| 0.0.13 Thu 28, May, 2015 |
| Update default host to google.com - www.ptb.de randomized timestamps |
| 0.0.12 Sun 26, Oct, 2014 |
| Fix AppArmor for tlsdated: allow unprivileged helper to read the time. |
| Update tlsdated systemd service file. |
| Various little fixes and an early release to make the Debian Freeze! |
| 0.0.11 Mon 20, Oct, 2014 |
| Fix routeup flushing when using stdout (Avery Pennarun). |
| Update AppArmor profile to support multiarch systems. |
| Instruct syslog to properly output tlsdated and pid information. |
| (This closes: https://github.com/ioerror/tlsdate/issues/144 ) |
| Fix -Wsizeof-pointer-memaccess in build of tlsdated unit test. |
| FreeBSD build improvements (Fabian Keil). |
| Update man pages. |
| Update AppArmor profile to remove unused stanzas. |
| Fix seccomp filter support on x86 systems (Will Drewry). |
| Refactor chatty tlsdated logging output to make it quiet. |
| Close syslog after tlsdated finishes using it. |
| Update systemd and init.d scripts for Debian. |
| 0.0.10 Fri 26, Sep, 2014 |
| tlsdated removed from /usr/bin and now is only in /usr/sbin |
| This release is because 0.0.9 had two trivial bugs. Argh. |
| 0.0.9 Fri 25, Sep, 2014 |
| Fix missing function prototype. |
| major libevent refactor by Will Drewry and Elly Fong-Jones of Google. |
| tlsdated should now function properly on ChromeOS and Debian GNU/Linux |
| Add ability to set COMPILE_DATE at configure/build time. |
| Add support for deterministic builds on Debian GNU/*. |
| 0.0.8 Sun 14, Sep, 2014 |
| Add Debian GNU/Hurd and Debian GNU/kFreeBSD build support. |
| Fix build on FreeBSD 10 and 11. |
| Add FreeBSD (9.2 & 11-CURRENT) support for tlsdate and |
| tlsdate-helper. (Fabian Keil). |
| Update man pages (Kartik Mistry, Holger Levsen). |
| tlsdate will now abort if time fetch has a long delay (Avery Pennarun). |
| Updates for tlsdate related systemd service (Holger Levsen). |
| Check previously unchecked return codes (Brian Aker). |
| Update headers to reflect the correct location (Brian Aker). |
| Addition of various TODO items. |
| Update git tag to reference new GnuPG key |
| Key fingerprint = D2C6 7D20 E9C3 6C2A C5FE 74A2 D255 D3F5 C868 227F |
| Update tlsdate HTTPS user-agent to reflect proper version number |
| 0.0.7 Sat 2 Nov, 2013 |
| Add tentative -plan9.[ch] versions of tlsdate-helper. |
| Add -x option to tlsdated to override source proxies. |
| Correctly check SANs against target host when using proxies. |
| Fix a race in tlsdate-dbus-announce that can cause signal drops. |
| Support -l argument to tlsdated. |
| Pass -l and -v arguments from tlsdated to tlsdate. |
| Log more verbosely at tlsdated startup. |
| Add FreeBSD support for tlsdate and tlsdate-helper. |
| Add Android build support with Android NDK for tlsdate. |
| Add NetBSD 6.0.1 support for tlsdate and tlsdate-helper. |
| Add OpenBSD 5.2 support for tldate and tlsdate-helper. |
| Add official support for Debian, Ubuntu, CentOS, Fedora, RHEL, OpenSUSE, |
| and Arch GNU/Linux distros. |
| Add Mac OS X 10.8.3 support |
| Extensive setup/install documentation is now present in INSTALL for most OSes |
| Add DragonFly BSD 3.3 support |
| Refactored subprocess watching. |
| Added integration tests. Run with ./run-tests |
| Refactored event loop. |
| Added suspend/resume RTC corruption detection. |
| Add -w option to get time from HTTPS header instead of from TLS ServerHello |
| Update AppArmor profile |
| Add simple systemd service file |
| Extra verbose output available with -vv; useful verbosity is -v |
| 0.0.6 Mon 18 Feb, 2013 |
| Ensure that tlsdate compiles with g++ by explicit casting rather than |
| implicit casting by whatever compiler is compiling tlsdate. |
| Fix a logic bug in CN parsing caught by Ryan Sleevi of the Google Chrome Team |
| Further fixes by Thijs Alkemade |
| Add PolarSSL support (We no longer require OpenSSL to function!) |
| Thanks to Paul Bakker and the PolarSSL team! |
| Experimental Mac OS X (10.8.2) support |
| Thanks to Brian Aker and Ingy döt Net for pair programming time |
| 0.0.5 Web 23 Jan, 2013 |
| Fix spelling error in tlsdate-helper |
| Update man pages formatting |
| Add Seccomp-BPF policies to be used with Minijail |
| Update CA cert file to remove TÜRKTRUST |
| Support both CA certificate files or directories full of CA certs |
| Currently /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf |
| Support announcing time updates over DBus with --enable-dbus |
