X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=b26f4bb47136ed3a378ac9abf0d59ee5ef7a36c3;hb=696f436ea7a32dd31d9361647d118403743c26ff;hp=765fe936e2bc35a7527188e322b01a8701bad5aa;hpb=5e52a3fd9e74da122f66e2ea2330be547c37b72a;p=mirror%2Fuserdir-ldap.git diff --git a/debian/changelog b/debian/changelog index 765fe93..b26f4bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,381 @@ -userdir-ldap (0.3.XX) Xnstable; urgency=low +userdir-ldap (0.3.64) unstable; urgency=low + + * userdir-ldap.conf: add keyring.pgp to default add_keyrings. + * userdir_gpg.py: add a ClearKeyrings(). + * ud-gpgimport: work on add_keyrings if no keyrings are given on the + command line. + + -- Peter Palfrader Mon, 06 Apr 2009 01:35:12 +0200 + +userdir-ldap (0.3.63) unstable; urgency=low + + * Print gpg's exit status when it fails. + + -- Peter Palfrader Mon, 23 Mar 2009 12:39:27 +0100 + +userdir-ldap (0.3.62) unstable; urgency=low + + * ud-generate: do not die when building ssh_known_hosts + just because a host is not (yet) in DNS. + + -- Peter Palfrader Fri, 20 Mar 2009 16:35:02 +0100 + +userdir-ldap (0.3.61) unstable; urgency=low + + * Gratuitous version increment + + -- Stephen Gran Sat, 28 Feb 2009 12:42:45 +0000 + +userdir-ldap (0.3.60) unstable; urgency=low + + * Stop using string exceptions in ud-mailgate. We should probably stop + using them everywhere, but this one is causing bounces, so we'll deal with + it first. + * Create an exception generator to make it easy to create new types of + exceptions. + * Actually install the new exceptions module + + -- Stephen Gran Sat, 28 Feb 2009 12:10:35 +0000 + +userdir-ldap (0.3.59) unstable; urgency=low + + * Role accounts may have dnsZoneEntry attributes. + * ud-generate: and export dns zones to the zonefile for roleaccounts. + * Remove a lie from welcome-message-60000 - not that it's the only one. + * Apply patch to welcome-message-800 provided by Sandro Tosi: + - some machines/services have been renamed + - point to http://wiki.debian.org/MigrateToDDAccount + * More tweaks on welcome-message-800. + + -- Peter Palfrader Wed, 07 Jan 2009 17:13:09 +0100 + +userdir-ldap (0.3.58) unstable; urgency=low + + * ud-info: Fix regression from r493: When we log in as admin user and modify + another user we got shown that other user but all changes would be made + against our own record. + + -- Peter Palfrader Fri, 19 Dec 2008 09:25:20 +0100 + +userdir-ldap (0.3.57) unstable; urgency=low + + * In ud-mailgate use an empty envelope from when sending error messages. + + -- Peter Palfrader Thu, 18 Dec 2008 10:03:35 +0100 + +userdir-ldap (0.3.56) unstable; urgency=low + + * There is a deadlock situation when ud-mailgate gets a mail claiming + to be from itself: + - ud-mailgate opens and locks the replay cache + - verification of the mail fails for whatever reason + - a reply is sent (to itself) + - exim tries to deliver the mail by directly calling ud-mailgate + - ud-mailgate tries to acquire the lock -> deadlock + Fix this by changing when we open the replay cache, and unlock it + as soon as we are done. + + -- Peter Palfrader Wed, 17 Dec 2008 12:54:10 +0100 + +userdir-ldap (0.3.55) unstable; urgency=low + + [ Joey Schulze ] + * Adjust boolean value detection code to use upper case letters in the + end. Enable it for all three boolean attributes. Widen tabular + display by one character so the description fits again. + [ Martin Zobel-Helas ] + * Copy new mailSpamOptOut to debianDeveloper accounts as well + + -- Joey Schulze Sun, 14 Dec 2008 02:55:41 +0100 + +userdir-ldap (0.3.54) unstable; urgency=low + + [ Martin Zobel-Helas ] + * Add new attribute mailSpamOptOut to turn on/off spam filtering + entirely. + [ Joey Schulze ] + * Add support for this attribute in ud-info taking into account that + only boolean values are acceptable. + [ Thomas Viehmann ] + * ud-generate: Add IPv6 addresses to debianhosts. + * ud-info, userdir_ldap.py: remove function getpass and use the one + from python standard library getpass. + + -- Martin Zobel-Helas Sun, 14 Dec 2008 02:22:55 +0100 + +userdir-ldap (0.3.53) unstable; urgency=low + + * Properly show shadowlastchange and mail disabled message when + locking an account, but not disabling email. It was written to + ldap correctly, but we updated the data to display wrongly. + * Fix formatting of PGP fingerprints - the double space was always + one element too early. + * Do not call FinishConfirmSudopassword if we already decided to + not commit this change mail because of parse errors. + + -- Peter Palfrader Mon, 08 Dec 2008 11:39:54 +0100 + +userdir-ldap (0.3.52) unstable; urgency=low + + * Remove cruft comment. + * Fix group does not exist warning (layout/spacing issues). + * call addGroups with the