Home | History | Annotate | Download | only in tlsdate
      1 0.0.13 Thu 28, May, 2015
      2   Update default host to google.com - www.ptb.de randomized timestamps
      3 0.0.12 Sun 26, Oct, 2014
      4   Fix AppArmor for tlsdated: allow unprivileged helper to read the time.
      5   Update tlsdated systemd service file.
      6   Various little fixes and an early release to make the Debian Freeze!
      7 0.0.11 Mon 20, Oct, 2014
      8   Fix routeup flushing when using stdout (Avery Pennarun).
      9   Update AppArmor profile to support multiarch systems.
     10   Instruct syslog to properly output tlsdated and pid information.
     11     (This closes: https://github.com/ioerror/tlsdate/issues/144 )
     12   Fix -Wsizeof-pointer-memaccess in build of tlsdated unit test.
     13   FreeBSD build improvements (Fabian Keil).
     14   Update man pages.
     15   Update AppArmor profile to remove unused stanzas.
     16   Fix seccomp filter support on x86 systems (Will Drewry).
     17   Refactor chatty tlsdated logging output to make it quiet.
     18   Close syslog after tlsdated finishes using it.
     19   Update systemd and init.d scripts for Debian.
     20 0.0.10 Fri 26, Sep, 2014 
     21   tlsdated removed from /usr/bin and now is only in /usr/sbin
     22   This release is because 0.0.9 had two trivial bugs. Argh.
     23 0.0.9 Fri 25, Sep, 2014
     24   Fix missing function prototype.
     25   major libevent refactor by Will Drewry and Elly Fong-Jones of Google.
     26   tlsdated should now function properly on ChromeOS and Debian GNU/Linux
     27   Add ability to set COMPILE_DATE at configure/build time.
     28   Add support for deterministic builds on Debian GNU/*.
     29 0.0.8 Sun 14, Sep, 2014
     30   Add Debian GNU/Hurd and Debian GNU/kFreeBSD build support.
     31   Fix build on FreeBSD 10 and 11.
     32   Add FreeBSD (9.2 & 11-CURRENT) support for tlsdate and
     33     tlsdate-helper. (Fabian Keil).
     34   Update man pages (Kartik Mistry, Holger Levsen).
     35   tlsdate will now abort if time fetch has a long delay (Avery Pennarun).
     36   Updates for tlsdate related systemd service (Holger Levsen).
     37   Check previously unchecked return codes (Brian Aker).
     38   Update headers to reflect the correct location (Brian Aker).
     39   Addition of various TODO items.
     40   Update git tag to reference new GnuPG key
     41     Key fingerprint = D2C6 7D20 E9C3 6C2A C5FE  74A2 D255 D3F5 C868 227F
     42   Update tlsdate HTTPS user-agent to reflect proper version number
     43 0.0.7 Sat 2 Nov, 2013
     44   Add tentative -plan9.[ch] versions of tlsdate-helper.
     45   Add -x option to tlsdated to override source proxies.
     46   Correctly check SANs against target host when using proxies.
     47   Fix a race in tlsdate-dbus-announce that can cause signal drops.
     48   Support -l argument to tlsdated.
     49   Pass -l and -v arguments from tlsdated to tlsdate.
     50   Log more verbosely at tlsdated startup.
     51   Add FreeBSD support for tlsdate and tlsdate-helper.
     52   Add Android build support with Android NDK for tlsdate.
     53   Add NetBSD 6.0.1 support for tlsdate and tlsdate-helper.
     54   Add OpenBSD 5.2 support for tldate and tlsdate-helper.
     55   Add official support for Debian, Ubuntu, CentOS, Fedora, RHEL, OpenSUSE,
     56     and Arch GNU/Linux distros.
     57   Add Mac OS X 10.8.3 support
     58   Extensive setup/install documentation is now present in INSTALL for most OSes
     59   Add DragonFly BSD 3.3 support
     60   Refactored subprocess watching.
     61   Added integration tests. Run with ./run-tests
     62   Refactored event loop.
     63   Added suspend/resume RTC corruption detection.
     64   Add -w option to get time from HTTPS header instead of from TLS ServerHello
     65   Update AppArmor profile
     66   Add simple systemd service file
     67   Extra verbose output available with -vv; useful verbosity is -v
     68 0.0.6 Mon 18 Feb, 2013
     69   Ensure that tlsdate compiles with g++ by explicit casting rather than
     70   implicit casting by whatever compiler is compiling tlsdate.
