBST, not processed by conf
  
  # If you specify an NTP server with the nts option to enable authentication
  # with the Network Time Security (NTS) mechanism, or enable server NTS with
-@@ -92,15 +92,15 @@ driftfile /var/lib/chrony/drift
+@@ -94,15 +94,15 @@ driftfile /var/lib/chrony/drift
  # allow the client/server to save the NTS keys and cookies in order to reduce
  # the number of key establishments (NTS-KE sessions).
  
@@ -40,14 +40,14 @@ Prepare for SUBST, not processed by conf
  # and edit the following lines to specify the locations of the certificate and
  # key.
  
--! ntsservercert /etc/.../foo.example.net.crt
--! ntsserverkey /etc/.../foo.example.net.key
-+! ntsservercert @PKG_SYSCONFDIR@/.../foo.example.net.crt
-+! ntsserverkey @PKG_SYSCONFDIR@/.../foo.example.net.key
+-! ntsservercert /etc/.../nts-server.crt
+-! ntsserverkey /etc/.../nts-server.key
++! ntsservercert @PKG_SYSCONFDIR@/.../nts-server.crt
++! ntsserverkey @PKG_SYSCONFDIR@/.../nts-server.key
  
  # chronyd can save the measurement history for the servers to files when
  # it exits.  This is useful in 2 situations:
-@@ -117,14 +117,14 @@ ntsdumpdir /var/lib/chrony
+@@ -119,14 +119,14 @@ ntsdumpdir /var/lib/chrony
  #
  # Uncomment the following line to use this.
  
@@ -62,9 +62,9 @@ Prepare for SUBST, not processed by conf
 -! pidfile /var/run/chrony/chronyd.pid
 +! pidfile @VARBASE@/run/chrony/chronyd.pid
  
- # If the system timezone database is kept up to date and includes the
- # right/UTC timezone, chronyd can use it to determine the current
-@@ -165,7 +165,7 @@ ntsdumpdir /var/lib/chrony
+ # The system timezone database usually comes with a list of leap seconds and
+ # corresponding TAI-UTC offsets.  chronyd can use it to set the offset of the
+@@ -167,7 +167,7 @@ ntsdumpdir /var/lib/chrony
  # produce some graphs of your system's timekeeping performance, or you
  # need help in debugging a problem.
  
@@ -73,7 +73,7 @@ Prepare for SUBST, not processed by conf
  ! log measurements statistics tracking
  
  # If you have real time clock support enabled (see below), you might want
-@@ -289,7 +289,7 @@ ntsdumpdir /var/lib/chrony
+@@ -291,7 +291,7 @@ ntsdumpdir /var/lib/chrony
  # You need to have 'enhanced RTC support' compiled into your Linux
  # kernel.  (Note, these options apply only to Linux.)

Prev by Date: CVS commit: pkgsrc/sysutils/syslog-ng-snmp
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/sysutils/syslog-ng-snmp
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index