/mandos/trunk : revision 1197

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to NEWS

Committer: teddy at recompile
Date: 2020-01-12 01:53:04 UTC
Revision ID: teddy@recompile.se-20200112015304-gqif9w4pbyix8w6b

mandos-ctl: Fix minor bug in tests

Fix two tests, the last assert of which would always erroneously
succeed.  (No change in non-test code needed.)

* mandos-ctl (Test_dbus_python_adapter_SystemBus): In the
  test_call_method_handles_exception() method, fix check for
  dbus.ConnectFailed exception.
  (Test_pydbus_adapter_SystemBus): - '' -

files added:
debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

NEWS

This NEWS file records noteworthy changes, very tersely.

See the manual for detailed information.

Version 1.8.9 (2019-09-03)

* No user-visible changes

Version 1.8.8 (2019-08-18)

* No user-visible changes

Version 1.8.7 (2019-08-05)

* Client:

** Always compile with LFS (Large File Support) enabled.

* Server

** Improve intro(8mandos) manual page to cover dracut(8) support.

Version 1.8.6 (2019-08-03)

* Client:

** dracut support: In password-agent, properly ignore deleted and

renamed question files, and also fix memory alignment issue.

Version 1.8.5 (2019-07-30)

* Client

** Support dracut(8) as well as initramfs-tools(7).

** Minor bug fix: Allow the mandos-keygen --passfile option to use

passfiles with names starting with "-".

** Document known limitation of mandos-keygen --password; it strips

white space from start and end of the password.

* Server

** Bug fix: The server used to fail to restart if the "port" setting

was used. This has been fixed.

** Minor bug fix: Reap zombies left over from checker runs. (Debian

bug #933387)

Version 1.8.4 (2019-04-09)

* Client

** Fix minor memory leak in plugin-runner.

* Server

** mandos-ctl now has a --debug option to show D-Bus calls.

Version 1.8.3 (2019-02-11)

* No user-visible changes.

Version 1.8.2 (2019-02-10)

* Client

** In mandos-keygen, ignore failures to remove files in some cases.

Version 1.8.1 (2019-02-10)

* Client

** Only generate TLS keys using GnuTLS' certtool, of sufficient

version. Key generation of TLS keys will not happen until a

version of GnuTLS is installed with support for raw public keys.

** Remove any bad keys created by 1.8.0 and openssl.

* Server

** On installation, edit clients.conf and remove the same bad key ID

which was erroneously reported by all 1.8.0 clients. Also do not

trust this key ID in the server.

Version 1.8.0 (2019-02-10)

* Client

** Use new TLS keys for server communication and identification.

With GnuTLS 3.6 or later, OpenPGP keys are no longer supported.

The client can now use the new "raw public keys" (RFC 7250) API

instead, using GnuTLS 3.6.6. Please note: This *requires* new key

IDs to be added to server's client.conf file.

** New --tls-privkey and --tls-pubkey options to load TLS key files.

If GnuTLS is too old, these options do nothing.

* Server

** Supports either old or new GnuTLS.

The server now supports using GnuTLS 3.6.6 and clients connecting

with "raw public keys" as identification. The server will read

both fingerprints and key IDs from clients.conf file, and will use

either one or the other, depending on what is supported by GnuTLS

on the system. Please note: both are *not* supported at once; if

one type is supported by GnuTLS, all values of the other type from

clients.conf are ignored.

Version 1.7.20 (2018-08-19)

* Client

** Fix: Adapt to the Debian cryptsetup package 2.0.3 or later.

Important: in that version or later, the plugins "askpass-fifo",

"password-prompt", and "plymouth" will no longer be run, since they

would conflict with what cryptsetup is doing. Other plugins, such

as mandos-client and any user-supplied plugins, will still run.

