Recent Releases
1.8.1824 Nov 2024 22:19
minor bugfix:
Bug fix release, some fixes to Debian packaging issues, and also some other minor issues.
1.8.1712 Sep 2024 18:30
minor bugfix:
Bug fix release, mostly fixes Debian packaging issues, but also some other minor issues, and some more documentation.
1.8.1608 Feb 2023 01:37
major bugfix:
Bug fix release, fixes a bug in the server where it would randomly run some checkers much too frequently.
1.8.1525 Apr 2022 20:08
documentation:
Minor release, fixes a bug in mandos-keygen which would interpret backslashes as backslash escapes.
1.8.1403 Feb 2021 10:34
documentation:
Minor release, add a workaround for a change in udev when initramfs-tools is used in the initial RAM disk image.
1.8.1330 Nov 2020 18:43
documentation:
Minor release, fixes an unreliable test in tests of password-agent(8mandos) program.
1.8.1204 Jul 2020 13:38
documentation:
Minor release, fixes compatibility with the GNU C Library version 2.31, and may help with an issue reported with Ubuntu 19.10.
1.8.1108 Apr 2020 19:14
documentation:
Minor release, fixes a minor but important bug.
1.8.1021 Mar 2020 18:39
documentation:
Minor release, fixes some minor bugs. Adds easier modification of server options when using systemd and client options when using systemd and dracut.
1.8.903 Sep 2019 19:57
documentation:
Very minor release, mostly to improve Debian packaging. Also move to use Python 3 by default.
1.8.818 Aug 2019 20:31
documentation:
Very minor release, mostly to improve Debian packaging.
1.8.705 Aug 2019 21:40
documentation:
Documentation improvements, and a minor compilation flag change (enable LFS).
1.8.603 Aug 2019 13:41
minor bugfix:
Minor bug fixes: Fix memory alignment issue on some architectures. Ignore deleted and moved question files when using dracut(8) with systemd(1).
1.8.530 Jul 2019 19:27
major feature:
Major feature: dracut(8) support. Also minor bug fixes: The server can now successfully restart when the "port" option is used, and does not leave any zombie processes while running. The client also gets a minor bug fix in the mandos-keygen --passfile option; it can now read file with names starting with "-".
1.8.409 Apr 2019 20:36
minor bugfix:
Fix of minor memory leak, and fix in Debian packaging to not conflict with the "dropbear-initramfs" package.
1.8.311 Feb 2019 06:46
minor feature:
Minor fix to packaging dependencies, and elimination of some compiler warnings.
1.8.210 Feb 2019 10:58
minor bugfix:
Minor bug fix to packaging, and in client's mandos-keygen, ignore failures to remove files in some cases.
1.8.110 Feb 2019 09:37
major bugfix:
TLS key generation only worked when using GnuTLS 3.6.6; fix this by only generating keys if this is the case.
1.8.010 Feb 2019 05:44
major feature:
Now supports systems having GnuTLS 3.6.6 or later by using TLS "raw public keys" (RFC 7250).
1.7.1922 Feb 2018 20:33
minor bugfix:
Client bug fix: Avoid LeakSanitizer message and error by not using LeakSanitizer for the binary using libraries which leak memory.
1.7.1812 Feb 2018 18:06
minor bugfix:
Client bug fix: Revert faulty fix for a nonexistent bug in the plugin-runner.
1.7.1710 Feb 2018 22:06
minor bugfix:
Client bug fix: Fix memory leaks in password-prompt and the plymouth plugin.
1.7.1620 Aug 2017 20:11
minor bugfix:
Client bug fix: Fix memory leak in password-prompt to eliminate ugly warnings when plymouth is installed. Client bug fix: Ignore "resumedev" entries in initramfs' cryptroot file.
1.7.1523 Feb 2017 21:13
minor bugfix:
Server Bug fix: Respect the mandos.conf "zeroconf" and "restore" options. Client bug fix in "mandos-keygen": Handle backslashes in passphrases.
