=== modified file 'Makefile'
--- Makefile	2009-01-06 05:10:34 +0000
+++ Makefile	2009-01-10 05:41:16 +0000
@@ -9,8 +9,9 @@
 #DEBUG=-ggdb3
 # For info about _FORTIFY_SOURCE, see
 # <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
-FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -pie
-LINK_FORTIFY=-z relro -pie
+FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE
+LINK_FORTIFY_LD=-z relro -fPIE
+LINK_FORTIFY=-pie
 #COVERAGE=--coverage
 OPTIMIZE=-Os
 LANGUAGE=-std=gnu99
@@ -45,7 +46,7 @@
 CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 	$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 	-DVERSION='"$(version)"'
-LDFLAGS=$(COVERAGE) $(foreach flag,$(LINK_FORTIFY),-Xlinker $(flag))
+LDFLAGS=$(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
 # Commands to format a DocBook <refentry> document into a manual page
 DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
@@ -170,6 +171,9 @@
 	$(SED) --in-place \
 		--expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
 		$@
+	$(SED) --in-place \
+		--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
+		$@
 
 plugins.d/mandos-client: plugins.d/mandos-client.o
 	$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
@@ -194,7 +198,8 @@
 run-client: all keydir/seckey.txt keydir/pubkey.txt
 	./plugin-runner --plugin-dir=plugins.d \
 		--config-file=plugin-runner.conf \
-		--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt
+		--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
+		$(CLIENTARGS)
 
 # Used by run-client
 keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
@@ -203,7 +208,7 @@
 
 # Run the server with a local config
 run-server: confdir/mandos.conf confdir/clients.conf
-	./mandos --debug --configdir=confdir
+	./mandos --debug --configdir=confdir $(SERVERARGS)
 
 # Used by run-server
 confdir/mandos.conf: mandos.conf

=== modified file 'clients.conf'
--- clients.conf	2008-09-21 13:42:34 +0000
+++ clients.conf	2009-01-08 03:54:06 +0000
@@ -14,7 +14,7 @@
 ;interval = 5m
 
 # What command to run as "the checker".
-;checker = fping -q -- %(host)s
+;checker = fping -q -- %%(host)s
 
 
 ;####

=== modified file 'mandos'
--- mandos	2009-01-06 05:10:34 +0000
+++ mandos	2009-01-10 05:41:16 +0000
@@ -972,7 +972,7 @@
     # Parse config file with clients
     client_defaults = { "timeout": "1h",
                         "interval": "5m",
-                        "checker": "fping -q -- %(host)s",
+                        "checker": "fping -q -- %%(host)s",
                         "host": "",
                         }
     client_config = ConfigParser.SafeConfigParser(client_defaults)
@@ -993,23 +993,17 @@
     
     try:
         uid = pwd.getpwnam("_mandos").pw_uid
+        gid = pwd.getpwnam("_mandos").pw_gid
     except KeyError:
         try:
             uid = pwd.getpwnam("mandos").pw_uid
+            gid = pwd.getpwnam("mandos").pw_gid
         except KeyError:
             try:
                 uid = pwd.getpwnam("nobody").pw_uid
+                gid = pwd.getpwnam("nogroup").pw_gid
             except KeyError:
                 uid = 65534
-    try:
-        gid = pwd.getpwnam("_mandos").pw_gid
-    except KeyError:
-        try:
-            gid = pwd.getpwnam("mandos").pw_gid
-        except KeyError:
-            try:
-                gid = pwd.getpwnam("nogroup").pw_gid
-            except KeyError:
                 gid = 65534
     try:
         os.setuid(uid)

