=== modified file 'Makefile'
--- Makefile	2009-02-25 01:31:13 +0000
+++ Makefile	2009-05-17 03:23:24 +0000
@@ -16,7 +16,7 @@
 OPTIMIZE=-Os
 LANGUAGE=-std=gnu99
 htmldir=man
-version=1.0.8
+version=1.0.10
 SED=sed
 
 ## Use these settings for a traditional /usr/local install

=== modified file 'NEWS'
--- NEWS	2009-02-25 01:31:13 +0000
+++ NEWS	2009-05-17 03:23:24 +0000
@@ -1,6 +1,17 @@
 This NEWS file records noteworthy changes, very tersely.
 See the manual for detailed information.
 
+Version 1.0.10 (2009-05-17)
+* Client
+** Security bug fix: Fix permissions on initrd.img-*.bak files when
+   upgrading from older versions.
+
+Version 1.0.9 (2009-05-17)
+* Client
+** Security bug fix: Fix permissions on initrd.img file when
+   installing new linux-image-* packages calling mkinitramfs-kpkg (all
+   version lower than 2.6.28-1-* does this).
+
 Version 1.0.8 (2009-02-25)
 * Client
 ** Bug fix: Fix missing quote characters in initramfs-tools-hook.

=== modified file 'common.ent'
--- common.ent	2009-02-25 01:31:13 +0000
+++ common.ent	2009-05-17 03:23:24 +0000
@@ -1,3 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Edited by Makefile -->
-<!ENTITY version "1.0.8">
+<!ENTITY version "1.0.10">

=== modified file 'debian/changelog'
--- debian/changelog	2009-02-25 01:31:13 +0000
+++ debian/changelog	2009-05-17 03:23:24 +0000
@@ -1,3 +1,17 @@
+mandos (1.0.10-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/mandos-client.postinst (update_initramfs): Fix permissions of
+    old initrd.img-*.bak files.
+
+ -- Teddy Hogeborn <teddy@fukt.bsnet.se>  Sun, 17 May 2009 04:56:35 +0200
+
+mandos (1.0.9-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Teddy Hogeborn <teddy@fukt.bsnet.se>  Sun, 17 May 2009 02:59:45 +0200
+
 mandos (1.0.8-1) unstable; urgency=low
 
   * New upstream release.

=== modified file 'debian/mandos-client.postinst'
--- debian/mandos-client.postinst	2009-01-18 00:16:57 +0000
+++ debian/mandos-client.postinst	2009-05-17 03:13:49 +0000
@@ -21,6 +21,13 @@
     if [ -x /usr/sbin/update-initramfs ]; then
 	update-initramfs -u -k all
     fi
+    
+    if dpkg --compare-versions "$2" lt-nl "1.0.10-1"; then
+        # Make old initrd.img files unreadable too, in case they were
+        # created with mandos-client 1.0.8 or older.
+	find /boot -maxdepth 1 -type f -name "initrd.img-*.bak" \
+	    -print0 | xargs --null --no-run-if-empty chmod o-r
+    fi
 }
 
 # Add user and group
@@ -54,9 +61,9 @@
 
 case "$1" in
     configure)
-	add_mandos_user
-	create_key
-	update_initramfs
+	add_mandos_user "$@"
+	create_key "$@"
+	update_initramfs "$@"
 	;;
     abort-upgrade|abort-deconfigure|abort-remove)
 	;;

=== modified file 'initramfs-tools-hook-conf'
--- initramfs-tools-hook-conf	2008-08-12 19:22:34 +0000
+++ initramfs-tools-hook-conf	2009-05-17 00:50:09 +0000
@@ -1,1 +1,13 @@
+# -*- shell-script -*-
+
+# if mkinitramfs is started by mkinitramfs-kpkg, mkinitramfs-kpkg has
+# already touched the initrd file with umask 022 before we had a
+# chance to affect it.  We cannot allow a readable initrd file,
+# therefore we must fix this now.
+if [ -e "${outfile}" ] \
+    && [ `stat --format=%s "${outfile}"` -eq 0 ]; then
+    rm "${outfile}"
+    (umask 027; touch "${outfile}")
+fi
+
 UMASK=027

=== modified file 'mandos'
--- mandos	2009-04-17 01:16:37 +0000
+++ mandos	2009-05-17 04:36:54 +0000
@@ -77,7 +77,7 @@
         SO_BINDTODEVICE = None
 
 
-version = "1.0.8"
+version = "1.0.10"
 
 logger = logging.Logger(u'mandos')
 syslogger = (logging.handlers.SysLogHandler

=== modified file 'mandos-ctl'
--- mandos-ctl	2009-02-25 01:31:13 +0000
+++ mandos-ctl	2009-05-17 03:23:24 +0000
@@ -31,7 +31,7 @@
 server_path = '/'
 server_interface = domain + '.Mandos'
 client_interface = domain + '.Mandos.Client'
-version = "1.0.8"
+version = "1.0.10"
 bus = dbus.SystemBus()
 mandos_dbus_objc = bus.get_object(busname, server_path)
 mandos_serv = dbus.Interface(mandos_dbus_objc,

=== modified file 'mandos-keygen'
--- mandos-keygen	2009-02-25 01:31:13 +0000
+++ mandos-keygen	2009-05-17 03:23:24 +0000
@@ -21,7 +21,7 @@
 # Contact the authors at <mandos@fukt.bsnet.se>.
 # 
 
-VERSION="1.0.8"
+VERSION="1.0.10"
 
 KEYDIR="/etc/keys/mandos"
 KEYTYPE=DSA

=== modified file 'mandos.lsm'
--- mandos.lsm	2009-02-25 01:31:13 +0000
+++ mandos.lsm	2009-05-17 03:23:24 +0000
@@ -1,7 +1,7 @@
 Begin4
 Title:		Mandos
-Version:	1.0.8
-Entered-date:	2009-02-25
+Version:	1.0.10
+Entered-date:	2009-05-17
 Description:	The Mandos system allows computers to have encrypted
 root file systems and at the same time be capable of remote and/or
 unattended reboots.
@@ -12,9 +12,9 @@
 Maintained-by:	teddy@fukt.bsnet.se (Teddy Hogeborn),
 		belorn@fukt.bsnet.se (Björn Påhlsson)
 Primary-site: http://www.fukt.bsnet.se/mandos
-	      98K mandos_1.0.8.orig.tar.gz
+	      99K mandos_1.0.10.orig.tar.gz
 Alternate-site: ftp://ftp.fukt.bsnet.se/pub/mandos
-		98K mandos_1.0.8.orig.tar.gz
+		99K mandos_1.0.10.orig.tar.gz
 Platforms:	Requires GCC, GNU libC, Avahi, GnuPG, Python 2.5, and
 various other libraries.  While made for Debian GNU/Linux, it is
 probably portable to other distributions, but not other Unixes.