-userdir-ldap (0.3.XXX) UNRELEASED; urgency=low
+userdir-ldap (0.3.97) UNRELEASED; urgency=medium
+
+ [ Peter Palfrader ]
+ * Make arbitrary attribute change work again.
+ This was broken by mistake during the pep8 cleanup.
+ * Fix ipv6 parsing. We would not properly handle empty blocks
+ (i.e. ::).
+
+ [ Adam D. Barratt ]
+ * ud-generate: actually fetch mailDefaultOptions from LDAP
+ * ud-generate: fix typoes in documentation
+ * ud-generate: make mail-default-options global rather than per-host
+
+ [ Julien Cristau ]
+ * ud-mailgate: don't let punycode through.
+ * ud-generate: use subprocess.Popen instead of os.popen in GenCDB.
+ * Use "not in" operator in various places ("foo not in bar" instead of "not
+ foo in bar").
+ * ud-mailgate: use subprocess.Popen instead of os.popen.
+ * Use "foo is None" instead of "foo == None".
+ * Use "foo is not None" instead of "foo != None".
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 06 Apr 2019 22:04:34 +0200
+
+userdir-ldap (0.3.96) unstable; urgency=medium
+
+ * And yet another ud-mailgate typo.
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 10 Feb 2019 12:31:07 +0100
+
+userdir-ldap (0.3.95) unstable; urgency=medium
+
+ * Fix more typos in ud-mailgate.
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 10 Feb 2019 12:12:31 +0100
+
+userdir-ldap (0.3.94) unstable; urgency=medium
+
+ * Fix typo in ud-mailgate.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 02 Jan 2019 19:13:52 +0100
+
+userdir-ldap (0.3.93) unstable; urgency=medium
+
+ [ Peter Palfrader ]
+ * Also export a host's SSHFP records to additional dns names
+ (sshfpHostname).
+ * UDLdap.py: more useful exception if our array assumptions are violated.
+ * ud-guest-upgrade: do not add but replace privateSub.
+ * Editorial edits to the salsa paragraph prepared by Joseph Herlant.
+ * ud-replicate: remove chroot support as we no longer use
+ historical dchroot.
+ * ud-replicate: move from lockfile(1) to flock.
+ * ud-replicate: manually remove __db.<foo>.db.t files before makedb calls.
+ * remove gender attribute from ud-ldap: How one identifies is not relevant
+ to their work in Debian.
+
+ [ Ansgar Burchardt ]
+ * ud-mailgate: include name of unknown host in error message
+
+ [ Joseph Herlant ]
+ * Change references from alioth to salsa in the DD welcome email
+ (Closes: #910057)
+
+ [ Tollef Fog Heen ]
+ * pep8-ify ud-mailgate, no functional changes.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 02 Jan 2019 19:08:53 +0100
+
+userdir-ldap (0.3.92) unstable; urgency=medium
+
+ [ Héctor Orón Martínez ]
+ * welcome-message-Debian: update SSL certificate authority info.
+
+ [ Julien Cristau ]
+ * Fix sigcheck pgp/mime processing with gnupg 2
+
+ -- Julien Cristau <jcristau@debian.org> Thu, 26 Oct 2017 20:29:10 +0200
+
+userdir-ldap (0.3.91) UNRELEASED; urgency=medium
+
+ [ Michael Stapelberg (merged by Luca Filipozzi) ]
+ * ud-mailgate: add support for colons in TXT records
+
+ -- Luca Filipozzi <lfilipoz@debian.org> Thu, 24 Jun 2017 09:49:00 -0700
+
+userdir-ldap (0.3.90) UNRELEASED; urgency=medium
+
+ [ Paul Wise ]
+ * Switch from /org to /srv
+
+ [ Peter Palfrader ]
+ * Replace RSA authentication with public-key authentication in welcome
+ messages.
+ * ud-generate: Do not create a global ssh-gitolite. Instead create
+ them per-host where needed so we can accomodate per-host ssh
+ authorized-keys.
