Adam D. Barratt [Thu, 14 Nov 2019 20:49:09 +0000 (20:49 +0000)]
Disable paging in DataTables
This brings the functionality more in line with the previous
incarnation.
The configuration for the paging functionality is left in place to
make it simpler to enable / disable as desired, and potentially
allow users the option at some future point.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 19:41:42 +0000 (19:41 +0000)]
Add DataTables to d/copyright
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 16:24:27 +0000 (16:24 +0000)]
Add changelog entry for move to DataTables
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 16:23:55 +0000 (16:23 +0000)]
Remove no longer required jquery-tablesorter links and dependency
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 16:22:54 +0000 (16:22 +0000)]
Actually install the DataTables files
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 15:19:09 +0000 (15:19 +0000)]
d/copyright: update date
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 15:18:40 +0000 (15:18 +0000)]
d/copyright: update repository path to point at salsa
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 15:15:36 +0000 (15:15 +0000)]
Add per-column search fields to the machines datatable
Based on an example from datatables.net
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 15:12:46 +0000 (15:12 +0000)]
Replace use of jquery-tablesorter with DataTables
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 15:09:23 +0000 (15:09 +0000)]
Add files for DataTables library, to replace the table sorter
From https://datatables.net/
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 8 Nov 2019 14:37:02 +0000 (14:37 +0000)]
Move inline tablesorter Javascript to a new file
This avoids needing the Content-Security-Policy to allow "unsafe-inline"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 7 Nov 2019 09:54:15 +0000 (09:54 +0000)]
doc-hosts: remove obsolete note about Alioth exception
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Mon, 21 Oct 2019 20:08:47 +0000 (22:08 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/userdir-ldap-cgi
Julien Cristau [Mon, 21 Oct 2019 20:06:24 +0000 (22:06 +0200)]
Fix a few lintian warnings.
Julien Cristau [Mon, 21 Oct 2019 20:00:27 +0000 (22:00 +0200)]
Changelog entry for Adam's doc updates
Julien Cristau [Mon, 21 Oct 2019 19:45:13 +0000 (21:45 +0200)]
Remove Stephen Gran from Uploaders.
Julien Cristau [Mon, 21 Oct 2019 19:44:31 +0000 (21:44 +0200)]
Add build-dep on libgd-perl
Adam D. Barratt [Mon, 21 Oct 2019 18:55:18 +0000 (19:55 +0100)]
html/forward.wml: update example mbox / maildir .forward contents
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 18:51:17 +0000 (19:51 +0100)]
html/forward.wml: fix formatting of example command
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Mon, 21 Oct 2019 18:47:29 +0000 (20:47 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/userdir-ldap-cgi
Adam D. Barratt [Mon, 21 Oct 2019 18:28:05 +0000 (19:28 +0100)]
html/forward.wml: wording tweak
Thanks to Julien Cristau for the suggestion
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 18:27:00 +0000 (19:27 +0100)]
html/forward.wml: remove mention on unimplemented BATV option
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 18:26:22 +0000 (19:26 +0100)]
html/forward.wml: merge doc-mail-handling
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 17:34:58 +0000 (18:34 +0100)]
html/.gitignore: include fetch-totp-seed.html
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 17:26:28 +0000 (18:26 +0100)]
