/mandos/release : revision 237.7.363

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to NEWS

Committer: Teddy Hogeborn
Date: 2016-03-02 16:45:38 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 335.
Revision ID: teddy@recompile.se-20160302164538-n9ocll4izthzw1ov

http://bugs.debian.org/816513

Ignore any error from initramfs-tools' "configure_networking".

* initramfs-tools-script: Wrap call to "configure_networking" with
"set +e" and "set -e", since configure_networking was not designed
to run in a "set -e" environment.

Closes: 816513
Thanks: Carlos Alberto Lopez Perez <clopez@igalia.com>
Thanks: Ben Hutchings <ben@decadent.org.uk>

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

NEWS

This NEWS file records noteworthy changes, very tersely.

See the manual for detailed information.

Version 1.8.10 (2020-03-21)

* Server

** Fix bug when setting a client's D-Bus "Secret" property

** Start client checkers after a random delay

** When using systemd, allow easier modification of server options

** Better log messages in mandos-monitor

* Client

** When using dracut & systemd, allow easier modification of options

Version 1.8.9 (2019-09-03)

* No user-visible changes

Version 1.8.8 (2019-08-18)

* No user-visible changes

Version 1.8.7 (2019-08-05)

* Client:

** Always compile with LFS (Large File Support) enabled.

* Server

** Improve intro(8mandos) manual page to cover dracut(8) support.

Version 1.8.6 (2019-08-03)

* Client:

** dracut support: In password-agent, properly ignore deleted and

renamed question files, and also fix memory alignment issue.

Version 1.8.5 (2019-07-30)

* Client

** Support dracut(8) as well as initramfs-tools(7).

** Minor bug fix: Allow the mandos-keygen --passfile option to use

passfiles with names starting with "-".

** Document known limitation of mandos-keygen --password; it strips

white space from start and end of the password.

* Server

** Bug fix: The server used to fail to restart if the "port" setting

was used. This has been fixed.

** Minor bug fix: Reap zombies left over from checker runs. (Debian

bug #933387)

Version 1.8.4 (2019-04-09)

* Client

** Fix minor memory leak in plugin-runner.

* Server

** mandos-ctl now has a --debug option to show D-Bus calls.

Version 1.8.3 (2019-02-11)

* No user-visible changes.

Version 1.8.2 (2019-02-10)

* Client

** In mandos-keygen, ignore failures to remove files in some cases.

Version 1.8.1 (2019-02-10)

* Client

** Only generate TLS keys using GnuTLS' certtool, of sufficient

version. Key generation of TLS keys will not happen until a

version of GnuTLS is installed with support for raw public keys.

** Remove any bad keys created by 1.8.0 and openssl.

* Server

** On installation, edit clients.conf and remove the same bad key ID

which was erroneously reported by all 1.8.0 clients. Also do not

trust this key ID in the server.

Version 1.8.0 (2019-02-10)

* Client

** Use new TLS keys for server communication and identification.

With GnuTLS 3.6 or later, OpenPGP keys are no longer supported.

The client can now use the new "raw public keys" (RFC 7250) API

instead, using GnuTLS 3.6.6. Please note: This *requires* new key

IDs to be added to server's client.conf file.

** New --tls-privkey and --tls-pubkey options to load TLS key files.

If GnuTLS is too old, these options do nothing.

* Server

** Supports either old or new GnuTLS.

The server now supports using GnuTLS 3.6.6 and clients connecting

with "raw public keys" as identification. The server will read

both fingerprints and key IDs from clients.conf file, and will use

either one or the other, depending on what is supported by GnuTLS

on the system. Please note: both are *not* supported at once; if

one type is supported by GnuTLS, all values of the other type from

clients.conf are ignored.

Version 1.7.20 (2018-08-19)

* Client

** Fix: Adapt to the Debian cryptsetup package 2.0.3 or later.

Important: in that version or later, the plugins "askpass-fifo",

"password-prompt", and "plymouth" will no longer be run, since they

would conflict with what cryptsetup is doing. Other plugins, such

as mandos-client and any user-supplied plugins, will still run.

