X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=debian%2Fchangelog;h=40b62b29f9a292614c03335091fe3066d1483647;hb=db4d3ed0c8fe4f287da7bfe13f041dff5892fed5;hp=6b2f8fc5f4e3a6b087268f5f528292593b8f7ead;hpb=b0f8e57cce2bf0ab7a693ffac1ab1cc62f59b13c;p=mirror%2Fuserdir-ldap-cgi.git

diff --git a/debian/changelog b/debian/changelog
index 6b2f8fc..40b62b2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,34 @@
-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.40) UNRELEASED; urgency=medium
+
+  [ Peter Palfrader ]
+  * Add dependency on libcrypt-cbc-perl.
+  * Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
+  * Use $config{sslcafile} instead of hardcoding the path to the SSL CA
+    in Util.pm.
+
+  [ Paul Wise ]
+  * ravel is no longer recommended for general shell usage
+  * Add a hint about how to merge existing SSH keys
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:56:47 +0100
+
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
 
   [ Peter Palfrader ]
   * Fix changelog entries.  The previos "UNRELEASED" version
     was actually released.
   * Use new CA root cert in Util.pm.
+  * Fix a XSS reported in
+    https://trac.torproject.org/projects/tor/ticket/14037
+  * Fix horrible use of crypto primitives.
+  * Add HMAC authentication to authtoken.
+  * Verify that the uid passed as a get parameters matches the
+    one stored in authtoken.
 
   [ Hector Oron ]
   * machines.cgi: add description field, more informative.
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 21 Dec 2014 10:13:44 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:30:18 +0100
 
 userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low