doc-mail-handling: update description of mailDefaultOptions
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 10 Oct 2019 20:05:53 +0000 (21:05 +0100)]
html/forward.wml: make aliasing discussion match current implementation
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 10 Oct 2019 19:41:47 +0000 (20:41 +0100)]
html/doc-direct.wml: typo fix ("whos" -> "whose")
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 10 Oct 2019 19:39:57 +0000 (20:39 +0100)]
html/forward.wml: stop referring to features as new
"A decade ago" might be new in project-time, but the features described
are fairly well-established by now
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Wed, 9 Oct 2019 21:03:07 +0000 (22:03 +0100)]
forward.wml: fix a few typoes
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Tollef Fog Heen [Sat, 27 Jul 2019 00:35:41 +0000 (02:35 +0200)]
Include accountname in totp url
Tollef Fog Heen [Sat, 27 Jul 2019 00:35:27 +0000 (02:35 +0200)]
Chomp secret and account name
Tollef Fog Heen [Sat, 27 Jul 2019 00:35:08 +0000 (02:35 +0200)]
Fix typo
Tollef Fog Heen [Sat, 27 Jul 2019 00:34:46 +0000 (02:34 +0200)]
Make sure to not fix up totp permissions
Tollef Fog Heen [Sat, 27 Jul 2019 00:16:47 +0000 (02:16 +0200)]
Pick up account name from file as well
Tollef Fog Heen [Sat, 27 Jul 2019 00:05:28 +0000 (02:05 +0200)]
Fix up HTML a bit
Tollef Fog Heen [Fri, 26 Jul 2019 21:57:05 +0000 (23:57 +0200)]
Initial totp-fetch-seed implementation, not complete yet
Tollef Fog Heen [Tue, 23 Jul 2019 21:15:15 +0000 (23:15 +0200)]
Actually create the totp directory too
Tollef Fog Heen [Tue, 23 Jul 2019 15:50:54 +0000 (17:50 +0200)]
Whitespace cleanup
Peter Palfrader [Thu, 3 Jan 2019 13:56:40 +0000 (14:56 +0100)]
html/Makefile: searchform.html also requires domains.tab
Tollef Fog Heen [Wed, 2 Jan 2019 19:17:54 +0000 (20:17 +0100)]
releasing package userdir-ldap-cgi version 0.3.42
Tollef Fog Heen [Wed, 2 Jan 2019 19:16:27 +0000 (20:16 +0100)]
Remove link to HTTPS version, this is all HTTPS now.
Tollef Fog Heen [Wed, 2 Jan 2019 19:16:09 +0000 (20:16 +0100)]
Fix build-breaking typo
Tollef Fog Heen [Wed, 2 Jan 2019 19:08:55 +0000 (20:08 +0100)]
Release 0.3.41
Peter Palfrader [Fri, 23 Nov 2018 09:11:31 +0000 (10:11 +0100)]
How one identifies is not relevant to their work in Debian: remove gender attribute from ud-ldap
Peter Palfrader [Sun, 4 Nov 2018 12:13:38 +0000 (13:13 +0100)]
Remove html/domains.tab from the source as it is autogenerated during build
Peter Palfrader [Sun, 4 Nov 2018 12:05:37 +0000 (13:05 +0100)]
Release 0.3.40
Alex Muntada [Fri, 2 Mar 2018 16:35:08 +0000 (17:35 +0100)]
Explain how to use DNSSEC and SSHFP records
Martin Zobel-Helas [Mon, 18 Sep 2017 17:21:47 +0000 (19:21 +0200)]
also add debian/changelog entry
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Mon, 18 Sep 2017 17:19:05 +0000 (19:19 +0200)]
Remove link to old CA
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Tollef Fog Heen [Sat, 5 Aug 2017 22:00:49 +0000 (00:00 +0200)]
Reformat list of dependencies and drop "perl5", which is no longer a thing.
Tollef Fog Heen [Sat, 5 Aug 2017 22:00:14 +0000 (00:00 +0200)]
New debhelper version installs in debian/$package, adjust debian/rules appropriately.
Tollef Fog Heen [Sat, 5 Aug 2017 21:59:17 +0000 (23:59 +0200)]
Add missing Build-Depends for libhtml-parser-perl.
Tollef Fog Heen [Sat, 5 Aug 2017 21:58:38 +0000 (23:58 +0200)]
Add debian/compat with level 10.
Tollef Fog Heen [Sat, 5 Aug 2017 21:58:17 +0000 (23:58 +0200)]
Use a bit more modern perl in Util.pm, drop defined for an array check.
