X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=43d01282322e2174eefea7197399ebd8e4339f6d;hb=e9dc8e658380c666e2149d735c97a1116c71db08;hp=26510c0ba5735259ebfdc83782173cf0c691a53c;hpb=be971636d402d3a488109573c9f1ed1e63cea40c;p=mirror%2Fuserdir-ldap.git

diff --git a/debian/changelog b/debian/changelog
index 26510c0..43d0128 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,318 @@
-userdir-ldap (0.3.XX) unstable; urgency=low
+userdir-ldap (0.3.78) unstable; urgency=low
+
+  * Start refactoring ud-generate:
+    - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY
+      are set, use their respective value instead of the default.  This
+      makes it possible to run ud-generate as a non-privileged user for
+      testing purposes.
+    - Start wrapping ldap search results in classes. For now we have done
+      this with just an ldap account.
+    - Also got rid of the global PasswdAttrs variable.  Now functions
+      get the account list (now a list of Account classes instead of
+      ldap result array of tuples of hashes) passed to them like well-behaved
+      functions.
+  * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+    (we want group=..., not dn=...).
+  * Add ud-krb-reset, and make ud-mailgate call it when
+    receiving a mail at chpasswd@ saying
+    'Please change my Kerberos password'.
+  * ud-generate: Add an extra output file called all-users.json that
+    can be used on one of the AFS hosts to create afs users.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 13 Sep 2010 19:08:34 +0200
+
+userdir-ldap (0.3.77) unstable; urgency=low
+
+  [ Peter Palfrader ]
+  * ud-mailgate: Remove a global declaration after a variable has
+    already been assigned globally.
+  * ud-mailgate: We use the result of the pgp check for quite a long
+    time in the main program.  Give it its own variable instead of
+    using Res which was overwritten a bit later.  Also make a new
+    gpgcheck2 class that allows us to access the values of the gpg
+    signature check in a saner way.
+  * ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.
+  * Add ud-lock.
+  * Fix a typo in welcome-message-800 noticed by Tommi Vainikainen.
+  * Refactor the LDAP acls to be easier to manage.
+    Effective changes:
+    - Keyring Maintainers ldap group gets to write to the keyFingerPrint
+      attribute.
+    - sshrsaauthkey is no longer compareable by *.
+  * ud-generate: refuse to run as root.
+
+  [ Stephen Gran ]
+  * Add txt record support to ud-mailgate
+  * Clean up addition of identifying txt records to debian.net slightly
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 30 Jul 2010 19:46:48 +0200
+
+userdir-ldap (0.3.76) unstable; urgency=low
+
+  [ Peter Palfrader ]
+  * ud-generate: Export groups even if nobody has that group as a
+    supplementary group, as long as there are users that have it as a primary
+    group.
+  * ud-useradd: If we do not have a template for a specific group, use the
+    general purpose template file (welcome-message).
+  * ud-useradd: Fix usergroup support:
+    - Move ldap call to actually add the user to the right place,
+    - Properly compare strings and numbers.
+  * ud-useradd: Only ask for private subscription if this installation
+    has a debian-private like mailinglist whose membership is configured
+    by ud-ldap.  (defaults to true.)
+  * Fix welcome-message to be like welcome-message-800 and 60000 wrt
+    email headers
+  * ud-useradd: Properly encode realname in subjects and to header lines
+    regardless of which template is being used.
+  * ud-generate: move the regex that determines whether or not to include
+    a host in the dns-sshfp zone snippet (for SSHFP and A, AAAA and MX
+    records) to the config file.
+  * Include a host in DNS even if we do not have both ssh keys and an
+    arch for that host configured.
+
+  [ Stephen Gran ]
+  * Add patches from Helmut Grohne <helmut@subdivi.de>:
+    Allow ssh keys to be exported only to specific hosts by prefixing them
+    with allowed_hosts=[host1[,host2 ...]]] when adding them using
+    ud-mailgate.
+
+ -- Stephen Gran <sgran@debian.org>  Sat, 30 Jan 2010 13:33:40 +0000
+
+userdir-ldap (0.3.75) unstable; urgency=low
+
+  * Enable support for mailDefaultOptions
+  * Make a stab at really not exporting empty groups.
+
+ -- Stephen Gran <sgran@debian.org>  Mon, 16 Nov 2009 21:36:53 +0000
+
+userdir-ldap (0.3.74) unstable; urgency=low
+
+  [ Peter Palfrader ]
+  * ud-generate: Make sure we only add people in gid 800 to debian-private.
+    (DebianUsers was just a copy of PasswdAttrs.  So use PasswdAttrs in
+     all the places that currently use DebianUsers.  Make a filtered list
+     DebianDDUsers (accounts in gid 800), and use that for building the
+     debian-private subscription list.)
+  * welcome-message-60000: improve wording of a sentence.  Sometimes less
+    is more.
+
+  [ Stephen Gran ]
+  * Initial support for BATV token storage.