** Better error message if failing to decrypt secret data

** Check for (and report) any key import failure from GPGME

** Better error message if self-signature verification fails

** Set system clock if not set; required by GnuPG for key import

** When debugging plugin-runner, it will now show starting plugins

Version 1.7.19 (2018-02-22)

* Client

** Do not print "unlink(...): No such file or directory".

** Bug fixes: Fix file descriptor leaks.

** Bug fix: Don't use leak sanitizer with leaking libraries.

Version 1.7.18 (2018-02-12)

* Client

** Bug fix: Revert faulty fix for a nonexistent bug in the

plugin-runner

100

101

Version 1.7.17 (2018-02-10)

102

* Client

103

** Bug fix: Fix a memory leak in the plugin-runner

104

** Bug fix: Fix memory leaks in the plymouth plugin

105

106

Version 1.7.16 (2017-08-20)

107

* Client

108

** Bug fix: ignore "resumedev" entries in initramfs' cryptroot file

109

** Bug fix in plymouth plugin: fix memory leak, avoid warning output

110

111

Version 1.7.15 (2017-02-23)

112

* Server

113

** Bug fix: Respect the mandos.conf "zeroconf" and "restore" options

114

* Client

115

** Bug fix in mandos-keygen: Handle backslashes in passphrases

116

117

Version 1.7.14 (2017-01-25)

118

* Server

119

** Use "Requisite" instead of "RequisiteOverridable" in systemd

120

service file.

121

122

Version 1.7.13 (2016-10-08)

123

* Client

124

** Minor bug fix: Don't ask for passphrase or fail when generating

125

keys using GnuPG 2.1 in a chrooted environment.

126

127

Version 1.7.12 (2016-10-05)

128

* Client

129

** Bug fix: Don't crash after exit() when using DH parameters file

130

131

Version 1.7.11 (2016-10-01)

132

* Client

133

** Security fix: Don't compile with AddressSanitizer

134

* Server

135

** Bug fix: Find GnuTLS library when gnutls28-dev is not installed

136

** Bug fix: Include "Expires" and "Last Checker Status" in mandos-ctl

137

verbose output

138

** New option for mandos-ctl: --dump-json

139

140

Version 1.7.10 (2016-06-23)

141

* Client

142

** Security fix: restrict permissions of /etc/mandos/plugin-helpers

143

* Server

144

** Bug fix: Make the --interface flag work with Python 2.7 when "cc"

145

is not installed

146

147

Version 1.7.9 (2016-06-22)

148

* Client

149

** Do not include intro(8mandos) man page

150

151

Version 1.7.8 (2016-06-21)

152

* Client

153

** Include intro(8mandos) man page

154

** mandos-keygen: Use ECDSA SSH keys by default

155

** Bug fix: Work with GnuPG 2 when booting (Debian bug #819982)

156

by copying /usr/bin/gpg-agent into initramfs

157

* Server

158

** Bug fix: Work with GnuPG 2 (don't use --no-use-agent option)

159

** Bug fix: Make the --interface option work when using Python 2.7

160

by trying harder to find SO_BINDTODEVICE

161

162

Version 1.7.7 (2016-03-19)

163

* Client

164

** Fix bug in Plymouth client, broken since 1.7.2

165

166

Version 1.7.6 (2016-03-13)

167

* Server

168

** Fix bug where stopping server would time out

169

** Make server runnable with Python 3

170

171

Version 1.7.5 (2016-03-08)

172

* Server

173

** Fix security restrictions in systemd service file.

174

** Work around bug where stopping server would time out

175

176

Version 1.7.4 (2016-03-05)

177

* Client

178

** Bug fix: Tolerate errors from configure_networking (Debian Bug

179

#816513)

180

** Compilation: Only use sanitizing options which work with the

181

compiler used when building. This should fix compilation with GCC

182

4.9 on mips, mipsel, and s390x.

183

* Server

184

** Add extra security restrictions in systemd service file.

185

186

Version 1.7.3 (2016-02-29)

187

* Client

188

** Bug fix: Remove new type of keyring directory user by GnuPG 2.1.

Older »