/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/changelog

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

debian/changelog

mandos (1.8.0-1) unstable; urgency=medium

* New upstream release.

* Fix "(tries to) use GnuTLS OpenPGP support" by using raw public keys

when available (Closes: #879538)

* Fix "mandos : Depends: libgnutls30 (< 3.6.0) but 3.6.5-2 is to be

installed" by now also allowing GnuTLS >= 3.6.6 (Closes: #916673)

* debian/control (Standards-Version): Update to "4.3.0".

(Package: mandos-client/Depends): Change from "cryptsetup" to

"cryptsetup (<< 2:2.0.3-1) | cryptsetup-initramfs". Add "debconf (>=

1.5.5) | debconf-2.0".

(Source: mandos/Build-Depends): Also allow libgnutls30 (>= 3.6.6).

(Package: mandos/Depends): - '' - and add debconf (>= 1.5.5) |

debconf-2.0".

(Package: mandos/Description): Alter description to match new design.

(Package: mandos-client/Description): - '' -

(Package: mandos-client/Depends): Move "gnutls-bin | openssl" to here

from "Recommends".

* debian/mandos-client.README.Debian: Add --tls-privkey and --tls-pubkey

options to test command.

* debian/mandos-client.postinst (create_key): Renamed to "create_keys"

- all callers changed - and also create TLS key files. Show notice if

new TLS key files were created.

* debian/mandos-client.postrm (purge): Also remove TLS key files.

* debian/mandos-client.lintian-overrides: Override warnings.

* debian/mandos-client.templates: New.

* debian/mandos.lintian-overrides: Override warnings.

* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is

detected, show an important notice (once) about the new key_id option

required in clients.conf.

* debian/mandos.templates: New.

* debian/copyright: Update copyright year to 2019.

-- Teddy Hogeborn <teddy@recompile.se> Sun, 10 Feb 2019 05:52:49 +0100

mandos (1.7.20-1) unstable; urgency=medium

* New upstream release.

* Fix "[tethys] mandos-client: Mandos client fails while booting but

works from chroot into unpacked initramfs" by setting system clock if

necessary (Closes: #894495)

* Fix "initramfs boot script assumes internal cryptsetup implementation

details and is now broken" by only using documented

interfaces (Closes: #904899)

* debian/mandos-client.dirs: Add

"usr/share/initramfs-tools/scripts/local-premount" and

"usr/share/initramfs-tools/conf.d", and remove

"usr/share/initramfs-tools/conf-hooks.d".

* debian/control (mandos-client/Depends): Add "(>= 0.99)" to dependency

on "initramfs-tools".

* debian/control (Source: mandos/Rules-Requires-Root): New; set to

"binary-targets".

(Standards-Version): Update to "4.2.0".

-- Teddy Hogeborn <teddy@recompile.se> Sun, 19 Aug 2018 22:14:04 +0200

mandos (1.7.19-1) unstable; urgency=medium

* New upstream release.

* Fix "fails with "LeakSanitizer has encountered a fatal error"" by not

using LeakSanitizer in affected binary (Closes: #886595)

-- Teddy Hogeborn <teddy@recompile.se> Thu, 22 Feb 2018 19:47:59 +0100

mandos (1.7.18-1) unstable; urgency=medium

* New upstream release.

-- Teddy Hogeborn <teddy@recompile.se> Mon, 12 Feb 2018 16:00:11 +0100

mandos (1.7.17-1) unstable; urgency=medium

* New upstream release.

* Fix "fails with "LeakSanitizer has encountered a fatal error""

by fixing memory leak in plugin-runner (Closes: #886595)

* debian/control (Build-Depends): Also depend on "libgnutls28-dev (<<

3.6.0) | libgnutls30 (<< 3.6.0)".

(Package: mandos/Depends): - '' -

* debian/compat: Change to "10".

* debian/watch (version): Change to "4".

(opts/pgpsigurlmangle): Remove.

(opts/pgpmode): New; set to "auto".

(URL): Change to "https://ftp.recompile.se/pub/@PACKAGE@/@PACKAGE@

@ANY_VERSION@(?:\.orig)?@ARCHIVE_EXT@".

* debian/copyright: Update copyright year to 2018.

* debian/rules: Support the "noopt" and "parallel" DEB_BUILD_OPTIONS.

(override_dh_fixperms-arch): Use the DEB_HOST_MULTIARCH

variable directly instead of shelling out to "dpkg-architecture".

* debian/control (Standards-Version): Update to "4.1.3".

(Build-Depends): Change version of debhelper dependency to ">= 10".

* debian/mandos.lintian-overrides

(init.d-script-needs-depends-on-lsb-base): Change line number to "46".

-- Teddy Hogeborn <teddy@recompile.se> Sat, 10 Feb 2018 19:09:50 +0100

mandos (1.7.16-1) unstable; urgency=medium

* New upstream release.

* debian/copyright (License): Use program name explicitly.

100

(Format): Use https in URL.

101

* debian/control (Priority): Change from "extra" to "optional".

