Paul Wise [Tue, 10 Feb 2015 02:16:02 +0000 (10:16 +0800)]
ravel is no longer recommended for general shell usage
Peter Palfrader [Sat, 3 Jan 2015 13:05:48 +0000 (14:05 +0100)]
Update .gitignore
Peter Palfrader [Sat, 3 Jan 2015 13:05:28 +0000 (14:05 +0100)]
Update copyright year
Peter Palfrader [Sat, 3 Jan 2015 12:57:07 +0000 (13:57 +0100)]
Use $config{sslcafile} instead of hardcoding the path to the SSL CA in Util.pm.
Peter Palfrader [Sat, 3 Jan 2015 12:49:39 +0000 (13:49 +0100)]
Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
Peter Palfrader [Sat, 3 Jan 2015 12:35:53 +0000 (13:35 +0100)]
Add dependency on libcrypt-cbc-perl
Peter Palfrader [Sat, 3 Jan 2015 12:34:02 +0000 (13:34 +0100)]
New version number
Peter Palfrader [Sat, 3 Jan 2015 12:30:36 +0000 (13:30 +0100)]
Various fixes for XSS and bad crypto. No claim to completeness.
* Fix a XSS reported in
https://trac.torproject.org/projects/tor/ticket/14037
* Fix horrible use of crypto primitives.
* Add HMAC authentication to authtoken.
* Verify that the uid passed as a get parameters matches the
one stored in authtoken.
Peter Palfrader [Sun, 21 Dec 2014 09:14:04 +0000 (10:14 +0100)]
User new CA root cert in Util.pm
Peter Palfrader [Sun, 21 Dec 2014 09:13:41 +0000 (10:13 +0100)]
Fix debian/changelog and release info
Héctor Orón Martínez [Thu, 6 Nov 2014 16:03:20 +0000 (17:03 +0100)]
machines.cgi: re-add architecture field to list
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Thu, 6 Nov 2014 15:57:26 +0000 (16:57 +0100)]
d/changelog: add entry
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Thu, 6 Nov 2014 15:55:45 +0000 (16:55 +0100)]
machines.cgi: replace architecture field by description, more informative
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Paul Wise [Thu, 6 Nov 2014 10:50:27 +0000 (18:50 +0800)]
Use the correct cert when connecting to the LDAP server
Paul Wise [Thu, 6 Nov 2014 08:50:00 +0000 (16:50 +0800)]
Slightly nicer attribute list output
Paul Wise [Thu, 6 Nov 2014 08:19:27 +0000 (16:19 +0800)]
Switch from http to https links where possible.
Paul Wise [Thu, 6 Nov 2014 08:24:45 +0000 (16:24 +0800)]
Fix typo in doctype
Paul Wise [Thu, 6 Nov 2014 08:24:06 +0000 (16:24 +0800)]
Joey is no longer involved in the debian-admin team.
Paul Wise [Thu, 6 Nov 2014 08:22:16 +0000 (16:22 +0800)]
Fix the type and location of the VCS repository.
Peter Palfrader [Sun, 21 Sep 2014 12:34:39 +0000 (14:34 +0200)]
Allow dash (-) in hostnames
Tollef Fog Heen [Thu, 20 Mar 2014 19:02:28 +0000 (20:02 +0100)]
Exclude users with accountStatus set from the search.
Stephen Gran [Sun, 2 Mar 2014 08:24:15 +0000 (08:24 +0000)]
Revert "drop overrids - LDAP has it on its own"
This reverts commit
7476c73032e5755ecb80609734669a66cb8c8de4.
Stephen Gran [Fri, 28 Feb 2014 21:07:59 +0000 (21:07 +0000)]
drop overrids - LDAP has it on its own
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Thu, 16 Jan 2014 23:26:19 +0000 (23:26 +0000)]
fix typo
Luca Filipozzi [Thu, 16 Jan 2014 23:22:43 +0000 (23:22 +0000)]
voipPassword -> rtcPassword
Luca Filipozzi [Tue, 14 Jan 2014 01:27:04 +0000 (01:27 +0000)]
store voipPassword as an HA1
Martin Zobel-Helas [Sun, 12 Jan 2014 12:28:13 +0000 (13:28 +0100)]
add changelog entry
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 12:12:31 +0000 (13:12 +0100)]
add voippasswords
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 15 Dec 2013 10:06:54 +0000 (11:06 +0100)]
don't escape authtoken
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Sep 2013 20:21:25 +0000 (22:21 +0200)]
Revert "XSS bug in db.debian.org"
This reverts commit
784c4020017d260775339c1231052ca4eb387f02.
Martin Zobel-Helas [Fri, 6 Sep 2013 20:20:59 +0000 (22:20 +0200)]
uri_escape input
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Sep 2013 17:15:08 +0000 (19:15 +0200)]
add debian/changelog entry for Moritz Naumann
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Moritz Naumann [Tue, 27 Aug 2013 14:42:49 +0000 (16:42 +0200)]
XSS bug in db.debian.org
Hi, I just stumbled upon an XSS bug in db.debian.org:
https://db.debian.org/search.cgi?id=%22%3E%3C/a%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E%3Cx%20y=%22&dosearch=Search...
