Version 1.8.16 of Mandos is released

Teddy Hogeborn teddy at recompile.se
Wed Feb 8 02:34:43 CET 2023 

Mandos 1.8.16 is released.  It is a bug fix release.  It fixes a
server-side bug introduced in 1.8.10.  The original intention was to
stagger the checker runs to lighten server load for servers running many
clients.  (A problem still remained where, on startup, the server would
run all checkers *once* at the same time; more on that later.)  But even
though the result was better, what the server actually (unintentionally)
did was to randomize the checker intervals at startup for each client,
and then never change them.  This can result in checkers sometimes
running *very* frequently for some clients.  A server restart randomized
the checker times again, and so would seemingly fix the problem.

First, thanks to Florian Coulmier <Florian.Coulmier at vadesecure.com> for
the original report of the necessity to stagger checker runs.  Lots of
thanks also goes to Louis Charreau <Louis.Charreau at vadesecure.com> who
found the problem with the implementation, and who proposed a patch
which both fixed the bug, and which removed the running of all checkers
at the same time once on server startup.  However, if checkers are not
run immediately on startup, we run the risk of the expire time being
reached before any checker is scheduled to run.  I have re-implemented
the ideas in the patch into a system which also should include the
correct setting of the expire time.

Version 1.8.16 (2023-02-08)
* Server
** Bug fix: Start client checkers after a random delay

Debian package changes:
* debian/rules (override_dh_fixperms-arch): Make sure dh_fixperms also
  is applied to the directory
  /usr/share/doc/mandos-client/examples/network-hooks.d (but still not
  to the files therein).
* debian/po/pt_BR.po: Add Brazilian Portuguese translation of the
  debconf template (Closes: #1026400).
* debian/po/fr.po: Add missing whitespace to the id and translation
  for msgid " key_id = <HEXSTRING>".
* debian/control (Standards-Version): Change to "4.6.2".

/Teddy Hogeborn & Björn Påhlsson

-- 
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20230208/4b05d092/attachment.sig>

More information about the Mandos-Dev mailing list