102

(Standards-Version): Update to "4.0.1".

103

104

-- Teddy Hogeborn <teddy@recompile.se> Sun, 20 Aug 2017 21:05:26 +0200

105

106

mandos (1.7.15-1) unstable; urgency=medium

107

108

* New upstream release.

109

* Upstream release fixes "Seems not to be honoring zeroconf option at

110

mandos.conf" (Closes: #855589)

111

* debian/mandos.lintian-overrides (mandos): Add new line

112

"init.d-script-needs-depends-on-lsb-base etc/init.d/mandos (line 49)".

113

* debian/copyright: Update copyright year to 2017.

114

115

-- Teddy Hogeborn <teddy@recompile.se> Thu, 23 Feb 2017 21:29:36 +0100

116

117

mandos (1.7.14-1) unstable; urgency=medium

118

119

* New upstream release.

120

* debian/mandos-client.postinst (create_key): Stop GPG agent after

121

running mandos-keygen.

122

* debian/control (Package: mandos/Depends): Add "systemd-sysv | lsb-base

123

(>= 3.0-6)", change "gnupg" to "gnupg2 | gnupg", and change

124

"libgpgme11-dev" to "libgpgme-dev | libgpgme11-dev".

125

126

-- Teddy Hogeborn <teddy@recompile.se> Wed, 25 Jan 2017 20:36:03 +0100

127

128

mandos (1.7.13-1) unstable; urgency=medium

129

130

* New upstream release.

131

* Fix "fails to install noninteractively" by using the "%no-protection"

132

statement in the GnuPG batch parameter file. (Closes: #840001)

133

134

-- Teddy Hogeborn <teddy@recompile.se> Sat, 08 Oct 2016 06:31:07 +0200

135

136

mandos (1.7.12-1) unstable; urgency=medium

137

138

* New upstream release.

139

140

-- Teddy Hogeborn <teddy@recompile.se> Wed, 05 Oct 2016 22:06:55 +0200

141

142

mandos (1.7.11-1) unstable; urgency=high

143

144

* New upstream release.

145

* debian/control (Source: mandos/Vcs-Bzr): Change to use HTTPS.

146

(Vcs-Browser): - '' -

147

148

-- Teddy Hogeborn <teddy@recompile.se> Sat, 01 Oct 2016 16:20:48 +0200

149

150

mandos (1.7.10-1) unstable; urgency=high

151

152

* New upstream release.

153

* debian/rules (override_dh_fixperms-arch): Also exclude

154

"etc/mandos/plugin-helpers" from changes by dh_fixperms.

155

* debian/mandos-client.postinst: Fix the permissions of

156

"/etc/mandos/plugin-helpers" for those systems which had a fresh

157

install of an older version.

158

159

-- Teddy Hogeborn <teddy@recompile.se> Thu, 23 Jun 2016 22:00:29 +0200

160

161

mandos (1.7.9-1) unstable; urgency=medium

162

163

* New upstream release.

164

165

-- Teddy Hogeborn <teddy@recompile.se> Wed, 22 Jun 2016 07:30:12 +0200

166

167

mandos (1.7.8-1) unstable; urgency=medium

168

169

* New upstream release.

170

* Fix "bad gpgme_op_decrypt: GPGME: Decryption failed." by copying

171

/usr/bin/gpg-agent into initramfs (Closes: #819982)

172

* debian/control (Homepage): Change URL to use HTTPS.

173

(Standards-Version): Update to 3.9.8.

174

* debian/copyright (Source): Change URL to HTTPS.

175

* debian/mandos-client.README.Debian: Change wording to match updated

176

capabilities.

177

178

-- Teddy Hogeborn <teddy@recompile.se> Tue, 21 Jun 2016 21:36:10 +0200

179

180

mandos (1.7.7-1) unstable; urgency=medium

181

182

* New upstream release.

183

* debian/mandos-client.postinst (configure): If older version, fix

184

permissions on plugin helper directory. Also fix permissions on

185

plugin helper local override directory (/etc/mandos/plugin-helpers),

186

but only if not listed by "dpkg-statoverride".

187

* debian/rules (override_dh_fixperms-arch): Exclude plugin helper

188

directory from dh_fixperms.

189

* debian/mandos.postinst (configure): Fix state directory permissions,

190

but only if not listed by "dpkg-statoverride".

191

* debian/mandos-client.lintian-overrides: Do not warn about permissions

192

on plugin helper directory.

193

* debian/mandos.dirs (usr/lib/tmpfiles.d): Added.

194

195

-- Teddy Hogeborn <teddy@recompile.se> Sat, 19 Mar 2016 22:58:49 +0100

196

197

mandos (1.7.6-1) unstable; urgency=medium

198

199

* New upstream release.

200

* debian/control (Source: mandos/Build-Depends-Indep): Remove

201

"python-avahi".

202

(Source: mandos/Build-Depends-Indep): Change "python-gi |

203

python-gobject" to "python-gi"; i.e. remove "python-gobject".

