New upstream version 3.3

1 files changed, 31 insertions, 7 deletions

diff --git a/INSTALL b/INSTALL
index c734166..ebaf9d3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -9,8 +9,8 @@ After unpacking the source code, change directory into it, and type
 ./configure
 
 This is a shell script that automatically determines the system type. There is
-a single optional parameter, --prefix which indicates the directory tree where
-the software should be installed. For example,
+an optional parameter --prefix, which indicates the directory tree where the
+software should be installed. For example,
 
 ./configure --prefix=/opt/free
 
@@ -20,7 +20,7 @@ program into /opt/free/bin. The default value for the prefix is /usr/local.
 The configure script assumes you want to use gcc as your compiler. If you want
 to use a different compiler, you can configure this way:
 
-CC=cc CFLAGS=-O ./configure --prefix=/opt/free
+CC=cc ./configure --prefix=/opt/free
 
 for Bourne-family shells, or
 
@@ -38,6 +38,18 @@ will be built with support for dropping root privileges. On other systems no
 extra library is needed. The default user which chronyd should run as can be
 specified with the --with-user option of the configure script.
 
+If development files for the POSIX threads library are available, chronyd will
+be built with support for asynchronous resolving of hostnames specified in the
+server, peer, and pool directives. This allows chronyd operating as a server to
+respond to client requests when resolving a hostname. If you don't want to
+enable the support, specify the --disable-asyncdns flag to configure.
+
+If development files for the Nettle, NSS, or libtomcrypt library are available,
+chronyd will be built with support for other cryptographic hash functions than
+MD5, which can be used for NTP authentication with a symmetric key. If you
+don't want to enable the support, specify the --disable-sechash flag to
+configure.
+
 If development files for the editline or readline library are available,
 chronyc will be built with line editing support. If you don't want this,
 specify the --disable-readline flag to configure.
@@ -47,6 +59,9 @@ will be built with PPS API reference clock driver. If the header is installed
 in a location that isn't normally searched by the compiler, you can add it to
 the searched locations by setting the CPPFLAGS variable to -I/path/to/timepps.
 
+The --help option can be specified to configure to print all options supported
+by the script.
+
 Now type
 
 make
@@ -84,6 +99,15 @@ unprivileged user for chronyd and specify it with the -u command-line option or
 the user directive in the configuration file, or set the default user with the
 --with-user configure option before building.
 
+Support for system call filtering
+
+chronyd can be built with support for the Linux secure computing (seccomp)
+facility. This requires development files for the libseccomp library and the
+--enable-scfilter option specified to configure. The -F option of chronyd will
+enable a system call filter, which should significantly reduce the kernel
+attack surface and possibly prevent kernel exploits from chronyd if it is
+compromised.
+
 Support for line editing libraries
 
 chronyc can be built with support for line editing, this allows you to use the
@@ -127,9 +151,9 @@ Extra options for package builders
 The configure and make procedures have some extra options that may be useful if
 you are building a distribution package for chrony.
 
-The --mandir=DIR option to configure specifies an install directory for the man
-pages. This overrides the man subdirectory of the argument to the --prefix
-option.
+The --mandir=DIR option to configure specifies an installation directory for
+the man pages. This overrides the man subdirectory of the argument to the
+--prefix option.
 
 ./configure --prefix=/usr --mandir=/usr/share/man
 
@@ -147,4 +171,4 @@ tar cvf - . | gzip -9 > chrony.tar.gz
 to build a package. When untarred within the root directory, this will install
 the files to the intended final locations.
 
-Last updated 2017-09-15 08:32:09 CEST
+Last updated 2018-04-04 09:18:44 CEST