** Better error message if failing to decrypt secret data

** Check for (and report) any key import failure from GPGME

** Better error message if self-signature verification fails

** Set system clock if not set; required by GnuPG for key import

** When debugging plugin-runner, it will now show starting plugins

Version 1.7.19 (2018-02-22)

100

* Client

101

** Do not print "unlink(...): No such file or directory".

102

** Bug fixes: Fix file descriptor leaks.

103

** Bug fix: Don't use leak sanitizer with leaking libraries.

104

105

Version 1.7.18 (2018-02-12)

106

* Client

107

** Bug fix: Revert faulty fix for a nonexistent bug in the

108

plugin-runner

109

110

Version 1.7.17 (2018-02-10)

111

* Client

112

** Bug fix: Fix a memory leak in the plugin-runner

113

** Bug fix: Fix memory leaks in the plymouth plugin

114

115

Version 1.7.16 (2017-08-20)

116

* Client

117

** Bug fix: ignore "resumedev" entries in initramfs' cryptroot file

118

** Bug fix in plymouth plugin: fix memory leak, avoid warning output

119

120

Version 1.7.15 (2017-02-23)

121

* Server

122

** Bug fix: Respect the mandos.conf "zeroconf" and "restore" options

123

* Client

124

** Bug fix in mandos-keygen: Handle backslashes in passphrases

125

126

Version 1.7.14 (2017-01-25)

127

* Server

128

** Use "Requisite" instead of "RequisiteOverridable" in systemd

129

service file.

130

131

Version 1.7.13 (2016-10-08)

132

* Client

133

** Minor bug fix: Don't ask for passphrase or fail when generating

134

keys using GnuPG 2.1 in a chrooted environment.

135

136

Version 1.7.12 (2016-10-05)

137

* Client

138

** Bug fix: Don't crash after exit() when using DH parameters file

139

140

Version 1.7.11 (2016-10-01)

141

* Client

142

** Security fix: Don't compile with AddressSanitizer

143

* Server

144

** Bug fix: Find GnuTLS library when gnutls28-dev is not installed

145

** Bug fix: Include "Expires" and "Last Checker Status" in mandos-ctl

146

verbose output

147

** New option for mandos-ctl: --dump-json

148

149

Version 1.7.10 (2016-06-23)

150

* Client

151

** Security fix: restrict permissions of /etc/mandos/plugin-helpers

152

* Server

153

** Bug fix: Make the --interface flag work with Python 2.7 when "cc"

154

is not installed

155

156

Version 1.7.9 (2016-06-22)

157

* Client

158

** Do not include intro(8mandos) man page

159

160

Version 1.7.8 (2016-06-21)

161

* Client

162

** Include intro(8mandos) man page

163

** mandos-keygen: Use ECDSA SSH keys by default

164

** Bug fix: Work with GnuPG 2 when booting (Debian bug #819982)

165

by copying /usr/bin/gpg-agent into initramfs

166

* Server

167

** Bug fix: Work with GnuPG 2 (don't use --no-use-agent option)

168

** Bug fix: Make the --interface option work when using Python 2.7

169

by trying harder to find SO_BINDTODEVICE

170

171

Version 1.7.7 (2016-03-19)

172

* Client

173

** Fix bug in Plymouth client, broken since 1.7.2

174

175

Version 1.7.6 (2016-03-13)

176

* Server

177

** Fix bug where stopping server would time out

178

** Make server runnable with Python 3

179

180

Version 1.7.5 (2016-03-08)

181

* Server

182

** Fix security restrictions in systemd service file.

183

** Work around bug where stopping server would time out

184

185

Version 1.7.4 (2016-03-05)

186

* Client

187

** Bug fix: Tolerate errors from configure_networking (Debian Bug

188

#816513)

189

** Compilation: Only use sanitizing options which work with the

190

compiler used when building. This should fix compilation with GCC

191

4.9 on mips, mipsel, and s390x.

192

* Server

193

** Add extra security restrictions in systemd service file.

194

195

Version 1.7.3 (2016-02-29)

196

* Client

197

** Bug fix: Remove new type of keyring directory user by GnuPG 2.1.

Older »