proper number of arguments, when doing so + recursively. + * Also do the subgroups/transitive stuff dance when considering + if a user is in a group for exporting them to a host in the + first place. + + -- Peter Palfrader Sun, 23 Nov 2008 22:09:07 +0100 + +userdir-ldap (0.3.51) unstable; urgency=low + + * Update template/welcome-message-800 to match the actual template used + on db.debian.org. + * Add subgroup support: A group can now have subgroups. This means + that if a user is a member of a group he also becomes a member of + all its subgroups. E.g. members of a wb-all group will automatically + be members of wb-i386, wb-arm, wb-mips, etc. [Luk Claes] + * Extend that support so that subgroups work on a per host basis too, + so that for instance the debbugs group can be in group + maillog@rietz.debian.org. + * Add hostnames from the host purpose field to the ssh_known_hosts + file [Thomas Viehmann]. + + -- Peter Palfrader Sun, 23 Nov 2008 21:22:58 +0100 + +userdir-ldap (0.3.50) unstable; urgency=low + + * ud-generate: Support $gid@$host supplementary group entries for users. + + -- Peter Palfrader Sat, 15 Nov 2008 11:20:09 +0100 + +userdir-ldap (0.3.49) unstable; urgency=low + + * ud-replicate: Only link ssh-rsa-shadow to var/lib/misc/$host and etc/ssh + if it exists. Else remove the symlink. + + -- Peter Palfrader Fri, 14 Nov 2008 23:14:58 +0100 + +userdir-ldap (0.3.48) unstable; urgency=low + + * ud-generate: Remove support for single ssh key shadow file. + * ud-generate: Make ssh key tarballs the default. + * ud-generate: Move ssh tarball generation into its own function. + Currently it's part of the main loop. + + -- Peter Palfrader Fri, 14 Nov 2008 23:04:21 +0100 + +userdir-ldap (0.3.47) unstable; urgency=low + + * Fix a typo on ud-mailgate. + + -- Peter Palfrader Fri, 14 Nov 2008 20:40:19 +0100 + +userdir-ldap (0.3.46) unstable; urgency=low + + * Change the hmac that protect sudopassword entries to also + hash the purpose ("sudo") and the owning user's uid into + the mac. + + -- Peter Palfrader Fri, 14 Nov 2008 20:27:38 +0100 + +userdir-ldap (0.3.45) unstable; urgency=low + + * ud-generate: Declare [UNTRSUTED] flag as obsolete. + * ud-generate: Add [NOMARKERS] flag to not push markers (gps coordinates) to host. + * ud-replicate: Use --delete-after with rsync. Previously we didn't delete + stuff ever. + * ud-replicate: Sync only ssh_known_hosts into chroots, not ssh*. + * ud-replicate: Clean up better, correcting some mistakes done by earlier + versions. + + -- Peter Palfrader Sun, 26 Oct 2008 22:31:46 +0100 + +userdir-ldap (0.3.44) unstable; urgency=low + + * ud-mailgate: Do not support del requests for sshDSAAuthKey - there is no + such attribute. + * ud-generate: do not export sudopassword to untrusted or nopasswd hosts, + unless the password is explicitly added for this host and not just for '*'. + + -- Peter Palfrader Fri, 03 Oct 2008 13:23:22 +0200 + +userdir-ldap (0.3.43) unstable; urgency=low + + * FQHNs sometimes, well always, include dots. + + -- Peter Palfrader Tue, 16 Sep 2008 15:07:21 +0200 + +userdir-ldap (0.3.42) unstable; urgency=low + + * Export all accounts into sudo-passwd, even if they + do not have a sudo password set. Set their password to '*' then. + etc/pam.d/sudo should look like this then: + auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd + auth required pam_unix.so nullok_secure try_first_pass + @include common-account + + -- Peter Palfrader Tue, 16 Sep 2008 14:30:41 +0200 + +userdir-ldap (0.3.41) unstable; urgency=low + + * ud-generate: lower casing the sudopasswd ldap entry prior to parsing + and verifying it was a bad idea. + + -- Peter Palfrader Mon, 15 Sep 2008 19:26:14 +0200 + +userdir-ldap (0.3.40) unstable; urgency=low + + * Reading the hmac key only once is too troublesome. + + -- Peter Palfrader Mon, 15 Sep 2008 01:12:23 +0200 + +userdir-ldap (0.3.39) unstable; urgency=low + + * Lowercasing hashed sudo passwords in ud-mailgate not considered smart. + + -- Peter Palfrader Mon, 15 Sep 2008 00:40:13 +0200 + +userdir-ldap (0.3.38) unstable; urgency=low + + * Fix order of some calls so stuff works again. + * And import pwd and os and the hmac crowed in userdir_ldap.py. + * Using the right variable name will also help. + + -- Peter Palfrader Mon, 15 Sep 2008 00:18:37 +0200 + +userdir-ldap (0.3.37) unstable; urgency=low + + * ud-mailgate: Do not commit any changes if one of the requests is invalid + or could not be parsed or caused an error or anything. + * Add sudoPassword to schema, and the slapd.conf/ACL snippet + A sudoPassword entry in LDAP has the form of + " unconfirmed ", or + " confirmed:::")> " + * ud-mailgate: Implement confirmation of sudoPassword field: + A confirmationation is of the