=== modified file 'Makefile'
--- Makefile	2019-02-09 23:23:26 +0000
+++ Makefile	2019-02-10 04:59:28 +0000
@@ -40,7 +40,7 @@
 OPTIMIZE:=-Os -fno-strict-aliasing
 LANGUAGE:=-std=gnu11
 htmldir:=man
-version:=1.7.20
+version:=1.8.0
 SED:=sed
 
 USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

=== modified file 'NEWS'
--- NEWS	2018-08-19 20:17:48 +0000
+++ NEWS	2019-02-10 04:59:28 +0000
@@ -1,6 +1,25 @@
 This NEWS file records noteworthy changes, very tersely.
 See the manual for detailed information.
 
+Version 1.8.0 (2019-02-10)
+* Client
+** Use new TLS keys for server communication and identification.
+   With GnuTLS 3.6 or later, OpenPGP keys are no longer supported.
+   The client can now use the new "raw public keys" (RFC 7250) API
+   instead, using GnuTLS 3.6.6.  Please note: This *requires* new key
+   IDs to be added to server's client.conf file.
+** New --tls-privkey and --tls-pubkey options to load TLS key files.
+   If GnuTLS is too old, these options do nothing.
+* Server
+** Supports either old or new GnuTLS.
+   The server now supports using GnuTLS 3.6.6 and clients connecting
+   with "raw public keys" as identification.  The server will read
+   both fingerprints and key IDs from clients.conf file, and will use
+   either one or the other, depending on what is supported by GnuTLS
+   on the system.  Please note: both are *not* supported at once; if
+   one type is supported by GnuTLS, all values of the other type from
+   clients.conf are ignored.
+
 Version 1.7.20 (2018-08-19)
 * Client
 ** Fix: Adapt to the Debian cryptsetup package 2.0.3 or later.

=== modified file 'common.ent'
--- common.ent	2018-08-19 20:17:48 +0000
+++ common.ent	2019-02-10 04:59:28 +0000
@@ -1,3 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Edited by Makefile -->
-<!ENTITY version "1.7.20">
+<!ENTITY version "1.8.0">

=== modified file 'debian/changelog'
--- debian/changelog	2018-08-19 20:17:48 +0000
+++ debian/changelog	2019-02-10 04:59:28 +0000
@@ -1,3 +1,38 @@
+mandos (1.8.0-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Fix "(tries to) use GnuTLS OpenPGP support" by using raw public keys
+    when available (Closes: #879538)
+  * Fix "mandos : Depends: libgnutls30 (< 3.6.0) but 3.6.5-2 is to be
+    installed" by now also allowing GnuTLS >= 3.6.6 (Closes: #916673)
+  * debian/control (Standards-Version): Update to "4.3.0".
+    (Package: mandos-client/Depends): Change from "cryptsetup" to
+    "cryptsetup (<< 2:2.0.3-1) | cryptsetup-initramfs".  Add "debconf (>=
+    1.5.5) | debconf-2.0".
+    (Source: mandos/Build-Depends): Also allow libgnutls30 (>= 3.6.6).
+    (Package: mandos/Depends): - '' - and add debconf (>= 1.5.5) |
+    debconf-2.0".
+    (Package: mandos/Description): Alter description to match new design.
+    (Package: mandos-client/Description): - '' -
+    (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to here
+    from "Recommends".
+  * debian/mandos-client.README.Debian: Add --tls-privkey and --tls-pubkey
+    options to test command.
+  * debian/mandos-client.postinst (create_key): Renamed to "create_keys"
+    - all callers changed - and also create TLS key files.  Show notice if
+    new TLS key files were created.
+  * debian/mandos-client.postrm (purge): Also remove TLS key files.
+  * debian/mandos-client.lintian-overrides: Override warnings.
+  * debian/mandos-client.templates: New.
+  * debian/mandos.lintian-overrides: Override warnings.
+  * debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
+    detected, show an important notice (once) about the new key_id option
+    required in clients.conf.
+  * debian/mandos.templates: New.
+  * debian/copyright: Update copyright year to 2019.
+
+ -- Teddy Hogeborn <teddy@recompile.se>  Sun, 10 Feb 2019 05:52:49 +0100
+
 mandos (1.7.20-1) unstable; urgency=medium
 
   * New upstream release.

=== modified file 'mandos'
--- mandos	2019-02-10 04:20:26 +0000
+++ mandos	2019-02-10 04:59:28 +0000
@@ -115,7 +115,7 @@
 if sys.version_info.major == 2:
     str = unicode
 
-version = "1.7.20"
+version = "1.8.0"
 stored_state_file = "clients.pickle"
 
 logger = logging.getLogger()

=== modified file 'mandos-ctl'
--- mandos-ctl	2019-02-10 04:20:26 +0000
+++ mandos-ctl	2019-02-10 04:59:28 +0000
@@ -76,7 +76,7 @@
 server_path = "/"
 server_interface = domain + ".Mandos"
 client_interface = domain + ".Mandos.Client"
-version = "1.7.20"
+version = "1.8.0"
 
 
 try:

=== modified file 'mandos-keygen'
--- mandos-keygen	2019-02-10 04:20:26 +0000
+++ mandos-keygen	2019-02-10 04:59:28 +0000
@@ -23,7 +23,7 @@
 # Contact the authors at <mandos@recompile.se>.
 # 
 
-VERSION="1.7.20"
+VERSION="1.8.0"
 
 KEYDIR="/etc/keys/mandos"
 KEYTYPE=RSA

=== modified file 'mandos-monitor'
--- mandos-monitor	2019-02-10 04:20:26 +0000
+++ mandos-monitor	2019-02-10 04:59:28 +0000
@@ -59,7 +59,7 @@
 domain = 'se.recompile'
 server_interface = domain + '.Mandos'
 client_interface = domain + '.Mandos.Client'
-version = "1.7.20"
+version = "1.8.0"
 
 try:
     dbus.OBJECT_MANAGER_IFACE

=== modified file 'mandos.lsm'
--- mandos.lsm	2018-08-19 20:17:48 +0000
+++ mandos.lsm	2019-02-10 04:59:28 +0000
@@ -1,7 +1,7 @@
 Begin4
 Title:		Mandos
-Version:	1.7.20
-Entered-date:	2018-08-19
+Version:	1.8.0
+Entered-date:	2019-02-10
 Description:	The Mandos system allows computers to have encrypted
 		root file systems and at the same time be capable of
 		remote and/or unattended reboots.
@@ -12,9 +12,9 @@
 Maintained-by:	teddy@recompile.se (Teddy Hogeborn),
 		belorn@recompile.se (Björn Påhlsson)
 Primary-site:	https://www.recompile.se/mandos
-		177K mandos_1.7.20.orig.tar.gz
+		181K mandos_1.8.0.orig.tar.gz
 Alternate-site:	ftp://ftp.recompile.se/pub/mandos
-		177K mandos_1.7.20.orig.tar.gz
+		181K mandos_1.8.0.orig.tar.gz
 Platforms:	Requires GCC, GNU libC, Avahi, GnuPG, Python 2.7, and
 		various other libraries.  While made for Debian
 		GNU/Linux, it is probably portable to other