/mandos/release : revision 237.7.174

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to NEWS

Committer: Teddy Hogeborn
Date: 2013-10-20 15:25:09 UTC
mto: (237.7.272 trunk)
mto: This revision was merged to the branch mainline in revision 305.
Revision ID: teddy@recompile.se-20131020152509-zkhuy2yse76w10hg

* Makefile (CFLAGS, LDFLAGS): Keep default flags from environment.
  (purge-server): PID file changed to "/run/mandos.pid".
* debian/compat: Changed to "9".
* debian/control (Standards-Version): Updated to "3.9.4".
  (DM-Upload-Allowed): Removed.
  (mandos/Depends): Add "initscripts (>= 2.88dsf-13.3)" to be able to
                    use the "/run" directory (for mandos.pid).
* debian/copyright (Copyright): Update year.
* init.d-mandos (PIDFILE): Changed to "/run/mandos.pid".
* mandos: Update copyright year.
  (pidfilename): Changed to "/run/mandos.pid".
* mandos-clients.conf.xml (OPTIONS/approval_delay): Bug fix: default
                                                    is "PT0S" - using
                                                    the new RFC 3339
                                                    duration syntax.
* mandos-keygen: Update copyright year.
* mandos-monitor: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
  (FILES): PID file changed to "/run/mandos.pid".
* plugin-runner.c: Update copyright year.
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/plymouth.c: - '' -

files removed:
bugs.xml

debian/upstream

debian/upstream/signing-key.asc

mandos.service

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

NEWS

This NEWS file records noteworthy changes, very tersely.

See the manual for detailed information.

Version 1.7.16 (2017-08-20)

* Client

** Bug fix: ignore "resumedev" entries in initramfs' cryptroot file

** Bug fix in plymouth plugin: fix memory leak, avoid warning output

Version 1.7.15 (2017-02-23)

* Server

** Bug fix: Respect the mandos.conf "zeroconf" and "restore" options

* Client

** Bug fix in mandos-keygen: Handle backslashes in passphrases

Version 1.7.14 (2017-01-25)

* Server

** Use "Requisite" instead of "RequisiteOverridable" in systemd

service file.

Version 1.7.13 (2016-10-08)

* Client

** Minor bug fix: Don't ask for passphrase or fail when generating

keys using GnuPG 2.1 in a chrooted environment.

Version 1.7.12 (2016-10-05)

* Client

** Bug fix: Don't crash after exit() when using DH parameters file

Version 1.7.11 (2016-10-01)

* Client

** Security fix: Don't compile with AddressSanitizer

* Server

** Bug fix: Find GnuTLS library when gnutls28-dev is not installed

** Bug fix: Include "Expires" and "Last Checker Status" in mandos-ctl

verbose output

** New option for mandos-ctl: --dump-json

Version 1.7.10 (2016-06-23)

* Client

** Security fix: restrict permissions of /etc/mandos/plugin-helpers

* Server

** Bug fix: Make the --interface flag work with Python 2.7 when "cc"

is not installed

Version 1.7.9 (2016-06-22)

* Client

** Do not include intro(8mandos) man page

Version 1.7.8 (2016-06-21)

* Client

** Include intro(8mandos) man page

** mandos-keygen: Use ECDSA SSH keys by default

** Bug fix: Work with GnuPG 2 when booting (Debian bug #819982)

by copying /usr/bin/gpg-agent into initramfs

* Server

** Bug fix: Work with GnuPG 2 (don't use --no-use-agent option)

** Bug fix: Make the --interface option work when using Python 2.7

by trying harder to find SO_BINDTODEVICE

Version 1.7.7 (2016-03-19)

* Client

** Fix bug in Plymouth client, broken since 1.7.2

Version 1.7.6 (2016-03-13)

* Server

** Fix bug where stopping server would time out

** Make server runnable with Python 3

Version 1.7.5 (2016-03-08)

* Server

** Fix security restrictions in systemd service file.

** Work around bug where stopping server would time out

Version 1.7.4 (2016-03-05)

* Client

** Bug fix: Tolerate errors from configure_networking (Debian Bug

#816513)

** Compilation: Only use sanitizing options which work with the

compiler used when building. This should fix compilation with GCC

4.9 on mips, mipsel, and s390x.

* Server

** Add extra security restrictions in systemd service file.

Version 1.7.3 (2016-02-29)

* Client

** Bug fix: Remove new type of keyring directory user by GnuPG 2.1.

** Bug fix: Remove "nonnull" attribute from a function argument, which

would otherwise generate a spurious runtime warning.

