X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=7790d5bf08802185ce2141e60ea7204133a91867;hb=f1c4e343de9fe9a9ef708d7e3a149e30e3f6d52c;hp=9fb108889367f71eab7696d50bdcdb6653f396c9;hpb=c127301d2b22d7415b11306aa3ecc72722549378;p=mirror%2Fuserdir-ldap.git

diff --git a/debian/changelog b/debian/changelog
index 9fb1088..7790d5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,143 @@
 userdir-ldap (0.3.XX) unstable; urgency=low
 
+  * Update template/welcome-message-800 to match the actual template used
+    on db.debian.org.
+
+ -- Peter Palfrader <weasel@debian.org>  Sun, 23 Nov 2008 14:20:10 +0100
+
+userdir-ldap (0.3.50) unstable; urgency=low
+
+  * ud-generate: Support $gid@$host supplementary group entries for users.
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 15 Nov 2008 11:20:09 +0100
+
+userdir-ldap (0.3.49) unstable; urgency=low
+
+  * ud-replicate: Only link ssh-rsa-shadow to var/lib/misc/$host and etc/ssh
+    if it exists.  Else remove the symlink.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 14 Nov 2008 23:14:58 +0100
+
+userdir-ldap (0.3.48) unstable; urgency=low
+
+  * ud-generate: Remove support for single ssh key shadow file.
+  * ud-generate: Make ssh key tarballs the default.
+  * ud-generate: Move ssh tarball generation into its own function.
+    Currently it's part of the main loop.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 14 Nov 2008 23:04:21 +0100
+
+userdir-ldap (0.3.47) unstable; urgency=low
+
+  * Fix a typo on ud-mailgate.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 14 Nov 2008 20:40:19 +0100
+
+userdir-ldap (0.3.46) unstable; urgency=low
+
+  * Change the hmac that protect sudopassword entries to also
+    hash the purpose ("sudo") and the owning user's uid into
+    the mac.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 14 Nov 2008 20:27:38 +0100
+
+userdir-ldap (0.3.45) unstable; urgency=low
+
+  * ud-generate: Declare [UNTRSUTED] flag as obsolete.
+  * ud-generate: Add [NOMARKERS] flag to not push markers (gps coordinates) to host.
+  * ud-replicate: Use --delete-after with rsync.  Previously we didn't delete
+    stuff ever.
+  * ud-replicate: Sync only ssh_known_hosts into chroots, not ssh*.
+  * ud-replicate: Clean up better, correcting some mistakes done by earlier
+    versions.
+
+ -- Peter Palfrader <weasel@debian.org>  Sun, 26 Oct 2008 22:31:46 +0100
+
+userdir-ldap (0.3.44) unstable; urgency=low
+
+  * ud-mailgate: Do not support del requests for sshDSAAuthKey - there is no
+    such attribute.
+  * ud-generate: do not export sudopassword to untrusted or nopasswd hosts,
+    unless the password is explicitly added for this host and not just for '*'.
+
+ -- Peter Palfrader <weasel@debian.org>  Fri, 03 Oct 2008 13:23:22 +0200
+
+userdir-ldap (0.3.43) unstable; urgency=low
+
+  * FQHNs sometimes, well always, include dots.
+
+ -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 15:07:21 +0200
+
+userdir-ldap (0.3.42) unstable; urgency=low
+
+  * Export all accounts into sudo-passwd, even if they
+    do not have a sudo password set.  Set their password to '*' then.
+    etc/pam.d/sudo should look like this then:
+      auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
+      auth required pam_unix.so nullok_secure try_first_pass
+      @include common-account
+
+ -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 14:30:41 +0200
+
+userdir-ldap (0.3.41) unstable; urgency=low
+
+  * ud-generate: lower casing the sudopasswd ldap entry prior to parsing
+    and verifying it was a bad idea.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 19:26:14 +0200
+
+userdir-ldap (0.3.40) unstable; urgency=low
+
+  * Reading the hmac key only once is too troublesome.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 01:12:23 +0200
+
+userdir-ldap (0.3.39) unstable; urgency=low
+
+  * Lowercasing hashed sudo passwords in ud-mailgate not considered smart.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 00:40:13 +0200
+
+userdir-ldap (0.3.38) unstable; urgency=low
+
+  * Fix order of some calls so stuff works again.
+  * And import pwd and os and the hmac crowed in userdir_ldap.py.
+  * Using the right variable name will also help.
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 15 Sep 2008 00:18:37 +0200
+
+userdir-ldap (0.3.37) unstable; urgency=low
+
+  * ud-mailgate: Do not commit any changes if one of the requests is invalid
+    or could not be parsed or caused an error or anything.
+  * Add sudoPassword to schema, and the slapd.conf/ACL snippet
+    A sudoPassword entry in LDAP has the form of
+      "<uuid> unconfirmed <hostlist> <cryptedpassword>", or
+      "<uuid> confirmed:<hmac_sha1("password-is-confirmed:<uuid>:<hosts>:<cryptedpass>")> <hostlist> <cryptedpassword>"
+  * ud-mailgate: Implement confirmation of sudoPassword field:
+      A confirmationation is of the form
+      "confirm sudopassword <uuid> <hostlist> <hmac_sha1("confirm-new-password:<uuid>:<hosts>:<cryptedpass>")>"
+  * ud-generate: generate a sudo passwd file
+
+ -- Peter Palfrader <weasel@debian.org>  Sun, 14 Sep 2008 23:45:36 +0200
+
+userdir-ldap (0.3.36) unstable; urgency=low
+
+  * Aha.  Error is not some magic variable or exception, it's a
+    normal string that needs defining when we use it.
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 19 Jul 2008 21:35:39 +0200
+
+userdir-ldap (0.3.35) unstable; urgency=low
+
+  * Check if a key has encryption capabilities and fail saying so when
+    trying to encrypt stuff (like passwords) to users.  All this does is
+    give nicer error messages, it previously failed with just "gpg failed".
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 19 Jul 2008 16:17:13 +0200
+
+userdir-ldap (0.3.34) unstable; urgency=low
+
   * ud-info: fix changing of DD status/DD status comment -
     we were missing prompt information so we got a backtrace.
   * ud-info: Warn when we don't have a prompt string for
@@ -9,8 +147,10 @@ userdir-ldap (0.3.XX) unstable; urgency=low
   * userdir_gpg.py
     - do not use SIGEXPIRED, it's deprecated
     - use EXPKEYSIG to tell if a signature is made by an expired key.
+    - Check that the primary key is not expired, even if we get a
+      GOODSIG status from gnupg.  Based on patch by Jeremy T. Bouse.
 
- -- Peter Palfrader <weasel@debian.org>  Tue, 08 Jul 2008 14:17:57 +0200
+ -- Peter Palfrader <weasel@debian.org>  Tue, 08 Jul 2008 14:33:08 +0200
 
 userdir-ldap (0.3.33) unstable; urgency=low