chrony 3.4-4ubuntu1 source package in Ubuntu

Changelog

chrony (3.4-4ubuntu1) eoan; urgency=medium

  * Merge with Debian unstable (LP: #1828992). Remaining changes:
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
      Chrony is a single service which acts as both NTP client (i.e. syncing the
      local clock) and NTP server (i.e. providing NTP services to the network),
      and that is both desired and expected in the vast majority of cases.
      But in containers syncing the local clock is usually impossible, but this
      shall not break the providing of NTP services to the network.
      To some extent this makes chrony's default config more similar to 'ntpd',
      which complained in syslog but still provided NTP server service in those
      cases.
      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
      + debian/control: add new dependency libcap2-bin for capsh (usually
        installed anyway, but make them explicit to be sure).
      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
        (Default off) [fixed a minor typo in the comment in this update]
      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
        containers on a default installation and avoid failing to sync time (or
        if allowed to sync, avoid multiple containers to fight over it by
        accident).
      + debian/install: make chrony-starter.sh available on install.
      + debian/docs, debian/README.container: provide documentation about the
        handling of this case.
    - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
      (LP 1771994)
  * Added Changes:
    - removed d/init to avoid weird interactions between sysV and systemd
  * Dropped Changes:
    - Notify chrony to update sources in response to systemd-networkd
      events (LP: 1718227)
      + d/links: link dispatcher script to networkd-dispatcher events routable
        and off
      + d/control: set Recommends to networkd-dispatcher
      [Those are in Debian, except that we agreed to have networkd-dispatcher
       to only be a Suggests]

chrony (3.4-4) unstable; urgency=medium

  * debian/patches/*:
    - Add allow-further-syscalls-in-seccomp-filter.patch. Supplementing the
    seccomp filter whitelist with those syscalls is a prerequisite, notably for
    the arm64 architecture.

  [ Leigh Brown ]
  * debian/patches/*:
    - Add allow-recv-send-in-seccomp-filter.patch. Necessary on armel and
    ppc64el. Other architectures might also be affected. (Closes: #924494)

chrony (3.4-3) unstable; urgency=medium

  * debian/.gitlab-ci.yml:
    - Check for missing hardening flags.

  * debian/patches/*:
    - Add allow-_llseek-in-seccomp-filter.patch. Needed on various 32-bit
    plateforms to log the {raw}measurements and statistics information when
    the seccomp filter is enabled. Thanks a lot to Francesco Poli (wintermute)
    <email address hidden> for the report. (Closes: #923137)
    - Add allow-waitpid-in-seccomp-filter.patch. Needed to correctly stop
    chronyd on some plateforms when the seccomp filter is enabled.

chrony (3.4-2) unstable; urgency=medium

  * debian/.gitlab-ci.yml:
    - Replace home-made GitLab CI with the standard Salsa pipeline.
    - Allow autopkgtest job to fail. The time-sources-from-dhcp-servers test
    currently fails due to a testbed issue on salsa CI.

  * debian/chrony.default:
    - Enable the system call filter by default.

  * debian/control:
    - Bump standard-version to 4.3.0 (no changes required).
    - Use the new debhelper-compat (= 12) notation and drop d/compat.
    - Add Pre-Depends: ${misc:Pre-Depends}. Debhelper compatibility level 12
    makes use of the “--skip-systemd-native” flag from “invoke-rc.d”. Adding
    Pre-Depends: ${misc:Pre-Depends} to d/control ensure that we have a recent
    enough version of “init-system-helpers”.
    - Suggest networkd-dispatcher.

  * debian/copyright:
    - Add myself as a copyright holder for 2019.

  * debian/links:
    - Now that “networkd-dispatcher” is in the Debian archive, link
    NetworkManager dispatcher script to networkd-dispatcher routable and off
    states. Patch cherry-picked from Ubuntu; thanks to Christian Ehrhardt
    <email address hidden> for working on this.

  * debian/NEWS:
    - Report that a system call filter is now enabled by default and the way
    to disable it if needed.

  * debian/rules:
    - Don’t enable the system call filter on some architectures due to missing
    support in the “libseccomp” and/or the Linux kernel.

  * debian/upstream/:
    - Strip upstream key from extra signatures. Thanks lintian!
    - Remove the Miroslav-Lichvar.txt file as it serves no purpose.

  * debian/usr.sbin.chronyd:
    - Don’t include “tunables/sys”. The etc/apparmor.d/tunables/sys file has
    been deprecated in AppArmor 2.13.1! The @{sys} variable is now defined in
    “tunables/kernelvars” which is included in “tunables/global”.

 -- Christian Ehrhardt <email address hidden>  Tue, 14 May 2019 12:49:30 +0200