     71   Fix a logic bug in CN parsing caught by Ryan Sleevi of the Google Chrome Team
     72     Further fixes by Thijs Alkemade
     73   Add PolarSSL support (We no longer require OpenSSL to function!)
     74     Thanks to Paul Bakker and the PolarSSL team!
     75   Experimental Mac OS X (10.8.2) support
     76     Thanks to Brian Aker and Ingy dt Net for pair programming time
     77 0.0.5 Web 23 Jan, 2013
     78   Fix spelling error in tlsdate-helper
     79   Update man pages formatting
     80   Add Seccomp-BPF policies to be used with Minijail
     81   Update CA cert file to remove TRKTRUST
     82   Support both CA certificate files or directories full of CA certs
     83     Currently /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf
     84   Support announcing time updates over DBus with --enable-dbus
     85     This introduces the 'tlsdate-dbus-announce' utility
     86   Add support for lcov/gcov at build time
     87     See ./configure --enable-code-coverage-checks and make lcov
     88   Don't hardfail if DEFAULT_RTC_DEVICE cannot be opened, even if desired
     89     Raspberry PI users rejoice (if the fix works)
     90   Support -j to add jitter to tlsdated time checks.
     91   Exponential backoff when TLS connections fail.
     92   Add config file support (have a look at man/tlsdated.conf.5)
     93   Support multiple hosts for time fetches
     94     Add multiple hosts to your tlsdated.conf file today
     95   Add simple AppArmor profile for /usr/bin/tlsdate-dbus-announce
     96   Update AppArmor profile for tlsdated
     97 0.0.4 Wed 7 Nov, 2012
     98   Fixup CHANGELOG and properly tag
     99     Version Numbers Are Free! Hooray!
    100   Update certificate data in ca-roots/
    101   tlsdate will now call tlsdate-helper with an absolute path
    102     Pointed out ages ago by 0xabad1dea and others as a better execlp path
    103     forward for execution.
    104 0.0.3 Mon 5 Nov, 2012
    105   Add tlsdate-routeup man page
    106   Update all man pages to reference other related man pages
    107   Fix deb Makefile target
    108   Update documentation
    109   misc src changes (retab, formatting, includes, etc)
    110   Update AppArmor profiles
    111   Add HTTP/socks4a/socks5 proxy support and update man page documentation
    112 0.0.2 Mon 29 Oct, 2012
    113   Released at the Metalab in Vienna during their third #CryptoParty
    114   Add '-n' and '--dont-set-clock' option to fetch but not set time
    115   Add '-V' and '--showtime' option to display remote time
    116   Add '-t' and '--timewarp' option
    117     If the local clock is before RECENT_COMPILE_DATE; we set the clock to the
    118     RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we
    119     leave the clock alone. Clock setting is performed as the first operation
    120     and will impact certificate verification. Specifically, this option is
    121     helpful if on first boot, the local system clock is set back to the era
    122     of Disco and Terrible Hair. This should ensure that 
    123     X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are not
    124     encountered because of a broken RTC or the lack of a local RTC; we assume
    125     that tlsdate is recompiled yearly and that all certificates are otherwise
    126     considered valid.
    127   Add '-l' and '--leap'
    128     Normally, the passing of time or time yet to come ensures that SSL verify
    129     functions will fail to validate certificates. Commonly,
    130     X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED are painfully
    131     annoying but still very important error states. When the only issue with
    132     the certificates in question is the timing information, this option allows
    133     one to trust the remote system's time, as long as it is after
    134     RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will
    135     only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or
    136     X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The
    137     SSL verify function will not return X509_V_OK if there are any other
    138     issues, such as self-signed certificates or if the user pins to a CA that
    139     is not used by the remote server. This is useful if your RTC is broken on
    140     boot and you are unable to use DNSSEC until you've at least had some kind
    141     of leap of cryptographically assured data.
    142   Update usage documentation
    143   Move {*.c,h} into src/
    144   Move *.1 into man/
    145   Update TODO list to reflect desired changes
    146   Update AppArmor profile to restrict {tlsdate,tlsdate-helper,tlsdated,tlsdate-routeup}
    147   Update AUTHORS file to include a new email address
    148   Update CHANGELOG
    149     Added proper date for the 0.0.1 release
    150     (Added all of the above items, obviously)
    151   Print key bit length and key type information
    152   Update Copyright headers to include the Great Christian Grothoff
    153   Ensure key bit length and key type values are reasonable
    154   Add CommonName and SAN checking
    155   Add enumeration and printing of other x.509 extensions in SAN checking
    156   Add SAN checking for iPAddress field per RFC2818
    157   Various small bug fixes
    158   Fixed various tiny memory leaks
    159   Added compat layer library for future multi-platform support by David Goulet
    160   Compile output is now largely silent by default
    161   Wildcard certificate verification per RFC 2595
    162   Add list of trusted CA certs to /etc/tlsdate/tlsdate-ca-roots.conf
    163   Add Makefile target to update trusted CA certs from Mozilla's NSS trust root
    164   Add tlsdated daemon
    165   Add tlsdated documentation
    166 
    167 0.0.1 Fri Jul 13, 2012
    168   First git tagged release
    169