=== modified file 'Makefile' --- Makefile 2019-02-10 04:59:28 +0000 +++ Makefile 2019-02-10 09:03:37 +0000 @@ -40,7 +40,7 @@ OPTIMIZE:=-Os -fno-strict-aliasing LANGUAGE:=-std=gnu11 htmldir:=man -version:=1.8.0 +version:=1.8.1 SED:=sed USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534))) === modified file 'NEWS' --- NEWS 2019-02-10 04:59:28 +0000 +++ NEWS 2019-02-10 09:03:37 +0000 @@ -1,6 +1,17 @@ This NEWS file records noteworthy changes, very tersely. See the manual for detailed information. +Version 1.8.1 (2019-02-10) +* Client +** Only generate TLS keys using GnuTLS' certtool, of sufficient + version. Key generation of TLS keys will not happen until a + version of GnuTLS is installed with support for raw public keys. +** Remove any bad keys created by 1.8.0 and openssl. +* Server +** On installation, edit clients.conf and remove the same bad key ID + which was erroneously reported by all 1.8.0 clients. Also do not + trust this key ID in the server. + Version 1.8.0 (2019-02-10) * Client ** Use new TLS keys for server communication and identification. === modified file 'common.ent' --- common.ent 2019-02-10 04:59:28 +0000 +++ common.ent 2019-02-10 09:03:37 +0000 @@ -1,3 +1,3 @@ - + === modified file 'debian/changelog' --- debian/changelog 2019-02-10 04:59:28 +0000 +++ debian/changelog 2019-02-10 09:03:37 +0000 @@ -1,3 +1,14 @@ +mandos (1.8.1-1) unstable; urgency=high + + * New upstream release. + * debian/mandos-client.postinst (create_keys): Remove any bad keys + created by 1.8.0-1. Only create TLS keys if certtool succeeds. + * debian/mandos.postinst (configure): Remove any bad keys from + clients.conf, and inform the user if any were found. + * debian/mandos.templates (mandos/removed_bad_key_ids): New message. + + -- Teddy Hogeborn Sun, 10 Feb 2019 10:00:21 +0100 + mandos (1.8.0-1) unstable; urgency=medium * New upstream release. === modified file 'mandos' --- mandos 2019-02-10 08:41:14 +0000 +++ mandos 2019-02-10 09:03:37 +0000 @@ -115,7 +115,7 @@ if sys.version_info.major == 2: str = unicode -version = "1.8.0" +version = "1.8.1" stored_state_file = "clients.pickle" logger = logging.getLogger() === modified file 'mandos-ctl' --- mandos-ctl 2019-02-10 04:59:28 +0000 +++ mandos-ctl 2019-02-10 09:03:37 +0000 @@ -76,7 +76,7 @@ server_path = "/" server_interface = domain + ".Mandos" client_interface = domain + ".Mandos.Client" -version = "1.8.0" +version = "1.8.1" try: === modified file 'mandos-keygen' --- mandos-keygen 2019-02-10 08:41:14 +0000 +++ mandos-keygen 2019-02-10 09:03:37 +0000 @@ -23,7 +23,7 @@ # Contact the authors at . # -VERSION="1.8.0" +VERSION="1.8.1" KEYDIR="/etc/keys/mandos" KEYTYPE=RSA === modified file 'mandos-monitor' --- mandos-monitor 2019-02-10 04:59:28 +0000 +++ mandos-monitor 2019-02-10 09:03:37 +0000 @@ -59,7 +59,7 @@ domain = 'se.recompile' server_interface = domain + '.Mandos' client_interface = domain + '.Mandos.Client' -version = "1.8.0" +version = "1.8.1" try: dbus.OBJECT_MANAGER_IFACE === modified file 'mandos.lsm' --- mandos.lsm 2019-02-10 04:59:28 +0000 +++ mandos.lsm 2019-02-10 09:03:37 +0000 @@ -1,6 +1,6 @@ Begin4 Title: Mandos -Version: 1.8.0 +Version: 1.8.1 Entered-date: 2019-02-10 Description: The Mandos system allows computers to have encrypted root file systems and at the same time be capable of @@ -12,9 +12,9 @@ Maintained-by: teddy@recompile.se (Teddy Hogeborn), belorn@recompile.se (Björn Påhlsson) Primary-site: https://www.recompile.se/mandos - 181K mandos_1.8.0.orig.tar.gz + 182K mandos_1.8.1.orig.tar.gz Alternate-site: ftp://ftp.recompile.se/pub/mandos - 181K mandos_1.8.0.orig.tar.gz + 182K mandos_1.8.1.orig.tar.gz Platforms: Requires GCC, GNU libC, Avahi, GnuPG, Python 2.7, and various other libraries. While made for Debian GNU/Linux, it is probably portable to other