/mandos/trunk : revision 237.4.40

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to NEWS

Committer: Teddy Hogeborn
Date: 2014-02-16 12:54:34 UTC
mfrom: (655 trunk)
mto: This revision was merged to the branch mainline in revision 656.
Revision ID: teddy@recompile.se-20140216125434-zll46tlbgvvl5wda

Merge from trunk.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

NEWS

This NEWS file records noteworthy changes, very tersely.

See the manual for detailed information.

Version 1.7.20 (2018-08-19)

* Client

** Fix: Adapt to the Debian cryptsetup package 2.0.3 or later.

Important: in that version or later, the plugins "askpass-fifo",

"password-prompt", and "plymouth" will no longer be run, since they

would conflict with what cryptsetup is doing. Other plugins, such

as mandos-client and any user-supplied plugins, will still run.

** Better error message if failing to decrypt secret data

** Check for (and report) any key import failure from GPGME

** Better error message if self-signature verification fails

** Set system clock if not set; required by GnuPG for key import

** When debugging plugin-runner, it will now show starting plugins

Version 1.7.19 (2018-02-22)

* Client

** Do not print "unlink(...): No such file or directory".

** Bug fixes: Fix file descriptor leaks.

** Bug fix: Don't use leak sanitizer with leaking libraries.

Version 1.7.18 (2018-02-12)

* Client

** Bug fix: Revert faulty fix for a nonexistent bug in the

plugin-runner

Version 1.7.17 (2018-02-10)

* Client

** Bug fix: Fix a memory leak in the plugin-runner

** Bug fix: Fix memory leaks in the plymouth plugin

Version 1.7.16 (2017-08-20)

* Client

** Bug fix: ignore "resumedev" entries in initramfs' cryptroot file

** Bug fix in plymouth plugin: fix memory leak, avoid warning output

Version 1.7.15 (2017-02-23)

* Server

** Bug fix: Respect the mandos.conf "zeroconf" and "restore" options

* Client

** Bug fix in mandos-keygen: Handle backslashes in passphrases

Version 1.7.14 (2017-01-25)

* Server

** Use "Requisite" instead of "RequisiteOverridable" in systemd

service file.

Version 1.7.13 (2016-10-08)

* Client

** Minor bug fix: Don't ask for passphrase or fail when generating

keys using GnuPG 2.1 in a chrooted environment.

Version 1.7.12 (2016-10-05)

* Client

** Bug fix: Don't crash after exit() when using DH parameters file

Version 1.7.11 (2016-10-01)

* Client

** Security fix: Don't compile with AddressSanitizer

* Server

** Bug fix: Find GnuTLS library when gnutls28-dev is not installed

** Bug fix: Include "Expires" and "Last Checker Status" in mandos-ctl

verbose output

** New option for mandos-ctl: --dump-json

Version 1.7.10 (2016-06-23)

* Client

** Security fix: restrict permissions of /etc/mandos/plugin-helpers

* Server

** Bug fix: Make the --interface flag work with Python 2.7 when "cc"

is not installed

Version 1.7.9 (2016-06-22)

* Client

** Do not include intro(8mandos) man page

Version 1.7.8 (2016-06-21)

* Client

** Include intro(8mandos) man page

** mandos-keygen: Use ECDSA SSH keys by default

** Bug fix: Work with GnuPG 2 when booting (Debian bug #819982)

by copying /usr/bin/gpg-agent into initramfs

* Server

** Bug fix: Work with GnuPG 2 (don't use --no-use-agent option)

** Bug fix: Make the --interface option work when using Python 2.7

by trying harder to find SO_BINDTODEVICE

Version 1.7.7 (2016-03-19)

* Client

** Fix bug in Plymouth client, broken since 1.7.2

Version 1.7.6 (2016-03-13)

* Server

** Fix bug where stopping server would time out

** Make server runnable with Python 3

Version 1.7.5 (2016-03-08)

* Server

100

** Fix security restrictions in systemd service file.

101

** Work around bug where stopping server would time out

102

103

Version 1.7.4 (2016-03-05)

104

* Client

105

** Bug fix: Tolerate errors from configure_networking (Debian Bug

106

#816513)

107

** Compilation: Only use sanitizing options which work with the

108

compiler used when building. This should fix compilation with GCC

109

4.9 on mips, mipsel, and s390x.