Both the "id" and "authtoken" fields lack input validation.
<zobel> bfly: you can find the code at git.debian.org in userdir-ldap-cgi
<zobel> would be nice if you could send a patch
A (n untested) patch is attached. Please let me know whether it's usable
and whether you are going to apply it.
-- Moritz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:58:32 +0000 (13:58 +0200)]
iso-codes and isoquery are build-depends and not depends
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:50 +0000 (13:52 +0200)]
add changelog entry for the typo in update.wml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:16 +0000 (13:52 +0200)]
auto-generate html/domains.tab
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Ramakrishnan Muthukrishnan [Thu, 22 Aug 2013 17:01:54 +0000 (22:31 +0530)]
typo: mail default handling incorrectly pointing to the greylist option.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Sat, 27 Jul 2013 09:37:32 +0000 (11:37 +0200)]
Point out users can use non-clearsigned mail, and mention that maybe that is smart with webmailers
Peter Palfrader [Thu, 30 May 2013 14:51:57 +0000 (16:51 +0200)]
die handler breaks stuff on wheezy
Luca Filipozzi [Wed, 23 Jan 2013 05:49:19 +0000 (05:49 +0000)]
make dnsZoneEntry description more understandable
Paul Wise [Sun, 2 Dec 2012 12:15:11 +0000 (20:15 +0800)]
Update the documentation to mention txt records in dnsZoneEntry fields.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Enrico Zini [Sun, 25 Nov 2012 10:12:10 +0000 (11:12 +0100)]
Link to SSO documentation in web password update field
Hello,
attached is a simple patch that adds a link to
http://wiki.debian.org/DebianSingleSignOn to web password update field.
Can you please apply it and push it to production?
Ciao,
Enrico
--
GPG key: 4096R/
E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
From
21da63edc068b1e717c6f48d80bed17178c96e23 Mon Sep 17 00:00:00 2001
From: Enrico Zini <enrico@enricozini.org>
Date: Sun, 25 Nov 2012 11:08:53 +0100
Subject: [PATCH] Added link to single signon documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 17:44:57 +0000 (19:44 +0200)]
and include it
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 17:38:56 +0000 (19:38 +0200)]
fix layout problems
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 14:37:19 +0000 (16:37 +0200)]
readd the lost items
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 14:35:13 +0000 (16:35 +0200)]
move the navbar to all pages
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 13:45:42 +0000 (15:45 +0200)]
two more pages of documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 15 Jun 2012 13:41:26 +0000 (15:41 +0200)]
promote documentation on searchform.wml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 20:45:51 +0000 (22:45 +0200)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi:
And a changelog entry for Nick's change
Use the changes@ address consistently in preference to change@
Try a different CreateCryptSalt approach
Conflicts:
debian/changelog
Martin Zobel-Helas [Wed, 13 Jun 2012 20:42:50 +0000 (22:42 +0200)]
some cleanup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 16:49:41 +0000 (18:49 +0200)]
use libjs-jquery-tablesorter to sort machines.cgi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 Jun 2012 16:23:03 +0000 (18:23 +0200)]
restructure
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Sun, 10 Jun 2012 20:03:06 +0000 (22:03 +0200)]
And a changelog entry for Nick's change
Peter Palfrader [Sun, 10 Jun 2012 20:01:01 +0000 (22:01 +0200)]
Use the changes@ address consistently in preference to change@
Cherry pick
6e07c94822cba24dd24e5f86e662a7ddabc863ea from torproject,
by Nick Mathewson:
Having both addresses listed on the website led me to think that one
of them must be a misprint, and slowed down my debugging attempts
by a factor of 2 as I tried every one of my incorrect ideas on both
of the addresses.
