=== modified file 'DBUS-API' --- DBUS-API 2016-02-28 14:22:10 +0000 +++ DBUS-API 2017-02-23 19:11:11 +0000 @@ -130,8 +130,8 @@ * Copyright - Copyright © 2010-2016 Teddy Hogeborn - Copyright © 2010-2016 Björn Påhlsson + Copyright © 2010-2017 Teddy Hogeborn + Copyright © 2010-2017 Björn Påhlsson ** License: === modified file 'TODO' --- TODO 2016-07-03 03:32:28 +0000 +++ TODO 2017-02-22 21:45:35 +0000 @@ -119,5 +119,16 @@ * [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]] +* TODO Use raw public keys (RFC 7250) for TLS communications :2: +** Support for this is planned for GnuTLS version 3.6 + https://gitlab.com/gnutls/gnutls/issues/26 +** Rationale +*** The client key is used both for communication and encryption + Using raw keys in GnuTLS instead uses separate keys for + communication and password decryption. +*** GnuTLS 3.5.9 has deprecated the OpenPGP functions + The functions are still available, but deprecated: + https://gitlab.com/gnutls/gnutls/issues/102 + #+STARTUP: showall === modified file 'debian/copyright' --- debian/copyright 2016-03-23 07:11:22 +0000 +++ debian/copyright 2017-02-23 19:11:11 +0000 @@ -4,8 +4,8 @@ Source: Files: * -Copyright: Copyright © 2008-2016 Teddy Hogeborn - Copyright © 2008-2016 Björn Påhlsson +Copyright: Copyright © 2008-2017 Teddy Hogeborn + Copyright © 2008-2017 Björn Påhlsson License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as === modified file 'debian/mandos.lintian-overrides' --- debian/mandos.lintian-overrides 2008-10-01 15:29:01 +0000 +++ debian/mandos.lintian-overrides 2017-02-21 18:23:54 +0000 @@ -2,3 +2,4 @@ # it, so it must be kept unreadable for non-root users. # mandos binary: non-standard-file-perm etc/mandos/clients.conf 0600 != 0644 +mandos: init.d-script-needs-depends-on-lsb-base etc/init.d/mandos (line 49) === modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2016-06-21 19:13:11 +0000 +++ initramfs-tools-hook 2017-02-21 22:15:43 +0000 @@ -142,7 +142,7 @@ for conf in /etc/initramfs-tools/conf.d/*; do if [ -n `basename \"$conf\" | grep '^[[:alnum:]][[:alnum:]\._-]*$' \ | grep -v '\.dpkg-.*$'` ]; then - [ -f ${conf} ] && . ${conf} + [ -f "${conf}" ] && . "${conf}" fi done export DEVICE @@ -157,7 +157,7 @@ if [ -x "$hook" ]; then # Copy any files needed by the network hook MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \ - VERBOSITY=0 "$hook" files | while read file target; do + VERBOSITY=0 "$hook" files | while read -r file target; do if [ ! -e "${file}" ]; then echo "WARNING: file ${file} not found, requested by Mandos network hook '${hook##*/}'" >&2 fi @@ -169,10 +169,8 @@ done # Copy and load any modules needed by the network hook MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \ - VERBOSITY=0 "$hook" modules | while read module; do - if [ -z "${target}" ]; then - force_load "$module" - fi + VERBOSITY=0 "$hook" modules | while read -r module; do + force_load "$module" done fi done === modified file 'initramfs-tools-script' --- initramfs-tools-script 2016-03-02 16:45:38 +0000 +++ initramfs-tools-script 2017-02-21 21:42:08 +0000 @@ -57,7 +57,7 @@ # Get DEVICE from /conf/initramfs.conf and other files . /conf/initramfs.conf for conf in /conf/conf.d/*; do - [ -f ${conf} ] && . ${conf} + [ -f "${conf}" ] && . "${conf}" done if [ -e /conf/param.conf ]; then . /conf/param.conf @@ -115,7 +115,7 @@ # parse /conf/conf.d/cryptroot. Format: # target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz exec 3>/conf/conf.d/cryptroot.mandos -while read options; do +while read -r options; do newopts="" # Split option line on commas old_ifs="$IFS" === modified file 'intro.xml' --- intro.xml 2016-11-26 23:21:16 +0000 +++ intro.xml 2017-02-23 19:11:11 +0000 @@ -1,7 +1,7 @@ + %common; ]> @@ -36,6 +36,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos' --- mandos 2017-01-25 19:38:31 +0000 +++ mandos 2017-02-23 19:11:11 +0000 @@ -11,8 +11,8 @@ # "AvahiService" class, and some lines in "main". # # Everything else is -# Copyright © 2008-2016 Teddy Hogeborn -# Copyright © 2008-2016 Björn Påhlsson +# Copyright © 2008-2017 Teddy Hogeborn +# Copyright © 2008-2017 Björn Påhlsson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -2883,7 +2883,8 @@ # Convert the SafeConfigParser object to a dict server_settings = server_config.defaults() # Use the appropriate methods on the non-string config options - for option in ("debug", "use_dbus", "use_ipv6", "foreground"): + for option in ("debug", "use_dbus", "use_ipv6", "restore", + "foreground", "zeroconf"): server_settings[option] = server_config.getboolean("DEFAULT", option) if server_settings["port"]: === modified file 'mandos-clients.conf.xml' --- mandos-clients.conf.xml 2016-06-23 19:19:33 +0000 +++ mandos-clients.conf.xml 2017-02-23 19:11:11 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/clients.conf"> - + %common; ]> @@ -41,6 +41,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos-ctl' --- mandos-ctl 2017-01-25 19:38:31 +0000 +++ mandos-ctl 2017-02-23 19:11:11 +0000 @@ -3,8 +3,8 @@ # # Mandos Monitor - Control and monitor the Mandos server # -# Copyright © 2008-2016 Teddy Hogeborn -# Copyright © 2008-2016 Björn Påhlsson +# Copyright © 2008-2017 Teddy Hogeborn +# Copyright © 2008-2017 Björn Påhlsson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by === modified file 'mandos-ctl.xml' --- mandos-ctl.xml 2016-06-27 20:21:50 +0000 +++ mandos-ctl.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -38,6 +38,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos-keygen' --- mandos-keygen 2017-01-25 19:38:31 +0000 +++ mandos-keygen 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ # # Mandos key generator - create a new OpenPGP key for a Mandos client # -# Copyright © 2008-2016 Teddy Hogeborn -# Copyright © 2008-2016 Björn Påhlsson +# Copyright © 2008-2017 Teddy Hogeborn +# Copyright © 2008-2017 Björn Påhlsson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -326,10 +326,10 @@ else tty --quiet && stty -echo echo -n "Enter passphrase: " >/dev/tty - read first + read -r first tty --quiet && echo >&2 echo -n "Repeat passphrase: " >/dev/tty - read second + read -r second if tty --quiet; then echo >&2 stty echo === modified file 'mandos-keygen.xml' --- mandos-keygen.xml 2016-03-05 21:42:56 +0000 +++ mandos-keygen.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos-monitor' --- mandos-monitor 2017-01-25 19:38:31 +0000 +++ mandos-monitor 2017-02-23 19:11:11 +0000 @@ -3,8 +3,8 @@ # # Mandos Monitor - Control and monitor the Mandos server # -# Copyright © 2009-2016 Teddy Hogeborn -# Copyright © 2009-2016 Björn Påhlsson +# Copyright © 2009-2017 Teddy Hogeborn +# Copyright © 2009-2017 Björn Påhlsson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by === modified file 'mandos-monitor.xml' --- mandos-monitor.xml 2016-03-05 21:46:00 +0000 +++ mandos-monitor.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -38,6 +38,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos.conf.xml' --- mandos.conf.xml 2016-03-05 21:42:56 +0000 +++ mandos.conf.xml 2017-02-23 19:11:11 +0000 @@ -3,7 +3,7 @@ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ /etc/mandos/mandos.conf"> - + %common; ]> @@ -41,6 +41,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'mandos.xml' --- mandos.xml 2016-07-03 03:32:28 +0000 +++ mandos.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugin-helpers/mandos-client-iprouteadddel.c' --- plugin-helpers/mandos-client-iprouteadddel.c 2016-02-28 14:22:10 +0000 +++ plugin-helpers/mandos-client-iprouteadddel.