204

205

-- Teddy Hogeborn <teddy@recompile.se> Sun, 13 Mar 2016 22:58:23 +0100

206

207

mandos (1.7.5-1) unstable; urgency=high

208

209

* New upstream release.

210

* debian/mandos.postinst (configure): If old version was 1.7.4-1 or

211

1.7.4-1~bpo8+1, fix situation where clients.pickle file is owned by

212

root.

213

214

-- Teddy Hogeborn <teddy@recompile.se> Tue, 08 Mar 2016 01:09:55 +0100

215

216

mandos (1.7.4-1) unstable; urgency=medium

217

218

* New upstream release.

219

* initramfs-tools-script: Fix "Call to configure_network in initramfs

220

script broken due to set -e" by surrounding call by "set +x" and "set

221

-e" (Closes: #816513)

222

* debian/control: (Source: mandos/Build-Depends-Indep): Change

223

"python-gobject | python-gi" to "python-gi | python-gobject"

224

(Package: mandos/Depends): - '' -

225

226

-- Teddy Hogeborn <teddy@recompile.se> Sat, 05 Mar 2016 23:10:07 +0100

227

228

mandos (1.7.3-1) unstable; urgency=medium

229

230

* New upstream release.

231

232

-- Teddy Hogeborn <teddy@recompile.se> Mon, 29 Feb 2016 22:26:38 +0100

233

234

mandos (1.7.2-1) unstable; urgency=medium

235

236

* New upstream release.

237

* Fix "Uses unneeded and obsolete version specific python packages"

238

by removing version-specific dependencies (Closes: #811159)

239

* debian/control (Source: mandos/Build-Depends): Add (>= 3.3.0) to

240

"libgnutls28-dev" and "gnutls-dev".

241

(Source: mandos/Build-Depends-Indep): Remove "python2.7-gnutls",

242

"python2.7", "python2.7-dbus", "python2.7-avahi", and

243

"python2.7-gobject"; replace with "python (>= 2.7), python (<< 3)",

244

"python-dbus", "python-avahi", "python-gobject | python-gi".

245

(Package: mandos/Depends): Remove "python-gnutls" and

246

"python2.7-gnutls", add "libgnutls28-dev (>= 3.3.0) | libgnutls30 (>=

247

3.3.0)". Add "python (<< 3)". Remove "python2.7-dbus",

248

"python2.7-avahi", "python2.7-gobject", and "python2.7-urwid".

249

Replace "python-gobject" with "python-gobject | python-gi" and "gnupg

250

(<< 2)" with "gnupg".

251

(Package: mandos-client/Depends): Replace

252

"gnupg (<< 2)" with "gnupg".

253

(Source: mandos/Standards-Version): Change to 3.9.7.

254

* debian/copyright (Copyright): Update copyright year.

255

256

-- Teddy Hogeborn <teddy@recompile.se> Sun, 28 Feb 2016 16:09:01 +0100

257

258

mandos (1.7.1-2) unstable; urgency=medium

259

260

* debian/control (Package: mandos/Depends): Fix "Please drop versioned

261

dependency on initscripts package" by removing initscripts dependency

262

(Closes: #804967)

263

* debian/rules (override_dh_fixperms) Fix "FTBFS when built with

264

dpkg-buildpackage -A (No such file or directory)" by splitting into

265

"override_dh_fixperms-arch" and "override_dh_fixperms-indep".

266

(Closes: #806073)

267

268

-- Teddy Hogeborn <teddy@recompile.se> Sat, 05 Dec 2015 02:27:40 +0100

269

270

mandos (1.7.1-1) unstable; urgency=medium

271

272

* New upstream release.

273

274

-- Teddy Hogeborn <teddy@recompile.se> Sat, 24 Oct 2015 19:43:40 +0200

275

276

mandos (1.7.0-1) unstable; urgency=medium

277

278

* New upstream release.

279

* debian/control (Standards-Version): Updated to "3.9.6".

280

(Build-Depends): Add "libnl-route-3-dev".

281

(Package: mandos-client/Recommends): Added "gnutls-bin | openssl" for

282

the generating of DH parameters.

283

* debian/mandos-client.README.Debian: Update example command line to use

284

new MANDOSPLUGINHELPERDIR environment variable. Also document the new

285

dhparams.pem file.

286

* debian/mandos-client.postinst: Create DH parameters file.

287

* debian/mandos.prerm: Don't run init script, use only invoke-rc.d.

288

* debian/mandos-client.postinst: Don't use absolute paths to commands.

289

* debian/mandos-client.postrm: Don't use absolute paths to commands.

290

Also remove dhparams.pem file.

291

* debian/copyright (Copyright): Update copyright year.

292

* Upstream changed systemd service file to implicitly be of

293

"Type=dbus". (Closes: #786845)

294

295

-- Teddy Hogeborn <teddy@recompile.se> Mon, 10 Aug 2015 22:00:29 +0200

296

297

mandos (1.6.9-1) unstable; urgency=medium

298

299

* New upstream release.

Older »