=== modified file 'Makefile'
--- Makefile	2016-10-08 04:33:04 +0000
+++ Makefile	2016-10-29 14:22:26 +0000
@@ -283,15 +283,17 @@
 run-client: all keydir/seckey.txt keydir/pubkey.txt
 	@echo "###################################################################"
 	@echo "# The following error messages are harmless and can be safely     #"
-	@echo "# ignored.  The messages are caused by not running as root, but   #"
-	@echo "# you should NOT run \"make run-client\" as root unless you also    #"
-	@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
+	@echo "# ignored:                                                        #"
 	@echo "# From plugin-runner: setgid: Operation not permitted             #"
 	@echo "#                     setuid: Operation not permitted             #"
 	@echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 	@echo "# From mandos-client:                                             #"
 	@echo "#             Failed to raise privileges: Operation not permitted #"
 	@echo "#             Warning: network hook \"*\" exited with status *      #"
+	@echo "#                                                                 #"
+	@echo "# (The messages are caused by not running as root, but you should #"
+	@echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
+	@echo "# compiled Mandos as root, which is also NOT recommended.)        #"
 	@echo "###################################################################"
 # We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 	./plugin-runner --plugin-dir=plugins.d \

=== modified file 'debian/control'
--- debian/control	2016-06-24 21:44:40 +0000
+++ debian/control	2017-01-21 22:22:44 +0000
@@ -5,9 +5,9 @@
 Uploaders: Teddy Hogeborn <teddy@recompile.se>,
 	   Björn Påhlsson <belorn@recompile.se>
 Build-Depends: debhelper (>= 9), docbook-xml, docbook-xsl,
-	libavahi-core-dev, libgpgme11-dev, libgnutls28-dev (>= 3.3.0)
-	| gnutls-dev (>= 3.3.0), xsltproc, pkg-config,
-	libnl-route-3-dev
+	libavahi-core-dev, libgpgme-dev | libgpgme11-dev,
+	libgnutls28-dev (>= 3.3.0) | gnutls-dev (>= 3.3.0),
+	xsltproc, pkg-config, libnl-route-3-dev
 Build-Depends-Indep: systemd, python (>= 2.7), python (<< 3),
 	python-dbus, python-gi
 Standards-Version: 3.9.8
@@ -20,7 +20,7 @@
 Depends: ${misc:Depends}, python (>= 2.7), python (<< 3),
 	libgnutls28-dev (>= 3.3.0) | libgnutls30 (>= 3.3.0),
 	python-dbus, python-gi, avahi-daemon, adduser, python-urwid,
-	gnupg
+	gnupg2 | gnupg, systemd-sysv | lsb-base (>= 3.0-6)
 Recommends: ssh-client | fping
 Description: server giving encrypted passwords to Mandos clients
  This is the server part of the Mandos system, which allows

=== modified file 'debian/mandos-client.postinst'
--- debian/mandos-client.postinst	2016-06-23 19:46:41 +0000
+++ debian/mandos-client.postinst	2016-10-09 22:35:41 +0000
@@ -57,6 +57,7 @@
 	return 0
     fi
     mandos-keygen
+    gpg-connect-agent KILLAGENT /bye || :
 }
 
 create_dh_params(){

=== modified file 'intro.xml'
--- intro.xml	2016-03-23 07:11:22 +0000
+++ intro.xml	2016-11-26 23:21:16 +0000
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-<!ENTITY TIMESTAMP "2016-03-22">
+<!ENTITY TIMESTAMP "2016-11-27">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -77,6 +77,8 @@
   <refsect1 id="introduction">
     <title>INTRODUCTION</title>
     <para>
+      <!-- This paragraph is a combination and paraphrase of two
+           quotes from the 1995 movie “The Usual Suspects”. -->
       You know how it is.  You’ve heard of it happening.  The Man
       comes and takes away your servers, your friends’ servers, the
       servers of everybody in the same hosting facility. The servers

