=== modified file 'Makefile'
--- Makefile	2016-03-19 22:00:38 +0000
+++ Makefile	2016-03-23 07:14:57 +0000
@@ -436,6 +436,8 @@
 		> $(MANDIR)/man8/askpass-fifo.8mandos.gz
 	gzip --best --to-stdout plugins.d/plymouth.8mandos \
 		> $(MANDIR)/man8/plymouth.8mandos.gz
+	gzip --best --to-stdout intro.8mandos \
+		> $(MANDIR)/man8/intro.8mandos.gz
 
 install-client: install-client-nokey
 # Post-installation stuff

=== modified file 'README'
--- README	2012-01-01 20:45:53 +0000
+++ README	2016-03-23 07:11:22 +0000
@@ -1,4 +1,4 @@
-Please see: http://www.recompile.se/mandos/man/intro.8mandos
+Please see: https://www.recompile.se/mandos/man/intro.8mandos
 
 This information previously in this file has been moved to the
 intro(8mandos) manual page.  Go to the above URL, or install the

=== modified file 'TODO'
--- TODO	2016-03-19 03:51:23 +0000
+++ TODO	2016-06-03 16:42:05 +0000
@@ -40,6 +40,8 @@
 ** TODO [#B] --notify-command
    This would allow the mandos.service to use
    --notify-command="systemd-notify --pid --ready"
+** TODO [#B] python-systemd
+*** import systemd.daemon; systemd.daemon.notify()
 ** TODO [#B] Log level							  :BUGS:
 *** TODO /etc/mandos/clients.d/*.conf
     Watch this directory and add/remove/update clients?

=== modified file 'debian/control'
--- debian/control	2016-03-12 23:42:38 +0000
+++ debian/control	2016-06-03 16:42:05 +0000
@@ -10,10 +10,10 @@
 	libnl-route-3-dev
 Build-Depends-Indep: systemd, python (>= 2.7), python (<< 3),
 	python-dbus, python-gi
-Standards-Version: 3.9.7
+Standards-Version: 3.9.8
 Vcs-Bzr: http://ftp.recompile.se/pub/mandos/trunk
 Vcs-Browser: http://bzr.recompile.se/loggerhead/mandos/trunk/files
-Homepage: http://www.recompile.se/mandos
+Homepage: https://www.recompile.se/mandos
 
 Package: mandos
 Architecture: all

=== modified file 'debian/copyright'
--- debian/copyright	2016-02-28 14:22:10 +0000
+++ debian/copyright	2016-03-23 07:11:22 +0000
@@ -1,7 +1,7 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: Mandos
 Upstream-Contact: Mandos <mandos@recompile.se>
-Source: <http://www.recompile.se/mandos>
+Source: <https://www.recompile.se/mandos>
 
 Files: *
 Copyright: Copyright © 2008-2016 Teddy Hogeborn

=== modified file 'debian/mandos-client.README.Debian'
--- debian/mandos-client.README.Debian	2015-07-12 01:25:14 +0000
+++ debian/mandos-client.README.Debian	2016-06-03 17:02:10 +0000
@@ -43,9 +43,9 @@
   automatically detected.  If this should result in incorrect
   interfaces, edit the DEVICE setting in the
   "/etc/initramfs-tools/initramfs.conf" file.  (The default setting is
-  empty, meaning it will autodetect the interface.)  *If* the DEVICE
+  empty, meaning it will autodetect the interfaces.)  *If* the DEVICE
   setting is changed, it will be necessary to update the initrd image
-  by running the command
+  by running this command:
   
 	update-initramfs -k all -u
   
@@ -106,4 +106,4 @@
   policy or other reasons, simply replace the existing dhparams.pem
   file and update the initital RAM disk image.
 
- -- Teddy Hogeborn <teddy@recompile.se>, Sun, 12 Jul 2015 03:24:24 +0200
+ -- Teddy Hogeborn <teddy@recompile.se>, Tue,  5 Apr 2016 08:53:39 +0200

=== modified file 'initramfs-tools-hook'
--- initramfs-tools-hook	2016-03-19 04:26:32 +0000
+++ initramfs-tools-hook	2016-06-21 19:13:11 +0000
@@ -186,6 +186,11 @@
 	    copy_exec /usr/bin/gpgconf
 	fi
 	gpg="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg:[^:]*://p'`"
+	gpgagent="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg-agent:[^:]*://p'`"
+	# Newer versions of GnuPG 2 requires the gpg-agent binary
+	if [ -e "$gpgagent" ] && [ ! -e "${DESTDIR}$gpgagent" ]; then
+	    copy_exec "$gpgagent"
+	fi
     fi
 elif dpkg --compare-versions "$libgpgme11_version" ge 1.4.1-0.1; then
     gpg=/usr/bin/gpg2

=== modified file 'intro.xml'
--- intro.xml	2016-03-05 21:42:56 +0000
+++ intro.xml	2016-03-23 07:11:22 +0000
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-<!ENTITY TIMESTAMP "2016-03-05">
+<!ENTITY TIMESTAMP "2016-03-22">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -417,7 +417,7 @@
     <variablelist>
       <varlistentry>
 	<term>
-	  <ulink url="http://www.recompile.se/mandos">Mandos</ulink>
+	  <ulink url="https://www.recompile.se/mandos">Mandos</ulink>
 	</term>
 	<listitem>
 	  <para>

=== modified file 'mandos'
--- mandos	2016-03-19 22:00:38 +0000
+++ mandos	2016-06-03 18:28:39 +0000
@@ -86,13 +86,30 @@
 import xml.dom.minidom
 import inspect
 