1.7.1425 Jan 2017 20:24
minor bugfix:
Server Minor Bug fix: Don't use deprecated directive name in systemd service file.
1.7.1308 Oct 2016 06:27
minor bugfix:
Client Minor Bug fix: Don't ask for passphrase or fail when generating keys using GnuPG 2.1 in a chrooted environment.
1.7.1205 Oct 2016 20:57
major bugfix:
Client Bug fix: Don't crash after exit() when using DH parameters file
1.7.1101 Oct 2016 15:25
minor bugfix:
Client Security fix: Don't compile with AddressSanitizer.
Server Bug fix: Find GnuTLS library when gnutls28-dev is not installed. Server Bug Fix: Include "Expires" and "Last Checker Status" in mandos-ctl verbose output. Server New Feature: New option for mandos-ctl: --dump-json
1.7.1023 Jun 2016 21:10
minor bugfix:
Client security fix: restrict permissions of /etc/mandos/plugin-helpers directory (by default empty). Server bug fix: Make the --interface flag work with Python 2.7 when "cc" is not installed
1.7.922 Jun 2016 09:07
minor bugfix:
Client bug fix: Do not include intro(8mandos) man page which conflicts with the same one from the server package.
1.7.821 Jun 2016 20:47
minor bugfix:
Client bug fix: Work with GnuPG 2 when booting (Debian bug #819982) by copying /usr/bin/gpg-agent into initramfs. Server bug fix: Make the --interface option work when using Python 2.7 by trying harder to find SO_BINDTODEVICE.
1.7.719 Mar 2016 22:26
minor bugfix:
Bug fix: Fix bug in Plymouth password prompting plugin, bug present since 1.2, but only recently broken since the introduction of the -fsanitize=address compilation flag in version 1.7.2.
1.7.613 Mar 2016 22:45
minor bugfix:
Bug fix: Fix bug where stopping server would time out. Also make server program compatible with Python 3.
1.7.508 Mar 2016 00:55
minor bugfix:
Bug fix: Fix security restrictions in systemd service file.
Work around bug where stopping server would time out.
1.7.405 Mar 2016 22:42
minor bugfix:
Bug fix: Fix compilation on mips, mipsel and s390x. On boot, tolerate errors from the external "configure_networking" shell function. Add extra security restrictions in systemd service file.
1.7.329 Feb 2016 22:50
minor bugfix:
Bug fix: Remove new type of keyring directory used by GnuPG 2.1. Bug fix: Remove "nonnull" attribute from a function argument, which would otherwise generate a spurious runtime warning.
1.7.228 Feb 2016 16:17
minor bugfix:
Bug fix: Don't try to send D-Bus signal ClientRemoved if not using D-Bus. Also stop using Python-GnuTLS library and instead call the GnuTLS library directly.
1.7.124 Oct 2015 18:33
minor bugfix:
Bug fix: Can now really find Mandos server even if the server has an IPv6 address on a network other than the one which the Mandos server is on.
1.7.010 Aug 2015 21:22
minor feature:
Server bugs fixed: Handle local Zeroconf service name
collisions better, the "ERROR: Child process vanished" bug,
start server correctly in systemd, be compatible with old
2048-bit DSA keys.
Server features: The D-Bus API now provides the standard
D-Bus ObjectManager interface (deprecating older
functionality).
Client bug fixed: mandos-keygen now generates correct
output for the "Checker" variable even if the SSH server on
the Mandos client has multiple SSH key types.
Client features: Can now find Mandos server even if the
server has an IPv6 address on a network without IPv6 Router
Advertisment, now uses a better value than 1024 for the
default number of DH bits, can now use pre-generated
Diffie-Hellman parameters from a file.
1.6.926 Oct 2014 15:23
minor feature:
Server: Changed to emit standard D-Bus signal when D-Bus properties change. (The old signal is still emitted too, but marked as deprecated.)