+
+ [ Tollef Fog Heen ]
+ * Add totpSeed to LDAP schema.
+ * Add support for changing TOTP seed by mailing ud-mailgate.
+ * Fix ud-mailgate to handle the SHA256:$fingerprint output format that
+ stretch's ssh-keygen has switched to.
+
+ -- Paul Wise <pabs@debian.org> Sat, 17 Jun 2017 14:38:00 +0800
+
+userdir-ldap (0.3.89) unstable; urgency=medium
+
+ [ Julien Cristau ]
+ * Fix half-assed switch away from python-support.
+
+ [ Christoph Berg]
+ * Add option "use_mq" to allow disabling the use of mq_notify in ud-generate
+
+ -- Julien Cristau <jcristau@debian.org> Mon, 27 Mar 2017 14:03:00 +0200
+
+userdir-ldap (0.3.88) unstable; urgency=medium
+
+ [ Peter Palfrader ]
+ * ud-useradd: When looking for free UIDs/GIDs, also consider groups.
+
+ [ Julien Cristau ]
+ * Update Uploaders list.
+ * Use dh-python instead of python-support.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 26 Mar 2017 14:05:57 +0200
+
+userdir-ldap (0.3.87) unstable; urgency=medium
+
+ [ Peter Palfrader ]
+ * remove dnsZoneEntry from restricted attributes to match config on db.d.o
+ * ssh keys: Also accept ed25519 keys. RSA keys must be at least 2k.
+ * ud-useradd: now does usergroups by default.
+ * ud-guest-upgrade: add.
+ * ud-guest-extend: add
+ * ud-replicate: only install/reload RTC files when they have changed.
+ * ud-replicate: use persistent ssh connections.
+ * ud-generate: get RTC domain/realm from config file.
+
+ [ Paul Wise ]
+ * Update ud-ldapshow and cleanup cruft around the usergroups changes
+
+ [ Julien Cristau ]
+ * Replace dependency on perl5 with perl.
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 29 Jan 2017 12:14:50 +0100
+
+userdir-ldap (0.3.86) unstable; urgency=medium
+
+ * ud-generate: support ssh-ed25519 keys for SSHFP records.
+ * ud-replicated: only restore TERM if it was set before. If it wasn't leave
+ it at dumb.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 07 Dec 2014 16:25:22 +0100
+
+userdir-ldap (0.3.85) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * ud-generate:
+ + Correct thinkos
+ + notification is now the default
+
+ [ Peter Palfrader ]
+ * ud-mailgate:
+ - fix sudopassword confirm handling.
+ - sudopassword: allow dashes in hostnames.
+ * ud-generate: update gitolite authkeys generation
+ - skip ssh keys with non-local allowed_hosts
+ - skip all keys with other restrictions
+ - make including keys for hosts optional (on by default)
+ - support overriding the command we restrict to
+ - sudopassword: allow dashes in hostnames.
+ * ud-replicated:
+ - only use /var/run/log if it's a socket.
+ * High version number to supersede locally built, non-tracked versions.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 06 Dec 2014 09:59:12 +0100
+
+userdir-ldap (0.3.82) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * KFreeBSD uses a different syslog socket just because
+ * Change cron job to weekly
+
+ [ Peter Palfrader ]
+ * sigcheck: Import userdir_ldap so CheckLDAP() can find connectLDAP().
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 20 Jan 2014 23:18:17 +0100
+
+userdir-ldap (0.3.81) unstable; urgency=low
+
+ * Gratuitous version bump
+
+ -- Stephen Gran <sgran@debian.org> Sat, 18 Jan 2014 10:37:40 +0000
+
+userdir-ldap (0.3.80) unstable; urgency=low
[ Peter Palfrader ]
* some ud-echelon fixes,
- filter on shadowAccount.
- fix breaking old ud-generate locks.
* ud-mailgate: only run ldapmodfiy if we actually have attributes to modify.