110

* Server

111

** Add extra security restrictions in systemd service file.

112

113

Version 1.7.3 (2016-02-29)

114

* Client

115

** Bug fix: Remove new type of keyring directory user by GnuPG 2.1.

116

** Bug fix: Remove "nonnull" attribute from a function argument, which

117

would otherwise generate a spurious runtime warning.

118

119

Version 1.7.2 (2016-02-28)

120

* Server

121

** Stop using python-gnutls library; it was not updated to GnuTLS 3.3.

122

** Bug fix: Only send D-Bus signal ClientRemoved if using D-Bus.

123

** Use GnuPG 2 if available.

124

* Client

125

** Compile with various sanitizing flags.

126

127

Version 1.7.1 (2015-10-24)

128

* Client

129

** Bug fix: Can now really find Mandos server even if the server has

130

an IPv6 address on a network other than the one which the Mandos

131

server is on.

132

133

Version 1.7.0 (2015-08-10)

134

* Server

135

** Bug fix: Handle local Zeroconf service name collisions better.

136

** Bug fix: Finally fix "ERROR: Child process vanished" bug.

137

** Bug fix: Fix systemd service file to start server correctly.

138

** Bug fix: Be compatible with old 2048-bit DSA keys.

139

** The D-Bus API now provides the standard D-Bus ObjectManager

140

interface, and deprecates older functionality. See the DBUS-API

141

file for the currently recommended API. Note: the original API

142

still works, but is deprecated.

143

* Client

144

** Can now find Mandos server even if the server has an IPv6 address

145

on a network without IPv6 Router Advertisment (like if the Mandos

146

client itself is the router, or there is an IPv6 router advertising

147

a network other than the one which the Mandos server is on.)

148

** Use a better value than 1024 for the default number of DH bits.

149

This better value is either provided by a DH parameters file (see

150

below) or an appropriate number of DH bits is determined based on

151

the PGP key.

152

** Bug fix: mandos-keygen now generates correct output for the

153

"Checker" variable even if the SSH server on the Mandos client has

154

multiple SSH key types.

155

** Can now use pre-generated Diffie-Hellman parameters from a file.

156

157

Version 1.6.9 (2014-10-05)

158

* Server

159

** Changed to emit standard D-Bus signal when D-Bus properties change.

160

(The old signal is still emitted too, but marked as deprecated.)

161

162

Version 1.6.8 (2014-08-06)

163

* Client

164

** Bug fix: mandos-keygen now generates working SSH checker commands.

165

* Server

166

** Bug fix: "mandos-monitor" now really redraws screen on Ctrl-L.

167

** Now requires Python 2.7.

168

169

Version 1.6.7 (2014-07-17)

170

* Client

171

** Bug fix: Now compatible with GPGME 1.5.0.

172

** Bug fix: Fixed minor memory leaks.

173

* Server

174

** "mandos-monitor" now has verbose logging, toggleable with "v".

175

176

Version 1.6.6 (2014-07-13)

177

* Client

178

** If client host has an SSH server, "mandos-keygen --password" now

179

outputs "checker" option which uses "ssh-keyscan"; this is more

180

secure than the default "fping" checker.

181

** Bug fix: allow "." in network hook names, to match documentation.

182

** Better error messages.

183

* Server

184

** New --no-zeroconf option.

185

** Bug fix: Fix --servicename option, broken since 1.6.4.

186

** Bug fix: Fix --socket option work for --socket=0.

187

188

Version 1.6.5 (2014-05-11)

189

* Client

190

** Work around bug in GnuPG <http://bugs.g10code.com/gnupg/issue1622>

191

** Give better error messages when run without sufficient privileges

192

** Only warn if workaround for Debian bug #633582 was necessary and

193

failed, not if it failed and was unnecessary.

194

195

Version 1.6.4 (2014-02-16)

196

* Server

197

** Very minor fix to self-test code.

198

199

Version 1.6.3 (2014-01-21)

200

* Server

201

** Add systemd support.

Older »