Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, Could you please accept chrony 1.30-2+deb8u2 in the next jessie point release? It fixes three issues of different magnitudes. The most important one is the fix for CVE-2016-1567 though it didn’t warrant a DSA. The next one might sound probably not important enough to be fixed in a stable point release but it has some nasty consequences. We are mistakenly deleting the content of /var/lib/chrony on package removal. This directory contains the driftfile and the measurement history for each time source. The former file has a particularly important role, it stores the gain or loss rate of the system clock relative to the RTC which could take some time to calculate depending of how crappy the RTC is so it would be definitely better if we could avoid to delete it each time chrony is upgraded or installed from Config-Files state. To conclude, the last fix revises the postrotate script from the logrotate configuration file. It suffers from two issues, the first one is that it assumes the commandkey directive from chrony.conf takes ID 1, that’s not necessarily true! Also, as leading tabs aren’t ignored in the heredoc, the delimiting identifier is passed to chronyc option causing some noise (Unrecognized command) in logs. To fix that issue, I could have appended a minus sign to “<<” but that wouldn’t have solved the other the other one, consequently I decided to just make use of the dedicated option provided by chronyc to fix both problems. Voilà, hope that’s receivable! Have a good day, Vincent -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
