Version 1.7.0 of Mandos is released
Teddy Hogeborn
teddy at recompile.se
Mon Aug 10 23:15:28 CEST 2015
Version 1.7.0 of Mandos is released. It contains both significant bug
fixes as well as important new features.
Version 1.7.0 (2015-08-10)
* Server
** Bug fix: Handle local Zeroconf service name collisions better.
** Bug fix: Finally fix "ERROR: Child process vanished" bug.
** Bug fix: Fix systemd service file to start server correctly.
** Bug fix: Be compatible with old 2048-bit DSA keys.
** The D-Bus API now provides the standard D-Bus ObjectManager
interface, and deprecates older functionality. See the DBUS-API
file for the currently recommended API. Note: the original API
still works, but is deprecated.
* Client
** Can now find Mandos server even if the server has an IPv6 address
on a network without IPv6 Router Advertisment (like if the Mandos
client itself is the router, or there is an IPv6 router advertising
a network other than the one which the Mandos server is on.)
** Use a better value than 1024 for the default number of DH bits.
This better value is either provided by a DH parameters file (see
below) or an appropriate number of DH bits is determined based on
the PGP key.
** Bug fix: mandos-keygen now generates correct output for the
"Checker" variable even if the SSH server on the Mandos client has
multiple SSH key types.
** Can now use pre-generated Diffie-Hellman parameters from a file.
About the D-Bus API, Deprecation and a possible Mandos 2.0:
It is getting very cumbersome to support the old deprecated D-Bus API in
the code, and we will likely release a Mandos 2.0 with an all-new D-Bus
API. This new API will likely be very similar, but not completely
identical, to the currently documented API (in the DBUS-API file), so
make sure to use that API to ease porting your code to the 2.0 API.
Debian package changes:
* debian/control (Standards-Version): Updated to "3.9.6".
(Build-Depends): Add "libnl-route-3-dev".
(Package: mandos-client/Recommends): Added "gnutls-bin | openssl" for
the generating of DH parameters.
* debian/mandos-client.README.Debian: Update example command line to use
new MANDOSPLUGINHELPERDIR environment variable. Also document the new
dhparams.pem file.
* debian/mandos-client.postinst: Create DH parameters file.
* debian/mandos.prerm: Don't run init script, use only invoke-rc.d.
* debian/mandos-client.postinst: Don't use absolute paths to commands.
* debian/mandos-client.postrm: Don't use absolute paths to commands.
Also remove dhparams.pem file.
* debian/copyright (Copyright): Update copyright year.
* Upstream changed systemd service file to implicitly be of
"Type=dbus". (Closes: #786845)
Note: The Debian package by default uses the new DH parameters file
functionality and creates such a file on installation on clients.
(As usual, Teddy has uploaded the package directly to Debian unstable.)
/Teddy Hogeborn & Björn Påhlsson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20150810/0842cba7/attachment.sig>
More information about the Mandos-Dev
mailing list