=== modified file 'TODO'
--- TODO	2009-09-08 04:41:37 +0000
+++ TODO	2009-09-10 06:28:14 +0000
@@ -1,7 +1,6 @@
 -*- org -*-
 
 * mandos-client
-** TODO [#A] Clean up /tmp directory and take down interface on signal	  :test:
 ** TODO [#B] use scandir(3) instead of readdir(3)
 ** TODO [#B] Prefix all debug output with argv[0]
 ** TODO [#B] Retry a server which has a non-definite reply:
@@ -53,6 +52,9 @@
 ** TODO DBusServiceObjectUsingSuper
 ** Global enable/disable flag
 ** By-client countdown on secrets given
+** Fix problem with fsck taking a really long time
+   Whenever a client successfully gets a secret it could get a
+   one-time timeout boost to allow for an fsck-incurred delay
 
 * mandos.xml
 ** [[file:mandos.xml::XXX][Document D-Bus interface]]

=== modified file 'init.d-mandos'
--- init.d-mandos	2008-09-21 12:04:02 +0000
+++ init.d-mandos	2009-09-10 06:28:14 +0000
@@ -1,8 +1,8 @@
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          mandos
-# Required-Start:    $remote_fs avahi-daemon
-# Required-Stop:     $remote_fs
+# Required-Start:    $remote_fs avahi
+# Required-Stop:     $remote_fs avahi
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Mandos server

=== modified file 'mandos.xml'
--- mandos.xml	2009-02-25 01:47:45 +0000
+++ mandos.xml	2009-09-10 06:28:14 +0000
@@ -2,7 +2,7 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY COMMANDNAME "mandos">
-<!ENTITY TIMESTAMP "2009-02-15">
+<!ENTITY TIMESTAMP "2009-09-10">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -327,7 +327,8 @@
       The server will, by default, continually check that the clients
       are still up.  If a client has not been confirmed as being up
       for some time, the client is assumed to be compromised and is no
-      longer eligible to receive the encrypted password.  The timeout,
+      longer eligible to receive the encrypted password.  (Manual
+      intervention is required to re-enable a client.)  The timeout,
       checker program, and interval between checks can be configured
       both globally and per client; see <citerefentry>
       <refentrytitle>mandos-clients.conf</refentrytitle>

=== modified file 'plugin-runner.c'
--- plugin-runner.c	2009-09-07 07:48:59 +0000
+++ plugin-runner.c	2009-09-10 06:28:14 +0000
@@ -230,13 +230,14 @@
  | [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
  */
 static int set_cloexec_flag(int fd){
-  int ret = TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
+  int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
   /* If reading the flags failed, return error indication now. */
   if(ret < 0){
     return ret;
   }
   /* Store modified flag word in the descriptor. */
-  return TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD, ret | FD_CLOEXEC));
+  return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
+				       ret | FD_CLOEXEC));
 }
 
 
@@ -788,18 +789,19 @@
     
     char *filename;
     if(plugindir == NULL){
-      ret = TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
-					dirst->d_name));
+      ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
+					     dirst->d_name));
     } else {
-      ret = TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s", plugindir,
-					dirst->d_name));
+      ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s",
+					     plugindir,
+					     dirst->d_name));
     }
     if(ret < 0){
       perror("asprintf");
       continue;
     }
     
-    ret = TEMP_FAILURE_RETRY(stat(filename, &st));
+    ret = (int)TEMP_FAILURE_RETRY(stat(filename, &st));
     if(ret == -1){
       perror("stat");
       free(filename);
@@ -860,7 +862,7 @@
     }
     
     int pipefd[2];
-    ret = TEMP_FAILURE_RETRY(pipe(pipefd));
+    ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
     if(ret == -1){
       perror("pipe");
       exitstatus = EXIT_FAILURE;
@@ -880,9 +882,9 @@
       goto fallback;
     }
     /* Block SIGCHLD until process is safely in process list */
-    ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
-					 &sigchld_action.sa_mask,
-					 NULL));
+    ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
+					      &sigchld_action.sa_mask,
+					      NULL));
     if(ret < 0){
       perror("sigprocmask");
       exitstatus = EXIT_FAILURE;
@@ -942,9 +944,9 @@
     plugin *new_plugin = getplugin(dirst->d_name);
     if(new_plugin == NULL){
       perror("getplugin");
-      ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
-					   &sigchld_action.sa_mask,
-					   NULL));
+      ret = (int)(TEMP_FAILURE_RETRY
+		  (sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
+			       NULL)));
       if(ret < 0){
         perror("sigprocmask");
       }
@@ -957,9 +959,9 @@
     
     /* Unblock SIGCHLD so signal handler can be run if this process
        has already completed */
-    ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
-					 &sigchld_action.sa_mask,
-					 NULL));
+    ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
+					      &sigchld_action.sa_mask,
+					      NULL));
     if(ret < 0){
       perror("sigprocmask");
       exitstatus = EXIT_FAILURE;
@@ -1029,9 +1031,10 @@
 	  FD_CLR(proc->fd, &rfds_all);
 	  
 	  /* Block signal while modifying process_list */
-	  ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
-					       &sigchld_action.sa_mask,
-					       NULL));
+	  ret = (int)TEMP_FAILURE_RETRY(sigprocmask
+					(SIG_BLOCK,
+					 &sigchld_action.sa_mask,
+					 NULL));
 	  if(ret < 0){
 	    perror("sigprocmask");
 	    exitstatus = EXIT_FAILURE;
@@ -1043,9 +1046,9 @@
 	  proc = next_plugin;
 	  
 	  /* We are done modifying process list, so unblock signal */
-	  ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
-					       &sigchld_action.sa_mask,
-					       NULL));
+	  ret = (int)(TEMP_FAILURE_RETRY
+		      (sigprocmask(SIG_UNBLOCK,
+				   &sigchld_action.sa_mask, NULL)));
 	  if(ret < 0){
 	    perror("sigprocmask");
 	    exitstatus = EXIT_FAILURE;