1
1
This NEWS file records noteworthy changes, very tersely.
2
2
See the manual for detailed information.
4
Version 1.6.1 (2013-10-13)
6
** All client options for time intervals now also take an RFC 3339
7
duration. The same for all options to mandos-ctl.
8
** Bug fix: Handle fast checkers (like ":") correctly.
9
** Bug fix: Don't print output from checkers when running in
11
** Bug fix: Do not fail when client is removed from clients.conf but
12
saved settings remain.
13
** Bug fix: mandos-monitor now displays standout (reverse video) again
14
using new version of Urwid.
15
** Bug fix: Make boolean options work from the config file again.
16
** Bug fix: Make --no-ipv6 work again.
17
** New default priority string to be slightly more compatible with
18
older versions of GnuTLS.
20
** Bug fix: Fix bashism in mandos-keygen.
21
** Default key and subkey types are now RSA and RSA, respectively.
22
Also, new default key size is 4096 bits.
24
Version 1.6.0 (2012-06-18)
26
** Takes new --foreground option
27
** Init script supports new "status" action.
29
** Now uses all interfaces by default; the --interface option can
30
still be used to restrict it, and the argument to --interface (as
31
well as the $DEVICE environment variable for the network hooks) is
32
now a comma-separated list of interfaces to use.
34
Version 1.5.5 (2012-06-01)
36
** Server takes new --socket option
38
Version 1.5.4 (2012-05-20)
40
** Bug fix: Regression fix: Make non-zero approval timeout values work.
41
** Bug fix: Regression fix: Allow changing the Timeout D-Bus property.
42
** Fall back to not bind to an interface if an invalid interface name
44
** Removed support for undocumented feature of using plain "%%s" in
45
"checker" client option.
46
** Old D-Bus interface are now marked as deprecated.
47
** mandos-monitor: Bug fix: show approval timers correctly.
48
** mandos-ctl: Show "Extended Timeout" correctly, not as milliseconds.
50
Version 1.5.3 (2012-01-15)
52
** Add D-Bus property se.recompile.Client.LastCheckerStatus and use it
55
** Fix bugs in the example "bridge" network hook.
57
Version 1.5.2 (2012-01-08)
59
** Removed D-Bus signal se.recompile.Mandos.NewRequest() added in
60
1.5.0. It was buggy and was of questionable utility.
62
Version 1.5.1 (2012-01-01)
64
** Include intro(8mandos) manual page, missing since migration from
65
README file in version 1.4.0.
67
Version 1.5.0 (2012-01-01)
69
** Network hooks. The Mandos client can now run custom scripts to take
70
up a network interface before the client is run. Three example
71
scripts are provided: "wireless", "openvpn", and "bridge".
72
To facilitate this, the client now prefers network interfaces which
73
are up (if any) over all other interfaces.
75
** Persistent state. Client state is now saved between server
77
** clients.conf file can now contain "enabled" setting for clients.
78
** Bug fix: Fix rare crash bug.
79
** Bug fix: Send corrent D-Bus type in PropertyChanged for
80
"ApprovalDelay", "ApprovalDuration", "Timeout", and
82
** mandos-ctl: Bare numbers as arguments are taken to be milliseconds.
83
** Bug fix: mandos-ctl --secret option now works.
84
** New D-Bus signal: se.recompile.Mandos.NewRequest(s).
86
Version 1.4.1 (2011-10-15)
88
** Make D-Bus properties settable again, and handle checkers
89
for disabled clients correctly.
90
* Miscellaneous fixes to "pedantic" Lintian warnings
92
Version 1.4.0 (2011-10-09)
93
* README file migrated to manual page intro(8mandos).
95
** Fixed warning about "rmdir: Directory not empty".
97
** Default values changed: timeout 5 minutes, interval 2 minutes.
98
** Clients gets an expiration extension when receiving a password,
99
controlled by new "extended_timeout" setting.
100
** New domain name: "fukt.bsnet.se" changes to "recompile.se". This
101
also affects the D-Bus bus and interface names (old names still
102
work). Users should start using the new names immediately.
103
** New D-Bus Client object properties "Expires" and "ExtendedTimeout";
104
see DBUS-API for details.
106
Version 1.3.1 (2011-07-27)
108
** Client now retries all Mandos servers periodically.
109
** Work around Debian bug #633582 - fixes "Permission denied" problem.
111
Version 1.3.0 (2011-03-08)
113
** Updated for Python 2.6.
115
** Bug fix: Make the password-prompt plugin not conflict with
117
** Bug fix: Bug fix: update initramfs also when purging package.
119
Version 1.2.3 (2010-10-11)
121
** Bug fix: Expose D-Bus API also in non-debug mode.
123
Version 1.2.2 (2010-10-07)
125
** splashy: Minor fix to compile with non-Linux kernels.
127
Version 1.2.1 (2010-10-02)
129
** mandos-monitor(8): Documentation bug fix: Key for removing client
132
Version 1.2 (2010-09-28)
134
** New "plymouth" plugin to ask for a password using the Plymouth
135
graphical boot system.
136
** The Mandos client now automatically chooses a network interface if
137
the DEVICE setting in /etc/initramfs-tools/initramfs.conf is set to
138
the empty string. This is also the new default instead of "eth0".
139
** The Mandos client --connect option now loops indefinitely until a
140
password is received from the specified server.
141
** Bug fix: Quote directory correctly in mandos-keygen with --password
142
** Bug fix: don't use "echo -e" in mandos-keygen; unsupported by dash.
144
** Terminology change: clients are now "ENABLED" or "DISABLED", not
145
"valid" or "invalid".
146
** New D-Bus API; see the file "DBUS-API".
147
** New control utilities using the new D-Bus API:
148
+ mandos-ctl A command-line based utility
149
+ mandos-monitor A text-based GUI interface
150
** New feature: manual interactive approval or denying of clients on a
152
** New --debuglevel option to control logging
153
** Will not write PID file if --debug is passed
154
** Bug fix: Avoid race conditions with short "interval" values or
156
** Bug fix: Don't try to bind to a network interface when none is
159
Version 1.0.14 (2009-10-25)
160
Enable building without -pie and -fPIE if BROKEN_PIE is set.
162
Version 1.0.13 (2009-10-22)
164
** Security bug fix: If Mandos server is also installed, do not copy
165
its config files (with encrypted passwords) into the initrd.img-*
168
4
Version 1.0.12 (2009-09-17)
170
6
** Bug fix: Allow network interface renaming by "udev" by taking down