Peter Palfrader [Fri, 9 Mar 2012 19:58:42 +0000 (20:58 +0100)]
Try a different CreateCryptSalt approach
Martin Zobel-Helas [Fri, 9 Mar 2012 18:51:32 +0000 (19:51 +0100)]
remove code duplication
Peter Palfrader [Fri, 9 Mar 2012 18:09:52 +0000 (19:09 +0100)]
Also ignore "-" as words for cracklib
Peter Palfrader [Fri, 9 Mar 2012 17:59:28 +0000 (18:59 +0100)]
And say which password failed its check
Peter Palfrader [Fri, 9 Mar 2012 17:58:09 +0000 (18:58 +0100)]
Say what web password is good for
Martin Zobel-Helas [Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)]
Better salt
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 11:32:46 +0000 (12:32 +0100)]
fix web password generation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:04:15 +0000 (10:04 +0100)]
unrelease
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:02:43 +0000 (10:02 +0100)]
release 0.3.36
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:00:24 +0000 (10:00 +0100)]
use Crypt::PasswdMD5 to create apache passwords
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 22:59:29 +0000 (23:59 +0100)]
fix code
Martin Zobel-Helas [Thu, 8 Mar 2012 22:52:14 +0000 (23:52 +0100)]
release
Martin Zobel-Helas [Thu, 8 Mar 2012 18:24:52 +0000 (19:24 +0100)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi:
add webpassword Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 18:23:11 +0000 (19:23 +0100)]
add webpassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 18:23:11 +0000 (19:23 +0100)]
add webpassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 10 Feb 2012 18:01:35 +0000 (19:01 +0100)]
add two more pics
Martin Zobel-Helas [Fri, 10 Feb 2012 17:52:34 +0000 (18:52 +0100)]
fix URL path
Martin Zobel-Helas [Fri, 6 Jan 2012 12:02:08 +0000 (13:02 +0100)]
start new version
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:55:49 +0000 (12:55 +0100)]
make selection a link
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:55:14 +0000 (12:55 +0100)]
fix quoting in machines.cgi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Jan 2012 11:28:18 +0000 (12:28 +0100)]
release
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:59:40 +0000 (23:59 +0100)]
adjust to new layout (no warranties for breakage)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:23:17 +0000 (23:23 +0100)]
correct mail address
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 4 Jan 2012 22:21:52 +0000 (23:21 +0100)]
correct mail address
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 23 Nov 2011 11:12:45 +0000 (12:12 +0100)]
machines.cgi: generate fingerprints for ecdsa-sha2-nistp256 ssh keys.
Peter Palfrader [Sun, 30 Oct 2011 16:40:52 +0000 (17:40 +0100)]
Util.pm:UpgradeConnection(): properly concatenate strings
Peter Palfrader [Fri, 15 Jul 2011 23:04:27 +0000 (01:04 +0200)]
cracklib-packer complains about '*' on input
Peter Palfrader [Thu, 9 Jun 2011 13:02:06 +0000 (13:02 +0000)]
Change import of Net::LDAP to work on squeeze
root [Mon, 3 Jan 2011 23:04:26 +0000 (23:04 +0000)]
Luca added entry for changelog; ready to build
root [Mon, 3 Jan 2011 22:57:43 +0000 (22:57 +0000)]
fixed link to SPI CA; added link to Debian CA
Martin Zobel-Helas [Tue, 10 Aug 2010 06:40:50 +0000 (08:40 +0200)]
add patch from vorlon
Martin Zobel-Helas [Tue, 10 Aug 2010 06:38:39 +0000 (08:38 +0200)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap-cgi
Steve Langasek [Tue, 10 Aug 2010 01:43:11 +0000 (18:43 -0700)]
don't use sentence fragments, make the docs searchable
Hi all,
Here's a patch to userdir-ldap-cgi to improve the documentation in
doc-mail.wml:
Replace the sentence fragment at the beginning of the documentation on
DNS records with a complete sentence that uses the actual field name, making
the documentation more searchable.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 21 Jul 2010 12:38:22 +0000 (14:38 +0200)]
And a changelog entry
Peter Palfrader [Wed, 21 Jul 2010 12:37:50 +0000 (14:37 +0200)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap-cgi
* 'master' of ssh://db.debian.org/git/userdir-ldap-cgi:
Fix typo in update.wml spotted by Sylvain Beucler.
Actually install new doc.
updated css from interwebs
actually install new file
Peter Palfrader [Wed, 21 Jul 2010 12:37:44 +0000 (14:37 +0200)]
Only import cracklib (do not fallback to crack). Also makes setting cracklib.min_length actually work
Martin Zobel-Helas [Tue, 1 Jun 2010 20:28:08 +0000 (22:28 +0200)]
Fix typo in update.wml spotted by Sylvain Beucler.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Stephen Gran [Mon, 15 Mar 2010 11:44:19 +0000 (11:44 +0000)]
Actually install new doc.
Stephen Gran [Mon, 15 Mar 2010 11:43:25 +0000 (11:43 +0000)]
updated css from interwebs
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 15 Mar 2010 11:43:06 +0000 (11:43 +0000)]
actually install new file
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Sun, 31 Jan 2010 12:35:30 +0000 (13:35 +0100)]
we should also install the CSS files
Martin Zobel-Helas [Sun, 31 Jan 2010 12:09:45 +0000 (13:09 +0100)]
new changelog entry
Martin Zobel-Helas [Sun, 31 Jan 2010 12:09:29 +0000 (13:09 +0100)]
ignore debian/substvars
Martin Zobel-Helas [Sun, 31 Jan 2010 12:08:45 +0000 (13:08 +0100)]
don't link outside db.d.o when using https
Martin Zobel-Helas [Sun, 31 Jan 2010 12:05:03 +0000 (13:05 +0100)]
add myself to uploaders
Martin Zobel-Helas [Sun, 31 Jan 2010 11:07:59 +0000 (12:07 +0100)]
some corrections suggested by #debian-devel channel members