Adam D. Barratt [Mon, 24 Jul 2017 17:49:15 +0000 (18:49 +0100)]
doc-mail/wml: fix typo ("MTA" -> "MUA")
If the user is editing mail, it's far more likely that they'll be doing so
in an MUA rather than an MTA.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Adam D. Barratt [Mon, 24 Jul 2017 17:49:14 +0000 (18:49 +0100)]
doc-mail.wml: fix typo ("looses" -> "loses")
The user has misplaced their password, not released it.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Paul Wise [Mon, 15 Aug 2016 07:58:58 +0000 (15:58 +0800)]
Suggest using TLS when connecting to LDAP directly
Avoids manipulation of information by the network.
Paul Wise [Mon, 25 Apr 2016 02:48:31 +0000 (10:48 +0800)]
Give an example of the show command
Suggested-by: Mathieu Malaterre <malat@debian.org>
Suggested-in: <CA+7wUsyRnLjCiyJ3iyL6H8ZX_ttj0grBXJbq7KJXYaW9wznN8g@mail.gmail.com>
Paul Wise [Wed, 9 Mar 2016 14:57:36 +0000 (22:57 +0800)]
Drop SSH key fingerprint info from machines.cgi pages
Suggested-by: Drew Parsons <dparsons@debian.org>
Suggested-in: <
1457492501.9688.6.camel@debian.org>
Raphael Geissert [Thu, 18 Feb 2016 19:13:17 +0000 (20:13 +0100)]
Allow dashes in hostnames for sudo passwords (RT #5785)
Paul Wise [Sun, 1 Nov 2015 12:35:24 +0000 (20:35 +0800)]
Update LDAP search docs for the usergroups changes
Julien Cristau [Tue, 9 Jun 2015 11:29:11 +0000 (21:29 +1000)]
machines.cgi: generate fingerprints for ssh-
ed25519 host keys
Signed-off-by: Julien Cristau <jcristau@debian.org>
Paul Wise [Mon, 30 Mar 2015 01:05:30 +0000 (09:05 +0800)]
Add a hint about how to merge existing SSH keys
Paul Wise [Tue, 10 Feb 2015 02:16:02 +0000 (10:16 +0800)]
ravel is no longer recommended for general shell usage
Peter Palfrader [Sat, 3 Jan 2015 13:05:48 +0000 (14:05 +0100)]
Update .gitignore
Peter Palfrader [Sat, 3 Jan 2015 13:05:28 +0000 (14:05 +0100)]
Update copyright year
Peter Palfrader [Sat, 3 Jan 2015 12:57:07 +0000 (13:57 +0100)]
Use $config{sslcafile} instead of hardcoding the path to the SSL CA in Util.pm.
Peter Palfrader [Sat, 3 Jan 2015 12:49:39 +0000 (13:49 +0100)]
Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
Peter Palfrader [Sat, 3 Jan 2015 12:35:53 +0000 (13:35 +0100)]
Add dependency on libcrypt-cbc-perl
Peter Palfrader [Sat, 3 Jan 2015 12:34:02 +0000 (13:34 +0100)]
New version number
Peter Palfrader [Sat, 3 Jan 2015 12:30:36 +0000 (13:30 +0100)]
Various fixes for XSS and bad crypto. No claim to completeness.
* Fix a XSS reported in
https://trac.torproject.org/projects/tor/ticket/14037
* Fix horrible use of crypto primitives.
* Add HMAC authentication to authtoken.
* Verify that the uid passed as a get parameters matches the
one stored in authtoken.
Peter Palfrader [Sun, 21 Dec 2014 09:14:04 +0000 (10:14 +0100)]
User new CA root cert in Util.pm
Peter Palfrader [Sun, 21 Dec 2014 09:13:41 +0000 (10:13 +0100)]
Fix debian/changelog and release info
Héctor Orón Martínez [Thu, 6 Nov 2014 16:03:20 +0000 (17:03 +0100)]
machines.cgi: re-add architecture field to list
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Thu, 6 Nov 2014 15:57:26 +0000 (16:57 +0100)]
d/changelog: add entry
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Thu, 6 Nov 2014 15:55:45 +0000 (16:55 +0100)]
machines.cgi: replace architecture field by description, more informative
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Paul Wise [Thu, 6 Nov 2014 10:50:27 +0000 (18:50 +0800)]
Use the correct cert when connecting to the LDAP server
Paul Wise [Thu, 6 Nov 2014 08:50:00 +0000 (16:50 +0800)]
Slightly nicer attribute list output
Paul Wise [Thu, 6 Nov 2014 08:19:27 +0000 (16:19 +0800)]
Switch from http to https links where possible.