=== modified file 'mandos-clients.conf.xml'
--- mandos-clients.conf.xml	2009-01-04 21:54:55 +0000
+++ mandos-clients.conf.xml	2009-01-08 03:54:06 +0000
@@ -3,7 +3,7 @@
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY CONFNAME "mandos-clients.conf">
 <!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
-<!ENTITY TIMESTAMP "2009-01-04">
+<!ENTITY TIMESTAMP "2009-01-08">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -170,7 +170,7 @@
 	    <varname>PATH</varname> will be searched.  The default
 	    value for the checker command is <quote><literal
 	    ><command>fping</command> <option>-q</option> <option
-	    >--</option> %(host)s</literal></quote>.
+	    >--</option> %%(host)s</literal></quote>.
 	  </para>
 	  <para>
 	    In addition to normal start time expansion, this option
@@ -351,7 +351,7 @@
 [DEFAULT]
 timeout = 1h
 interval = 5m
-checker = fping -q -- %(host)s
+checker = fping -q -- %%(host)s
 
 # Client "foo"
 [foo]

=== modified file 'plugin-runner.c'
--- plugin-runner.c	2009-01-04 21:54:55 +0000
+++ plugin-runner.c	2009-01-06 22:49:50 +0000
@@ -309,6 +309,7 @@
   struct stat st;
   fd_set rfds_all;
   int ret, maxfd = 0;
+  ssize_t sret;
   uid_t uid = 65534;
   gid_t gid = 65534;
   bool debug = false;
@@ -546,7 +547,6 @@
     char *org_line = NULL;
     char *p, *arg, *new_arg, *line;
     size_t size = 0;
-    ssize_t sret;
     const char whitespace_delims[] = " \r\t\f\v\n";
     const char comment_delim[] = "#";
 
@@ -1019,18 +1019,18 @@
 	proc->buffer_size += BUFFER_SIZE;
       }
       /* Read from the process */
-      ret = read(proc->fd, proc->buffer + proc->buffer_length,
-		 BUFFER_SIZE);
-      if(ret < 0){
+      sret = read(proc->fd, proc->buffer + proc->buffer_length,
+		  BUFFER_SIZE);
+      if(sret < 0){
 	/* Read error from this process; ignore the error */
 	proc = proc->next;
 	continue;
       }
-      if(ret == 0){
+      if(sret == 0){
 	/* got EOF */
 	proc->eof = true;
       } else {
-	proc->buffer_length += (size_t) ret;
+	proc->buffer_length += (size_t) sret;
       }
     }
   }

=== modified file 'plugins.d/askpass-fifo.c'
--- plugins.d/askpass-fifo.c	2009-01-04 21:54:55 +0000
+++ plugins.d/askpass-fifo.c	2009-01-10 02:21:13 +0000
@@ -43,14 +43,14 @@
   
   /* Create FIFO */
   const char passfifo[] = "/lib/cryptsetup/passfifo";
-  ret = TEMP_FAILURE_RETRY(mkfifo(passfifo, S_IRUSR | S_IWUSR));
+  ret = (int)TEMP_FAILURE_RETRY(mkfifo(passfifo, S_IRUSR | S_IWUSR));
   if(ret == -1 and errno != EEXIST){
     perror("mkfifo");
     return EXIT_FAILURE;
   }
   
   /* Open FIFO */
-  int fifo_fd = TEMP_FAILURE_RETRY(open(passfifo, O_RDONLY));
+  int fifo_fd = (int)TEMP_FAILURE_RETRY(open(passfifo, O_RDONLY));
   if(fifo_fd == -1){
     perror("open");
     return EXIT_FAILURE;

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2009-01-04 21:54:55 +0000
+++ plugins.d/mandos-client.c	2009-01-10 02:21:13 +0000
@@ -156,7 +156,7 @@
     int fd;
     gpgme_data_t pgp_data;
     
-    fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
+    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
     if(fd == -1){
       perror("open");
       return false;
@@ -176,7 +176,7 @@
       return false;
     }
     