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * iprouteadddel - Add or delete direct route to a local IP address * - * Copyright © 2015-2016 Teddy Hogeborn - * Copyright © 2015-2016 Björn Påhlsson + * Copyright © 2015-2017 Teddy Hogeborn + * Copyright © 2015-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugin-runner.c' --- plugin-runner.c 2016-12-12 18:25:02 +0000 +++ plugin-runner.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Mandos plugin runner - Run Mandos plugins * - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugin-runner.xml' --- plugin-runner.xml 2016-03-17 21:18:37 +0000 +++ plugin-runner.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/askpass-fifo.c' --- plugins.d/askpass-fifo.c 2016-02-28 14:22:10 +0000 +++ plugins.d/askpass-fifo.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Askpass-FIFO - Read a password from a FIFO and output it * - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugins.d/askpass-fifo.xml' --- plugins.d/askpass-fifo.xml 2016-03-05 21:42:56 +0000 +++ plugins.d/askpass-fifo.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2016-12-12 18:25:02 +0000 +++ plugins.d/mandos-client.c 2017-02-23 19:11:11 +0000 @@ -9,8 +9,8 @@ * "browse_callback", and parts of "main". * * Everything else is - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -1494,7 +1494,6 @@ return retval; } -__attribute__((nonnull)) static void resolve_callback(AvahiSServiceResolver *r, AvahiIfIndex interface, AvahiProtocol proto, === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2016-07-10 03:43:48 +0000 +++ plugins.d/mandos-client.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/password-prompt.c' --- plugins.d/password-prompt.c 2016-02-28 14:22:10 +0000 +++ plugins.d/password-prompt.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Password-prompt - Read a password from the terminal and print it * - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugins.d/password-prompt.xml' --- plugins.d/password-prompt.xml 2016-03-05 21:42:56 +0000 +++ plugins.d/password-prompt.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/plymouth.c' --- plugins.d/plymouth.c 2016-12-12 18:25:02 +0000 +++ plugins.d/plymouth.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Plymouth - Read a password from Plymouth and output it * - * Copyright © 2010-2016 Teddy Hogeborn - * Copyright © 2010-2016 Björn Påhlsson + * Copyright © 2010-2017 Teddy Hogeborn + * Copyright © 2010-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugins.d/plymouth.xml' --- plugins.d/plymouth.xml 2016-03-05 21:42:56 +0000 +++ plugins.d/plymouth.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -38,6 +38,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/splashy.c' --- plugins.d/splashy.c 2016-02-28 14:22:10 +0000 +++ plugins.d/splashy.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Splashy - Read a password from splashy and output it * - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugins.d/splashy.xml' --- plugins.d/splashy.xml 2016-03-05 21:42:56 +0000 +++ plugins.d/splashy.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson === modified file 'plugins.d/usplash.c' --- plugins.d/usplash.c 2016-02-28 14:22:10 +0000 +++ plugins.d/usplash.c 2017-02-23 19:11:11 +0000 @@ -2,8 +2,8 @@ /* * Usplash - Read a password from usplash and output it * - * Copyright © 2008-2016 Teddy Hogeborn - * Copyright © 2008-2016 Björn Påhlsson + * Copyright © 2008-2017 Teddy Hogeborn + * Copyright © 2008-2017 Björn Påhlsson * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as === modified file 'plugins.d/usplash.xml' --- plugins.d/usplash.xml 2016-03-05 21:42:56 +0000 +++ plugins.d/usplash.xml 2017-02-23 19:11:11 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -40,6 +40,7 @@ 2014 2015 2016 + 2017 Teddy Hogeborn Björn Påhlsson