+  * generate a new file for mail forwards for users present on this machine
+
+ -- Stephen Gran <sgran@debian.org>  Sun, 15 Nov 2009 11:54:41 +0000
+
+userdir-ldap (0.3.73) unstable; urgency=low
+
+  * Add dnsTTL host attribute to override the zone default TTL
+    for A and AAAA records.  Also for MX, HINFO and SSHFP.
+
+ -- Peter Palfrader <weasel@debian.org>  Sun, 18 Oct 2009 12:38:51 +0200
+
+userdir-ldap (0.3.72) unstable; urgency=low
+
+  [ Peter Palfrader ]
+  * ud-useradd: Allow unsetting of middle names by entering a space.
+  * userdir-ldap.conf: Add debian-maintainers.gpg to keyrings and
+    sync_keyrings.
+  * ud-useradd: force gidNumber to be an int when we open the welcome
+    template (it can be different when we read it from input using -n).
+  * Tweak templates/welcome-message-60000.
+  * ud-generate: don't blow up when a host does not have IP-addresses.
+  * We autogenerate the authorized_keys files for sshdist on db-master.
+    It limits the hosts' ssh key to coming from their respective addresses.
+    Now we can add additional source addresses to accept for this since
+    not all hosts appear to come from their published address (or have
+    a published address for that matter).
+
+  [ Stephen Gran ]
+  * Make zone reloads work when ud-generate updates zone files
+
+ -- Stephen Gran <sgran@debian.org>  Mon, 05 Oct 2009 00:54:43 +0100
+
+userdir-ldap (0.3.71) unstable; urgency=low
+
+  * Enable autogeneration of DNS records for .d.o hosts
+
+ -- Stephen Gran <sgran@debian.org>  Sun, 23 Aug 2009 12:50:01 +0000
+
+userdir-ldap (0.3.70) unstable; urgency=low
+
+  * Enable autogeneration of sshdist's authorized_keys file
+
+ -- Stephen Gran <sgran@debian.org>  Sun, 09 Aug 2009 16:10:35 +0000
+
+userdir-ldap (0.3.69) unstable; urgency=low
+
+  * Make ud-host do allowedGroups, exportOptions.
+
+ -- Peter Palfrader <weasel@debian.org>  Thu, 23 Jul 2009 22:52:08 +0200
+
+userdir-ldap (0.3.68) unstable; urgency=low
+
+  * userdir-ldap.conf: localsyncon = "*draghi*"
+  * userdir-ldap-slapd.conf.in: database hdb
+  * schema: allowedGroups, exportOptions attribute for servers
+  * Move away from generate.conf and use the information provided in
+    the ldap.
+
+ -- Peter Palfrader <weasel@debian.org>  Thu, 23 Jul 2009 22:32:44 +0200
+
+userdir-ldap (0.3.67) unstable; urgency=low
+
+  [ Stephen Gran ]
+  * ud-replicate no longer uses localsyncon=*samosa*.
+  * ud-generate cleanup:
+    - general code tidy (whitespace, semi-colons, python idioms)
+    - loop cleanup, so that fewer redundant checks are done
+    - split groups up so mail is only handled for gid Debian
+    - Stop exporting information about retired developers
+    - Stop exporting locked accounts
+    - begin cleanup of use of string exceptions
+
+  [ Peter Palfrader ]
+  * .debian.net DNS creates BSMTP maps for MX 0 master in addition to gluck.
+  * .debian.net DNS no longer creates BSMTP maps for MX 0 gluck.
+  * Remove mailSpamOptOut ldap attribute - it isn't used anywhere.
+  * schema, ud-info, ud-mailgate, ud-generate: Add mailContentInspectionAction
+    attribute.  Possible values are reject, blackhole and markup.
+
+ -- Peter Palfrader <weasel@debian.org>  Tue, 14 Jul 2009 11:02:27 +0200
+
+userdir-ldap (0.3.66) unstable; urgency=low
+
+  * We would previously ignore purpose hosts for ssh known hosts purposes
+    if the service name would not start the purpose field.  Fix this.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 01 May 2009 17:10:05 +0200
+
+userdir-ldap (0.3.65) unstable; urgency=low
+
+  * userdir-ldap.conf: remove from default keyrings:
+    - /home/jgg/keys/extrakeys.gpg
+    - /home/jgg/keys/guest-keys.gpg
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 06 Apr 2009 01:40:37 +0200
+
+userdir-ldap (0.3.64) unstable; urgency=low
+
+  * userdir-ldap.conf: add keyring.pgp to default add_keyrings.
+  * userdir_gpg.py: add a ClearKeyrings().
