Version 1.7.0 of Mandos is released

Teddy Hogeborn teddy at recompile.se
Mon Aug 10 23:15:28 CEST 2015 

Version 1.7.0 of Mandos is released.  It contains both significant bug
fixes as well as important new features.

Version 1.7.0 (2015-08-10)
* Server
** Bug fix: Handle local Zeroconf service name collisions better.
** Bug fix: Finally fix "ERROR: Child process vanished" bug.
** Bug fix: Fix systemd service file to start server correctly.
** Bug fix: Be compatible with old 2048-bit DSA keys.
** The D-Bus API now provides the standard D-Bus ObjectManager
   interface, and deprecates older functionality.  See the DBUS-API
   file for the currently recommended API.  Note: the original API
   still works, but is deprecated.
* Client
** Can now find Mandos server even if the server has an IPv6 address
   on a network without IPv6 Router Advertisment (like if the Mandos
   client itself is the router, or there is an IPv6 router advertising
   a network other than the one which the Mandos server is on.)
** Use a better value than 1024 for the default number of DH bits.
   This better value is either provided by a DH parameters file (see
   below) or an appropriate number of DH bits is determined based on
   the PGP key.
** Bug fix: mandos-keygen now generates correct output for the
   "Checker" variable even if the SSH server on the Mandos client has
   multiple SSH key types.
** Can now use pre-generated Diffie-Hellman parameters from a file.

About the D-Bus API, Deprecation and a possible Mandos 2.0:

It is getting very cumbersome to support the old deprecated D-Bus API in
the code, and we will likely release a Mandos 2.0 with an all-new D-Bus
API.  This new API will likely be very similar, but not completely
identical, to the currently documented API (in the DBUS-API file), so
make sure to use that API to ease porting your code to the 2.0 API.

Debian package changes:

  * debian/control (Standards-Version): Updated to "3.9.6".
    (Build-Depends): Add "libnl-route-3-dev".
    (Package: mandos-client/Recommends): Added "gnutls-bin | openssl" for
    the generating of DH parameters.
  * debian/mandos-client.README.Debian: Update example command line to use
    new MANDOSPLUGINHELPERDIR environment variable.  Also document the new
    dhparams.pem file.
  * debian/mandos-client.postinst: Create DH parameters file.
  * debian/mandos.prerm: Don't run init script, use only invoke-rc.d.
  * debian/mandos-client.postinst: Don't use absolute paths to commands.
  * debian/mandos-client.postrm: Don't use absolute paths to commands.
    Also remove dhparams.pem file.
  * debian/copyright (Copyright): Update copyright year.
  * Upstream changed systemd service file to implicitly be of
    "Type=dbus". (Closes: #786845)

Note: The Debian package by default uses the new DH parameters file
functionality and creates such a file on installation on clients.

(As usual, Teddy has uploaded the package directly to Debian unstable.)

/Teddy Hogeborn & Björn Påhlsson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20150810/0842cba7/attachment.sig>

More information about the Mandos-Dev mailing list