Paul Wise [Thu, 6 Nov 2014 08:24:45 +0000 (16:24 +0800)]
Fix typo in doctype
Paul Wise [Thu, 6 Nov 2014 08:24:06 +0000 (16:24 +0800)]
Joey is no longer involved in the debian-admin team.
Paul Wise [Thu, 6 Nov 2014 08:22:16 +0000 (16:22 +0800)]
Fix the type and location of the VCS repository.
Peter Palfrader [Sun, 21 Sep 2014 12:34:39 +0000 (14:34 +0200)]
Allow dash (-) in hostnames
Tollef Fog Heen [Thu, 20 Mar 2014 19:02:28 +0000 (20:02 +0100)]
Exclude users with accountStatus set from the search.
Stephen Gran [Sun, 2 Mar 2014 08:24:15 +0000 (08:24 +0000)]
Revert "drop overrids - LDAP has it on its own"
This reverts commit
7476c73032e5755ecb80609734669a66cb8c8de4.
Stephen Gran [Fri, 28 Feb 2014 21:07:59 +0000 (21:07 +0000)]
drop overrids - LDAP has it on its own
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Thu, 16 Jan 2014 23:26:19 +0000 (23:26 +0000)]
fix typo
Luca Filipozzi [Thu, 16 Jan 2014 23:22:43 +0000 (23:22 +0000)]
voipPassword -> rtcPassword
Luca Filipozzi [Tue, 14 Jan 2014 01:27:04 +0000 (01:27 +0000)]
store voipPassword as an HA1
Martin Zobel-Helas [Sun, 12 Jan 2014 12:28:13 +0000 (13:28 +0100)]
add changelog entry
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 12:12:31 +0000 (13:12 +0100)]
add voippasswords
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 15 Dec 2013 10:06:54 +0000 (11:06 +0100)]
don't escape authtoken
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Sep 2013 20:21:25 +0000 (22:21 +0200)]
Revert "XSS bug in db.debian.org"
This reverts commit
784c4020017d260775339c1231052ca4eb387f02.
Martin Zobel-Helas [Fri, 6 Sep 2013 20:20:59 +0000 (22:20 +0200)]
uri_escape input
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 6 Sep 2013 17:15:08 +0000 (19:15 +0200)]
add debian/changelog entry for Moritz Naumann
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Moritz Naumann [Tue, 27 Aug 2013 14:42:49 +0000 (16:42 +0200)]
XSS bug in db.debian.org
Hi, I just stumbled upon an XSS bug in db.debian.org:
https://db.debian.org/search.cgi?id=%22%3E%3C/a%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E%3Cx%20y=%22&dosearch=Search...
Both the "id" and "authtoken" fields lack input validation.
<zobel> bfly: you can find the code at git.debian.org in userdir-ldap-cgi
<zobel> would be nice if you could send a patch
A (n untested) patch is attached. Please let me know whether it's usable
and whether you are going to apply it.
-- Moritz
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:58:32 +0000 (13:58 +0200)]
iso-codes and isoquery are build-depends and not depends
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:50 +0000 (13:52 +0200)]
add changelog entry for the typo in update.wml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 25 Aug 2013 11:52:16 +0000 (13:52 +0200)]
auto-generate html/domains.tab
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Ramakrishnan Muthukrishnan [Thu, 22 Aug 2013 17:01:54 +0000 (22:31 +0530)]
typo: mail default handling incorrectly pointing to the greylist option.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>