form + "confirm sudopassword ::")>" + * ud-generate: generate a sudo passwd file + + -- Peter Palfrader Sun, 14 Sep 2008 23:45:36 +0200 + +userdir-ldap (0.3.36) unstable; urgency=low + + * Aha. Error is not some magic variable or exception, it's a + normal string that needs defining when we use it. + + -- Peter Palfrader Sat, 19 Jul 2008 21:35:39 +0200 + +userdir-ldap (0.3.35) unstable; urgency=low + + * Check if a key has encryption capabilities and fail saying so when + trying to encrypt stuff (like passwords) to users. All this does is + give nicer error messages, it previously failed with just "gpg failed". + + -- Peter Palfrader Sat, 19 Jul 2008 16:17:13 +0200 + +userdir-ldap (0.3.34) unstable; urgency=low + + * ud-info: fix changing of DD status/DD status comment - + we were missing prompt information so we got a backtrace. + * ud-info: Warn when we don't have a prompt string for + attributes on startup. + * ud-info: Change the "retired" status to "inactive". + inactive covers memorial, removed, expelled more clearly. + * userdir_gpg.py + - do not use SIGEXPIRED, it's deprecated + - use EXPKEYSIG to tell if a signature is made by an expired key. + - Check that the primary key is not expired, even if we get a + GOODSIG status from gnupg. Based on patch by Jeremy T. Bouse. + + -- Peter Palfrader Tue, 08 Jul 2008 14:33:08 +0200 + +userdir-ldap (0.3.33) unstable; urgency=low + + * add "security simple_bind=128" to sample slapd.conf. + * ud-info: Only show "Lock account" in root mode. + * ud-info: Add "retire developer" option that sets + accountStatus properly to either retiring, retired, memorial + or active. Active is for all currently active developers, + memorial is for those who have passed away and whose accounts + will never be reused, retiring is a developer who is retired + but still receives mail at their @debian.org address. After + a few months they should move on to retired, with their mail + also disabled. accountStatus is just a freeform text, but + these 4 options should be the only ones that exist. + * Allow setting of gender in ud-mailgate. Based on patch by Bernhard + R. Link. + * Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf + to the package. + + -- Peter Palfrader Mon, 23 Jun 2008 22:59:02 +0200 + +userdir-ldap (0.3.32) unstable; urgency=low + + * Do SSL when connecting to the ldap server. + + -- Peter Palfrader Fri, 23 May 2008 23:50:03 +0200 + +userdir-ldap (0.3.31) unstable; urgency=low + + [ Joerg Jaspert ] + * Use sync_keyrings from config file in ud-generate instead of a + hardcoded list + * Use add_keyrings from config file in ud-useradd instead of a + hardcoded list + * Use ud-config to get the emailappend value in ud-replicate, no longer + hardcoding @debian.org + + [ Stephen Gran ] + * Document how to use unique overlay for uid and keyFingerPrint + + -- Peter Palfrader Fri, 23 May 2008 10:01:51 +0200 + +userdir-ldap (0.3.30) unstable; urgency=low + + * When we touch usePassword in ud-info or ud-mailgate we now also + update shadowLastChange. + * When we lock accounts, set shadowExpire to 1. shadowExpire + is "days since Jan 1, 1970 that account is disabled". + * Properly capitalize shadowInactive and shadowExpire attributes in + ud-info and ud-generate. + * Add copyright statements to ud-info from bzr log. + + -- Peter Palfrader Thu, 22 May 2008 22:39:10 +0200 + +userdir-ldap (0.3.29) unstable; urgency=low + + * ud-info: Add an option "L" to lock accounts in the interactive + interface. Locking an account sets a user's password to "{crypt}*LK*" + and sets a mailDisableMessage of "account locked". + + -- Peter Palfrader Thu, 22 May 2008 21:49:19 +0200 + +userdir-ldap (0.3.28) unstable; urgency=low + + * ud-generate: Do not disable mail just because the account is locked. + + -- Peter Palfrader Thu, 22 May 2008 21:38:56 +0200 + +userdir-ldap (0.3.27) unstable; urgency=low + + * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export + ssh-rsa-shadow this is probably the right thing. + * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600. + + -- Peter Palfrader Mon, 19 May 2008 08:55:28 +0200 + +userdir-ldap (0.3.26) unstable; urgency=low * ud-replicate: sgran pointed out that if all we care about ignoring is EEXIST then we should use mkdir -p instead of [ -d userkeys ] || mkdir userkeys. + * ud-mailgate: a bug in DoSSH caused all changes to fail that came after + DoSSH in HandleChange. Now DoSSH properly returns without raising an + exception if the line to handle is not an ssh public key. + * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP). [zobel] - -- Peter Palfrader Sun, 18 May 2008 13:40:04 +0200 + -- Peter Palfrader Sun, 18 May 2008 14:27:50 +0200 userdir-ldap (0.3.25) unstable; urgency=low