NEWS

1.3.2 - 2024-04-22
    * Zig port: Drop support for 0.11.0 (0.12.0 is current)

1.3.1 - 2024-03-03
    * Zig port: tiny bugfix to allow building on 0.11.0 again

1.3.0 - 2024-03-03
    * Coredumps are disabled at startup via setrlimit()
    * Process address space locked into memory at startup via
      mlockall(), if running as root.
    * Various keys are now stored in local stack vars, rather than
      sodium_malloc allocations (the above changes bring most of the same
      benefits with less complexity).
    * Zig port is now pure Zig (no longer links libc or libsodium), but
      there's still a few bits in lsys.zig and getopt.zig that should be
      upstreamed to std in some form.

1.2.0 - 2024-02-27
    * TL;DR - No user-visible functional changes, but some log outputs
      changed and a ton of internal refactoring/cleanup happened
    * CLI Usage output reformatted
    * Several error messages improved
    * Log outputs to stderr are all prefixed by one of the strings: "info:",
      "error:", or "FATAL:"
    * More constraints checking at compile time
    * More error checking for unlikely failure modes and silly inputs
    * Lots of other misc internal refactoring/improvements
    * An EXPERIMENTAL port to Zig was added alongside the normal C version
      here in the same source tree.  See bottom of README.md for details.

1.1.0 - 2024-02-13
    * libev dependency removed.  The timing loop is now done manually, and
      just as correctly AFAIK, via clock_gettime() and clock_nanosleep().
      This makes everything simpler all around, but I wasn't confident in
      this mechanism until I explored the option a bit more!
    * Default interval changed from 6h to 24h.  Deploying this version will
      cause a rift in your keys if you're using the default interval.
    * Some stderr log outputs cleaned up a bit.
    * The CLI options used for software testing (-[VPT]) are no longer
      documented in README.md or the CLI usage output, but they are
      present in the man page in a separate section.  Also, -T now
      always implies -o.
    * The options -k and -a are now explicitly mutually exclusive.
    * Various internal refactorings to improve code quality, etc.
    * Documentation updated for clarity.

1.0.2 - 2024-02-07
    * Made the error messages for certain kinds of read() and write() failures
      less-confusing and more-informative.
    * Autokey file perms on creation changed from 0400 to 0600, to make it
      possible for it to truncate files it created in previous runs, in certain
      error cases.
    * Fixed the potential leak of a single fd in a corner-case error condition
      on startup in autokey mode.

1.0.1 - 2024-01-30
    * Minor fixups to manpage formatting
    * Minor source code formatting (wrap lines >= 100)
    * Some verbose (-v) stderr outputs changed in order to be a
      bit less confusing and/or over-verbose
    * A few pedantic fixups to improve the security of secret key
      data while loaded in memory for use

1.0.0 - 2024-01-24
    * Minor build improvements (dependencies, rundir stuff)
    * Minor code/documentation refactors/improvements
    * Example systemd unit gained a Documentation line and Restart=on-failure
    * Switching to semver-style versioning from here forward and calling it
      "stable".

0.9 - 2024-01-23
    * Minor fixup to Makefile CPPFLAGS handling, so that critical defines are
      not lost when package build systems set their own CPPFLAGS.

0.8 - 2024-01-23
    * Made "-k" optional rather than required.  When -k is not specified, the
      daemon attempts to auto-generate a local random key and persist it to
      the run directory for future use.  This mode of operation is only useful
      to get smoothly rotated keys on a single host; it cannot help you with
      synchronization across a cluster.
    * New option "-a" allows overriding the default path the autokey is stored
      to on disk (no effect if -k is used).
    * Moved the default installation directory for the main binary to
      /usr/sbin instead of /usr/bin
    * Updated example systemd unit to use sbin and no arguments, which means
      default autokeying.  This allows it to be deployed from distro packaging
      successfully without human intervention to e.g. deploy a real key.

0.7 - 2024-01-22
    * The slow tests (make test SLOW_TESTS=1) now utilize a small python script
      and the python nacl module to actually validate the calculated TFO keys
      and their timing.
    * The example systemd unit now has After=time-sync.target
    * Some of the -v verbose output is less-verbose than before
    * The format of the leaky verbose lines with keys in them changed slightly
      (it now includes the generation time)
    * The daemon now outputs at least one line noting the time every time a new
      set of keys is generated, even in non-verbose mode.
    * Internal refactoring for code clarity

0.6 - 2024-01-19
    * Added a basic manpage
    * A few documentation improvements
    * Makefile improvements, hopefully helps packaging

0.5 - 2024-01-18
    * Disallow setting an odd number as a custom interval value, as this
      would slowly make a mess of the half-interval periodic timer.

0.4 - 2024-01-18
    * Added github workflow to run basic make check on ubuntu-latest
    * Included the commit with the updated testsuite data to match KDF
      ctx change mentioned below (oops!).

0.3 - 2024-01-18
    Mostly internal refactoring, but also changed the KDF context value
    to be the program name.  This seems more-correct, but it is a
    breaking change for key compatibility, so may as well push it out as
    a new release quickly (we're still on day 1 here, don't sue me!).

0.2 - 2024-01-18
    Added support for systemd type=notify, to ensure dependent services
    can rely on the keys being initially set before they start. No new
    build dependencies, and does nothing if NOTIFY_SOCKET env var is not
    set by systemd.  Updated example unit file to match as well.

0.1 - 2024-01-18
    Initial release