=== modified file 'mandos'
--- mandos	2016-10-08 04:33:04 +0000
+++ mandos	2016-11-26 23:18:55 +0000
@@ -515,12 +515,11 @@
     _need_version = b"3.3.0"
 
     def __init__(self):
-        # Need to use class name "GnuTLS" here, since this method is
-        # called before the assignment to the "gnutls" global variable
-        # happens.
-        if GnuTLS.check_version(self._need_version) is None:
-            raise GnuTLS.Error("Needs GnuTLS {} or later"
-                               .format(self._need_version))
+        # Need to use "self" here, since this method is called before
+        # the assignment to the "gnutls" global variable happens.
+        if self.check_version(self._need_version) is None:
+            raise self.Error("Needs GnuTLS {} or later"
+                             .format(self._need_version))
 
     # Unless otherwise indicated, the constants and types below are
     # all from the gnutls/gnutls.h C header file.
@@ -1461,6 +1460,7 @@
                          exc_info=error)
         return xmlstring
 
+
 try:
     dbus.OBJECT_MANAGER_IFACE
 except AttributeError:

=== modified file 'mandos-monitor'
--- mandos-monitor	2016-10-08 04:33:04 +0000
+++ mandos-monitor	2016-11-26 23:18:55 +0000
@@ -733,6 +733,7 @@
                 self.refresh()
         return True
 
+
 ui = UserInterface()
 try:
     ui.run()

=== modified file 'mandos.service'
--- mandos.service	2016-03-13 00:37:02 +0000
+++ mandos.service	2016-10-30 21:08:05 +0000
@@ -8,7 +8,7 @@
 ## If the server is configured to not use ZeroConf, these two lines
 ## become unnecessary and should be removed or commented out.
 After=avahi-daemon.service
-RequisiteOverridable=avahi-daemon.service
+Requisite=avahi-daemon.service
 
 [Service]
 ## If the server's D-Bus interface is disabled, the "BusName" setting

=== modified file 'plugin-runner.c'
--- plugin-runner.c	2016-07-03 03:32:28 +0000
+++ plugin-runner.c	2016-12-12 18:25:02 +0000
@@ -792,7 +792,7 @@
   }
   
   if(debug){
-    for(plugin *p = plugin_list; p != NULL; p=p->next){
+    for(plugin *p = plugin_list; p != NULL; p = p->next){
       fprintf(stderr, "Plugin: %s has %d arguments\n",
 	      p->name ? p->name : "Global", p->argc - 1);
       for(char **a = p->argv; *a != NULL; a++){

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2016-10-05 19:56:40 +0000
+++ plugins.d/mandos-client.c	2016-12-12 18:25:02 +0000
@@ -1079,8 +1079,9 @@
     bool match = false;
     {
       char *interface = NULL;
-      while((interface=argz_next(mc->interfaces, mc->interfaces_size,
-				 interface))){
+      while((interface = argz_next(mc->interfaces,
+				   mc->interfaces_size,
+				   interface))){
 	if(if_nametoindex(interface) == (unsigned int)if_index){
 	  match = true;
 	  break;
@@ -2196,7 +2197,7 @@
   
   /* Sleep checking until interface is running.
      Check every 0.25s, up to total time of delay */
-  for(int i=0; i < delay * 4; i++){
+  for(int i = 0; i < delay * 4; i++){
     if(interface_is_running(interface)){
       break;
     }
@@ -3023,9 +3024,9 @@
       /* Take down the network interfaces which were brought up */
       {
 	char *interface = NULL;
-	while((interface=argz_next(interfaces_to_take_down,
-				   interfaces_to_take_down_size,
-				   interface))){
+	while((interface = argz_next(interfaces_to_take_down,
+				     interfaces_to_take_down_size,
+				     interface))){
 	  ret = take_down_interface(interface);
 	  if(ret != 0){
 	    errno = ret;

=== modified file 'plugins.d/plymouth.c'
--- plugins.d/plymouth.c	2016-03-17 20:40:55 +0000
+++ plugins.d/plymouth.c	2016-12-12 18:25:02 +0000
@@ -181,7 +181,7 @@
     }
     char **tmp;
     int i = 0;
-    for (; argv[i]!=NULL; i++){
+    for (; argv[i] != NULL; i++){
       tmp = realloc(new_argv, sizeof(const char *) * ((size_t)i + 2));
       if(tmp == NULL){
 	error_plus(0, errno, "realloc");