+# Try to find the value of SO_BINDTODEVICE:
 try:
+    # This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and
+    # newer, and it is also the most natural place for it:
     SO_BINDTODEVICE = socket.SO_BINDTODEVICE
 except AttributeError:
     try:
+        # This is where SO_BINDTODEVICE was up to and including Python
+        # 2.6, and also 3.2:
         from IN import SO_BINDTODEVICE
     except ImportError:
-        SO_BINDTODEVICE = None
+        # In Python 2.7 it seems to have been removed entirely.
+        # Try running the C preprocessor:
+        try:
+            cc = subprocess.Popen(["cc", "--language=c", "-E",
+                                   "/dev/stdin"],
+                                  stdin=subprocess.PIPE,
+                                  stdout=subprocess.PIPE)
+            stdout = cc.communicate(
+                "#include <sys/socket.h>\nSO_BINDTODEVICE\n")[0]
+            SO_BINDTODEVICE = int(stdout.splitlines()[-1])
+        except (OSError, ValueError, IndexError):
+            # No value found
+            SO_BINDTODEVICE = None
 
 if sys.version_info.major == 2:
     str = unicode
@@ -180,8 +197,10 @@
         self.gnupgargs = ['--batch',
                           '--homedir', self.tempdir,
                           '--force-mdc',
-                          '--quiet',
-                          '--no-use-agent']
+                          '--quiet']
+        # Only GPG version 1 has the --no-use-agent option.
+        if self.gpg == "gpg" or self.gpg.endswith("/gpg"):
+            self.gnupgargs.append("--no-use-agent")
     
     def __enter__(self):
         return self
@@ -2172,7 +2191,8 @@
             priority = self.server.gnutls_priority
             if priority is None:
                 priority = "NORMAL"
-            gnutls.priority_set_direct(session._c_object, priority,
+            gnutls.priority_set_direct(session._c_object,
+                                       priority.encode("utf-8"),
                                        None)
             
             # Start communication using the Mandos protocol
@@ -2435,27 +2455,27 @@
         bind to an address or port if they were not specified."""
         if self.interface is not None:
             if SO_BINDTODEVICE is None:
-                logger.error("SO_BINDTODEVICE does not exist;"
-                             " cannot bind to interface %s",
-                             self.interface)
-            else:
-                try:
-                    self.socket.setsockopt(
-                        socket.SOL_SOCKET, SO_BINDTODEVICE,
-                        (self.interface + "\0").encode("utf-8"))
-                except socket.error as error:
-                    if error.errno == errno.EPERM:
-                        logger.error("No permission to bind to"
-                                     " interface %s", self.interface)
-                    elif error.errno == errno.ENOPROTOOPT:
-                        logger.error("SO_BINDTODEVICE not available;"
-                                     " cannot bind to interface %s",
-                                     self.interface)
-                    elif error.errno == errno.ENODEV:
-                        logger.error("Interface %s does not exist,"
-                                     " cannot bind", self.interface)
-                    else:
-                        raise
+                # Fall back to a hard-coded value which seems to be
+                # common enough.
+                logger.warning("SO_BINDTODEVICE not found, trying 25")
+                SO_BINDTODEVICE = 25
+            try:
+                self.socket.setsockopt(
+                    socket.SOL_SOCKET, SO_BINDTODEVICE,
+                    (self.interface + "\0").encode("utf-8"))
+            except socket.error as error:
+                if error.errno == errno.EPERM:
+                    logger.error("No permission to bind to"
+                                 " interface %s", self.interface)
+                elif error.errno == errno.ENOPROTOOPT:
+                    logger.error("SO_BINDTODEVICE not available;"
+                                 " cannot bind to interface %s",
+                                 self.interface)
+                elif error.errno == errno.ENODEV:
+                    logger.error("Interface %s does not exist,"
+                                 " cannot bind", self.interface)
+                else:
+                    raise
         # Only bind(2) the socket if we really need to.
         if self.server_address[0] or self.server_address[1]:
             if not self.server_address[0]:
@@ -3307,13 +3327,17 @@
         
         mandos_dbus_service = MandosDBusService()
     
+    # Save modules to variables to exempt the modules from being
+    # unloaded before the function registered with atexit() is run.
+    mp = multiprocessing
+    wn = wnull
     def cleanup():
         "Cleanup function; run on exit"
         if zeroconf:
             service.cleanup()
         
-        multiprocessing.active_children()
-        wnull.close()
+        mp.active_children()
+        wn.close()
         if not (tcp_server.clients or client_settings):
             return
         

=== modified file 'mandos-keygen'
--- mandos-keygen	2016-03-19 22:00:38 +0000
+++ mandos-keygen	2016-06-03 17:18:46 +0000
@@ -285,7 +285,7 @@
     esac
     
     if [ $SSH -eq 1 ]; then
-	for ssh_keytype in ed25519 rsa; do
+	for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
 	    set +e
 	    ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"
 	    set -e

=== modified file 'mandos.lsm'
--- mandos.lsm	2016-03-19 22:00:38 +0000
+++ mandos.lsm	2016-03-23 07:11:22 +0000
@@ -11,7 +11,7 @@
 		belorn@recompile.se (Björn Påhlsson)
 Maintained-by:	teddy@recompile.se (Teddy Hogeborn),
 		belorn@recompile.se (Björn Påhlsson)
-Primary-site:	http://www.recompile.se/mandos
+Primary-site:	https://www.recompile.se/mandos
 		172K mandos_1.7.7.orig.tar.gz
 Alternate-site:	ftp://ftp.recompile.se/pub/mandos
 		172K mandos_1.7.7.orig.tar.gz