168 lines
8.5 KiB
Text
168 lines
8.5 KiB
Text
0.0.13 Thu 28, May, 2015
|
|
Update default host to google.com - www.ptb.de randomized timestamps
|
|
0.0.12 Sun 26, Oct, 2014
|
|
Fix AppArmor for tlsdated: allow unprivileged helper to read the time.
|
|
Update tlsdated systemd service file.
|
|
Various little fixes and an early release to make the Debian Freeze!
|
|
0.0.11 Mon 20, Oct, 2014
|
|
Fix routeup flushing when using stdout (Avery Pennarun).
|
|
Update AppArmor profile to support multiarch systems.
|
|
Instruct syslog to properly output tlsdated and pid information.
|
|
(This closes: https://github.com/ioerror/tlsdate/issues/144 )
|
|
Fix -Wsizeof-pointer-memaccess in build of tlsdated unit test.
|
|
FreeBSD build improvements (Fabian Keil).
|
|
Update man pages.
|
|
Update AppArmor profile to remove unused stanzas.
|
|
Fix seccomp filter support on x86 systems (Will Drewry).
|
|
Refactor chatty tlsdated logging output to make it quiet.
|
|
Close syslog after tlsdated finishes using it.
|
|
Update systemd and init.d scripts for Debian.
|
|
0.0.10 Fri 26, Sep, 2014
|
|
tlsdated removed from /usr/bin and now is only in /usr/sbin
|
|
This release is because 0.0.9 had two trivial bugs. Argh.
|
|
0.0.9 Fri 25, Sep, 2014
|
|
Fix missing function prototype.
|
|
major libevent refactor by Will Drewry and Elly Fong-Jones of Google.
|
|
tlsdated should now function properly on ChromeOS and Debian GNU/Linux
|
|
Add ability to set COMPILE_DATE at configure/build time.
|
|
Add support for deterministic builds on Debian GNU/*.
|
|
0.0.8 Sun 14, Sep, 2014
|
|
Add Debian GNU/Hurd and Debian GNU/kFreeBSD build support.
|
|
Fix build on FreeBSD 10 and 11.
|
|
Add FreeBSD (9.2 & 11-CURRENT) support for tlsdate and
|
|
tlsdate-helper. (Fabian Keil).
|
|
Update man pages (Kartik Mistry, Holger Levsen).
|
|
tlsdate will now abort if time fetch has a long delay (Avery Pennarun).
|
|
Updates for tlsdate related systemd service (Holger Levsen).
|
|
Check previously unchecked return codes (Brian Aker).
|
|
Update headers to reflect the correct location (Brian Aker).
|
|
Addition of various TODO items.
|
|
Update git tag to reference new GnuPG key
|
|
Key fingerprint = D2C6 7D20 E9C3 6C2A C5FE 74A2 D255 D3F5 C868 227F
|
|
Update tlsdate HTTPS user-agent to reflect proper version number
|
|
0.0.7 Sat 2 Nov, 2013
|
|
Add tentative -plan9.[ch] versions of tlsdate-helper.
|
|
Add -x option to tlsdated to override source proxies.
|
|
Correctly check SANs against target host when using proxies.
|
|
Fix a race in tlsdate-dbus-announce that can cause signal drops.
|
|
Support -l argument to tlsdated.
|
|
Pass -l and -v arguments from tlsdated to tlsdate.
|
|
Log more verbosely at tlsdated startup.
|
|
Add FreeBSD support for tlsdate and tlsdate-helper.
|
|
Add Android build support with Android NDK for tlsdate.
|
|
Add NetBSD 6.0.1 support for tlsdate and tlsdate-helper.
|
|
Add OpenBSD 5.2 support for tldate and tlsdate-helper.
|
|
Add official support for Debian, Ubuntu, CentOS, Fedora, RHEL, OpenSUSE,
|
|
and Arch GNU/Linux distros.
|
|
Add Mac OS X 10.8.3 support
|
|
Extensive setup/install documentation is now present in INSTALL for most OSes
|
|
Add DragonFly BSD 3.3 support
|
|
Refactored subprocess watching.
|
|
Added integration tests. Run with ./run-tests
|
|
Refactored event loop.
|
|
Added suspend/resume RTC corruption detection.
|
|
Add -w option to get time from HTTPS header instead of from TLS ServerHello
|
|
Update AppArmor profile
|
|
Add simple systemd service file
|
|
Extra verbose output available with -vv; useful verbosity is -v
|
|
0.0.6 Mon 18 Feb, 2013
|
|
Ensure that tlsdate compiles with g++ by explicit casting rather than
|
|
implicit casting by whatever compiler is compiling tlsdate.
|
|
Fix a logic bug in CN parsing caught by Ryan Sleevi of the Google Chrome Team
|
|
Further fixes by Thijs Alkemade
|
|
Add PolarSSL support (We no longer require OpenSSL to function!)
|
|
Thanks to Paul Bakker and the PolarSSL team!