-    ret = TEMP_FAILURE_RETRY(close(fd));
+    ret = (int)TEMP_FAILURE_RETRY(close(fd));
     if(ret == -1){
       perror("close");
     }
@@ -501,6 +501,7 @@
 				      AvahiIfIndex if_index,
 				      mandos_context *mc){
   int ret, tcp_sd;
+  ssize_t sret;
   union { struct sockaddr in; struct sockaddr_in6 in6; } to;
   char *buffer = NULL;
   char *decrypted_buffer;
@@ -577,7 +578,7 @@
   written = 0;
   while (true){
     size_t out_size = strlen(out);
-    ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
+    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
 				   out_size - written));
     if (ret == -1){
       perror("write");
@@ -632,13 +633,13 @@
       goto mandos_end;
     }
     
-    ret = gnutls_record_recv(session, buffer+buffer_length,
-			     BUFFER_SIZE);
-    if (ret == 0){
+    sret = gnutls_record_recv(session, buffer+buffer_length,
+			      BUFFER_SIZE);
+    if (sret == 0){
       break;
     }
-    if (ret < 0){
-      switch(ret){
+    if (sret < 0){
+      switch(sret){
       case GNUTLS_E_INTERRUPTED:
       case GNUTLS_E_AGAIN:
 	break;
@@ -661,7 +662,7 @@
 	goto mandos_end;
       }
     } else {
-      buffer_length += (size_t) ret;
+      buffer_length += (size_t) sret;
     }
   }
   
@@ -703,7 +704,7 @@
   
  mandos_end:
   free(buffer);
-  ret = TEMP_FAILURE_RETRY(close(tcp_sd));
+  ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
   if(ret == -1){
     perror("close");
   }
@@ -940,7 +941,7 @@
 	  goto end;
 	}
       }
-      ret = TEMP_FAILURE_RETRY(close(sd));
+      ret = (int)TEMP_FAILURE_RETRY(close(sd));
       if(ret == -1){
 	perror("close");
       }

=== modified file 'plugins.d/password-prompt.c'
--- plugins.d/password-prompt.c	2009-01-04 21:54:55 +0000
+++ plugins.d/password-prompt.c	2009-01-08 03:54:06 +0000
@@ -79,7 +79,7 @@
 	.doc = "Debug mode", .group = 3 },
       { .name = NULL }
     };
-  
+    
     error_t parse_opt (int key, char *arg, struct argp_state *state) {
       /* Get the INPUT argument from `argp_parse', which we know is a
 	 pointer to our plugin list pointer. */
@@ -100,7 +100,7 @@
       }
       return 0;
     }
-  
+    
     struct argp argp = { .options = options, .parser = parse_opt,
 			 .args_doc = "",
 			 .doc = "Mandos password-prompt -- Read and"
@@ -111,7 +111,7 @@
       return EXIT_FAILURE;
     }
   }
-    
+  
   if (debug){
     fprintf(stderr, "Starting %s\n", argv[0]);
   }
@@ -250,7 +250,7 @@
       fprintf(stderr, "getline() returned 0, retrying.\n");
     }
   }
-
+  
   free(buffer);
   
   if (debug){

=== modified file 'plugins.d/usplash.c'
--- plugins.d/usplash.c	2009-01-04 21:54:55 +0000
+++ plugins.d/usplash.c	2009-01-10 02:21:13 +0000
@@ -92,10 +92,11 @@
   }
   
   size_t written = 0;
+  ssize_t sret = 0;
   while(not interrupted_by_signal and written < cmd_line_len){
-    ret = write(fifo_fd, cmd_line + written,
-		cmd_line_len - written);
-    if(ret == -1){
+    sret = write(fifo_fd, cmd_line + written,
+		 cmd_line_len - written);
+    if(sret == -1){
       if(errno != EINTR or interrupted_by_signal){
 	int e = errno;
 	close(fifo_fd);
@@ -106,7 +107,7 @@
 	continue;
       }
     }
-    written += (size_t)ret;
+    written += (size_t)sret;
   }
   free(cmd_line_alloc);
   do{