- * ud-replicate: do not hard-code 'debian.org' in the 'write-zonefile
- debian.org' call, but instead re-use the domain from email-append.
+ * ud-replicate:
+ - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call,
+ but instead re-use the domain from email-append.
+ - now preserve server side modifcation times when rsyncing data.
+ * userdir_ldap.py: read auth password from environment if set.
+ * Introduce BaseBaseDN which is the real base dn. BaseDN itself
+ has historically been used as the root of the user tree.
+ * Allow a set of users to be ignored for picking UIDs.
+ * When picking uid/gid numbers try to pick the same number for both.
+ * Merge from torproject.org:
+ - Allow sshRSAAuthKey for role accounts.
+ - Support ssh key attributes for gitolite export.
+ - Add ssh-gitolite support.
+ * debianGroups may have cn attribute (helpful when putting samba stuff into
+ ldap).
+ * ud-mailgate: Do not try to do an ldap modify with no changes - now show
+ command to changes@ should work again.
+ * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t.
+ * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime()
+ functions.
+ * ud-generate: Add -f option to build even if cache is current.
+ * ud-generate: Move main code into a ud_generate()
+ * ud-generate: speed improvements:
+ - cut down on calls to IsInGroup by doing it once in generate_host()
+ and not having the individual generators run it.
+ o side effect: Up until now we exported empty groups to a host, if
+ that group had a user with that group as their primary group - even
+ if that particular user was not exported to this this. No we no
+ longer export empty groups.
+ - speed up ssh tarball generation: No longer write indidividual user's ssh
+ authorized_keys to disk, only to read them later. Directly create a
+ TarInfo object without referring to any on-disk files.
+ - get rid of global state variable CurrentHost. This will enable upcoming
+ changes.
+ - UDLdap.py: make a cache for __getitem__() decisions.
+ - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff,
+ so doing it here just costs a lot.
+ * ud-generate: Use a flock() lock instead of python's lockfile class.
+ * ud-generate: The ssh authorized_keys file for the sshdist user now wraps
+ the rsync call in an flock wrapper that acquires a shared lock on
+ ud-generate's lock. This prevents syncing while ud-generate runs.
+ * ud-lock: support supplying a status to set instead of 'retiring'.
+ * ud-generate: Also rebuild if one of our keyrings has changed, even if
+ ldap has not.
+ * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
+ End with 'by * none'.
+ * ud-generate: Allow more than one email address in userForward. Quite
+ useful for role accounts.
+ * ud-generate: Support writing gitolite config for just one user-group.
+ * ud-generate: Support MX remapping.
+ * ud-generate: Fix ipv6 check.
+ * ud-generate: Fix unix mtime triggers.
[ Stephen Gran ]
* Fix deprecation warnings for sha module by using hashlib module instead
* ud-fingerserv: update Net::LDAP import
+ * Implement audit logging for ldap
+ * stop running ud-generate if nothing has changed, based on audit logs
+ * Change to trigger based replication
- -- Peter Palfrader <weasel@debian.org> Thu, 29 Dec 2011 21:54:54 +0100
+ [ Martin Zobel-Helas ]
+ * ud-generate: generate webPasswords
+ * ud-generate: generate voipPasswords
+ * ud-replicate: set correct permissions for web-passwords
+ * ud-replicate: set correct permissions for voip-passwords
+ * add freecdb to depends
+ * userdir-ldap.schema
+ - add webPasswords
+ - add mailPreserveSuffixSeperator
+ - add voipPasswords
+
+ [ Tollef Fog Heen ]
+ * Export SSH host keys for gitolite, subject to a regex filter.
+
+ [ Luca Filipozzi ]
+ * rename voipPassword to rtcPassword in schema
+ * update code to match
+
+ -- Luca Filipozzi <lfilipoz@emyr.net> Thu, 16 Jan 2014 22:52:47 +0000
userdir-ldap (0.3.79) unstable; urgency=low