-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.40) UNRELEASED; urgency=medium
+
+ [ Peter Palfrader ]
+ * Add dependency on libcrypt-cbc-perl.
+ * Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
+ * Use $config{sslcafile} instead of hardcoding the path to the SSL CA
+ in Util.pm.
+
+ [ Paul Wise ]
+ * ravel is no longer recommended for general shell usage
+ * Add a hint about how to merge existing SSH keys
+ * Update LDAP search docs for the usergroups changes
+ * Drop SSH key fingerprint info from machines.cgi pages
+ * Give an example of the show command
+
+ [ Tollef Fog Heen ]
+ * Use a bit more modern perl in Util.pm, drop defined for an array check.
+ * Add debian/compat with level 10.
+ * Add missing Build-Depends for libhtml-parser-perl.
+ * New debhelper version installs in debian/$package, adjust debian/rules
+ appropriately.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 03 Jan 2015 13:56:47 +0100
+
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
[ Peter Palfrader ]
* Fix changelog entries. The previos "UNRELEASED" version
was actually released.
+ * Use new CA root cert in Util.pm.
+ * Fix a XSS reported in
+ https://trac.torproject.org/projects/tor/ticket/14037
+ * Fix horrible use of crypto primitives.
+ * Add HMAC authentication to authtoken.
+ * Verify that the uid passed as a get parameters matches the
+ one stored in authtoken.
[ Hector Oron ]
* machines.cgi: add description field, more informative.
- -- Peter Palfrader <weasel@debian.org> Sun, 21 Dec 2014 10:12:41 +0100
+ -- Peter Palfrader <weasel@debian.org> Sat, 03 Jan 2015 13:30:18 +0100
userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low