| This introduces the 'tlsdate-dbus-announce' utility |
| Add support for lcov/gcov at build time |
| See ./configure --enable-code-coverage-checks and make lcov |
| Don't hardfail if DEFAULT_RTC_DEVICE cannot be opened, even if desired |
| Raspberry PI users rejoice (if the fix works) |
| Support -j to add jitter to tlsdated time checks. |
| Exponential backoff when TLS connections fail. |
| Add config file support (have a look at man/tlsdated.conf.5) |
| Support multiple hosts for time fetches |
| Add multiple hosts to your tlsdated.conf file today |
| Add simple AppArmor profile for /usr/bin/tlsdate-dbus-announce |
| Update AppArmor profile for tlsdated |
| 0.0.4 Wed 7 Nov, 2012 |
| Fixup CHANGELOG and properly tag |
| Version Numbers Are Free! Hooray! |
| Update certificate data in ca-roots/ |
| tlsdate will now call tlsdate-helper with an absolute path |
| Pointed out ages ago by 0xabad1dea and others as a better execlp path |
| forward for execution. |
| 0.0.3 Mon 5 Nov, 2012 |
| Add tlsdate-routeup man page |
| Update all man pages to reference other related man pages |
| Fix deb Makefile target |
| Update documentation |
| misc src changes (retab, formatting, includes, etc) |
| Update AppArmor profiles |
| Add HTTP/socks4a/socks5 proxy support and update man page documentation |
| 0.0.2 Mon 29 Oct, 2012 |
| Released at the Metalab in Vienna during their third #CryptoParty |
| Add '-n' and '--dont-set-clock' option to fetch but not set time |
| Add '-V' and '--showtime' option to display remote time |
| Add '-t' and '--timewarp' option |
| If the local clock is before RECENT_COMPILE_DATE; we set the clock to the |
| RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we |
| leave the clock alone. Clock setting is performed as the first operation |
| and will impact certificate verification. Specifically, this option is |
| helpful if on first boot, the local system clock is set back to the era |
| of Disco and Terrible Hair. This should ensure that |
| X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are not |
| encountered because of a broken RTC or the lack of a local RTC; we assume |
| that tlsdate is recompiled yearly and that all certificates are otherwise |
| considered valid. |
| Add '-l' and '--leap' |
| Normally, the passing of time or time yet to come ensures that SSL verify |
| functions will fail to validate certificates. Commonly, |
| X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED are painfully |
| annoying but still very important error states. When the only issue with |
| the certificates in question is the timing information, this option allows |
| one to trust the remote system's time, as long as it is after |
| RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will |
| only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or |
| X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The |
| SSL verify function will not return X509_V_OK if there are any other |
| issues, such as self-signed certificates or if the user pins to a CA that |
| is not used by the remote server. This is useful if your RTC is broken on |
| boot and you are unable to use DNSSEC until you've at least had some kind |
| of leap of cryptographically assured data. |
| Update usage documentation |
| Move {*.c,h} into src/ |
| Move *.1 into man/ |
| Update TODO list to reflect desired changes |
| Update AppArmor profile to restrict {tlsdate,tlsdate-helper,tlsdated,tlsdate-routeup} |
| Update AUTHORS file to include a new email address |
| Update CHANGELOG |
| Added proper date for the 0.0.1 release |
| (Added all of the above items, obviously) |
| Print key bit length and key type information |
| Update Copyright headers to include the Great Christian Grothoff |
| Ensure key bit length and key type values are reasonable |
| Add CommonName and SAN checking |
| Add enumeration and printing of other x.509 extensions in SAN checking |
| Add SAN checking for iPAddress field per RFC2818 |
| Various small bug fixes |
| Fixed various tiny memory leaks |
| Added compat layer library for future multi-platform support by David Goulet |
| Compile output is now largely silent by default |
| Wildcard certificate verification per RFC 2595 |
| Add list of trusted CA certs to /etc/tlsdate/tlsdate-ca-roots.conf |
| Add Makefile target to update trusted CA certs from Mozilla's NSS trust root |
| Add tlsdated daemon |
| Add tlsdated documentation |
| |
| 0.0.1 Fri Jul 13, 2012 |
| First git tagged release |