Version 1.7.2 (2016-02-28)

* Server

** Stop using python-gnutls library; it was not updated to GnuTLS 3.3.

** Bug fix: Only send D-Bus signal ClientRemoved if using D-Bus.

** Use GnuPG 2 if available.

* Client

** Compile with various sanitizing flags.

Version 1.7.1 (2015-10-24)

* Client

100

** Bug fix: Can now really find Mandos server even if the server has

101

an IPv6 address on a network other than the one which the Mandos

102

server is on.

103

104

Version 1.7.0 (2015-08-10)

105

* Server

106

** Bug fix: Handle local Zeroconf service name collisions better.

107

** Bug fix: Finally fix "ERROR: Child process vanished" bug.

108

** Bug fix: Fix systemd service file to start server correctly.

109

** Bug fix: Be compatible with old 2048-bit DSA keys.

110

** The D-Bus API now provides the standard D-Bus ObjectManager

111

interface, and deprecates older functionality. See the DBUS-API

112

file for the currently recommended API. Note: the original API

113

still works, but is deprecated.

114

* Client

115

** Can now find Mandos server even if the server has an IPv6 address

116

on a network without IPv6 Router Advertisment (like if the Mandos

117

client itself is the router, or there is an IPv6 router advertising

118

a network other than the one which the Mandos server is on.)

119

** Use a better value than 1024 for the default number of DH bits.

120

This better value is either provided by a DH parameters file (see

121

below) or an appropriate number of DH bits is determined based on

122

the PGP key.

123

** Bug fix: mandos-keygen now generates correct output for the

124

"Checker" variable even if the SSH server on the Mandos client has

125

multiple SSH key types.

126

** Can now use pre-generated Diffie-Hellman parameters from a file.

127

128

Version 1.6.9 (2014-10-05)

129

* Server

130

** Changed to emit standard D-Bus signal when D-Bus properties change.

131

(The old signal is still emitted too, but marked as deprecated.)

132

133

Version 1.6.8 (2014-08-06)

134

* Client

135

** Bug fix: mandos-keygen now generates working SSH checker commands.

136

* Server

137

** Bug fix: "mandos-monitor" now really redraws screen on Ctrl-L.

138

** Now requires Python 2.7.

139

140

Version 1.6.7 (2014-07-17)

141

* Client

142

** Bug fix: Now compatible with GPGME 1.5.0.

143

** Bug fix: Fixed minor memory leaks.

144

* Server

145

** "mandos-monitor" now has verbose logging, toggleable with "v".

146

147

Version 1.6.6 (2014-07-13)

148

* Client

149

** If client host has an SSH server, "mandos-keygen --password" now

150

outputs "checker" option which uses "ssh-keyscan"; this is more

151

secure than the default "fping" checker.

152

** Bug fix: allow "." in network hook names, to match documentation.

153

** Better error messages.

154

* Server

155

** New --no-zeroconf option.

156

** Bug fix: Fix --servicename option, broken since 1.6.4.

157

** Bug fix: Fix --socket option work for --socket=0.

158

159

Version 1.6.5 (2014-05-11)

160

* Client

161

** Work around bug in GnuPG <http://bugs.g10code.com/gnupg/issue1622>

162

** Give better error messages when run without sufficient privileges

163

** Only warn if workaround for Debian bug #633582 was necessary and

164

failed, not if it failed and was unnecessary.

165

166

Version 1.6.4 (2014-02-16)

167

* Server

168

** Very minor fix to self-test code.

169

170

Version 1.6.3 (2014-01-21)

171

* Server

172

** Add systemd support.

173

** For PID file, fall back to /var/run if /run does not exist.

174

* Client

175

** Moved files from /usr/lib/mandos to whatever the architecture

176

specifies, like /usr/lib/x86_64-linux-gnu/mandos or

177

/usr/lib64/mandos.

178

179

Version 1.6.2 (2013-10-24)

180

* Server

181

** PID file moved from /var/run to /run.

182

** Bug fix: Handle long secrets when saving client state.

183

** Bug fix: Use more magic in the GnuTLS priority string to handle

184

both old DSA/ELG 2048-bit keys and new RSA/RSA 4096-bit keys.

185

* Client

186

** mandos-keygen: Bug fix: now generate RSA keys which GnuTLS can use.

187

Bug fix: Output passphrase prompts even when

188

redirecting standard output.

189

190

Version 1.6.1 (2013-10-13)

191

* Server

192

** All client options for time intervals now also take an RFC 3339

Older »