|
|
Experimental Mac OS X (10.8.2) support
|
|
Thanks to Brian Aker and Ingy döt Net for pair programming time
|
|
0.0.5 Web 23 Jan, 2013
|
|
Fix spelling error in tlsdate-helper
|
|
Update man pages formatting
|
|
Add Seccomp-BPF policies to be used with Minijail
|
|
Update CA cert file to remove TÜRKTRUST
|
|
Support both CA certificate files or directories full of CA certs
|
|
Currently /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf
|
|
Support announcing time updates over DBus with --enable-dbus
|
|
This introduces the 'tlsdate-dbus-announce' utility
|
|
Add support for lcov/gcov at build time
|
|
See ./configure --enable-code-coverage-checks and make lcov
|
|
Don't hardfail if DEFAULT_RTC_DEVICE cannot be opened, even if desired
|
|
Raspberry PI users rejoice (if the fix works)
|
|
Support -j to add jitter to tlsdated time checks.
|
|
Exponential backoff when TLS connections fail.
|
|
Add config file support (have a look at man/tlsdated.conf.5)
|
|
Support multiple hosts for time fetches
|
|
Add multiple hosts to your tlsdated.conf file today
|
|
Add simple AppArmor profile for /usr/bin/tlsdate-dbus-announce
|
|
Update AppArmor profile for tlsdated
|
|
0.0.4 Wed 7 Nov, 2012
|
|
Fixup CHANGELOG and properly tag
|
|
Version Numbers Are Free! Hooray!
|
|
Update certificate data in ca-roots/
|
|
tlsdate will now call tlsdate-helper with an absolute path
|
|
Pointed out ages ago by 0xabad1dea and others as a better execlp path
|
|
forward for execution.
|
|
0.0.3 Mon 5 Nov, 2012
|
|
Add tlsdate-routeup man page
|
|
Update all man pages to reference other related man pages
|
|
Fix deb Makefile target
|
|
Update documentation
|
|
misc src changes (retab, formatting, includes, etc)
|
|
Update AppArmor profiles
|
|
Add HTTP/socks4a/socks5 proxy support and update man page documentation
|
|
0.0.2 Mon 29 Oct, 2012
|
|
Released at the Metalab in Vienna during their third #CryptoParty
|
|
Add '-n' and '--dont-set-clock' option to fetch but not set time
|
|
Add '-V' and '--showtime' option to display remote time
|
|
Add '-t' and '--timewarp' option
|
|
If the local clock is before RECENT_COMPILE_DATE; we set the clock to the
|
|
RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we
|
|
leave the clock alone. Clock setting is performed as the first operation
|
|
and will impact certificate verification. Specifically, this option is
|
|
helpful if on first boot, the local system clock is set back to the era
|
|
of Disco and Terrible Hair. This should ensure that
|
|
X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are not
|
|
encountered because of a broken RTC or the lack of a local RTC; we assume
|
|
that tlsdate is recompiled yearly and that all certificates are otherwise
|
|
considered valid.
|
|
Add '-l' and '--leap'
|
|
Normally, the passing of time or time yet to come ensures that SSL verify
|
|
functions will fail to validate certificates. Commonly,
|
|
X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED are painfully
|
|
annoying but still very important error states. When the only issue with
|
|
the certificates in question is the timing information, this option allows
|
|
one to trust the remote system's time, as long as it is after
|
|
RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will
|
|
only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or
|
|
X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The
|
|
SSL verify function will not return X509_V_OK if there are any other
|
|
issues, such as self-signed certificates or if the user pins to a CA that
|
|
is not used by the remote server. This is useful if your RTC is broken on
|
|
boot and you are unable to use DNSSEC until you've at least had some kind
|
|
of leap of cryptographically assured data.
|
|
Update usage documentation
|
|
Move {*.c,h} into src/
|
|
Move *.1 into man/
|
|
Update TODO list to reflect desired changes
|
|
Update AppArmor profile to restrict {tlsdate,tlsdate-helper,tlsdated,tlsdate-routeup}
|
|
Update AUTHORS file to include a new email address
|
|
Update CHANGELOG
|
|
Added proper date for the 0.0.1 release
|
|
(Added all of the above items, obviously)
|
|
Print key bit length and key type information
|
|
Update Copyright headers to include the Great Christian Grothoff
|
|
Ensure key bit length and key type values are reasonable
|
|
Add CommonName and SAN checking
|
|
Add enumeration and printing of other x.509 extensions in SAN checking
|
|
Add SAN checking for iPAddress field per RFC2818
|
|
Various small bug fixes
|
|
Fixed various tiny memory leaks
|
|
Added compat layer library for future multi-platform support by David Goulet
|
|
Compile output is now largely silent by default
|
|
Wildcard certificate verification per RFC 2595
|
|
Add list of trusted CA certs to /etc/tlsdate/tlsdate-ca-roots.conf
|
|
Add Makefile target to update trusted CA certs from Mozilla's NSS trust root
|
|
Add tlsdated daemon
|
|
Add tlsdated documentation
|
|
|
|
0.0.1 Fri Jul 13, 2012
|
|
First git tagged release
|