X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=d3aa26ba2a0b911c31a71bc19ced3daa8175f1af;hb=9868a2b741c1b82156f3d75c8dbc74ed8f5521f1;hp=ef7922304be0d6afe6dd15c4da04e50049ae5402;hpb=341a5e66b972eb95c41f7ced4594a8a5c5e5098b;p=mirror%2Fuserdir-ldap.git diff --git a/debian/changelog b/debian/changelog index ef79223..d3aa26b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,120 @@ -userdir-ldap (0.3.76xXx) unstable; urgency=low +userdir-ldap (0.3.XXX) UNRELEASED; urgency=low + [ Peter Palfrader ] + * some ud-echelon fixes, + * userdir_gpg.py: GetClearSig: add lax_multipart to deal + with random multipart mails. + * naming your variable like a module is unsmart. + * ud-generate: + - filter on shadowAccount. + - fix breaking old ud-generate locks. + * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify. + * ud-replicate: + - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, + but instead re-use the domain from email-append. + - now preserve server side modifcation times when rsyncing data. + * userdir_ldap.py: read auth password from environment if set. + * Introduce BaseBaseDN which is the real base dn. BaseDN itself + has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. + * Merge from torproject.org: + - Allow sshRSAAuthKey for role accounts. + - Support ssh key attributes for gitolite export. + - Add ssh-gitolite support. + * debianGroups may have cn attribute (helpful when putting samba stuff into + ldap). + + [ Stephen Gran ] + * Fix deprecation warnings for sha module by using hashlib module instead + * ud-fingerserv: update Net::LDAP import + * Implement audit logging for ldap + * stop running ud-generate if nothing has changed, based on audit logs + + [ Martin Zobel-Helas ] + * ud-generate: generate webPasswords + * ud-replicate: set correct permissions for web-passwords + + -- Peter Palfrader Sat, 10 Mar 2012 15:21:12 +0100 + +userdir-ldap (0.3.79) unstable; urgency=low + + * Add ud-sync-accounts-to-afs, a script to sync accounts to an + AFS protection database. + * ud-generate: + - support host ACLs that expire. + - lock output directory when generating. + - support sync keyring dirs now too. + * ud-useradd: A new -g switch for adding guest accounts, with + proper setting hostacls and shadowexpire and picking the + right keyring. + * Remove .pgp (v3 pgp key) keyrings from config. + * Update guest welcome template. + * ud-gpgimport: handle guest keyrings. + * ud-mailgate: + - Make updating of gender actually work. + - Do not mess with sudo passwords if nothing changed. + * templates/change-reply: say a word about subjects in mail to admin@db. + * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces. + * try to properly handle some more mime stuff. + - use email module instead of deprecated mimetools and multifile modules + - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py + * move ud-echelon and sigcheck to GPGCheckSig2 interface. + + -- Peter Palfrader Sat, 21 May 2011 14:53:18 +0200 + +userdir-ldap (0.3.78) unstable; urgency=low + + * Start refactoring ud-generate: + - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY + are set, use their respective value instead of the default. This + makes it possible to run ud-generate as a non-privileged user for + testing purposes. + - Start wrapping ldap search results in classes. For now we have done + this with just an ldap account. + - Also got rid of the global PasswdAttrs variable. Now functions + get the account list (now a list of Account classes instead of + ldap result array of tuples of hashes) passed to them like well-behaved + functions. + * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers + (we want group=..., not dn=...). + * Add ud-krb-reset, and make ud-mailgate call it when + receiving a mail at chpasswd@ saying + 'Please change my Kerberos password'. + * ud-generate: Add an extra output file called all-users.json that + can be used on one of the AFS hosts to create afs users. + + -- Peter Palfrader Mon, 13 Sep 2010 19:08:34 +0200 + +userdir-ldap (0.3.77) unstable; urgency=low + + [ Peter Palfrader ] + * ud-mailgate: Remove a global declaration after a variable has + already been assigned globally. + * ud-mailgate: We use the result of the pgp check for quite a long + time in the main program. Give it its own variable instead of + using Res which was overwritten a bit later. Also make a new + gpgcheck2 class that allows us to access the values of the gpg + signature check in a saner way. + * ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints. + * Add ud-lock. + * Fix a typo in welcome-message-800 noticed by Tommi Vainikainen. + * Refactor the LDAP acls to be easier to manage. + Effective changes: + - Keyring Maintainers ldap group gets to write to the keyFingerPrint + attribute. + - sshrsaauthkey is no longer compareable by *. + * ud-generate: refuse to run as root. + + [ Stephen Gran ] + * Add txt record support to ud-mailgate + * Clean up addition of identifying txt records to debian.net slightly + + -- Peter Palfrader Fri, 30 Jul 2010 19:46:48 +0200 + +userdir-ldap (0.3.76) unstable; urgency=low + + [ Peter Palfrader ] * ud-generate: Export groups even if nobody has that group as a supplementary group, as long as there are users that have it as a primary group. @@ -21,7 +136,13 @@ userdir-ldap (0.3.76xXx) unstable; urgency=low * Include a host in DNS even if we do not have both ssh keys and an arch for that host configured. - -- Peter Palfrader Fri, 22 Jan 2010 20:13:18 +0100 + [ Stephen Gran ] + * Add patches from Helmut Grohne : + Allow ssh keys to be exported only to specific hosts by prefixing them + with allowed_hosts=[host1[,host2 ...]]] when adding them using + ud-mailgate. + + -- Stephen Gran Sat, 30 Jan 2010 13:33:40 +0000 userdir-ldap (0.3.75) unstable; urgency=low