X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=e9280f81298faad4e0438096df4a608dd906cc95;hb=89ff993193164fbc1c8722e948e9759a2db7c6a2;hp=a608a3251d01c4d32bd4419b19ca2ed862d50b1e;hpb=3bf2893deb176ea0bedca88e45680866a5342a79;p=mirror%2Fuserdir-ldap.git diff --git a/debian/changelog b/debian/changelog index a608a32..e9280f8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,120 @@ -userdir-ldap (0.3.7x) xnstable; urgency=low +userdir-ldap (0.3.80+nmu1) UNRELEASED; urgency=low + + [ Peter Palfrader ] + * some ud-echelon fixes, + * userdir_gpg.py: GetClearSig: add lax_multipart to deal + with random multipart mails. + * naming your variable like a module is unsmart. + * ud-generate: + - filter on shadowAccount. + - fix breaking old ud-generate locks. + * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify. + * ud-replicate: + - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, + but instead re-use the domain from email-append. + - now preserve server side modifcation times when rsyncing data. + * userdir_ldap.py: read auth password from environment if set. + * Introduce BaseBaseDN which is the real base dn. BaseDN itself + has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. + * Merge from torproject.org: + - Allow sshRSAAuthKey for role accounts. + - Support ssh key attributes for gitolite export. + - Add ssh-gitolite support. + * debianGroups may have cn attribute (helpful when putting samba stuff into + ldap). + * ud-mailgate: Do not try to do an ldap modify with no changes - now show + command to changes@ should work again. + * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t. + * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() + functions. + * ud-generate: Add -f option to build even if cache is current. + * ud-generate: Move main code into a ud_generate() + * ud-generate: speed improvements: + - cut down on calls to IsInGroup by doing it once in generate_host() + and not having the individual generators run it. + o side effect: Up until now we exported empty groups to a host, if + that group had a user with that group as their primary group - even + if that particular user was not exported to this this. No we no + longer export empty groups. + - speed up ssh tarball generation: No longer write indidividual user's ssh + authorized_keys to disk, only to read them later. Directly create a + TarInfo object without referring to any on-disk files. + - get rid of global state variable CurrentHost. This will enable upcoming + changes. + - UDLdap.py: make a cache for __getitem__() decisions. + - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff, + so doing it here just costs a lot. + * ud-generate: Use a flock() lock instead of python's lockfile class. + * ud-generate: The ssh authorized_keys file for the sshdist user now wraps + the rsync call in an flock wrapper that acquires a shared lock on + ud-generate's lock. This prevents syncing while ud-generate runs. + * ud-lock: support supplying a status to set instead of 'retiring'. + * ud-generate: Also rebuild if one of our keyrings has changed, even if + ldap has not. + * userdir-ldap-slapd.conf.in: explicitly list readable attributes. + End with 'by * none'. + * ud-generate: Allow more than one email address in userForward. Quite + useful for role accounts. + * ud-generate: Support writing gitolite config for just one user-group. + * ud-generate: Support MX remapping. + * ud-generate: Fix ipv6 check. + * ud-generate: Fix unix mtime triggers. + + [ Stephen Gran ] + * Fix deprecation warnings for sha module by using hashlib module instead + * ud-fingerserv: update Net::LDAP import + * Implement audit logging for ldap + * stop running ud-generate if nothing has changed, based on audit logs + + [ Martin Zobel-Helas ] + * ud-generate: generate webPasswords + * ud-generate: generate voipPasswords + * ud-replicate: set correct permissions for web-passwords + * ud-replicate: set correct permissions for voip-passwords + * add freecdb to depends + * userdir-ldap.schema + - add webPasswords + - add mailPreserveSuffixSeperator + - add voipPasswords + + [ Tollef Fog Heen ] + * Export SSH host keys for gitolite, subject to a regex filter. + + [ Luca Filipozzi ] + * rename voipPassword to rtcPassword in schema + * update code to match + + -- Luca Filipozzi Thu, 16 Jan 2014 22:52:47 +0000 + +userdir-ldap (0.3.79) unstable; urgency=low + + * Add ud-sync-accounts-to-afs, a script to sync accounts to an + AFS protection database. + * ud-generate: + - support host ACLs that expire. + - lock output directory when generating. + - support sync keyring dirs now too. + * ud-useradd: A new -g switch for adding guest accounts, with + proper setting hostacls and shadowexpire and picking the + right keyring. + * Remove .pgp (v3 pgp key) keyrings from config. + * Update guest welcome template. + * ud-gpgimport: handle guest keyrings. + * ud-mailgate: + - Make updating of gender actually work. + - Do not mess with sudo passwords if nothing changed. + * templates/change-reply: say a word about subjects in mail to admin@db. + * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces. + * try to properly handle some more mime stuff. + - use email module instead of deprecated mimetools and multifile modules + - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py + * move ud-echelon and sigcheck to GPGCheckSig2 interface. + + -- Peter Palfrader Sat, 21 May 2011 14:53:18 +0200 + +userdir-ldap (0.3.78) unstable; urgency=low * Start refactoring ud-generate: - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY @@ -13,8 +129,13 @@ userdir-ldap (0.3.7x) xnstable; urgency=low functions. * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers (we want group=..., not dn=...). + * Add ud-krb-reset, and make ud-mailgate call it when + receiving a mail at chpasswd@ saying + 'Please change my Kerberos password'. + * ud-generate: Add an extra output file called all-users.json that + can be used on one of the AFS hosts to create afs users. - -- Peter Palfrader Wed, 11 Aug 2010 11:11:53 +0200 + -- Peter Palfrader Mon, 13 Sep 2010 19:08:34 +0200 userdir-ldap (0.3.77) unstable; urgency=low