+  * ud-gpgimport: work on add_keyrings if no keyrings are given on the
+    command line.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 06 Apr 2009 01:35:12 +0200
+
+userdir-ldap (0.3.63) unstable; urgency=low
+
+  * Print gpg's exit status when it fails.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 23 Mar 2009 12:39:27 +0100
+
+userdir-ldap (0.3.62) unstable; urgency=low
+
+  * ud-generate: do not die when building ssh_known_hosts
+    just because a host is not (yet) in DNS.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 20 Mar 2009 16:35:02 +0100
+
+userdir-ldap (0.3.61) unstable; urgency=low
+
+  * Gratuitous version increment
+
+ -- Stephen Gran <sgran@debian.org>  Sat, 28 Feb 2009 12:42:45 +0000
+
+userdir-ldap (0.3.60) unstable; urgency=low
+
+  * Stop using string exceptions in ud-mailgate.  We should probably stop
+    using them everywhere, but this one is causing bounces, so we'll deal with
+    it first.
+  * Create an exception generator to make it easy to create new types of 
+    exceptions.
+  * Actually install the new exceptions module
+
+ -- Stephen Gran <sgran@debian.org>  Sat, 28 Feb 2009 12:10:35 +0000
+
+userdir-ldap (0.3.59) unstable; urgency=low
+
+  * Role accounts may have dnsZoneEntry attributes.
+  * ud-generate: and export dns zones to the zonefile for roleaccounts.
+  * Remove a lie from welcome-message-60000 - not that it's the only one.
+  * Apply patch to welcome-message-800 provided by Sandro Tosi:
+    - some machines/services have been renamed
+    - point to http://wiki.debian.org/MigrateToDDAccount
+  * More tweaks on welcome-message-800.
+
+ -- Peter Palfrader <weasel@debian.org>  Wed, 07 Jan 2009 17:13:09 +0100
+
+userdir-ldap (0.3.58) unstable; urgency=low
+
+  * ud-info: Fix regression from r493: When we log in as admin user and modify
+    another user we got shown that other user but all changes would be made
+    against our own record.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 19 Dec 2008 09:25:20 +0100
+
+userdir-ldap (0.3.57) unstable; urgency=low
+
+  * In ud-mailgate use an empty envelope from when sending error messages.
+
+ -- Peter Palfrader <weasel@debian.org>  Thu, 18 Dec 2008 10:03:35 +0100
+
+userdir-ldap (0.3.56) unstable; urgency=low
+
+  * There is a deadlock situation when ud-mailgate gets a mail claiming
+    to be from itself:
+    - ud-mailgate opens and locks the replay cache
+    - verification of the mail fails for whatever reason
+    - a reply is sent (to itself)
+    - exim tries to deliver the mail by directly calling ud-mailgate
+    - ud-mailgate tries to acquire the lock -> deadlock
+    Fix this by changing when we open the replay cache, and unlock it
+    as soon as we are done.
+
+ -- Peter Palfrader <weasel@debian.org>  Wed, 17 Dec 2008 12:54:10 +0100
+
+userdir-ldap (0.3.55) unstable; urgency=low
+
+  [ Joey Schulze ]
+  * Adjust boolean value detection code to use upper case letters in the
+    end.  Enable it for all three boolean attributes.  Widen tabular
+    display by one character so the description fits again.
+  [ Martin Zobel-Helas ]
+  * Copy new mailSpamOptOut to debianDeveloper accounts as well 
+
+ -- Joey Schulze <joey@infodrom.org>  Sun, 14 Dec 2008 02:55:41 +0100
+
+userdir-ldap (0.3.54) unstable; urgency=low
+
+  [ Martin Zobel-Helas ]
+  * Add new attribute mailSpamOptOut to turn on/off spam filtering
+    entirely.
+  [ Joey Schulze ]
+  * Add support for this attribute in ud-info taking into account that
+    only boolean values are acceptable.
+  [ Thomas Viehmann ]
+  * ud-generate: Add IPv6 addresses to debianhosts.
+  * ud-info, userdir_ldap.py: remove function getpass and use the one 
+    from python standard library getpass.
+
+ -- Martin Zobel-Helas <zobel@debian.org>  Sun, 14 Dec 2008 02:22:55 +0100
+
+userdir-ldap (0.3.53) unstable; urgency=low
+
+  * Properly show shadowlastchange and mail disabled message when
+    locking an account, but not disabling email.  It was written to
+    ldap correctly, but we updated the data to display wrongly.
+  * Fix formatting of PGP fingerprints - the double space was always
+    one element too early.
+  * Do not call FinishConfirmSudopassword if we already decided to
+    not commit this change mail because of parse errors.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 08 Dec 2008 11:39:54 +0100
+
+userdir-ldap (0.3.52) unstable; urgency=low
 
   * Remove cruft comment.
   * Fix group does not exist warning (layout/spacing issues).
@@ -8,7 +322,7 @@ userdir-ldap (0.3.XX) unstable; urgency=low
     if a user is in a group for exporting them to a host in the
     first place.
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 23 Nov 2008 22:08:17 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sun, 23 Nov 2008 22:09:07 +0100
 
 userdir-ldap (0.3.51) unstable; urgency=low